Search similar:
|
uniqs 10887 |
|
|
|
1 edit |
[RESOLVED] googleupdate.exe possible VirusRunning Win 7 x64 fully patched
I got a program from the internet and i ran it. It seem to not do anything, no window opened but the screen flickered. I few minutes later i had my Windows Firewall Control Program ask me to allow internet access to googleupdate.exe. I did not think it was related and clicked YES allowing it internet access. Then i started thinking about that program a few minutes later, and checked netstat and found many new network connections (a lot like maybe 100) from the googleupdate.exe program, it did not look normal. I blocked all outbound connections at the firewall, and went about removing the googleupdate.exe from my system. Even though all connection were closed i could not just delete the file. Unlocker did not see any locks on the file and could not delete it, i guess because it was a service (googleupdate service not gupdate), i did not know that at this time. I have no google software installed so i should not have googleupdate.exe. I rebooted in safe mode and deleted the file. I removed the autostart entry in the registry. I searched the registry for all googleupdate items and deleted them.
After i rebooted the PC, googleupdate seems to be gone and it has not returned. I ran CCcleaner and scanned with MSE and Malwarebytes and found no new issues.
I read about this googleupdate virus and some people had much worst problems then i seem to have had. Maybe mine system would have been much worst if it was allowed to run longer with internet access.
So here are my logs, can someone look them over and let me know what you think. Am i clean or should i worry. | actions · 2012-Sep-25 1:11 am · (locked) | mmainprize 2 edits |
Re: googleupdate.exe possible Virus************************************************************************************ * Ran TFC.exe * ************************************************************************************
It ran and asked to reboot.
Onreboot there was something odd. Maybe this is because of TFC ?, i have not run that before. my Windows Friewall Control program asked to allow two programs internet access that had not asked for access beofre, and i blocked them. The programs were wermgr.exe and spoolsv.exe.
A window came up about a message waiting from a program. I had a choice to view it so i did, and it covered my desktop with a backgoound color and showed me an a error dialog that was for a Visual C++ runtime error for file spoolsv.exe. Above that dialog was another dialog that would let me return to the normal desktop. I returned to the normal desktop, after i clicked OK to close the runtime error dialog.
Note: I have rebooted since without any issues, so it was only the reboot after running TFC.exe.
************************************************************************************ * Ran Malware bytes * ************************************************************************************
Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org
Database version: v2012.09.24.01
Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Mike :: P7P55CM [administrator]
9/24/2012 11:29:23 PM mbam-log-2012-09-25 (00-47-38).txt
Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 828212 Time elapsed: 1 hour(s), 17 minute(s), 11 second(s)
Memory Processes Detected: 1 C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe (Spyware.Password) -> 1792 -> No action taken.
Memory Modules Detected: 0 (No malicious items detected)
Registry Keys Detected: 1 HKLM\SYSTEM\CurrentControlSet\Services\AsSysCtrlService (Spyware.Password) -> No action taken.
Registry Values Detected: 0 (No malicious items detected)
Registry Data Items Detected: 0 (No malicious items detected)
Folders Detected: 0 (No malicious items detected)
Files Detected: 6 C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe (Spyware.Password) -> No action taken. C:\Program Files (x86)\pdf995\res\drivedir\PSConvert.exe (Spyware.Password) -> No action taken. C:\SharedData\Install\Adobe Flash Player\Adobe_Flash_Player_AX_11.4.402.265_SPS.exe (Spyware.Password) -> No action taken. E:\Boot\EasyBoot\MyGhostV1.1\PROGRAMS\Keyfinder\keyfinder.exe (RiskWare.Tool.CK) -> No action taken. E:\Boot\EasyBoot\MyGhostV2.0\PROGRAMS\Keyfinder\keyfinder.exe (RiskWare.Tool.CK) -> No action taken. E:\Boot\EasyBoot\MyGhostV3.0\PROGRAMS\Crossloop\CrossLoopUpdate.exe (Spyware.Password) -> No action taken.
(end)
The ASUS software is a flase positive, i checked at the malwarebytes forum. The others are known program that get flagged but are tools of a boot CD i make. | actions · 2012-Sep-25 1:11 am · (locked) | mmainprize |
************************************************************************************ * ran OTL.exe OTL.txt * ************************************************************************************
OTL logfile created on: 9/24/2012 7:51:25 PM - Run 1 OTL by OldTimer - Version 3.2.66.2 Folder = C:\Users\Mike\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
16.00 Gb Total Physical Memory | 12.22 Gb Available Physical Memory | 76.40% Memory free 31.99 Gb Paging File | 27.97 Gb Available in Paging File | 87.44% Paging File free Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 446.91 Gb Total Space | 175.42 Gb Free Space | 39.25% Space Free | Partition Type: NTFS Drive D: | 1412.82 Gb Total Space | 1312.73 Gb Free Space | 92.92% Space Free | Partition Type: NTFS Drive E: | 1863.01 Gb Total Space | 1627.90 Gb Free Space | 87.38% Space Free | Partition Type: NTFS Drive F: | 1863.01 Gb Total Space | 1268.83 Gb Free Space | 68.11% Space Free | Partition Type: NTFS Drive L: | 1397.26 Gb Total Space | 642.73 Gb Free Space | 46.00% Space Free | Partition Type: NTFS Drive V: | 1397.26 Gb Total Space | 833.87 Gb Free Space | 59.68% Space Free | Partition Type: NTFS
Computer Name: P7P55CM | User Name: Mike | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Processes (SafeList) ==========[/color]
PRC - [2012/09/24 14:20:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mike\Desktop\OTL.exe PRC - [2012/09/10 16:43:50 | 001,634,304 | ---- | M] (Don HO don.h@free.fr) -- C:\Program Files (x86)\Notepad++\notepad++.exe PRC - [2012/09/01 18:07:22 | 000,285,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2012/09/01 18:07:22 | 000,014,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2012/08/16 14:15:48 | 003,170,672 | ---- | M] (Conceiva Pty. Ltd.) -- C:\Program Files (x86)\Conceiva\Mezzmo\MezzmoMediaServer.exe PRC - [2012/08/13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe PRC - [2012/08/07 03:36:08 | 003,232,896 | ---- | M] (NTeWORKS) -- C:\Program Files (x86)\PicPick\picpick.exe PRC - [2012/08/06 12:00:44 | 000,049,664 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MMLoadDrv.exe PRC - [2012/07/08 23:35:22 | 003,028,880 | ---- | M] (Hagel Technologies Ltd.) -- C:\Program Files (x86)\DU Meter\DUMeter.exe PRC - [2012/04/30 20:56:16 | 000,354,416 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe PRC - [2012/04/30 20:56:04 | 000,433,264 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe PRC - [2012/04/30 20:55:40 | 000,103,536 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe PRC - [2012/04/30 17:54:52 | 000,079,872 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe PRC - [2012/02/16 12:31:20 | 001,110,480 | ---- | M] (Hagel Technologies Ltd.) -- C:\Program Files (x86)\DU Meter\DUMeterSvc.exe PRC - [2011/11/15 13:20:26 | 000,095,608 | ---- | M] (Dyn, Inc.) -- C:\Program Files (x86)\DynDNS Updater\DynUpSvc.exe PRC - [2011/11/15 13:20:26 | 000,078,192 | ---- | M] (Dyn, Inc.) -- C:\Program Files (x86)\DynDNS Updater\DynTray.exe PRC - [2011/10/14 02:01:50 | 000,994,360 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psia.exe PRC - [2011/10/14 02:01:46 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe PRC - [2011/08/19 05:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe PRC - [2011/04/09 00:08:52 | 000,885,400 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrayMonitor\TrayMonitor.exe PRC - [2011/04/08 23:21:06 | 000,386,864 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe PRC - [2011/04/08 23:20:08 | 001,890,184 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe PRC - [2011/04/08 23:13:40 | 004,599,080 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\BackupAndRecovery\mms.exe PRC - [2011/04/08 23:12:18 | 000,953,336 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Timounter\TimounterMonitor.exe PRC - [2011/02/04 08:18:14 | 000,408,590 | ---- | M] () -- C:\cygwin\usr\sbin\sshd.exe PRC - [2011/01/01 15:44:03 | 000,151,552 | -HS- | M] () -- C:\Windows\kmsem\KMService.exe PRC - [2011/01/01 15:44:03 | 000,008,192 | -HS- | M] () -- C:\Windows\SysWOW64\srvany.exe PRC - [2010/12/22 23:35:38 | 000,476,160 | ---- | M] (DMT and Associates) -- C:\Utils\WallWatcher\WallWatcher.exe PRC - [2010/10/12 14:57:40 | 000,354,232 | ---- | M] (GP Software) -- C:\Program Files\GPSoftware\Directory Opus\dopusx64.exe PRC - [2010/07/07 11:58:02 | 001,089,664 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\TurboV EVO\TurboVHelp.exe PRC - [2010/06/28 23:50:36 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe PRC - [2010/06/24 02:19:50 | 000,109,056 | R--- | M] () -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe PRC - [2010/05/25 20:53:46 | 002,139,400 | ---- | M] () -- C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe PRC - [2010/05/04 13:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe PRC - [2010/03/25 12:02:16 | 000,611,968 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\Ai Suite\QFan3\QFanHelp.exe PRC - [2010/02/10 09:39:06 | 000,025,256 | ---- | M] () -- C:\Program Files (x86)\Lexmark 6500 Series\lxdfamon.exe PRC - [2010/02/10 09:39:02 | 000,455,336 | ---- | M] () -- C:\Program Files (x86)\Lexmark 6500 Series\lxdfmon.exe PRC - [2010/02/03 01:08:56 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe PRC - [2010/01/22 13:29:40 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2009/10/26 14:16:00 | 000,223,464 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe PRC - [2009/10/26 14:15:56 | 000,375,000 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe PRC - [2008/03/18 06:28:46 | 000,068,096 | ---- | M] () -- C:\cygwin\bin\cygrunsrv.exe PRC - [2004/09/16 10:52:42 | 001,605,632 | ---- | M] (Webshots.com) -- C:\Program Files (x86)\Webshots\webshots.scr
[color=#E56717]========== Modules (No Company Name) ==========[/color]
MOD - [2012/09/19 14:30:35 | 000,361,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorUtil\205225c8a4545fde8cee36e3e5b3e03b\IAStorUtil.ni.dll MOD - [2012/09/19 14:30:35 | 000,027,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorDataMgrSvcInt#\496dfc86ced14d6a3389172061ebafe2\IAStorDataMgrSvcInterfaces.ni.dll MOD - [2012/09/19 14:30:35 | 000,026,112 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorCommon\49472b1a7ed2a5a68070d885198f4eb2\IAStorCommon.ni.dll MOD - [2012/09/14 16:38:07 | 001,226,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.WorkflowServ#\6831f648f5b925f1194f691b0b491662\System.WorkflowServices.ni.dll MOD - [2012/09/14 16:37:48 | 001,140,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\ec057796972ce41b751eaa3a8306fbcb\System.ServiceModel.Discovery.ni.dll MOD - [2012/09/14 16:37:48 | 000,369,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\dc86fe1c7a6e3a7ce9e9c1f13d9b1e8e\System.ServiceModel.Routing.ni.dll MOD - [2012/09/14 16:37:47 | 000,082,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\d09c237ee72af3935f1a01388ef8e315\System.ServiceModel.Channels.ni.dll MOD - [2012/09/14 16:37:38 | 001,393,152 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\5055b60e339143bbace5871f5fe4b114\System.ServiceModel.Activities.ni.dll MOD - [2012/09/14 16:37:36 | 018,058,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\cfece6f67593b4d8bb58d23b7fdcc470\System.ServiceModel.ni.dll MOD - [2012/09/14 16:37:36 | 001,072,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\bd28f26b18b8ffeee1a0fbaa98f5810e\System.IdentityModel.ni.dll MOD - [2012/09/14 16:37:25 | 001,086,464 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\f42c2acdb000001066c78acfc6cd8655\System.ServiceModel.Web.ni.dll MOD - [2012/09/14 16:36:20 | 001,021,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\79ac99fe5274fb82ffcff2c15f71854c\System.Runtime.DurableInstancing.ni.dll MOD - [2012/09/14 16:36:19 | 002,647,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\8a9fac9cb825b5d2db0bdb867fff940e\System.Runtime.Serialization.ni.dll MOD - [2012/09/14 16:36:19 | 000,143,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\bb97517e4ca64e02282fca24612ce8ad\SMDiagnostics.ni.dll MOD - [2012/09/14 16:36:04 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\d234eceae699d070b5a5712ce776c01f\System.Xaml.ni.dll MOD - [2012/09/14 16:31:47 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll MOD - [2012/09/14 16:31:35 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll MOD - [2012/09/14 16:31:07 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll MOD - [2012/09/14 16:31:05 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll MOD - [2012/09/14 16:31:04 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012/09/14 16:31:00 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2012/09/14 16:12:41 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\3971e166cf827b6726e142f344061dc9\System.Windows.Forms.ni.dll MOD - [2012/09/14 16:12:35 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\8c40f40ef36622109793788049fbe9ab\System.Drawing.ni.dll MOD - [2012/09/14 16:11:08 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d1f299160424bad90fe9f658661389e2\System.Xml.ni.dll MOD - [2012/09/14 16:11:06 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\623d2a0f11dd82bb9bc13d1cb981b239\System.Configuration.ni.dll MOD - [2012/09/14 16:11:04 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\ed91b57205429a23bb91f4499059a459\System.Core.ni.dll MOD - [2012/09/14 16:10:59 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\6f9f0467e8b2dd3f69b015c8e30ac945\System.ni.dll MOD - [2012/09/14 16:10:55 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll MOD - [2011/09/21 16:46:28 | 001,673,728 | ---- | M] () -- C:\Program Files (x86)\Notepad++\plugins\NppFTP.dll MOD - [2011/07/18 17:07:28 | 000,014,336 | ---- | M] () -- C:\Program Files (x86)\Notepad++\plugins\NppExport.dll MOD - [2011/03/22 02:23:20 | 000,008,206 | ---- | M] () -- C:\cygwin\bin\cygssp-0.dll MOD - [2011/03/22 02:23:02 | 000,044,558 | ---- | M] () -- C:\cygwin\bin\cyggcc_s-1.dll MOD - [2011/03/16 17:09:48 | 001,174,542 | ---- | M] () -- C:\cygwin\bin\cygcrypto-0.9.8.dll MOD - [2011/02/04 08:18:14 | 000,408,590 | ---- | M] () -- C:\cygwin\usr\sbin\sshd.exe MOD - [2010/08/01 17:04:19 | 000,077,838 | ---- | M] () -- C:\cygwin\bin\cygz.dll MOD - [2010/06/01 11:38:40 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\ASUS\TurboV EVO\pngio.dll MOD - [2010/03/28 05:02:33 | 000,028,174 | ---- | M] () -- C:\cygwin\bin\cygwrap-0.dll MOD - [2010/02/10 09:39:06 | 000,025,256 | ---- | M] () -- C:\Program Files (x86)\Lexmark 6500 Series\lxdfamon.exe MOD - [2010/02/10 09:39:02 | 000,455,336 | ---- | M] () -- C:\Program Files (x86)\Lexmark 6500 Series\lxdfmon.exe MOD - [2010/02/09 08:41:50 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Lexmark 6500 Series\app4r.monitor.core.dll MOD - [2010/02/09 08:41:50 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Lexmark 6500 Series\app4r.monitor.common.dll MOD - [2010/02/09 08:40:56 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Lexmark 6500 Series\app4r.devmons.mcmdevmon.dll MOD - [2010/02/08 18:19:52 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\TurboV EVO\HookKey32.dll MOD - [2010/01/21 02:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll MOD - [2010/01/09 21:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF MOD - [2009/09/29 23:33:07 | 000,024,576 | R--- | M] () -- C:\Windows\SysWOW64\AsIO.dll MOD - [2009/06/27 11:11:12 | 000,503,202 | ---- | M] () -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll MOD - [2008/06/06 07:45:50 | 000,011,776 | ---- | M] () -- C:\Program Files (x86)\Lexmark 6500 Series\app4r.devmons.mcmdevmon.autoplayutil.dll MOD - [2008/03/18 06:28:46 | 000,068,096 | ---- | M] () -- C:\cygwin\bin\cygrunsrv.exe MOD - [2007/05/24 16:21:26 | 000,278,528 | ---- | M] () -- C:\Program Files (x86)\Lexmark 6500 Series\lxdfscw.dll MOD - [2007/05/03 11:39:32 | 000,589,824 | ---- | M] () -- C:\Program Files (x86)\Lexmark 6500 Series\lxdfdatr.dll MOD - [2003/10/19 05:12:30 | 000,006,656 | ---- | M] () -- C:\cygwin\bin\cygcrypt-0.dll MOD - [2003/01/02 16:32:06 | 000,020,480 | ---- | M] () -- C:\Utils\WallWatcher\NetUtils.dll
[color=#E56717]========== Services (SafeList) ==========[/color]
SRV:64bit: - [2012/09/07 23:36:24 | 000,144,024 | ---- | M] (BiniSoft.org) [Auto | Running] -- C:\Program Files\Windows Firewall Control\wfcs.exe -- (wfcs) SRV:64bit: - [2012/07/27 22:09:44 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV:64bit: - [2011/03/24 07:24:58 | 000,095,976 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc) SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:64bit: - [2007/05/29 06:06:06 | 001,053,104 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxdfcoms.exe -- (lxdf_device) SRV:64bit: - [2007/05/29 06:05:48 | 000,033,712 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxdfserv.exe -- (lxdfCATSCustConnectService) SRV - [2012/09/20 01:49:50 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/09/07 01:50:06 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/09/01 18:07:22 | 000,014,904 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2012/08/16 14:15:48 | 003,170,672 | ---- | M] (Conceiva Pty. Ltd.) [Auto | Running] -- C:\Program Files (x86)\Conceiva\Mezzmo\MezzmoMediaServer.exe -- (Mezzmo) SRV - [2012/08/13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2012/07/03 13:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/04/30 20:56:16 | 000,354,416 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP) SRV - [2012/04/30 20:56:04 | 000,433,264 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service) SRV - [2012/04/30 19:53:30 | 011,839,488 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe -- (VMwareHostd) SRV - [2012/04/30 17:54:52 | 000,079,872 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService) SRV - [2012/02/16 12:31:20 | 001,110,480 | ---- | M] (Hagel Technologies Ltd.) [Auto | Running] -- C:\Program Files (x86)\DU Meter\DUMeterSvc.exe -- (DUMeterSvc) SRV - [2011/11/15 13:20:26 | 000,095,608 | ---- | M] (Dyn, Inc.) [Auto | Running] -- C:\Program Files (x86)\DynDNS Updater\DynUpSvc.exe -- (Dyn Updater) SRV - [2011/10/14 02:01:50 | 000,994,360 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\psia.exe -- (Secunia PSI Agent) SRV - [2011/08/29 23:11:04 | 000,846,448 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe -- (VMUSBArbService) SRV - [2011/08/19 05:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv) SRV - [2011/04/08 23:21:18 | 001,083,808 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) SRV - [2011/04/08 23:20:08 | 001,890,184 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe -- (AcronisAgent) SRV - [2011/04/08 23:13:40 | 004,599,080 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Acronis\BackupAndRecovery\mms.exe -- (MMS) SRV - [2011/01/01 15:44:03 | 000,008,192 | -HS- | M] () [Auto | Running] -- C:\Windows\SysWOW64\srvany.exe -- (KMService) SRV - [2010/07/08 09:28:56 | 000,815,704 | ---- | M] (GlavSoft LLC.) [Disabled | Stopped] -- C:\Program Files (x86)\TightVNC\tvnserver.exe -- (tvnserver) SRV - [2010/06/24 02:19:50 | 000,109,056 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe -- (AsSysCtrlService) SRV - [2010/05/25 20:53:46 | 002,139,400 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe -- (OS Selector) SRV - [2010/05/04 13:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/10/26 14:16:00 | 000,223,464 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService) SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008/03/18 06:28:46 | 000,068,096 | ---- | M] () [Auto | Running] -- C:\cygwin\bin\cygrunsrv.exe -- (sshd) SRV - [2007/05/29 06:06:44 | 000,598,960 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxdfcoms.exe -- (lxdf_device) SRV - [2007/05/29 06:05:48 | 000,033,712 | ---- | M] () [Auto | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\\lxdfserv.exe -- (lxdfCATSCustConnectService)
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
DRV:64bit: - [2012/09/01 18:01:56 | 000,647,736 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA) DRV:64bit: - [2012/09/01 18:01:56 | 000,028,216 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorF.sys -- (iaStorF) DRV:64bit: - [2012/07/28 00:07:44 | 010,278,912 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012/07/27 21:14:46 | 000,368,640 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012/07/19 23:21:19 | 000,047,208 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tbhsd.sys -- (tbhsd) DRV:64bit: - [2012/07/19 23:21:13 | 000,037,480 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rrnetcap.sys -- (RRNetCapMP) DRV:64bit: - [2012/07/19 23:21:13 | 000,037,480 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rrnetcap.sys -- (RRNetCap) DRV:64bit: - [2012/05/14 02:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2012/04/30 20:56:36 | 000,063,088 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86) DRV:64bit: - [2012/04/30 20:54:56 | 000,030,320 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif) DRV:64bit: - [2012/04/30 17:22:42 | 000,045,680 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge) DRV:64bit: - [2012/04/30 17:22:42 | 000,020,080 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter) DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/11/14 05:26:53 | 000,116,504 | ---- | M] (Ray Hinchliffe) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SIVX64.sys -- (SIVDriver) DRV:64bit: - [2011/08/29 23:11:04 | 000,039,024 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon) DRV:64bit: - [2011/08/19 05:27:30 | 004,869,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) DRV:64bit: - [2011/08/19 05:27:30 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64) DRV:64bit: - [2011/08/08 14:59:12 | 000,116,336 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci) DRV:64bit: - [2011/06/12 16:09:53 | 000,971,360 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter) DRV:64bit: - [2011/06/12 16:06:04 | 000,272,480 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman) DRV:64bit: - [2011/03/24 07:24:54 | 000,148,072 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv) DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/12/11 23:01:26 | 000,038,944 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cdrbsdrv.sys -- (cdrbsdrv) DRV:64bit: - [2010/12/07 02:47:32 | 000,828,912 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/20 07:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2010/09/01 04:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI) DRV:64bit: - [2010/08/06 04:53:14 | 000,293,416 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91xx.sys -- (mv91xx) DRV:64bit: - [2010/08/04 09:17:14 | 001,342,064 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService) DRV:64bit: - [2010/07/01 13:11:24 | 000,012,352 | ---- | M] () [Kernel | "Start" not found. | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5) DRV:64bit: - [2010/05/07 19:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon) DRV:64bit: - [2010/05/07 19:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64) DRV:64bit: - [2010/01/22 13:22:22 | 000,180,224 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2010/01/22 13:22:18 | 000,077,824 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2009/11/11 18:44:24 | 000,034,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64k.sys -- (Point64) DRV:64bit: - [2009/10/18 21:56:10 | 000,115,312 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID) DRV:64bit: - [2009/07/15 23:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/06/04 19:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009/05/22 10:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV - [2012/02/16 12:31:26 | 000,020,856 | ---- | M] (Hagel Technologies Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\DU Meter\DUMetr64.sys -- (DUMeterDrv) DRV - [2011/11/12 01:21:07 | 000,003,869 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\HWACCESS.SYS -- (HWACCESS) DRV - [2010/12/11 16:54:18 | 000,013,567 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\Windows\SysWow64\drivers\CDRBSDRV.SYS -- (cdrbsdrv) DRV - [2010/06/28 23:50:22 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/12/09 01:40:09] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl -- ({1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}) DRV - [2010/01/29 12:40:14 | 000,115,600 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys -- (ISODrive) DRV - [2009/07/14 20:59:56 | 000,059,384 | ---- | M] (Ray Hinchliffe) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\SIVX64.sys -- (SIVDriver) DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
[color=#E56717]========== Internet Explorer ==========[/color]
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9E 31 2B D8 7E 90 CD 01 [binary data] IE - HKCU\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.) IE - HKCU\..\SearchScopes,DefaultScope = {9AB48EDD-2B42-432e-861C-76E7AD3CB8B0} IE - HKCU\..\SearchScopes\{00979BBC-47A1-486f-BF1E-7390AC8E65BB}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=EGMB IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{9AB48EDD-2B42-432e-861C-76E7AD3CB8B0}: "URL" = http://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=5369970905&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=en&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
[color=#E56717]========== FireFox ==========[/color]
FF - prefs.js..browser.search.update: false FF - prefs.js..extensions.enabledAddons: collector@broceliand.fr:6.0.5 FF - prefs.js..extensions.enabledAddons: cookiemgr@jayapal.com:4.5 FF - prefs.js..extensions.enabledAddons: support@smart-hide-ip.com:1.0 FF - prefs.js..extensions.enabledAddons: text2voice@vik.josh:1.08 FF - prefs.js..extensions.enabledAddons: {29CB7FC4-9DD9-4357-9452-457BD5589D9E}:1.07 FF - prefs.js..extensions.enabledAddons: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3 FF - prefs.js..extensions.enabledAddons: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.5.5 FF - prefs.js..extensions.enabledAddons: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.15 FF - prefs.js..extensions.enabledAddons: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20120910 FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110704 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10 FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.7 FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.12.3.50136 FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3 FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.8 FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442 FF - prefs.js..extensions.enabledItems: collector@broceliand.fr:5.3.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29 FF - prefs.js..network.proxy.gopher: "" FF - prefs.js..network.proxy.gopher_port: 0 FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_278.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/07 01:50:06 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/08/30 23:26:36 | 000,000,000 | ---D | M]
[2010/12/05 20:08:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mike\AppData\Roaming\Mozilla\Extensions [2012/09/20 02:23:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\7r2ofpbr.default\extensions [2011/11/04 03:30:07 | 000,000,000 | ---D | M] (Screen grab! with Online Upload) -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\7r2ofpbr.default\extensions\{29CB7FC4-9DD9-4357-9452-457BD5589D9E} [2012/09/20 02:23:40 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\7r2ofpbr.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2012/06/27 23:37:54 | 000,000,000 | ---D | M] ("pearltrees") -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\7r2ofpbr.default\extensions\collector@broceliand.fr [2012/09/07 01:50:08 | 000,000,000 | ---D | M] (Advanced Cookie Manager) -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\7r2ofpbr.default\extensions\cookiemgr@jayapal.com [2012/09/03 00:32:28 | 000,064,861 | ---- | M] () (No name found) -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\7r2ofpbr.default\extensions\alldebrid@alldebrid.com.xpi [2012/08/06 21:08:30 | 000,273,552 | ---- | M] () (No name found) -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\7r2ofpbr.default\extensions\sharemenot@franziroesner.com.xpi [2012/03/14 00:06:23 | 000,004,527 | ---- | M] () (No name found) -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\7r2ofpbr.default\extensions\support@smart-hide-ip.com.xpi [2012/07/14 13:13:55 | 000,062,544 | ---- | M] () (No name found) -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\7r2ofpbr.default\extensions\text2voice@vik.josh.xpi [2012/09/14 14:25:33 | 000,527,915 | ---- | M] () (No name found) -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\7r2ofpbr.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012/01/07 01:47:24 | 000,634,964 | ---- | M] () (No name found) -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\7r2ofpbr.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012/09/14 14:25:33 | 000,698,867 | ---- | M] () (No name found) -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\7r2ofpbr.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2011/12/07 17:50:34 | 000,003,915 | ---- | M] () -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\7r2ofpbr.default\searchplugins\sweetim.xml [2012/03/15 00:45:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012/08/30 00:19:16 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012/09/07 01:50:06 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012/09/07 01:49:56 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/09/07 01:49:56 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
O1 HOSTS File: ([2012/08/13 01:59:33 | 000,001,008 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 validation.sls.microsoft.com O1 - Hosts: 192.168.1.15 BedRoomTV O1 - Hosts: 192.168.1.16 LivingRoomTV O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (GretechBHO Class) - {F0181C6E-9218-4792-9F3C-E8DF52B2F1AC} - C:\Program Files (x86)\GRETECH\GomPicker\GomPickerBHO.dll (Gretech Corporation) O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found. O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [lxdfamon] C:\Program Files (x86)\Lexmark 6500 Series\lxdfamon.exe () O4:64bit: - HKLM..\Run: [lxdfmon.exe] C:\Program Files (x86)\Lexmark 6500 Series\lxdfmon.exe () O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Common Files\Acronis\Timounter\TimounterMonitor.exe (Acronis) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [BackupAndRecoveryMonitor.exe] C:\Program Files (x86)\Acronis\BackupAndRecovery\BackupAndRecoveryMonitor.exe (Acronis) O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.) O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink) O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation) O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe () O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe (Dominik Reichl) O4 - HKLM..\Run: [Lexmark 6500 Series] C:\Program Files (x86)\Lexmark 6500 Series\fm3032.exe () O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation) O4 - HKLM..\Run: [QFan Help] C:\Program Files\ASUS\Ai Suite\QFan3\QFanHelp.exe (ASUSTeK Computer Inc.) O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [T Probe] C:\Program Files\ASUS\T Probe\TProbe.exe (ASUSTeK Computer Inc.) O4 - HKLM..\Run: [TrayMonitor.exe] C:\Program Files (x86)\Acronis\TrayMonitor\TrayMonitor.exe (Acronis) O4 - HKLM..\Run: [TurboV EVO] C:\Program Files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe (ASUSTeK Computer Inc.) O4 - HKLM..\Run: [tvncontrol] C:\Program Files (x86)\TightVNC\tvnserver.exe (GlavSoft LLC.) O4 - HKLM..\Run: [vmware-tray] C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.) O4 - HKCU..\Run: [Directory Opus Desktop Dblclk] C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe (GP Software) O4 - HKCU..\Run: [DU Meter] C:\Program Files (x86)\DU Meter\DUMeter.exe (Hagel Technologies Ltd.) O4 - HKCU..\Run: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe (ooVoo LLC) O4 - HKCU..\Run: [PicPick Start] C:\Program Files (x86)\PicPick\picpick.exe (NTeWORKS) O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D) O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation) O4 - Startup: C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Directory Opus.lnk = File not found O4 - Startup: C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Webshots.lnk = C:\Program Files (x86)\Webshots\Launcher.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 177 O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Value error.) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab (asusTek_sysctrl Class) O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlcdnet.asus.com/pub/ASUS/misc/dlm-activex-2.2.5.0.cab (Reg Error: Key error.) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BAC9370E-2169-4711-B19A-B4F13AA27C20}: NameServer = 4.2.2.1,4.2.2.4 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\ms-help - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {3CF9ECE0-1A9F-11D2-8C73-00C06C2005DE} - C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) O28 - HKLM ShellExecuteHooks: {EE761688-C137-4b04-8FAB-3C9CDF0886F0} - C:\Program Files\GPSoftware\Directory Opus\dopuslib32.dll (GP Software) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{3d8547c8-00a4-11e0-ad5e-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{3d8547c8-00a4-11e0-ad5e-806e6f6e6963}\Shell\AutoRun\command - "" = H:\.\Bin\ASSETUP.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
[2012/09/24 18:06:23 | 000,000,000 | ---D | C] -- C:\Users\Mike\Desktop\Scan [2012/09/24 18:05:56 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\Mike\Desktop\TFC.exe [2012/09/24 14:25:16 | 000,607,260 | ---- | C] (Swearware) -- C:\Users\Mike\Desktop\dds.scr [2012/09/24 14:20:45 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Mike\Desktop\OTL.exe [2012/09/24 14:18:19 | 002,212,440 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Mike\Desktop\tdsskiller.exe [2012/09/23 23:12:11 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DU Meter [2012/09/23 19:47:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Hagel Technologies [2012/09/21 17:45:46 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012/09/21 17:45:46 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012/09/21 17:45:45 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012/09/21 17:45:45 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012/09/21 17:45:45 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012/09/21 17:45:44 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012/09/21 17:45:44 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012/09/21 17:45:44 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012/09/21 17:45:44 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012/09/21 17:45:44 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012/09/21 17:45:43 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012/09/21 17:45:43 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012/09/21 17:45:42 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012/09/21 17:45:42 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012/09/21 17:45:42 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2012/09/19 14:37:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel Corporation [2012/09/19 14:36:26 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\Intel Corporation [2012/09/19 14:30:06 | 000,647,736 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\iaStorA.sys [2012/09/19 14:30:06 | 000,028,216 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\iaStorF.sys [2012/09/18 20:03:41 | 000,000,000 | ---D | C] -- C:\Intel [2012/09/14 19:20:35 | 000,000,000 | --SD | C] -- C:\Users\Mike\Documents\My Web Sites [2012/09/14 17:25:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WPF Toolkit [2012/09/14 17:25:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SDKs [2012/09/14 17:25:02 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll [2012/09/14 17:24:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Expression [2012/09/14 17:24:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Expression [2012/09/14 15:56:00 | 062,164,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe [2012/09/13 17:48:05 | 000,000,000 | --SD | C] -- C:\Users\Mike\Documents\My Data Sources [2012/09/12 22:41:40 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll [2012/09/12 22:41:40 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys [2012/09/12 22:41:39 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys [2012/09/12 22:41:39 | 000,288,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS [2012/09/11 20:51:11 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++ [2012/09/07 23:36:24 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Firewall Control [2012/09/07 23:36:24 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\BiniSoft.org [2012/09/01 02:21:26 | 000,000,000 | ---D | C] -- C:\Users\Mike\Documents\GomPlayer [2012/08/31 23:09:04 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\pdfforge [2012/08/31 23:09:01 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMAPI32.OCX [2012/08/31 23:09:01 | 000,096,768 | ---- | C] (pdfforge GbR) -- C:\Windows\SysNative\pdfcmon.dll [2012/08/31 23:09:00 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMPIDE.DLL [2012/08/31 23:09:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFCreator [2012/08/31 18:11:27 | 000,000,000 | ---D | C] -- C:\ProgramData\WorldWindData [2012/08/31 18:11:24 | 000,000,000 | ---D | C] -- C:\Users\Mike\.TraceRoute [2012/08/30 23:26:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012/08/30 23:26:36 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2012/08/30 23:26:36 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2012/08/30 23:26:31 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2012/08/30 23:26:31 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2012/08/30 23:26:31 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2012/08/30 23:23:32 | 000,289,768 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe [2012/08/30 23:23:28 | 000,189,416 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe [2012/08/30 23:23:28 | 000,188,904 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe [2012/08/30 23:23:28 | 000,108,008 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll [2012/08/30 23:23:23 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2012/08/26 12:09:13 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll [2012/08/26 12:09:11 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll [2012/08/26 12:09:10 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll [2012/08/26 12:09:10 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe [2012/08/26 12:09:05 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll [2012/08/26 12:09:04 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll [2012/08/26 12:09:04 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll [2012/08/26 12:08:57 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
[2012/09/24 18:22:55 | 000,027,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/09/24 18:22:55 | 000,027,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/09/24 18:20:38 | 000,793,026 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/09/24 18:20:38 | 000,669,104 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/09/24 18:20:38 | 000,124,896 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/09/24 18:15:37 | 000,000,043 | ---- | M] () -- C:\Windows\MezzmoMediaServer.INI [2012/09/24 18:15:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/09/24 18:14:59 | 4293,431,294 | -HS- | M] () -- C:\hiberfil.sys [2012/09/24 18:09:05 | 000,881,724 | ---- | M] () -- C:\Users\Mike\Desktop\SecurityCheck.exe [2012/09/24 18:05:56 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\Mike\Desktop\TFC.exe [2012/09/24 14:25:18 | 000,607,260 | ---- | M] (Swearware) -- C:\Users\Mike\Desktop\dds.scr [2012/09/24 14:20:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mike\Desktop\OTL.exe [2012/09/24 14:18:28 | 002,212,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Mike\Desktop\tdsskiller.exe [2012/09/23 23:22:48 | 828,740,411 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012/09/23 21:34:04 | 008,829,642 | ---- | M] () -- C:\Users\Mike\Documents\AutoRuns.arn [2012/09/23 19:43:47 | 000,003,093 | ---- | M] () -- C:\Users\Mike\Documents\Auto DU Meter Report.html [2012/09/21 18:05:12 | 000,007,622 | ---- | M] () -- C:\Users\Mike\AppData\Local\Resmon.ResmonCfg [2012/09/20 01:49:50 | 000,696,240 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012/09/20 01:49:50 | 000,073,136 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012/09/19 14:59:38 | 000,627,425 | ---- | M] () -- C:\Users\Mike\Documents\DU Meter Backup.sqbackup [2012/09/19 14:37:04 | 000,808,264 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012/09/16 21:23:37 | 000,418,656 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/09/16 17:40:00 | 000,004,810 | ---- | M] () -- C:\Users\Mike\Documents\Tracer.htm [2012/09/16 17:39:02 | 000,003,424 | ---- | M] () -- C:\Users\Mike\Documents\Ping.htm [2012/09/15 20:10:04 | 000,153,082 | ---- | M] () -- C:\Users\Mike\Documents\Premium Coder NETFLIX Premium Accounts (15 Sep 2012).pdf [2012/09/11 01:35:02 | 000,000,950 | ---- | M] () -- C:\Users\Mike\Documents\cc_20120911_013421.reg [2012/09/08 22:19:08 | 000,000,920 | ---- | M] () -- C:\Users\Mike\Desktop\TT.dlc [2012/09/08 18:40:46 | 000,033,884 | ---- | M] () -- C:\Policy saved on 8.9.2012 -(Starting Policy backup).wfc [2012/09/07 23:36:29 | 000,000,868 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Windows Firewall Control.lnk [2012/09/07 23:36:29 | 000,000,776 | ---- | M] () -- C:\Users\Public\Desktop\Windows Firewall Control.lnk [2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012/09/07 01:50:08 | 000,002,048 | ---- | M] () -- C:\Users\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2012/09/05 22:36:36 | 000,001,864 | ---- | M] () -- C:\Users\Public\Desktop\ooVoo.lnk [2012/09/01 18:01:56 | 000,647,736 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\drivers\iaStorA.sys [2012/09/01 18:01:56 | 000,028,216 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\drivers\iaStorF.sys [2012/08/31 00:12:46 | 062,164,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe [2012/08/30 23:26:24 | 000,095,208 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2012/08/30 23:26:23 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2012/08/30 23:26:23 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2012/08/30 23:26:23 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2012/08/30 23:26:23 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2012/08/30 23:26:23 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2012/08/30 23:23:26 | 000,108,008 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll [2012/08/30 23:23:25 | 000,289,768 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe [2012/08/30 23:23:25 | 000,189,416 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe [2012/08/30 23:23:25 | 000,188,904 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe [2012/08/30 23:23:24 | 001,034,216 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll [2012/08/30 23:23:24 | 000,916,456 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll [2012/08/29 21:49:33 | 000,025,995 | ---- | M] () -- C:\Users\Mike\Documents\TRAU064 - Clip 01.wlmp | actions · 2012-Sep-25 1:14 am · (locked) | mmainprize |
[color=#E56717]========== Files Created - No Company Name ==========[/color]
[2012/09/24 18:09:04 | 000,881,724 | ---- | C] () -- C:\Users\Mike\Desktop\SecurityCheck.exe [2012/09/23 23:22:48 | 828,740,411 | ---- | C] () -- C:\Windows\MEMORY.DMP [2012/09/23 21:34:04 | 008,829,642 | ---- | C] () -- C:\Users\Mike\Documents\AutoRuns.arn [2012/09/19 14:59:38 | 000,627,425 | ---- | C] () -- C:\Users\Mike\Documents\DU Meter Backup.sqbackup [2012/09/16 17:40:00 | 000,004,810 | ---- | C] () -- C:\Users\Mike\Documents\Tracer.htm [2012/09/16 17:39:02 | 000,003,424 | ---- | C] () -- C:\Users\Mike\Documents\Ping.htm [2012/09/15 20:10:02 | 000,153,082 | ---- | C] () -- C:\Users\Mike\Documents\Premium Coder NETFLIX Premium Accounts (15 Sep 2012).pdf [2012/09/11 01:34:58 | 000,000,950 | ---- | C] () -- C:\Users\Mike\Documents\cc_20120911_013421.reg [2012/09/08 22:19:08 | 000,000,920 | ---- | C] () -- C:\Users\Mike\Desktop\TT.dlc [2012/09/08 18:40:46 | 000,033,884 | ---- | C] () -- C:\Policy saved on 8.9.2012 -(Starting Policy backup).wfc [2012/09/07 23:36:29 | 000,000,868 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Windows Firewall Control.lnk [2012/09/07 23:36:29 | 000,000,776 | ---- | C] () -- C:\Users\Public\Desktop\Windows Firewall Control.lnk [2012/09/05 22:36:36 | 000,001,864 | ---- | C] () -- C:\Users\Public\Desktop\ooVoo.lnk [2012/08/29 20:45:49 | 000,025,995 | ---- | C] () -- C:\Users\Mike\Documents\TRAU064 - Clip 01.wlmp [2012/08/24 19:30:55 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll [2012/08/24 19:30:50 | 000,112,640 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2012/08/08 20:08:43 | 000,038,500 | ---- | C] () -- C:\Users\Mike\AppData\Roaming\Comma Separated Values (Windows).ADR [2012/08/04 18:27:39 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2012/08/04 18:27:39 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2012/07/27 21:39:50 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012/07/27 21:39:50 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012/06/06 15:41:20 | 047,737,820 | ---- | C] () -- C:\Program Files (x86)\JDownloader.rar [2012/05/09 20:57:56 | 048,856,379 | ---- | C] () -- C:\Program Files (x86)\JDownloader V1 Backup.rar [2012/03/15 00:51:37 | 000,000,620 | ---- | C] () -- C:\Windows\unins000.dat [2012/01/31 20:54:03 | 000,000,910 | ---- | C] () -- C:\Users\Mike\.recently-used.xbel [2011/12/19 20:01:39 | 000,000,107 | ---- | C] () -- C:\Windows\IfoEdit.INI [2011/12/17 14:55:13 | 000,000,043 | ---- | C] () -- C:\Windows\MezzmoMediaServer.INI [2011/12/10 16:49:31 | 000,647,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdfpmui.dll [2011/12/10 16:49:31 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxdfcomx.dll [2011/12/10 16:49:31 | 000,356,352 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdfinpa.dll [2011/12/10 16:49:31 | 000,348,160 | ---- | C] () -- C:\Windows\SysWow64\lxdfinst.dll [2011/12/10 16:49:31 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdfiesc.dll [2011/12/10 16:49:30 | 001,200,128 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdfserv.dll [2011/12/10 16:49:30 | 000,950,272 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdfusb1.dll [2011/12/10 16:49:30 | 000,663,552 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdfhbn3.dll [2011/12/10 16:49:30 | 000,565,248 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdflmpm.dll [2011/12/10 16:49:30 | 000,320,432 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdfih.exe [2011/12/10 16:49:30 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdfprox.dll [2011/12/10 16:49:29 | 000,860,160 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdfcomc.dll [2011/12/10 16:49:29 | 000,598,960 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdfcoms.exe [2011/12/10 16:49:29 | 000,365,488 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdfcfg.exe [2011/12/10 16:49:29 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdfcomm.dll [2011/12/10 16:20:27 | 000,000,047 | ---- | C] () -- C:\Windows\WinInit.Ini [2011/11/24 20:07:02 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2011/11/12 01:21:07 | 000,003,869 | ---- | C] () -- C:\Windows\SysWow64\HWACCESS.SYS [2011/09/12 18:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011/08/19 05:26:20 | 010,898,456 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll [2011/08/19 05:26:20 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll [2011/08/19 05:26:20 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe [2011/03/19 23:22:12 | 000,001,970 | ---- | C] () -- C:\Windows\Sandboxie.ini [2011/03/07 21:24:47 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2011/02/11 01:39:01 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2011/01/01 15:12:17 | 000,008,192 | -HS- | C] () -- C:\Windows\SysWow64\srvany.exe [2011/01/01 13:47:40 | 000,007,622 | ---- | C] () -- C:\Users\Mike\AppData\Local\Resmon.ResmonCfg [2010/12/26 18:39:17 | 000,063,488 | ---- | C] () -- C:\Users\Mike\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/12/23 18:46:35 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2010/12/16 00:39:47 | 000,000,028 | ---- | C] () -- C:\Windows\pdf995.ini [2010/12/16 00:38:13 | 000,047,616 | ---- | C] () -- C:\Windows\SysWow64\pdf995mon64.dll [2010/12/16 00:38:13 | 000,000,160 | ---- | C] () -- C:\Windows\wpd99.drv [2010/12/12 01:54:47 | 000,808,264 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010/12/11 02:16:32 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2010/12/08 02:19:49 | 000,009,728 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll [2010/12/04 13:22:22 | 000,040,109 | ---- | C] () -- C:\Windows\Ascd_log.ini [2010/12/04 13:17:03 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll [2010/12/04 13:17:03 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys [2010/12/04 13:17:02 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys [2010/12/04 13:17:02 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys [2010/12/04 13:02:51 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2010/12/04 13:02:47 | 000,033,212 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2010/12/04 13:00:16 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2003/10/06 04:21:31 | 000,000,000 | -H-- | C] () -- C:\ProgramData\sdpsenv.dat
[color=#E56717]========== ZeroAccess Check ==========[/color]
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
[color=#E56717]========== LOP Check ==========[/color]
[2010/12/11 15:15:04 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\6500 Series [2012/08/10 21:12:51 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\AC3Filter [2010/12/08 03:31:01 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\ACD Systems [2011/06/12 19:08:25 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Acronis [2012/02/06 02:07:41 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\anpo.republika.pl [2010/12/07 02:32:23 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\DAEMON Tools Lite [2010/12/08 02:28:26 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Desktopicon [2012/03/15 01:26:47 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Downloaded Installations [2011/12/29 17:30:40 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\FFSJ [2012/02/06 02:05:09 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\fltk.org [2012/08/05 20:27:03 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\FreeFileSync [2011/08/19 18:45:24 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Garmin [2011/01/03 20:34:33 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\GPSoftware [2011/11/12 02:34:19 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\gtk-2.0 [2011/12/22 19:58:48 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\HandBrake [2011/06/18 20:16:53 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\ImgBurn [2012/09/24 18:11:40 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\KeePass [2010/12/22 23:18:15 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Leadertech [2011/09/10 12:46:41 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\LEAPS [2011/12/10 20:20:08 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Lexmark Productivity Studio [2012/09/16 23:32:39 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\MediaMonkey [2011/10/07 15:28:56 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Meeting Center [2012/05/16 20:13:54 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Mp3tag [2012/09/24 04:28:00 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\NetStat Agent [2012/06/15 23:06:54 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Nitro PDF [2012/08/16 13:54:13 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Notepad++ [2012/07/27 17:17:55 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\ooVoo Details [2010/12/16 00:39:47 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\pdf995 [2012/08/31 23:09:04 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\pdfforge [2011/09/10 12:44:13 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Pegasys Inc [2011/10/20 02:08:55 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\picpick [2012/03/30 01:06:56 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\RaimaRadioPro [2012/03/14 00:05:53 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\SmartHideIP [2012/01/16 16:54:51 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Thinstall [2011/03/28 19:23:21 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\TightVNC [2010/12/09 19:34:03 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Webshots [2011/12/19 21:24:35 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Xilisoft
[color=#E56717]========== Purity Check ==========[/color]
[color=#E56717]========== Alternate Data Streams ==========[/color]
@Alternate Data Stream - 160 bytes -> C:\ProgramData\sdpsenv.dat:naughtypirates | actions · 2012-Sep-25 1:15 am · (locked) | mmainprize |
************************************************************************************ * ran OTL.exe extras.txt * ************************************************************************************
OTL Extras logfile created on: 9/24/2012 7:51:25 PM - Run 1 OTL by OldTimer - Version 3.2.66.2 Folder = C:\Users\Mike\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
16.00 Gb Total Physical Memory | 12.22 Gb Available Physical Memory | 76.40% Memory free 31.99 Gb Paging File | 27.97 Gb Available in Paging File | 87.44% Paging File free Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 446.91 Gb Total Space | 175.42 Gb Free Space | 39.25% Space Free | Partition Type: NTFS Drive D: | 1412.82 Gb Total Space | 1312.73 Gb Free Space | 92.92% Space Free | Partition Type: NTFS Drive E: | 1863.01 Gb Total Space | 1627.90 Gb Free Space | 87.38% Space Free | Partition Type: NTFS Drive F: | 1863.01 Gb Total Space | 1268.83 Gb Free Space | 68.11% Space Free | Partition Type: NTFS Drive L: | 1397.26 Gb Total Space | 642.73 Gb Free Space | 46.00% Space Free | Partition Type: NTFS Drive V: | 1397.26 Gb Total Space | 833.87 Gb Free Space | 59.68% Space Free | Partition Type: NTFS
Computer Name: P7P55CM | User Name: Mike | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
[color=#E56717]========== File Associations ==========[/color]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\] .ini [@ = Notepad++_file] -- Reg Error: Key error. File not found .txt [@ = Notepad++_file] -- Reg Error: Key error. File not found
[color=#E56717]========== Shell Spawning ==========[/color]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Browse with FastStone] -- "C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Flash Renamer] -- "C:\Program Files (x86)\Flash Renamer\FlashRen.exe" "/p %1" (RL Vision) Directory [MediaMonkey.1Play] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.) Directory [MediaMonkey.2PlayNext] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.) Directory [MediaMonkey.3Enqueue] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Browse with FastStone] -- "C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Flash Renamer] -- "C:\Program Files (x86)\Flash Renamer\FlashRen.exe" "/p %1" (RL Vision) Directory [MediaMonkey.1Play] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.) Directory [MediaMonkey.2PlayNext] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.) Directory [MediaMonkey.3Enqueue] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[color=#E56717]========== Security Center Settings ==========[/color]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
[color=#E56717]========== Firewall Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 "DoNotAllowExceptions" = 0 "DefaultInboundAction" = 1 "DefaultOutboundAction" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 "DoNotAllowExceptions" = 0 "DefaultInboundAction" = 1 "DefaultOutboundAction" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 "DoNotAllowExceptions" = 0 "DefaultInboundAction" = 1 "DefaultOutboundAction" = 1
[color=#E56717]========== Authorized Applications List ==========[/color]
[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0D573A37-5D42-4346-A695-2256CE02367A}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | "{0F9275D9-06FC-48BA-8C1F-AB2123D65A9B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{141FF8B3-E11F-45D3-83DD-F4426C1DB7A2}" = rport=80 | protocol=6 | dir=out | app=c:\program files\windows firewall control\wfc.exe | "{1711BF9A-FACA-42DB-93D2-CA6F619F08E9}" = lport=12972 | protocol=6 | dir=in | name=audials localhttpserver 12972 | "{17D4587E-B7EB-46BC-AAFD-CCF8CD27B960}" = rport=123 | protocol=17 | dir=out | svc=w32time | app=c:\windows\system32\svchost.exe | "{1B5F6A39-B16B-4B77-8315-1AF033414780}" = lport=137 | protocol=17 | dir=in | app=system | "{2304619A-1825-46AB-A148-8F4E418645DB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | "{2F1C6BB8-4742-4461-AB4C-DBBC1E94EED3}" = rport=445 | protocol=6 | dir=out | app=system | "{31762E98-2F93-4FAD-A156-AEFC1DA36034}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{3BC3D872-6562-4FA9-B5AD-B4814E32B455}" = lport=138 | protocol=17 | dir=in | app=system | "{46208CAB-1467-4E74-888D-0E290102D486}" = lport=1900 | protocol=17 | dir=in | name=mezzmo media server service | "{4B0EDD99-1923-4627-9765-FBB8D1926BC0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{5A73C1BA-4CAA-4135-A330-C0F9FF4D2738}" = lport=139 | protocol=6 | dir=in | app=system | "{74598331-3DE7-44E0-9274-4A31DE0A5EC3}" = lport=72 | protocol=6 | dir=in | name=ssh | "{756741C7-2BA7-4285-891C-23478F2FB37F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{79B283EA-4C8E-4D4B-8DB9-A66A7097CF06}" = lport=31931 | protocol=6 | dir=in | name=audials localhttpserver 31931 | "{8434FA5A-EFC2-439B-ABB1-74BE3DC499AF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{9D8FACEE-8588-4419-B7F2-9EF86629BA84}" = lport=53168 | protocol=6 | dir=in | name=mezzmo media server service | "{A3B97703-27AE-469A-9D5D-B74E859533F1}" = lport=2869 | protocol=6 | dir=in | name=mezzmo media server service | "{A3BD714E-A960-4D24-8914-36C14D392F65}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{A4B825BB-722C-4FE6-8510-F2A77BD900A3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{ABFA373C-415A-41D8-8C0F-713EB9B25D39}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{B21CB54A-144C-4FED-B3A5-5589A36301BB}" = lport=53168 | protocol=6 | dir=in | name=mezzmo media server service | "{BA1C765E-0E09-40F5-AAD2-5969A653C38C}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{BD45E275-8D39-489B-8540-0DEB0BF2850F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{C6DC4138-8514-42CF-8903-F9001F73BE7C}" = lport=1900 | protocol=17 | dir=in | name=mezzmo media server service | "{CA38A6BE-D54D-427E-82A9-6452304A2368}" = rport=137 | protocol=17 | dir=out | app=system | "{D2F42DC4-1EB9-4653-88D7-85BFFC5CB98F}" = lport=2869 | protocol=6 | dir=in | name=mezzmo media server service | "{D3065868-4AD6-4379-B107-F679C655A400}" = lport=53168 | protocol=6 | dir=in | name=mezzmo media server service | "{D4C1D5F6-2630-4A15-AECB-C8747A0305D3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{DC437209-0E75-426B-ACBA-79B8D4868700}" = lport=1900 | protocol=17 | dir=in | name=mezzmo media server service | "{DE271058-2AA0-46A3-9A72-0F6281A28CC9}" = lport=2869 | protocol=6 | dir=in | name=mezzmo media server service | "{E8CEB580-10C4-4AF3-BCE9-FA0B15DE4E6A}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{EEEDCFEB-B9E4-4CF0-BCF7-7E2A528DD213}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{F1956114-A17A-4FF7-B94C-C2D92D01676D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{F6990A20-A8A7-41DA-934C-1CA065A8249E}" = lport=14714 | protocol=6 | dir=in | name=audials localhttpserver 14714 | "{F8197B34-3F8E-401C-B0D8-9E07DD6D5063}" = lport=445 | protocol=6 | dir=in | app=system | "{FA0E25DD-DE35-46AB-852C-61469FB65309}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{FB7AC1E3-D31E-4D24-992C-BA098CDADF92}" = rport=139 | protocol=6 | dir=out | app=system | "{FE4B4CB2-A1F2-46AB-863C-F388B09CBFC4}" = rport=138 | protocol=17 | dir=out | app=system |
[color=#E56717]========== Vista Active Application Exception List ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0077E57C-0BF0-4A0F-8DB1-BF131A6DA56D}" = dir=out | app=c:\program files (x86)\java\jre7\bin\javaw.exe | "{01674670-7FA6-42D3-8DC0-CCECB7D6CED9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{02F56C15-8ACD-4867-872E-4F40548AFAE6}" = dir=out | app=c:\program files (x86)\microsoft expression\design 4\dxsetup.exe | "{0398B5C5-586B-4CC6-BA9D-DE7BD428B6A0}" = dir=out | app=c:\windows\system32\svchost.exe | "{06A81C5A-0665-43FE-AD47-C4617C59161F}" = dir=out | app=c:\program files (x86)\skype\phone\skype.exe | "{0D7B18AC-7CA0-44EE-BF62-F906089F6F66}" = protocol=17 | dir=in | app=c:\utils\wallwatcher\wallwatcher.exe | "{0E926D57-9EFC-4DA8-8A17-991E9D7DC8AC}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 6500 series\frun.exe | "{14F9AB9F-AC7B-41FA-BF47-BE2162E016B9}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdfjswx.exe | "{15677E1D-F8C3-44A2-A219-8F9086166B1B}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{15B831D0-CDAA-45FE-A404-4531C218974E}" = dir=out | app=c:\program files (x86)\gretech\gomplayer\gom.exe | "{1618D5A4-C9A6-4B0E-9A83-6ABFD3B515C9}" = dir=out | app=c:\program files (x86)\conceiva\mezzmo\mezzmomediaserver.exe | "{195DB493-1D75-4051-A87A-02C5460287C6}" = dir=out | app=c:\windows\system32\svchost.exe | "{1AE10CF7-8373-46B6-B3F2-BDF95F88005F}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 6500 series\lxdftime.exe | "{1C839443-4684-4563-89B3-19C5E13A7F3D}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 6500 series\lxdffax.exe | "{20DAE590-56A1-437F-88A4-B1C1BDE9E480}" = dir=out | app=c:\program files\gpsoftware\directory opus\dopus.exe | "{215FDE39-6C9A-478A-BA69-A3617657C973}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 6500 series\lxdffax.exe | "{2283ED6F-A8E3-4857-AD8F-3514F8370CA1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{26B5FF67-C72D-4D31-9D4B-1ED441EFB5B9}" = dir=out | app=c:\program files (x86)\microsoft expression\blend 4\dxsetup.exe | "{2C3E5BA8-507C-4A46-8BBF-4F65DEFAD8A5}" = protocol=17 | dir=in | app=c:\windows\system32\lxdfcoms.exe | "{2D054235-E14A-46BB-8AA3-5ED36F722390}" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | "{30B607F6-2F3F-49DD-90B0-639BE7551A99}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{32DC041C-E99A-4FF8-87FB-42085DD58748}" = dir=out | app=c:\program files (x86)\windows live\photo gallery\moviemaker.exe | "{33F51BEF-BC9E-4746-A351-BDD2C4E8CA07}" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | "{34E52A37-AE61-4BFF-B02C-3CD4EDF0D8E2}" = dir=out | app=c:\program files (x86)\java\jre7\bin\java.exe | "{34FFF554-AA24-4707-B878-4BB48DCFA761}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe | "{3697405D-9ECF-4088-BEC0-A6209E2B0042}" = protocol=1 | dir=out | app=system | "{38AA5D43-C5A4-4D04-BC18-D82F28F9C3C5}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 6500 series\lxdffax.exe | "{3A7169B6-7533-4352-95F3-B9D85097FF72}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{3BA2E668-87A9-4CDB-AF88-68305FD9FFDA}" = dir=out | app=c:\program files (x86)\apple software update\softwareupdate.exe | "{3E83DE04-74BA-4E51-8486-8566584EB743}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | "{40968C48-EE4A-4426-9511-87178B96163C}" = dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe | "{42BA94D6-CB80-4084-B3BA-5AF9A206A03B}" = dir=out | app=c:\program files (x86)\microsoft expression\web 4\dxsetup.exe | "{42E13944-D1B1-40AB-B78B-F286221EC688}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 6500 series\frun.exe | "{4407052E-1045-46D8-B1BA-D62A3A9B943F}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 6500 series\lxdfamon.exe | "{442BD23B-1552-4CDB-889A-4B10108C6B88}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 6500 series\frun.exe | "{45395410-6060-4AC8-8B5A-5A3052FAB030}" = dir=out | app=c:\program files\internet explorer\iexplore.exe | "{4830FD68-D0A5-46EE-8C46-C07681A5866C}" = dir=out | app=c:\program files (x86)\webshots\webshots.scr | "{49CEEAFD-372B-46E9-951E-E23A00EFC82B}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdfpswx.exe | "{49E490D5-13D1-47CF-B66B-0F3126E5A04C}" = dir=out | app=c:\program files (x86)\secunia\psi\psia.exe | "{4B42F11D-4ECA-4FA1-B6F0-71B81CB96DBF}" = protocol=6 | dir=in | app=c:\utils\wallwatcher\wallwatcher.exe | "{4EBCDCC4-AFFC-446F-992A-82DE02298400}" = protocol=6 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe | "{511EFF6E-9E15-44B3-8378-B2504895279A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{5446FCD7-10CB-4791-8BF7-8600B0995741}" = dir=out | app=c:\windows\microsoft.net\framework\v2.0.50727\installutil.exe | "{545FC8A8-35ED-474A-A3FA-953670F834E5}" = dir=out | app=c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe | "{56FA5951-590A-4FA8-AC71-9833DABD2A5E}" = dir=out | app=c:\program files (x86)\dyndns updater\dynupconfig.exe | "{58A838CE-1CAC-422B-A011-C640DEEC81FD}" = protocol=6 | dir=in | app=c:\shareddata\myportable\network\network tools\lookatlan\lookatlan.exe | "{59EED716-1ECC-4C03-94BF-734C43F5B530}" = dir=out | app=c:\program files\microsoft security client\mpcmdrun.exe | "{5B59A7AB-6CCC-4C45-84D0-E64720239F7C}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 6500 series\lxdfamon.exe | "{5B66235A-12D6-4504-9CEC-4E5E183942D7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{5E7FB759-17FB-4B21-8E12-066C51B9E9E7}" = dir=out | app=c:\program files (x86)\mozilla firefox\firefox.exe | "{5F5DDED3-08ED-43D2-955B-560D3A6252BE}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 6500 series\lxdfmon.exe | "{6031013E-6990-4F2C-8F8C-54D87B43FC5F}" = dir=out | app=c:\windows\system32\rundll32.exe | "{613B81F9-D661-43C5-AFB5-7801858A268E}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 6500 series\wireless\lxdfwpss.exe | "{65532739-E84C-41DA-BA61-D9BB11CB58FA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | "{65AF4124-91AE-425A-BEFD-8E6EE3CCBFBE}" = dir=out | app=c:\windows\system32\svchost.exe | "{65F9B15B-5AE0-45D6-99A4-275460CFDD51}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 6500 series\lxdfmon.exe | "{69034932-94CE-49A6-8C85-839233FFD371}" = dir=out | app=c:\windows\helppane.exe | "{69436C74-D94F-41B7-BAA4-3C771A4BE06C}" = protocol=17 | dir=in | app=c:\shareddata\myportable\network\network tools\lookatlan\lookatlan.exe | "{69A08E56-2680-4AC2-9246-EF16417E2E83}" = dir=out | app=c:\windows\system32\svchost.exe | "{6C3366B6-72C8-40AD-8E4D-872C45A36BD9}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdfpswx.exe | "{6EBB947B-2FB0-4BF9-B861-AC80EDC78B4E}" = dir=out | app=c:\windows\system32\svchost.exe | "{7259E72A-EEAF-4C98-A8EE-C7CFA44663D3}" = protocol=17 | dir=in | app=c:\program files (x86)\acronis\backupandrecovery\mms.exe | "{72765491-BD19-440B-A9B9-5407417FC26C}" = dir=out | app=c:\program files (x86)\common files\java\java update\jucheck.exe | "{7321B786-7BFA-45BB-AFF7-DE04309CBD6E}" = dir=out | app=c:\program files (x86)\du meter\dumeter.exe | "{757AE668-2E54-42B1-982C-EE9BCC72E136}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamonkey\mediamonkey.exe | "{7BD4D5FD-192F-40E4-95EC-D12A69787A68}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\acronis\agent\agent.exe | "{7D86E63B-1A50-4BFD-B178-5A476B4E8404}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 6500 series\lxdffax.exe | "{7DA5B2F5-1908-4B9A-911E-9A645ADA1C7B}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 6500 series\lxdfamon.exe | "{7F596621-A063-4E36-AF69-45AFC4E34A2D}" = dir=out | app=c:\program files (x86)\dyndns updater\dyntray.exe | "{8194B23D-5F09-49E2-A4E9-5F487BE0F098}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{8396476C-BA8B-40FC-95B1-58171EA5B070}" = protocol=6 | dir=in | app=c:\program files\jdownloader 2\jdownloader 2.exe | "{8767DD9C-D5E4-42B1-81B0-4D5817968E3F}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdfpswx.exe | "{885BD9A9-0270-454E-A179-9D4C69E55086}" = dir=out | app=c:\program files\microsoft office\office14\excel.exe | "{88BC69B5-9ABD-4C21-96F0-F8B5FF856048}" = dir=out | app=c:\program files (x86)\conceiva\mezzmo\mezzmo.exe | "{8A5A2963-CBBA-4D61-BEF6-D55E264D1D9F}" = dir=out | app=c:\windows\syswow64\macromed\flash\flashplayerplugin_11_4_402_278.exe | "{8B1AD702-A819-4C2A-92B6-781061408676}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdfjswx.exe | "{8F20D9F2-F7B0-4272-AAD2-771E7CA78A0A}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdfpswx.exe | "{8F76F512-B0F9-407F-916C-46BE25EF31B0}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | "{8FA3FFF6-35FF-40E1-9F19-6B21FF8B7DBD}" = protocol=6 | dir=in | app=c:\windows\system32\lxdfcoms.exe | "{8FDA57F8-52F4-4752-8EAF-264C70A28941}" = protocol=6 | dir=in | app=c:\program files (x86)\vmware\vmware workstation\x64\vmware-vmx.exe | "{90F9235F-9EF1-47D1-ADC4-4AF55A8D5ECE}" = protocol=6 | dir=out | svc=wuauserv | app=c:\windows\system32\svchost.exe | "{9143EDDC-4408-406F-B965-DBA25307CD85}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 6500 series\wireless\lxdfwpss.exe | "{923E0316-7F5B-4550-8A49-46C99AD16820}" = dir=out | app=c:\windows\syswow64\vmnat.exe | "{9242A3F5-F3C0-4D0A-A6BC-1508D7100790}" = protocol=6 | dir=in | app=c:\program files (x86)\tightvnc\vncviewer.exe | "{94AFF7E2-6DA5-4874-9B04-4C2883BF497F}" = dir=out | app=c:\program files (x86)\collectorz.com\movie collector\moviecollector.exe | "{95A47BF5-F0FD-4A4D-8916-56AA64C79CDE}" = dir=out | app=c:\program files (x86)\secunia\psi\psi.exe | "{96E36771-4EB9-4A52-9F56-FF84B467C239}" = dir=out | app=c:\program files (x86)\dyndns updater\dynupup.exe | "{98349BA5-3DC3-4E7E-8C58-7A47D885E2D2}" = dir=out | app=%programfiles% (x86)\xilisoft\video converter ultimate\vc.exe | "{99454104-2AE9-47F9-BDD3-3799B1766CCE}" = dir=out | app=c:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe | "{9982AF27-2F9A-4F88-B967-11A2C422B346}" = dir=out | app=c:\program files (x86)\malwarebytes' anti-malware\mbam.exe | "{9D524141-C6A9-40F1-8E0E-A3D825302F55}" = dir=out | app=c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe | "{A146BBB2-3FBA-4D98-8159-674576C9A138}" = dir=out | app=%programfiles% (x86)\xilisoft\dvd ripper ultimate\dr.exe | "{A1657E20-0769-47A1-911F-F052D80C33D7}" = dir=out | app=c:\program files (x86)\internet explorer\iexplore.exe | "{A18FFC6A-BA53-44F8-A50F-2BB9A4A03703}" = dir=out | app=c:\program files\jdownloader 2\jdownloader 2.exe | "{A38EF6EE-E73A-47C7-B9DB-7C0B3F5FEAF6}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 6500 series\frun.exe | "{A4AF0195-1C14-4BF0-9D6F-431717759A6D}" = dir=out | app=c:\program files (x86)\oovoo\oovoo.exe | "{A57E2895-95CA-44A3-81BF-0FDED4F646C5}" = protocol=6 | dir=in | app=c:\program files (x86)\acronis\backupandrecovery\mms.exe | "{A6682829-F16B-48DC-AF1E-14126238820F}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\acronis\agent\agent.exe | "{A7A3948E-6B11-4477-BA61-DE9FB2CC068D}" = dir=out | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | "{A9B9292D-495F-40F6-8840-410D6AC6420C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{AA093509-59F6-4917-83C1-6B52F014E929}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{ABC26250-F4A4-421F-8BA3-405EC974D63B}" = protocol=17 | dir=in | app=c:\windows\system32\lxdfcfg.exe | "{AD829C84-D2AB-4E24-B247-8A61E92E9B3C}" = dir=out | app=c:\program files\java\jre7\bin\javaw.exe | "{AE3F0B39-7BC5-4DB3-9765-16558509B73E}" = dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-hostd.exe | "{AF17A0AF-EF0D-4BB7-B57C-6692DD0B0ACB}" = dir=out | app=c:\windows\syswow64\dxdiag.exe | "{B02F4549-4D5A-4E40-BD6E-10ABD69EA896}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{B5D49299-1B3E-49FE-9325-2B2511CD678C}" = dir=out | app=c:\program files (x86)\dyndns updater\dynupsvc.exe | "{B6D8D24D-A6FE-4FE0-8876-6BBF1DB3AFBC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{BBDC3272-F381-4ECA-86C0-CDF1B9BE8819}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe | "{C04B8394-1CBC-43CA-82F6-714B073D64D3}" = protocol=17 | dir=in | app=c:\program files (x86)\tightvnc\tvnserver.exe | "{C22B4180-9D9F-45B8-A699-8039365D051C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{C3231483-D651-4963-9BE3-6D7CB7885839}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdftime.exe | "{C4A4C020-B57E-49DA-92C3-2C451F20F424}" = protocol=17 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe | "{C85B2F9D-FB8C-4A2D-8B07-3C3CC97B4477}" = protocol=17 | dir=in | app=c:\utils\wallwatcher\wallwatcher.exe | "{C89CCD3C-CF7C-4592-95B1-89187D6B3B22}" = dir=out | app=c:\utils\javara\javara.exe | "{CB96A225-B4D7-4CB5-AE08-365B5925A98F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{D0138C46-EADB-4ED8-8934-879B1DCF313C}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 6500 series\lxdfamon.exe | "{D1C3C594-4FBB-47C3-A963-C1871B420E0A}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe | "{D616F76A-927B-4613-9582-7CDD6D1DFA43}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxdfcoms.exe | "{D94D22C8-5CF7-48FD-8C56-BB291EE325C0}" = protocol=17 | dir=in | app=c:\program files (x86)\vmware\vmware workstation\x64\vmware-vmx.exe | "{DB8694D4-D221-401C-9E1D-8AECA0AB3429}" = dir=out | app=c:\program files\microsoft office\office14\outlook.exe | "{DD1AA0B6-D12F-41F9-ADF0-53B4177AB97B}" = dir=out | app=c:\windows\syswow64\werfault.exe | "{DD1C0909-8AA7-4459-B4DD-40DDCE744985}" = dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe | "{DFAAA421-009B-4EF5-B104-0DAB20010F83}" = dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-hostd.exe | "{E0043B4D-E8AA-49B9-9428-E6BAA5B35095}" = dir=out | app=c:\program files (x86)\picpick\picpick.exe | "{E00519E4-985E-41CD-BF85-954A695F12A1}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | "{E04CF133-4C41-4FAD-B136-4A65CFA101B5}" = dir=out | app=c:\program files (x86)\google\googleupdate.exe | "{E0DF67DD-FEA3-4292-801A-A75E89801777}" = dir=out | app=%programfiles% (x86)\xilisoft\video converter ultimate\immdevice.exe | "{E27BC5E0-E492-41E2-B23D-90DA5F96EB0F}" = protocol=6 | dir=in | app=c:\windows\system32\lxdfcfg.exe | "{E44F3B85-9169-4160-BE80-5D97259EBC8F}" = dir=out | app=c:\windows\explorer.exe | "{E495AFEF-6C8F-4442-895B-54B47666D687}" = dir=out | app=c:\program files (x86)\vmware\vmware workstation\vmware.exe | "{E53A5332-9387-406E-A00B-0144BFA207C9}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{E8ABF748-A7D8-4652-AC24-2F157DA0DD80}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 6500 series\lxdftime.exe | "{E9050BED-5FB1-46BD-A749-9ED261224840}" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | "{E9C909AD-F2E8-4CD7-8098-DEBF594B1DE0}" = protocol=6 | dir=in | app=c:\utils\wallwatcher\wallwatcher.exe | "{EAB85696-8B53-440A-8382-613C4480798D}" = protocol=6 | dir=in | app=c:\program files (x86)\tightvnc\tvnserver.exe | "{ED4B1BB5-3955-4866-9BDE-8B6DC3244629}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{F2587C41-223E-4CA9-B1C4-E51B23C80AF5}" = protocol=17 | dir=in | app=c:\program files\jdownloader 2\jdownloader 2.exe | "{F384F772-5D2A-40DA-9280-953F589785EF}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamonkey\mediamonkey.exe | "{F39E1D67-9594-4BE2-BBA5-C5BD85C2FCC9}" = dir=out | app=c:\program files (x86)\common files\java\java update\jusched.exe | "{F582031C-F34E-422A-93B5-EB2D4ED7723B}" = dir=out | app=c:\program files\common files\microsoft shared\windows live\wlidsvc.exe | "{F5B4A8CD-CA08-47A9-88BB-9990816F7DBD}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxdfcoms.exe | "{F65D1B6E-BA5C-4729-8650-4C4C064A2C25}" = dir=out | app=c:\program files (x86)\notepad++\notepad++.exe | "{F7402D26-C174-4FE8-87CB-F1046056E0A7}" = dir=out | app=c:\windows\system32\lxdfcoms.exe | "{F921AF5D-CE51-4F6C-9BD5-AB86521B7B4C}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdftime.exe | "{FAC050CA-B684-4A1C-9903-A7B70489AB5F}" = dir=in | app=c:\program files (x86)\rapidsolution\audials 9\audials.exe | "{FB065476-1B77-4798-A7C5-C446FE6A1E28}" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | "{FBB21F02-F9A1-44AE-9571-BEAE16D36755}" = dir=out | app=%programfiles% (x86)\xilisoft\dvd ripper ultimate\immdevice.exe | "{FE16FAB7-2877-42C7-9339-5B0FAC4722F2}" = protocol=17 | dir=in | app=c:\program files (x86)\tightvnc\vncviewer.exe | "TCP Query User{368D07E8-0579-48BD-B8A1-713355E2EBD4}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | "TCP Query User{98538568-35CD-4425-8751-14943764710C}C:\shareddata\myportable\network\network tools\lookatlan\lookatlan.exe" = protocol=6 | dir=in | app=c:\shareddata\myportable\network\network tools\lookatlan\lookatlan.exe | "TCP Query User{9CACFE33-0A41-4D55-AADC-E58ED1D8AAC2}C:\program files (x86)\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe | "TCP Query User{C200A7B0-9F1B-43AB-8374-FA72DED6A37D}C:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe" = protocol=6 | dir=in | app=c:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe | "TCP Query User{C89FCB27-A129-4F40-8C1F-6B1D3C092A02}C:\program files (x86)\mediamonkey\mediamonkey.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mediamonkey\mediamonkey.exe | "TCP Query User{CC74AA33-9B37-4D27-B2F1-96169934DE27}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "TCP Query User{CFB0AE55-38E2-4FB5-BF2E-C7B954E92589}C:\program files (x86)\vmware\vmware workstation\x64\vmware-vmx.exe" = protocol=6 | dir=in | app=c:\program files (x86)\vmware\vmware workstation\x64\vmware-vmx.exe | "TCP Query User{D06CEAD3-1FEF-4AF0-9819-F66919EC3909}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | "TCP Query User{D73A0C1C-3D03-4658-9DDE-4375D52944BB}C:\program files\jdownloader 2\jdownloader 2.exe" = protocol=6 | dir=in | app=c:\program files\jdownloader 2\jdownloader 2.exe | "TCP Query User{E5DD4D90-F63D-4D2B-811A-19A1859343A3}C:\program files (x86)\lexmark 6500 series\lxdfmon.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 6500 series\lxdfmon.exe | "UDP Query User{0667F55E-D985-4CB1-BB31-54DD2473D087}C:\program files (x86)\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe | "UDP Query User{2AC8CF6F-02B8-4C09-B0ED-6BC4C0A68A9E}C:\program files (x86)\vmware\vmware workstation\x64\vmware-vmx.exe" = protocol=17 | dir=in | app=c:\program files (x86)\vmware\vmware workstation\x64\vmware-vmx.exe | "UDP Query User{33AF37AF-6BEA-4E31-BF9C-4B1B7DCCA861}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | "UDP Query User{3FE3A5BE-0624-4375-818B-E471C175CB14}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "UDP Query User{75DEDB6B-0DB2-4D72-A938-E0F607EE8AA4}C:\program files (x86)\mediamonkey\mediamonkey.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mediamonkey\mediamonkey.exe | "UDP Query User{7D045E22-4263-4492-A474-B2D8B0AD2765}C:\program files (x86)\lexmark 6500 series\lxdfmon.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 6500 series\lxdfmon.exe | "UDP Query User{B480EB0A-A387-4D3F-AE2B-D37E16FEAABF}C:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe" = protocol=17 | dir=in | app=c:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe | "UDP Query User{CCFA9529-4D9D-4CCD-A6F1-AA966B548A41}C:\program files\jdownloader 2\jdownloader 2.exe" = protocol=17 | dir=in | app=c:\program files\jdownloader 2\jdownloader 2.exe | "UDP Query User{D1B1B6FB-A1D8-4CE7-9E1F-384468DDC9C0}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | "UDP Query User{FB7612C4-886D-4B78-B6A9-B65E787BECA4}C:\shareddata\myportable\network\network tools\lookatlan\lookatlan.exe" = protocol=17 | dir=in | app=c:\shareddata\myportable\network\network tools\lookatlan\lookatlan.exe |
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects "{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit) "{2BE3C45C-B0E3-4061-A3C5-C6ED9639C813}" = VmciSockets "{35B226DA-E3F6-21FD-31AB-0046C6E87043}" = ATI Problem Report Wizard "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{5EBE0F1F-45DF-4298-AC6B-E8E54EAEC834}" = Microsoft IntelliPoint 7.1 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{698EDD46-FC0B-926F-54DF-23B6BB20EDFC}" = AMD Drag and Drop Transcoding "{6C2E334F-37F5-C312-53BA-1482F9A6FD4D}" = ccc-utility64 "{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64) "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010 "{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010 "{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010 "{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010 "{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 "{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010 "{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 "{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 "{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010 "{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010 "{90140000-0044-0409-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010 "{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 "{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010 "{90140000-00BA-0409-1000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010 "{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 "{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{95140000-0081-0409-1000-0000000FF1CE}" = Microsoft Outlook Hotmail Connector 64-bit "{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client "{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B45B5123-C009-F8B4-FE93-45B42C8A786F}" = ATI AVIVO64 Codecs "{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{E6F5D8BE-0B00-6DD9-18F9-D4045798FCBE}" = AMD Media Foundation Decoders "{F4C71C2A-F068-8EEB-61AE-EA4707C57A1B}" = AMD Catalyst Install Manager "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{F842F8B0-6942-4930-821F-543E976B2C66}" = MSVCRT110_amd64 "0630-0716-3135-7887" = JDownloader 2 "49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) "CCleaner" = CCleaner "CPUID CPU-Z_is1" = CPUID CPU-Z 1.56 "FileMenu Tools_is1" = FileMenu Tools "KLiteCodecPack64_is1" = K-Lite Codec Pack 9.3.0 (64-bit) "Lexmark 6500 Series" = Lexmark 6500 Series "MediaInfo" = MediaInfo 0.7.59 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft Security Client" = Microsoft Security Essentials "Office14.PROPLUS" = Microsoft Office Professional Plus 2010 "Recuva" = Recuva "Sandboxie" = Sandboxie 3.54 (64-bit) "Unlocker" = Unlocker 1.9.1-x64 "Windows Firewall Control" = Windows Firewall Control "WinRAR archiver" = WinRAR 4.01 (64-bit) "Xvid_is1" = Xvid MPEG-4 Video Codec
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}" = tools-freebsd "{01496C89-6117-AD97-3CB3-98AF2026070C}" = CCC Help German "{0486991B-63F4-5106-06CE-404D7BA55041}" = CCC Help Italian "{0665E2D2-2CF0-47C3-A0BA-11DCEFB0636F}" = Acronis Backup & Recovery 10 Upgrade Tool "{07EF3970-F8E5-4A27-A5A3-230484D35026}" = Microsoft Expression Encoder 4 "{07F6BABF-0653-41A0-BCB7-8C2148AD2F1A}" = Acronis Backup & Recovery 10 Tray Monitor "{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video "{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM) "{08D605B4-DCD1-451F-ABD7-52E6BB868E4E}" = Microsoft Expression Design 4 "{0BFEE7F5-4593-4C04-8373-EB3450C8885D}" = Acronis Backup & Recovery 10 Universal Restore "{0D94F75A-0EA6-4951-B3AF-B145FA9E05C6}" = VMware Workstation "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime "{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}" = Windows Media Center Add-in for Silverlight "{1057511B-F8FE-4230-9ED3-AB949A57EE4A}" = Windows Live PIMT Platform "{14757070-5AE3-434C-9880-8F571E5C0FCB}" = Anti-reCAPTCHA v3.02 JD "{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi "{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main "{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM) "{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter "{177A3BC5-ECD3-BFF1-4D87-C4B417924DF2}" = CCC Help Russian "{1873789F-59D5-4002-8A2F-60A827B78F98}_is1" = GmapTool 0.6.1 "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{197597A7-AD33-4898-9D8E-73066818B464}" = tools-netware "{19D368B2-5601-007B-A296-535706E00D97}" = CCC Help English "{1C997E1C-5CE9-4AF3-AAA9-DC65E6090827}" = Microsoft Expression Blend SDK for Silverlight 4 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK "{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform "{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin "{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback "{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10 "{256E7DAC-9BE8-494E-8DE7-7857BF96B774}" = Microsoft Expression Blend 3 SDK "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7 "{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10 Platinum HD "{278FA289-F502-D888-A3BA-5FA10308AAAD}" = CCC Help Danish "{29315CEC-E6CE-4394-84DC-6F862E8D9A52}" = Windows Live UX Platform "{29A47E79-7287-4C52-9667-B4CDEEE14B58}" = T.Probe "{2D416A80-0BB1-4D8B-B770-7BE8F53D5937}" = Windows Live UX Platform Language Pack "{310BC5E2-31AF-49BB-904D-E71EB93645DC}" = AI Suite "{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM) "{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM) "{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10 "{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT "{40F55150-F43D-4C9F-9A00-1A0A6F1EB7F0}" = Movie Maker "{42C8B7DF-FEB0-4D51-B169-506B6BEC5797}" = Nero 10 Menu TemplatePack 1 "{43FBAB46-5969-4200-9958-1FF81FEE506F}" = Nero 10 Movie ThemePack 1 "{44F77218-4BBD-1B74-88B7-FC302868F2B3}" = CCC Help Japanese "{46316411-80D8-4F68-8118-696E05FCE199}" = Windows Live Essentials "{489BC3B4-AEF9-E14A-11BC-B70FDE9D543D}" = CCC Help Chinese Traditional "{491D92A9-69CA-4EB4-81D3-0106F9337957}" = TurboV EVO "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A85AE1B-9727-261D-9EAF-07C1AECCF977}" = CCC Help Turkish "{4C6D5779-A766-45DF-9938-D6F595A66F2B}" = Microsoft Expression Blend 4 "{4F9A382F-4478-4036-905C-F77DF2EA0370}" = Windows Live SOXE "{4FA8F084-C42F-45E1-B7E5-E0C8A1083DC5}" = Windows Live SOXE Definitions "{502699FF-F586-54B1-91E8-E85D9FAE0D6D}" = CCC Help Greek "{510D2239-6C2E-457B-9590-485EC552D94D}" = Garmin USB Drivers "{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM) "{53EF1C4D-0705-98F2-1889-A69BBF9F03F3}" = CCC Help Thai "{548A4EF3-BD97-0813-B469-E1E2FC9DE487}" = CCC Help Korean "{55533224-CAD0-39B5-6297-E1B2D1D8F176}" = Catalyst Control Center "{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM) "{56B83336-FBC1-4C46-8613-90A9E3B440D6}" = EPU-6 Engine "{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate "{590828E0-9BA6-3E4D-8491-A1D9CC3EB8CE}" = CCC Help French "{5CC4C963-F772-4766-BFF2-DE551E205EE9}" = Photo Common "{5D4F167D-CCC8-413E-A6EE-F2FABBBBF50D}" = GPSoftware Directory Opus "{5EE6E987-1B79-4A93-832B-27472C7D1579}" = WPF Toolkit February 2010 (Version 3.5.50211.1) "{5F8D931D-B230-47F3-A9C0-0C8CA459A332}" = Microsoft Expression Web 4 "{60A1253C-2D51-4166-95C2-52E9CF4F8D64}" = Photo Gallery "{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic "{64DF7404-9D46-44AF-AFA1-A2F8D5648C2D}" = Windows Live Photo Common "{6563FAF5-84F9-0A35-C032-182EBC4C3BDB}" = CCC Help Finnish "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update "{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM) "{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10 "{6C94A234-CA2C-4D3C-81E6-6AAA8069825D}" = Garmin WebUpdater "{6D46F639-5F2F-90F3-4B60-EB2EF264B82E}" = CCC Help Spanish "{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10 "{6F702A65-629F-4E5A-B686-1A4826C83AB4}" = Adobe Flash Player 11 ActiveX "{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery "{70210CF8-CAB1-8FEB-D964-C33AFE18730B}" = CCC Help Czech "{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10 "{70F19404-B96C-4EBB-AD2B-3574F8736197}" = Nero 10 Movie ThemePack 2 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection "{76EE8FE7-1957-4C51-9074-4930A8CFB1AF}" = Windows Live Installer "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM) "{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10 "{801B0DA3-A3FF-46CC-B97F-D76D510AF5AE}" = Microsoft Silverlight 4 SDK "{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher "{85BEC8F6-9AA3-43FF-B56B-8276277137B3}" = Nero 10 Video TransitionPack 1 "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver "{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software "{8B1AEC85-4507-28BD-F3BA-4A5D732752E7}" = CCC Help Hungarian "{8C20787A-7402-4FA7-BF25-6E5750930FDC}" = PowerDVD "{8C27E4F1-9CE6-4C32-ADBB-D51CD226649E}" = Adobe Flash Player 11 Plugin "{8C5ACED4-34D3-23BB-F90E-2F90420321BC}" = Catalyst Control Center Localization All "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110 "{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10 "{901F9AB8-1E4E-4740-B579-740D12C0FE2D}" = Acronis Backup & Recovery 10 Bootable Media Builder "{92146419-AE44-4C8B-A48B-0ABB1B5EC026}" = Nero 10 Menu TemplatePack 3 "{92A10E9D-EA00-4A46-8F22-EEA660992D61}" = Nero 10 Sample Videos "{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM) "{942DF6BD-E4F2-4915-B4FB-09C02B71284F}" = VT-Paul-M16-SAPI5 "{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10 "{96ED4B78-300E-4033-AE6C-C115CEB4DF07}" = Nero 10 ClipartPack "{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10 "{9B2E55F8-5BA8-4A45-9682-ACB6F2CC0DA5}" = Photo Gallery "{9B3A1C97-A361-463E-8817-444F9F88CDFE}" = Microsoft Expression Blend SDK for .NET 4 "{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM) "{9BE11DE3-4703-4482-BC77-A32D73951334}" = Mezzmo "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9CCC78EF-027E-40E0-9B61-39932C65E3FE}" = Acronis Disk Director Home "{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center "{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin "{9EF762D2-2D12-4865-91C4-87705F91C28F}" = Acronis Backup & Recovery 10 Agent "{9FAD67A7-3A4E-4754-AAC4-0397F370611D}" = VT-Kate-M16-SAPI5 "{A06FE62B-CEBC-4E94-AED8-92DCC33BC8EA}" = Microsoft Expression Studio 4 "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A70B0C7B-3527-4D53-A694-E9492ECE9EE1}" = Nero 10 Movie ThemePack 4 "{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support "{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}" = tools-solaris "{ACD15FDF-FC42-4175-B477-576F92FF2256}" = Nero 10 Sample ImagePack "{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint "{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k "{B0B1A8A5-4711-BB6C-DD59-9794AD928368}" = CCC Help Dutch "{B33D2348-2938-1A03-0CD3-E6F7101244E0}" = CCC Help Polish "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{B7C8D838-9C3A-1177-B80A-E3C512FD8AF5}" = CCC Help Swedish "{B8812AF2-8483-4538-88AB-F1A4A145B209}" = Audials "{BA73469B-D8C7-4FE3-B33C-1340D09F0709}" = Windows Live Communications Platform "{BEC95E5B-46FA-4CFB-BD96-10384DBC465C}" = TMPGEnc Video Mastering Works 5 "{BF127B80-CFD5-4379-9752-E8AF1A5D0141}" = Microsoft Expression Encoder 4 Screen Capture Codec "{BFE7E085-7327-43D8-B0A3-4A0DDC97D652}" = Acronis Backup & Recovery 10 Standalone Management Console "{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM) "{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM) "{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10 "{C35BBC64-E7B7-B699-E5D8-CE5989061F93}" = HydraVision "{C4367E67-52FE-45C6-889C-F48CE7883CA8}" = VT-Bridget-M16-SAPI5 "{C496F7CD-ED09-4D8D-872E-3470D4717714}" = VT-Julie-M16-SAPI5 "{CD95F661-A5C4-44F5-A6AA-ECDD91C240C0}" = WinZip 15.0 "{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack "{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux "{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software "{D71BC54E-A4E6-4E06-866C-FD6EE16EA187}" = Movie Maker "{D793423B-FF18-4A54-B9C9-75B3396BAAC4}" = Browser Configuration Utility "{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver "{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM) "{DD238642-14C7-4D54-8BD7-FAD6DEA9999B}" = Nero 10 Movie ThemePack 3 "{DDCB737A-EEC8-3815-42DA-69011A55E3E5}" = Catalyst Control Center Graphics Previews Common "{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10 "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E170E984-6B20-79C2-1E9F-0256EC5ADFB4}" = CCC Help Chinese Standard "{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10 "{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding "{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10 "{E712C273-7564-4C8E-AA59-0FA19BC35117}" = Nero 10 Menu TemplatePack 2 "{E866E52C-1F56-4CCF-0071-CA915F8CFEDA}" = CCC Help Norwegian "{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10 "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype 5.10 "{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker "{EF3A4DAE-F16F-4AC1-87BB-FE00A784084F}" = Nero 10 PiP EffectPack 1 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10 "{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM) "{F5993FCC-DF5D-4879-B70D-AA1F379C5C6B}" = Microsoft Expression Web 4 Service Pack 2 "{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic "{F5D245CC-C332-1E8E-CCB1-75E0C3C4D6F1}" = CCC Help Portuguese "{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM) "{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10 "{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II "{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo "{FC7BACF0-1FFA-4605-B3B4-A66AB382752D}" = XML Notepad 2007 "{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10 "{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows "Advanced Disk Catalog" = Advanced Disk Catalog "Blend_4.0.20525.0" = Microsoft Expression Blend 4 "cGPSmapper Free_is1" = cGPSmapper Free 0100d "Collectorz.com Movie Collector" = Collectorz.com Movie Collector "Concise Oxford English Dictionary (Eleventh Edition)" = Concise Oxford English Dictionary (Eleventh Edition) "CoreAAC" = CoreAAC "Design_7.0.20516.0" = Microsoft Expression Design 4 "DUMeter3_is1" = DU Meter "DVD Decrypter" = DVD Decrypter (Remove Only) "DynUpdater" = Dyn Updater "EasyBoot_is1" = EasyBoot V5.12 "Encoder_4.0.1639.0" = Microsoft Expression Encoder 4 "ExpressionStudio_4.0.20525.0" = Microsoft Expression Studio 4 "FastStone Image Viewer" = FastStone Image Viewer 4.5 "Flash Renamer_is1" = Flash Renamer 6.3 "FreeFileSync" = FreeFileSync 5.6 "GOM Picker" = GOM PICKER "GOM Player" = GOM Player "GOM Video Converter" = GOM Video Converter "HandBrake" = HandBrake 0.9.5 "ImgBurn" = ImgBurn "InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager "InstallShield_{8C20787A-7402-4FA7-BF25-6E5750930FDC}" = CyberLink PowerDVD 10 "InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver "KeePassPasswordSafe2_is1" = KeePass Password Safe 2.20 "KLiteCodecPack_is1" = K-Lite Mega Codec Pack 9.3.0 "MagniDriver" = marvell 91xx driver "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400 "MediaMonkey_is1" = MediaMonkey 4.0 "MKVToolNix" = MKVToolNix 5.2.1 "Mozilla Firefox 15.0.1 (x86 en-US)" = Mozilla Firefox 15.0.1 (x86 en-US) "MozillaMaintenanceService" = Mozilla Maintenance Service "Mp3tag" = Mp3tag v2.49b "NetStat Agent_is1" = NetStat Agent 2.1.1 "Notepad++" = Notepad++ "Pdf995" = Pdf995 "PicPick" = PicPick "PuTTY_is1" = PuTTY version 0.60 "QuickPar" = QuickPar 0.9 "RarmaRadio_is1" = RarmaRadio 2.68.1 "RealAlt_is1" = Real Alternative 2.0.2 "Secunia PSI" = Secunia PSI (2.0.0.4003) "SmartHideIP" = Smart Hide IP "SpeedFan" = SpeedFan (remove only) "Tag&Rename_is1" = Tag&Rename 3.5.7 "TightVNC" = TightVNC 2.0.2 "TTSReader" = TTSReader 1.30 "tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine "UBCD4Win_is1" = UBCD4Win 3.60 "UltraISO_is1" = UltraISO Premium V9.5 "UnInstall Icon Restore_is1" = UnInstall Icon Restore 1.0 "Video Thumbnails Maker" = Video Thumbnails Maker by Scorp (remove only) "VLC media player" = VLC media player 2.0.3 "VMware_Workstation" = VMware Workstation "WallWatcher" = WallWatcher "Web_4.0.1303.0" = Microsoft Expression Web 4 "Webshots Desktop" = Webshots Desktop "WinGimp-2.0_is1" = GIMP 2.6.11 "WinLiveSuite" = Windows Live Essentials "Xilisoft DVD Ripper Ultimate" = Xilisoft DVD Ripper Ultimate "Xilisoft Video Converter Ultimate" = Xilisoft Video Converter Ultimate
[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "BoxEasy JukeBox" = BoxEasy JukeBox
[color=#E56717]========== Last 20 Event Log Errors ==========[/color]
[ Application Events ] Error - 9/23/2012 11:08:17 PM | Computer Name = P7P55CM | Source = DUMeterSvc | ID = 0 Description = Service error: System Error. Code: 1060. The specified service does not exist as an installed service
Error - 9/24/2012 4:57:56 AM | Computer Name = P7P55CM | Source = SideBySide | ID = 16842785 Description = Activation context generation failed for "C:\Program Files (x86)\Common Files\Acronis\DiskDirector\WinPE\Files\systeminfo.exe". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762" could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 9/24/2012 4:58:23 AM | Computer Name = P7P55CM | Source = SideBySide | ID = 16842785 Description = Activation context generation failed for "C:\Program Files (x86)\Common Files\Acronis\DiskDirector\WinPE\Files\RecoveryExpert.exe". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762" could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 9/24/2012 4:58:31 AM | Computer Name = P7P55CM | Source = SideBySide | ID = 16842785 Description = Activation context generation failed for "C:\Program Files (x86)\Common Files\Acronis\DiskDirector\WinPE\Files\ManagementConsole.exe". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762" could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 9/24/2012 4:58:35 AM | Computer Name = P7P55CM | Source = SideBySide | ID = 16842787 Description = Activation context generation failed for "C:\Program Files (x86)\Nero\Nero 10\Nero SoundTrax\NMDllHost.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Nero\Nero 10\Nero SoundTrax\NFD\NFD.MANIFEST" on line 3. Component identity found in manifest does not match the identity of the component requested. Reference is NFD,type="win32",version="5.2.0.0". Definition is NFD,type="win32",version="5.0.0.0". Please use sxstrace.exe for detailed diagnosis.
Error - 9/24/2012 4:58:35 AM | Computer Name = P7P55CM | Source = SideBySide | ID = 16842787 Description = Activation context generation failed for "C:\Program Files (x86)\Nero\Nero 10\Nero WaveEditor\NMDllHost.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Nero\Nero 10\Nero WaveEditor\NScCoreComponents\NScCoreComponents.MANIFEST" on line 3. Component identity found in manifest does not match the identity of the component requested. Reference is NScCoreComponents,type="win32",version="5.3.2.0". Definition is NScCoreComponents,type="win32",version="5.3.0.0". Please use sxstrace.exe for detailed diagnosis.
Error - 9/24/2012 4:58:36 AM | Computer Name = P7P55CM | Source = SideBySide | ID = 16842785 Description = Activation context generation failed for "C:\Program Files (x86)\Common Files\Acronis\DiskDirector\WinPE\Files\mmsBundle.dll". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762" could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 9/24/2012 6:21:58 PM | Computer Name = P7P55CM | Source = Application Error | ID = 1000 Description = Faulting application name: spoolsv.exe, version: 6.1.7601.17777, time stamp: 0x4f35fc1d Faulting module name: lxdflmpm.dll, version: 1.0.2.0, time stamp: 0x464c9d48 Exception code: 0x40000015 Fault offset: 0x0000000000077dbe Faulting process id: 0x744 Faulting application start time: 0x01cd9aa219dd7912 Faulting application path: C:\Windows\System32\spoolsv.exe Faulting module path: C:\Windows\System32\lxdflmpm.dll Report Id: 4084c831-0696-11e2-829b-005056c00008
Error - 9/24/2012 6:22:00 PM | Computer Name = P7P55CM | Source = ATIeRecord | ID = 16386 Description = ATI EEU Client has failed to start
Error - 9/24/2012 6:22:00 PM | Computer Name = P7P55CM | Source = ATIeRecord | ID = 16386 Description = ATI EEU Client has failed to start
[ Media Center Events ] Error - 6/6/2011 3:30:02 AM | Computer Name = P7P55CM | Source = MCUpdate | ID = 0 Description = 3:30:01 AM - Error connecting to the internet. 3:30:01 AM - Unable to contact server..
Error - 6/6/2011 4:30:34 AM | Computer Name = P7P55CM | Source = MCUpdate | ID = 0 Description = 4:30:33 AM - Error connecting to the internet. 4:30:33 AM - Unable to contact server..
Error - 6/6/2011 5:31:06 AM | Computer Name = P7P55CM | Source = MCUpdate | ID = 0 Description = 5:31:05 AM - Error connecting to the internet. 5:31:05 AM - Unable to contact server..
Error - 6/6/2011 6:31:38 AM | Computer Name = P7P55CM | Source = MCUpdate | ID = 0 Description = 6:31:37 AM - Error connecting to the internet. 6:31:37 AM - Unable to contact server..
Error - 1/11/2012 1:46:20 AM | Computer Name = P7P55CM | Source = MCUpdate | ID = 0 Description = 12:46:16 AM - Error connecting to the internet. 12:46:16 AM - Unable to contact server..
Error - 1/11/2012 2:46:57 AM | Computer Name = P7P55CM | Source = MCUpdate | ID = 0 Description = 1:46:53 AM - Error connecting to the internet. 1:46:53 AM - Unable to contact server..
Error - 1/11/2012 3:47:28 AM | Computer Name = P7P55CM | Source = MCUpdate | ID = 0 Description = 2:47:27 AM - Error connecting to the internet. 2:47:27 AM - Unable to contact server..
[ System Events ] Error - 9/24/2012 6:12:45 PM | Computer Name = P7P55CM | Source = Service Control Manager | ID = 7034 Description = The UMVPFSrv service terminated unexpectedly. It has done this 1 time(s).
Error - 9/24/2012 6:12:46 PM | Computer Name = P7P55CM | Source = Service Control Manager | ID = 7034 Description = The CYGWIN sshd service terminated unexpectedly. It has done this 1 time(s).
Error - 9/24/2012 6:15:33 PM | Computer Name = P7P55CM | Source = Service Control Manager | ID = 7009 Description = A timeout was reached (30000 milliseconds) while waiting for the lxdfCATSCustConnectService service to connect.
Error - 9/24/2012 6:15:33 PM | Computer Name = P7P55CM | Source = Service Control Manager | ID = 7000 Description = The lxdfCATSCustConnectService service failed to start due to the following error: %%1053
Error - 9/24/2012 6:17:26 PM | Computer Name = P7P55CM | Source = Service Control Manager | ID = 7031 Description = The VMware Workstation Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
Error - 9/24/2012 6:18:28 PM | Computer Name = P7P55CM | Source = Service Control Manager | ID = 7031 Description = The VMware Workstation Server service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
Error - 9/24/2012 6:19:31 PM | Computer Name = P7P55CM | Source = Service Control Manager | ID = 7031 Description = The VMware Workstation Server service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 60000 milliseconds: Run the configured recovery program.
Error - 9/24/2012 6:20:31 PM | Computer Name = P7P55CM | Source = Service Control Manager | ID = 7032 Description = The Service Control Manager tried to take a corrective action (Run the configured recovery program) after the unexpected termination of the VMware Workstation Server service, but this action failed with the following error: %%193
Error - 9/24/2012 6:21:31 PM | Computer Name = P7P55CM | Source = Service Control Manager | ID = 7011 Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the UmRdpService service.
Error - 9/24/2012 6:22:00 PM | Computer Name = P7P55CM | Source = Service Control Manager | ID = 7031 Description = The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. | actions · 2012-Sep-25 1:15 am · (locked) | mmainprize |
************************************************************************************ * Ran Security Checkup * ************************************************************************************ Results of screen317's Security Check version 0.99.51 Windows 7 Service Pack 1 x64 [color=red](UAC is disabled!)[/color] Internet Explorer 9 [u]``````````````Antivirus/Firewall Check:``````````````[/u] Windows Firewall Enabled! Microsoft Security Essentials (On Access scanning disabled!) [color=red]Error obtaining update status for antivirus![/color] [u]`````````Anti-malware/Other Utilities Check:`````````[/u] Secunia PSI (2.0.0.4003) Malwarebytes Anti-Malware version 1.65.0.1400 Java 7 Update 7 Adobe Flash Player 11.4.402.278 Mozilla Firefox (15.0.1) [u]````````Process Check: objlist.exe by Laurent````````[/u] Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe Windows Firewall Control wfcs.exe Windows Firewall Control wfc.exe [u]`````````````````System Health check`````````````````[/u] Total Fragmentation on Drive C: 1% [u]````````````````````End of Log``````````````````````[/u]
************************************************************************************ * ESET online scan * ************************************************************************************
C:\SharedData\Install\Jdownloader 7.x\JDDecrypt1.3.exe a variant of MSIL/Injector.AJG trojan C:\SharedData\Install\Unlocker 1.9\Unlocker1.9.1-x64.exe Win32/Adware.ADON application C:\SharedData\Install\Unlocker 1.9\Unlocker1.9.1.exe Win32/Adware.ADON application C:\Windows\kmsem\KMService.exe a variant of Win32/HackKMS.A application E:\Boot\EasyBoot\MyGhostV1.1\BootCD\WinTools\VDefs.exe probably a variant of Win32/TrojanDownloader.Agent.IPMCVMF trojan E:\HTML\Offline Refernce\kellys-korner-xp.com\regs_edits\favdisable.vbs probably a variant of VBS/Seeker.R trojan E:\HTML\Offline Refernce\kellys-korner-xp.com\regs_edits\favmenus.vbs probably a variant of VBS/Seeker.R trojan E:\HTML\Offline Refernce\www.kellys-korner-xp.com\regs_edits\favdisable.vbs probably a variant of VBS/Seeker.R trojan E:\HTML\Offline Refernce\www.kellys-korner-xp.com\regs_edits\favmenus.vbs probably a variant of VBS/Seeker.R trojan E:\HTML\Offline Refernce\www.kellys-korner-xp.com\regs_edits\statusbar.vbs probably a variant of VBS/Seeker.R trojan
| actions · 2012-Sep-25 1:16 am · (locked) |
1 recommendation |
to mmainprize
Download and run TDSS Killer, posting the log in this thread. Please post the log, even if nothing is detected. You'll find the link(s) and instruction(s) here: » Security Cleanup FAQ » Rootkit Detection Applications | actions · 2012-Sep-25 11:00 am · (locked) | |
00:58:25.0356 6568 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24 00:58:25.0685 6568 ============================================================ 00:58:25.0685 6568 Current date / time: 2012/09/25 00:58:25.0685 00:58:25.0685 6568 SystemInfo: 00:58:25.0685 6568 00:58:25.0686 6568 OS Version: 6.1.7601 ServicePack: 1.0 00:58:25.0686 6568 Product type: Workstation 00:58:25.0686 6568 ComputerName: P7P55CM 00:58:25.0686 6568 UserName: Mike 00:58:25.0686 6568 Windows directory: C:\Windows 00:58:25.0686 6568 System windows directory: C:\Windows 00:58:25.0686 6568 Running under WOW64 00:58:25.0686 6568 Processor architecture: Intel x64 00:58:25.0686 6568 Number of processors: 8 00:58:25.0686 6568 Page size: 0x1000 00:58:25.0686 6568 Boot type: Normal boot 00:58:25.0686 6568 ============================================================ 00:58:44.0358 6568 Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000048 00:58:44.0368 6568 Drive \Device\Harddisk1\DR1 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 00:58:44.0368 6568 Drive \Device\Harddisk2\DR2 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 00:58:44.0369 6568 Drive \Device\Harddisk3\DR3 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 00:58:44.0380 6568 Drive \Device\Harddisk4\DR4 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 00:58:44.0392 6568 ============================================================ 00:58:44.0392 6568 \Device\Harddisk0\DR0: 00:58:44.0392 6568 MBR partitions: 00:58:44.0392 6568 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07000 00:58:44.0392 6568 \Device\Harddisk1\DR1: 00:58:44.0392 6568 MBR partitions: 00:58:44.0392 6568 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 00:58:44.0392 6568 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x37DCF800 00:58:44.0393 6568 \Device\Harddisk1\DR1\Partition3: MBR, Type 0x7, StartLBA 0x37E02000, BlocksNum 0xB09A6000 00:58:44.0393 6568 \Device\Harddisk2\DR2: 00:58:44.0393 6568 MBR partitions: 00:58:44.0393 6568 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xAEA86800 00:58:44.0393 6568 \Device\Harddisk3\DR3: 00:58:44.0393 6568 MBR partitions: 00:58:44.0393 6568 \Device\Harddisk3\DR3\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xAEA86800 00:58:44.0393 6568 \Device\Harddisk4\DR4: 00:58:44.0393 6568 MBR partitions: 00:58:44.0393 6568 \Device\Harddisk4\DR4\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07000 00:58:44.0393 6568 ============================================================ 00:58:44.0411 6568 C: \Device\Harddisk1\DR1\Partition2 00:58:44.0431 6568 F: \Device\Harddisk4\DR4\Partition1 00:58:44.0456 6568 D: \Device\Harddisk1\DR1\Partition3 00:58:44.0486 6568 L: \Device\Harddisk3\DR3\Partition1 00:58:44.0494 6568 E: \Device\Harddisk0\DR0\Partition1 00:58:44.0522 6568 V: \Device\Harddisk2\DR2\Partition1 00:58:44.0522 6568 ============================================================ 00:58:44.0522 6568 Initialize success 00:58:44.0522 6568 ============================================================ 00:59:04.0924 4108 ============================================================ 00:59:04.0924 4108 Scan started 00:59:04.0924 4108 Mode: Manual; 00:59:04.0924 4108 ============================================================ 00:59:06.0212 4108 ================ Scan system memory ======================== 00:59:06.0212 4108 System memory - ok 00:59:06.0213 4108 ================ Scan services ============================= 00:59:06.0423 4108 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 00:59:06.0438 4108 1394ohci - ok 00:59:06.0473 4108 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 00:59:06.0489 4108 ACPI - ok 00:59:06.0508 4108 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 00:59:06.0509 4108 AcpiPmi - ok 00:59:06.0633 4108 [ 4FDA3F907ED8662628A35297DDA46F7A ] AcronisAgent C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe 00:59:06.0649 4108 AcronisAgent - ok 00:59:06.0681 4108 [ 9F3598DCA949A55AAC28706F13C7774B ] AcrSch2Svc C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe 00:59:06.0686 4108 AcrSch2Svc - ok 00:59:06.0780 4108 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 00:59:06.0795 4108 AdobeFlashPlayerUpdateSvc - ok 00:59:06.0841 4108 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys 00:59:06.0854 4108 adp94xx - ok 00:59:06.0880 4108 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys 00:59:06.0892 4108 adpahci - ok 00:59:06.0904 4108 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys 00:59:06.0911 4108 adpu320 - ok 00:59:06.0940 4108 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 00:59:06.0942 4108 AeLookupSvc - ok 00:59:06.0987 4108 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys 00:59:06.0995 4108 AFD - ok 00:59:07.0030 4108 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 00:59:07.0031 4108 agp440 - ok 00:59:07.0062 4108 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 00:59:07.0063 4108 ALG - ok 00:59:07.0079 4108 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys 00:59:07.0080 4108 aliide - ok 00:59:07.0118 4108 [ B3B263B419FC9E7B1D41E61FDAE45BD9 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe 00:59:07.0122 4108 AMD External Events Utility - ok 00:59:07.0128 4108 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys 00:59:07.0128 4108 amdide - ok 00:59:07.0145 4108 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys 00:59:07.0146 4108 AmdK8 - ok 00:59:07.0307 4108 [ 9A6E9363F7A5E5A06629D9DDC76EE6B5 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys 00:59:07.0413 4108 amdkmdag - ok 00:59:07.0467 4108 [ 957A4C13E1981B1701E600EF1E823C68 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys 00:59:07.0484 4108 amdkmdap - ok 00:59:07.0499 4108 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys 00:59:07.0501 4108 AmdPPM - ok 00:59:07.0545 4108 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys 00:59:07.0546 4108 amdsata - ok 00:59:07.0576 4108 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys 00:59:07.0586 4108 amdsbs - ok 00:59:07.0601 4108 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys 00:59:07.0602 4108 amdxata - ok 00:59:07.0640 4108 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys 00:59:07.0641 4108 AppID - ok 00:59:07.0662 4108 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 00:59:07.0663 4108 AppIDSvc - ok 00:59:07.0689 4108 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll 00:59:07.0690 4108 Appinfo - ok 00:59:07.0716 4108 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll 00:59:07.0720 4108 AppMgmt - ok 00:59:07.0738 4108 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys 00:59:07.0740 4108 arc - ok 00:59:07.0751 4108 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys 00:59:07.0753 4108 arcsas - ok 00:59:07.0790 4108 [ F6BDA026E4157DC4E321CA391E9D9BC6 ] AsIO C:\Windows\syswow64\drivers\AsIO.sys 00:59:07.0791 4108 AsIO - ok 00:59:07.0865 4108 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 00:59:07.0867 4108 aspnet_state - ok 00:59:07.0905 4108 [ 8C1FD73CC27EDD8D3344C632571C224C ] AsSysCtrlService C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe 00:59:07.0907 4108 AsSysCtrlService - ok 00:59:07.0937 4108 [ 26D66E32E78D3059715B3A17BC679CD9 ] AsUpIO C:\Windows\syswow64\drivers\AsUpIO.sys 00:59:07.0937 4108 AsUpIO - ok 00:59:07.0979 4108 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 00:59:07.0980 4108 AsyncMac - ok 00:59:08.0019 4108 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys 00:59:08.0020 4108 atapi - ok 00:59:08.0071 4108 [ B0790FF0E25B7A2674296052F2162C1A ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys 00:59:08.0072 4108 AtiHDAudioService - ok 00:59:08.0110 4108 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 00:59:08.0120 4108 AudioEndpointBuilder - ok 00:59:08.0127 4108 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll 00:59:08.0130 4108 AudioSrv - ok 00:59:08.0179 4108 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll 00:59:08.0181 4108 AxInstSV - ok 00:59:08.0218 4108 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys 00:59:08.0231 4108 b06bdrv - ok 00:59:08.0249 4108 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 00:59:08.0261 4108 b57nd60a - ok 00:59:08.0296 4108 [ 7ED4E1D2E124AD4E6A287CF49DBC9BBA ] BCUService C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe 00:59:08.0306 4108 BCUService - ok 00:59:08.0336 4108 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 00:59:08.0338 4108 BDESVC - ok 00:59:08.0374 4108 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 00:59:08.0375 4108 Beep - ok 00:59:08.0419 4108 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll 00:59:08.0430 4108 BFE - ok 00:59:08.0457 4108 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll 00:59:08.0468 4108 BITS - ok 00:59:08.0485 4108 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 00:59:08.0486 4108 blbdrive - ok 00:59:08.0512 4108 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 00:59:08.0513 4108 bowser - ok 00:59:08.0528 4108 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys 00:59:08.0529 4108 BrFiltLo - ok 00:59:08.0543 4108 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys 00:59:08.0543 4108 BrFiltUp - ok 00:59:08.0578 4108 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll 00:59:08.0586 4108 Browser - ok 00:59:08.0600 4108 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 00:59:08.0609 4108 Brserid - ok 00:59:08.0617 4108 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 00:59:08.0618 4108 BrSerWdm - ok 00:59:08.0636 4108 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 00:59:08.0637 4108 BrUsbMdm - ok 00:59:08.0645 4108 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 00:59:08.0646 4108 BrUsbSer - ok 00:59:08.0664 4108 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys 00:59:08.0665 4108 BTHMODEM - ok 00:59:08.0703 4108 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 00:59:08.0705 4108 bthserv - ok 00:59:08.0730 4108 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 00:59:08.0731 4108 cdfs - ok 00:59:08.0772 4108 [ 9456FAE4BF8ABF6316405724E7EA597E ] cdrbsdrv C:\Windows\system32\drivers\cdrbsdrv.sys 00:59:08.0772 4108 cdrbsdrv - ok 00:59:08.0805 4108 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 00:59:08.0809 4108 cdrom - ok 00:59:08.0832 4108 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll 00:59:08.0834 4108 CertPropSvc - ok 00:59:08.0844 4108 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys 00:59:08.0845 4108 circlass - ok 00:59:08.0864 4108 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 00:59:08.0869 4108 CLFS - ok 00:59:08.0927 4108 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 00:59:08.0929 4108 clr_optimization_v2.0.50727_32 - ok 00:59:08.0962 4108 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 00:59:08.0964 4108 clr_optimization_v2.0.50727_64 - ok 00:59:09.0019 4108 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 00:59:09.0021 4108 clr_optimization_v4.0.30319_32 - ok 00:59:09.0052 4108 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 00:59:09.0065 4108 clr_optimization_v4.0.30319_64 - ok 00:59:09.0079 4108 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 00:59:09.0079 4108 CmBatt - ok 00:59:09.0098 4108 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys 00:59:09.0099 4108 cmdide - ok 00:59:09.0126 4108 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys 00:59:09.0143 4108 CNG - ok 00:59:09.0172 4108 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 00:59:09.0172 4108 Compbatt - ok 00:59:09.0203 4108 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys 00:59:09.0204 4108 CompositeBus - ok 00:59:09.0218 4108 COMSysApp - ok 00:59:09.0235 4108 cpudrv64 - ok 00:59:09.0245 4108 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys 00:59:09.0246 4108 crcdisk - ok 00:59:09.0285 4108 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll 00:59:09.0292 4108 CryptSvc - ok 00:59:09.0321 4108 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys 00:59:09.0330 4108 CSC - ok 00:59:09.0352 4108 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll 00:59:09.0362 4108 CscService - ok 00:59:09.0382 4108 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll 00:59:09.0389 4108 DcomLaunch - ok 00:59:09.0426 4108 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 00:59:09.0435 4108 defragsvc - ok 00:59:09.0461 4108 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 00:59:09.0463 4108 DfsC - ok 00:59:09.0489 4108 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll 00:59:09.0494 4108 Dhcp - ok 00:59:09.0522 4108 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 00:59:09.0523 4108 discache - ok 00:59:09.0536 4108 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys 00:59:09.0537 4108 Disk - ok 00:59:09.0575 4108 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll 00:59:09.0579 4108 Dnscache - ok 00:59:09.0611 4108 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll 00:59:09.0615 4108 dot3svc - ok 00:59:09.0627 4108 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll 00:59:09.0631 4108 DPS - ok 00:59:09.0659 4108 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 00:59:09.0660 4108 drmkaud - ok 00:59:09.0677 4108 DS1410D - ok 00:59:09.0753 4108 [ 81048DC54E2A00BC4FD77DBFFEE94053 ] DUMeterDrv C:\Program Files (x86)\DU Meter\DUMETR64.SYS 00:59:09.0754 4108 DUMeterDrv - ok 00:59:09.0766 4108 DUMeterSvc - ok 00:59:09.0803 4108 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 00:59:09.0816 4108 DXGKrnl - ok 00:59:09.0871 4108 [ C3CDC19B715514200F5CEC8BE5B9C9A8 ] Dyn Updater C:\Program Files (x86)\DynDNS Updater\DynUpSvc.exe 00:59:09.0873 4108 Dyn Updater - ok 00:59:09.0904 4108 [ EDC6E9C057C9D7F83EEA22B4CEF5DCAD ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys 00:59:09.0909 4108 E1G60 - ok 00:59:09.0941 4108 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 00:59:09.0944 4108 EapHost - ok 00:59:10.0009 4108 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys 00:59:10.0043 4108 ebdrv - ok 00:59:10.0060 4108 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe 00:59:10.0062 4108 EFS - ok 00:59:10.0117 4108 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 00:59:10.0135 4108 ehRecvr - ok 00:59:10.0167 4108 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 00:59:10.0169 4108 ehSched - ok 00:59:10.0207 4108 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys 00:59:10.0224 4108 elxstor - ok 00:59:10.0250 4108 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys 00:59:10.0251 4108 ErrDev - ok 00:59:10.0307 4108 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 00:59:10.0320 4108 EventSystem - ok 00:59:10.0338 4108 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 00:59:10.0352 4108 exfat - ok 00:59:10.0365 4108 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 00:59:10.0379 4108 fastfat - ok 00:59:10.0417 4108 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe 00:59:10.0433 4108 Fax - ok 00:59:10.0460 4108 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys 00:59:10.0461 4108 fdc - ok 00:59:10.0478 4108 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 00:59:10.0479 4108 fdPHost - ok 00:59:10.0495 4108 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 00:59:10.0497 4108 FDResPub - ok 00:59:10.0513 4108 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 00:59:10.0514 4108 FileInfo - ok 00:59:10.0529 4108 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 00:59:10.0530 4108 Filetrace - ok 00:59:10.0548 4108 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 00:59:10.0548 4108 flpydisk - ok 00:59:10.0579 4108 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 00:59:10.0590 4108 FltMgr - ok 00:59:10.0631 4108 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll 00:59:10.0647 4108 FontCache - ok 00:59:10.0682 4108 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 00:59:10.0683 4108 FontCache3.0.0.0 - ok 00:59:10.0706 4108 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 00:59:10.0708 4108 FsDepends - ok 00:59:10.0730 4108 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 00:59:10.0731 4108 Fs_Rec - ok 00:59:10.0773 4108 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 00:59:10.0782 4108 fvevol - ok 00:59:10.0792 4108 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys 00:59:10.0794 4108 gagp30kx - ok 00:59:10.0832 4108 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll 00:59:10.0842 4108 gpsvc - ok 00:59:10.0887 4108 [ ADB4348DA1345877B04E22203AFC8993 ] hcmon C:\Windows\system32\drivers\hcmon.sys 00:59:10.0887 4108 hcmon - ok 00:59:10.0901 4108 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 00:59:10.0902 4108 hcw85cir - ok 00:59:10.0941 4108 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 00:59:10.0947 4108 HdAudAddService - ok 00:59:10.0970 4108 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys 00:59:10.0972 4108 HDAudBus - ok 00:59:10.0983 4108 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys 00:59:10.0984 4108 HidBatt - ok 00:59:11.0014 4108 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys 00:59:11.0016 4108 HidBth - ok 00:59:11.0028 4108 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys 00:59:11.0029 4108 HidIr - ok 00:59:11.0059 4108 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll 00:59:11.0061 4108 hidserv - ok 00:59:11.0082 4108 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 00:59:11.0082 4108 HidUsb - ok 00:59:11.0107 4108 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll 00:59:11.0110 4108 hkmsvc - ok 00:59:11.0134 4108 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll 00:59:11.0139 4108 HomeGroupListener - ok 00:59:11.0162 4108 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 00:59:11.0166 4108 HomeGroupProvider - ok 00:59:11.0175 4108 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 00:59:11.0176 4108 HpSAMD - ok 00:59:11.0221 4108 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys 00:59:11.0228 4108 HTTP - ok 00:59:11.0255 4108 HWACCESS - ok 00:59:11.0276 4108 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 00:59:11.0276 4108 hwpolicy - ok 00:59:11.0309 4108 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys 00:59:11.0311 4108 i8042prt - ok 00:59:11.0379 4108 [ 1D004CB1DA6323B1F55CAEF7F94B61D9 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys 00:59:11.0388 4108 iaStor - ok 00:59:11.0421 4108 [ 6C91E425ACE29594BD574DE38AC9B76D ] iaStorA C:\Windows\system32\DRIVERS\iaStorA.sys 00:59:11.0427 4108 iaStorA - ok 00:59:11.0471 4108 [ 0AB254994A460550258446950BB58311 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe 00:59:11.0473 4108 IAStorDataMgrSvc - ok 00:59:11.0486 4108 [ 2B38F13E18E272459CD2CE83E6722C12 ] iaStorF C:\Windows\system32\DRIVERS\iaStorF.sys 00:59:11.0487 4108 iaStorF - ok 00:59:11.0519 4108 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 00:59:11.0526 4108 iaStorV - ok 00:59:11.0571 4108 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 00:59:11.0583 4108 idsvc - ok 00:59:11.0611 4108 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys 00:59:11.0612 4108 iirsp - ok 00:59:11.0644 4108 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll 00:59:11.0659 4108 IKEEXT - ok 00:59:11.0691 4108 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys 00:59:11.0691 4108 intelide - ok 00:59:11.0707 4108 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 00:59:11.0708 4108 intelppm - ok 00:59:11.0734 4108 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 00:59:11.0736 4108 IPBusEnum - ok 00:59:11.0750 4108 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 00:59:11.0751 4108 IpFilterDriver - ok 00:59:11.0779 4108 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 00:59:11.0788 4108 iphlpsvc - ok 00:59:11.0805 4108 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 00:59:11.0806 4108 IPMIDRV - ok 00:59:11.0819 4108 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 00:59:11.0821 4108 IPNAT - ok 00:59:11.0834 4108 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 00:59:11.0835 4108 IRENUM - ok 00:59:11.0840 4108 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 00:59:11.0841 4108 isapnp - ok 00:59:11.0854 4108 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 00:59:11.0860 4108 iScsiPrt - ok 00:59:11.0917 4108 [ 9C6F3F69163133FB8E56AC4A6E163452 ] ISODrive C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys 00:59:11.0919 4108 ISODrive - ok 00:59:11.0949 4108 [ 6EBE4832B1A7C063FDF87035AFC1E3DC ] JRAID C:\Windows\system32\DRIVERS\jraid.sys 00:59:11.0951 4108 JRAID - ok 00:59:11.0972 4108 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys 00:59:11.0974 4108 kbdclass - ok 00:59:11.0999 4108 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys 00:59:12.0000 4108 kbdhid - ok 00:59:12.0010 4108 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe 00:59:12.0012 4108 KeyIso - ok 00:59:12.0016 4108 KMService - ok 00:59:12.0040 4108 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 00:59:12.0042 4108 KSecDD - ok 00:59:12.0052 4108 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 00:59:12.0056 4108 KSecPkg - ok 00:59:12.0067 4108 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 00:59:12.0068 4108 ksthunk - ok 00:59:12.0085 4108 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 00:59:12.0092 4108 KtmRm - ok 00:59:12.0124 4108 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll 00:59:12.0130 4108 LanmanServer - ok 00:59:12.0149 4108 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 00:59:12.0153 4108 LanmanWorkstation - ok 00:59:12.0174 4108 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 00:59:12.0175 4108 lltdio - ok 00:59:12.0193 4108 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 00:59:12.0199 4108 lltdsvc - ok 00:59:12.0211 4108 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 00:59:12.0213 4108 lmhosts - ok 00:59:12.0238 4108 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys 00:59:12.0240 4108 LSI_FC - ok 00:59:12.0250 4108 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys 00:59:12.0251 4108 LSI_SAS - ok 00:59:12.0260 4108 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys 00:59:12.0262 4108 LSI_SAS2 - ok 00:59:12.0277 4108 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys 00:59:12.0278 4108 LSI_SCSI - ok 00:59:12.0287 4108 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 00:59:12.0288 4108 luafv - ok 00:59:12.0320 4108 [ B3944D06EB4B64D57BD7E5FE89415F58 ] LVPr2M64 C:\Windows\system32\DRIVERS\LVPr2M64.sys 00:59:12.0321 4108 LVPr2M64 - ok 00:59:12.0326 4108 [ B3944D06EB4B64D57BD7E5FE89415F58 ] LVPr2Mon C:\Windows\system32\DRIVERS\LVPr2M64.sys 00:59:12.0326 4108 LVPr2Mon - ok 00:59:12.0358 4108 [ EF2BE2F45D4F06410A3BD2A3467325B0 ] LVRS64 C:\Windows\system32\DRIVERS\lvrs64.sys 00:59:12.0364 4108 LVRS64 - ok 00:59:12.0462 4108 [ AC22F92C6078640FE8A70D662A2F3AD5 ] LVUVC64 C:\Windows\system32\DRIVERS\lvuvc64.sys 00:59:12.0510 4108 LVUVC64 - ok 00:59:12.0561 4108 [ 06407E13684E4B1AD56C62893E718248 ] lxdfCATSCustConnectService C:\Windows\system32\spool\DRIVERS\x64\3\\lxdfserv.exe 00:59:12.0564 4108 lxdfCATSCustConnectService - ok 00:59:12.0600 4108 lxdf_device - ok 00:59:12.0622 4108 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 00:59:12.0625 4108 Mcx2Svc - ok 00:59:12.0650 4108 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys 00:59:12.0650 4108 megasas - ok 00:59:12.0669 4108 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys 00:59:12.0682 4108 MegaSR - ok 00:59:12.0792 4108 [ 77952968610C1C7854BE9BDA6B837A7D ] Mezzmo C:\Program Files (x86)\Conceiva\Mezzmo\MezzmoMediaServer.exe 00:59:12.0835 4108 Mezzmo - ok 00:59:12.0904 4108 Microsoft SharePoint Workspace Audit Service - ok 00:59:12.0947 4108 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 00:59:12.0949 4108 MMCSS - ok 00:59:13.0115 4108 [ 7B8FB1D57D28C896A8C599313EC6E6A8 ] MMS C:\Program Files (x86)\Acronis\BackupAndRecovery\mms.exe 00:59:13.0135 4108 MMS - ok 00:59:13.0145 4108 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 00:59:13.0145 4108 Modem - ok 00:59:13.0188 4108 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 00:59:13.0189 4108 monitor - ok 00:59:13.0208 4108 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys 00:59:13.0210 4108 mouclass - ok 00:59:13.0241 4108 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 00:59:13.0242 4108 mouhid - ok 00:59:13.0265 4108 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 00:59:13.0266 4108 mountmgr - ok 00:59:13.0313 4108 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 00:59:13.0314 4108 MozillaMaintenance - ok 00:59:13.0346 4108 [ 94C66EDEDCDB6A126880472F9A704D8E ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys 00:59:13.0350 4108 MpFilter - ok 00:59:13.0362 4108 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys 00:59:13.0365 4108 mpio - ok 00:59:13.0384 4108 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 00:59:13.0386 4108 mpsdrv - ok 00:59:13.0421 4108 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll 00:59:13.0433 4108 MpsSvc - ok 00:59:13.0452 4108 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 00:59:13.0458 4108 MRxDAV - ok 00:59:13.0487 4108 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 00:59:13.0492 4108 mrxsmb - ok 00:59:13.0518 4108 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 00:59:13.0525 4108 mrxsmb10 - ok 00:59:13.0535 4108 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 00:59:13.0538 4108 mrxsmb20 - ok 00:59:13.0556 4108 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys 00:59:13.0558 4108 msahci - ok 00:59:13.0579 4108 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys 00:59:13.0583 4108 msdsm - ok 00:59:13.0597 4108 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 00:59:13.0601 4108 MSDTC - ok 00:59:13.0626 4108 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 00:59:13.0627 4108 Msfs - ok 00:59:13.0643 4108 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 00:59:13.0643 4108 mshidkmdf - ok 00:59:13.0658 4108 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 00:59:13.0658 4108 msisadrv - ok 00:59:13.0694 4108 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 00:59:13.0699 4108 MSiSCSI - ok 00:59:13.0702 4108 msiserver - ok 00:59:13.0716 4108 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 00:59:13.0716 4108 MSKSSRV - ok 00:59:13.0779 4108 [ 59FAAF2C83C8169EA20F9E335E418907 ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe 00:59:13.0780 4108 MsMpSvc - ok 00:59:13.0785 4108 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 00:59:13.0786 4108 MSPCLOCK - ok 00:59:13.0793 4108 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 00:59:13.0793 4108 MSPQM - ok 00:59:13.0820 4108 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 00:59:13.0826 4108 MsRPC - ok 00:59:13.0844 4108 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys 00:59:13.0845 4108 mssmbios - ok 00:59:13.0857 4108 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 00:59:13.0857 4108 MSTEE - ok 00:59:13.0870 4108 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys 00:59:13.0871 4108 MTConfig - ok 00:59:13.0912 4108 [ 19B006B181E3875FD254F7B67ACF1E7C ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys 00:59:13.0913 4108 MTsensor - ok 00:59:13.0933 4108 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 00:59:13.0934 4108 Mup - ok 00:59:13.0962 4108 [ 19CBAAB0B1F214AF834EDD9256F55977 ] mv91xx C:\Windows\system32\DRIVERS\mv91xx.sys 00:59:13.0965 4108 mv91xx - ok 00:59:13.0982 4108 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll 00:59:13.0990 4108 napagent - ok 00:59:14.0021 4108 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 00:59:14.0026 4108 NativeWifiP - ok 00:59:14.0075 4108 [ 9D1CCE440552500DED3A62F9D779CDB4 ] NAUpdate C:\Program Files (x86)\Nero\Update\NASvc.exe 00:59:14.0079 4108 NAUpdate - ok 00:59:14.0120 4108 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys 00:59:14.0133 4108 NDIS - ok 00:59:14.0145 4108 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 00:59:14.0146 4108 NdisCap - ok 00:59:14.0168 4108 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 00:59:14.0169 4108 NdisTapi - ok 00:59:14.0194 4108 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 00:59:14.0195 4108 Ndisuio - ok 00:59:14.0219 4108 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 00:59:14.0224 4108 NdisWan - ok 00:59:14.0248 4108 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 00:59:14.0249 4108 NDProxy - ok 00:59:14.0261 4108 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 00:59:14.0262 4108 NetBIOS - ok 00:59:14.0287 4108 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 00:59:14.0291 4108 NetBT - ok 00:59:14.0302 4108 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe 00:59:14.0303 4108 Netlogon - ok 00:59:14.0339 4108 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 00:59:14.0345 4108 Netman - ok 00:59:14.0359 4108 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 00:59:14.0360 4108 NetMsmqActivator - ok 00:59:14.0363 4108 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 00:59:14.0364 4108 NetPipeActivator - ok 00:59:14.0375 4108 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 00:59:14.0381 4108 netprofm - ok 00:59:14.0387 4108 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 00:59:14.0387 4108 NetTcpActivator - ok 00:59:14.0390 4108 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 00:59:14.0391 4108 NetTcpPortSharing - ok 00:59:14.0414 4108 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys 00:59:14.0415 4108 nfrd960 - ok 00:59:14.0450 4108 [ 91B4E0273D2F6C24EF845F2B41311289 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys 00:59:14.0452 4108 NisDrv - ok 00:59:14.0477 4108 [ 10A43829A9E606AF3EEF25A1C1665923 ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe 00:59:14.0482 4108 NisSrv - ok 00:59:14.0505 4108 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll 00:59:14.0511 4108 NlaSvc - ok 00:59:14.0519 4108 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 00:59:14.0520 4108 Npfs - ok 00:59:14.0534 4108 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 00:59:14.0536 4108 nsi - ok 00:59:14.0543 4108 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 00:59:14.0544 4108 nsiproxy - ok 00:59:14.0590 4108 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 00:59:14.0607 4108 Ntfs - ok 00:59:14.0611 4108 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 00:59:14.0612 4108 Null - ok 00:59:14.0628 4108 [ 8EBCB9165EE7F1571842F4D9D624A74C ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys 00:59:14.0629 4108 nusb3hub - ok 00:59:14.0659 4108 [ 5D54DBB12BBFE07CC283FD39F2CD6D63 ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys 00:59:14.0670 4108 nusb3xhc - ok 00:59:14.0685 4108 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys 00:59:14.0695 4108 nvraid - ok 00:59:14.0717 4108 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys 00:59:14.0726 4108 nvstor - ok 00:59:14.0756 4108 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 00:59:14.0758 4108 nv_agp - ok 00:59:14.0772 4108 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 00:59:14.0774 4108 ohci1394 - ok 00:59:14.0868 4108 [ 9BFD0A072459782E3638362A4473E283 ] OS Selector C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe 00:59:14.0890 4108 OS Selector - ok 00:59:14.0921 4108 [ 4965B005492CBA7719E82B71E3245495 ] ose64 C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 00:59:14.0934 4108 ose64 - ok 00:59:15.0038 4108 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 00:59:15.0085 4108 osppsvc - ok 00:59:15.0113 4108 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 00:59:15.0129 4108 p2pimsvc - ok 00:59:15.0150 4108 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 00:59:15.0165 4108 p2psvc - ok 00:59:15.0189 4108 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys 00:59:15.0191 4108 Parport - ok 00:59:15.0216 4108 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys 00:59:15.0218 4108 partmgr - ok 00:59:15.0240 4108 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 00:59:15.0252 4108 PcaSvc - ok 00:59:15.0276 4108 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys 00:59:15.0287 4108 pci - ok 00:59:15.0295 4108 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys 00:59:15.0296 4108 pciide - ok 00:59:15.0318 4108 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys 00:59:15.0328 4108 pcmcia - ok 00:59:15.0343 4108 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 00:59:15.0344 4108 pcw - ok 00:59:15.0368 4108 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 00:59:15.0381 4108 PEAUTH - ok 00:59:15.0419 4108 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll 00:59:15.0440 4108 PeerDistSvc - ok 00:59:15.0503 4108 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 00:59:15.0505 4108 PerfHost - ok 00:59:15.0551 4108 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll 00:59:15.0572 4108 pla - ok 00:59:15.0613 4108 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 00:59:15.0629 4108 PlugPlay - ok 00:59:15.0643 4108 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 00:59:15.0646 4108 PNRPAutoReg - ok 00:59:15.0673 4108 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 00:59:15.0677 4108 PNRPsvc - ok 00:59:15.0711 4108 [ 7CA2487BC51FBE4FA30DE657C61D27D3 ] Point64 C:\Windows\system32\DRIVERS\point64k.sys 00:59:15.0712 4108 Point64 - ok 00:59:15.0742 4108 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 00:59:15.0755 4108 PolicyAgent - ok 00:59:15.0789 4108 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll 00:59:15.0801 4108 Power - ok 00:59:15.0839 4108 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 00:59:15.0841 4108 PptpMiniport - ok 00:59:15.0870 4108 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys 00:59:15.0872 4108 Processor - ok 00:59:15.0935 4108 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll 00:59:15.0940 4108 ProfSvc - ok 00:59:15.0952 4108 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe 00:59:15.0954 4108 ProtectedStorage - ok 00:59:15.0982 4108 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys 00:59:15.0984 4108 Psched - ok 00:59:16.0010 4108 [ FB46E9A827A8799EBD7BFA9128C91F37 ] PSI C:\Windows\system32\DRIVERS\psi_mf.sys 00:59:16.0011 4108 PSI - ok 00:59:16.0047 4108 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys 00:59:16.0067 4108 ql2300 - ok 00:59:16.0083 4108 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys 00:59:16.0085 4108 ql40xx - ok 00:59:16.0114 4108 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 00:59:16.0126 4108 QWAVE - ok 00:59:16.0139 4108 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 00:59:16.0140 4108 QWAVEdrv - ok 00:59:16.0159 4108 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 00:59:16.0159 4108 RasAcd - ok 00:59:16.0204 4108 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 00:59:16.0205 4108 RasAgileVpn - ok 00:59:16.0220 4108 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 00:59:16.0224 4108 RasAuto - ok 00:59:16.0249 4108 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 00:59:16.0251 4108 Rasl2tp - ok 00:59:16.0269 4108 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll 00:59:16.0277 4108 RasMan - ok 00:59:16.0294 4108 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 00:59:16.0296 4108 RasPppoe - ok 00:59:16.0315 4108 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 00:59:16.0317 4108 RasSstp - ok 00:59:16.0336 4108 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 00:59:16.0341 4108 rdbss - ok 00:59:16.0350 4108 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 00:59:16.0351 4108 rdpbus - ok 00:59:16.0366 4108 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 00:59:16.0367 4108 RDPCDD - ok 00:59:16.0397 4108 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys 00:59:16.0402 4108 RDPDR - ok 00:59:16.0420 4108 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 00:59:16.0421 4108 RDPENCDD - ok 00:59:16.0425 4108 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 00:59:16.0426 4108 RDPREFMP - ok 00:59:16.0465 4108 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys 00:59:16.0466 4108 RdpVideoMiniport - ok 00:59:16.0484 4108 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 00:59:16.0488 4108 RDPWD - ok 00:59:16.0507 4108 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 00:59:16.0511 4108 rdyboost - ok 00:59:16.0536 4108 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 00:59:16.0540 4108 RemoteAccess - ok 00:59:16.0576 4108 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 00:59:16.0581 4108 RemoteRegistry - ok 00:59:16.0606 4108 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 00:59:16.0609 4108 RpcEptMapper - ok 00:59:16.0620 4108 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 00:59:16.0622 4108 RpcLocator - ok 00:59:16.0648 4108 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll 00:59:16.0654 4108 RpcSs - ok 00:59:16.0684 4108 [ 2ABD2B3BA2EF0C3BA82284C2A5E28675 ] RRNetCap C:\Windows\system32\DRIVERS\rrnetcap.sys 00:59:16.0685 4108 RRNetCap - ok 00:59:16.0689 4108 [ 2ABD2B3BA2EF0C3BA82284C2A5E28675 ] RRNetCapMP C:\Windows\system32\DRIVERS\rrnetcap.sys 00:59:16.0689 4108 RRNetCapMP - ok 00:59:16.0717 4108 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 00:59:16.0718 4108 rspndr - ok 00:59:16.0749 4108 [ B49DC435AE3695BAC5623DD94B05732D ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys 00:59:16.0753 4108 RTL8167 - ok 00:59:16.0768 4108 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys 00:59:16.0769 4108 s3cap - ok 00:59:16.0777 4108 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe 00:59:16.0778 4108 SamSs - ok 00:59:16.0816 4108 [ 152EE68830FFB13F0B1FEC6C9B99644F ] SbieDrv C:\Program Files\Sandboxie\SbieDrv.sys 00:59:16.0821 4108 SbieDrv - ok 00:59:16.0833 4108 [ FD0287131D91352F225EBB5CD3527952 ] SbieSvc C:\Program Files\Sandboxie\SbieSvc.exe 00:59:16.0835 4108 SbieSvc - ok 00:59:16.0848 4108 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 00:59:16.0849 4108 sbp2port - ok 00:59:16.0861 4108 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 00:59:16.0866 4108 SCardSvr - ok 00:59:16.0893 4108 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 00:59:16.0894 4108 scfilter - ok 00:59:16.0937 4108 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll 00:59:16.0953 4108 Schedule - ok 00:59:16.0973 4108 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll 00:59:16.0974 4108 SCPolicySvc - ok 00:59:16.0994 4108 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll 00:59:17.0002 4108 SDRSVC - ok 00:59:17.0022 4108 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 00:59:17.0023 4108 secdrv - ok 00:59:17.0040 4108 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll 00:59:17.0043 4108 seclogon - ok 00:59:17.0100 4108 [ 5B66DB4877BBAC9F7493AA8D84421E49 ] Secunia PSI Agent C:\Program Files (x86)\Secunia\PSI\PSIA.exe 00:59:17.0114 4108 Secunia PSI Agent - ok 00:59:17.0142 4108 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll 00:59:17.0146 4108 SENS - ok 00:59:17.0161 4108 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 00:59:17.0164 4108 SensrSvc - ok 00:59:17.0201 4108 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 00:59:17.0202 4108 Serenum - ok 00:59:17.0220 4108 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys 00:59:17.0222 4108 Serial - ok 00:59:17.0246 4108 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys 00:59:17.0247 4108 sermouse - ok 00:59:17.0277 4108 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll 00:59:17.0279 4108 SessionEnv - ok 00:59:17.0290 4108 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 00:59:17.0290 4108 sffdisk - ok 00:59:17.0296 4108 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 00:59:17.0297 4108 sffp_mmc - ok 00:59:17.0310 4108 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 00:59:17.0311 4108 sffp_sd - ok 00:59:17.0332 4108 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys 00:59:17.0333 4108 sfloppy - ok 00:59:17.0362 4108 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll 00:59:17.0369 4108 SharedAccess - ok 00:59:17.0390 4108 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll 00:59:17.0395 4108 ShellHWDetection - ok 00:59:17.0403 4108 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys 00:59:17.0404 4108 SiSRaid2 - ok 00:59:17.0408 4108 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys 00:59:17.0409 4108 SiSRaid4 - ok 00:59:17.0438 4108 [ 4C977E2728C7D322BE05698AFEF1B37A ] SIVDriver C:\Windows\system32\Drivers\SIVX64.sys 00:59:17.0440 4108 SIVDriver - ok 00:59:17.0580 4108 [ 753D254205E0A62100A050BD8B458D06 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe 00:59:17.0609 4108 Skype C2C Service - ok 00:59:17.0675 4108 [ EA396139541706B4B433641D62EA53CE ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe 00:59:17.0676 4108 SkypeUpdate - ok 00:59:17.0696 4108 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 00:59:17.0698 4108 Smb - ok 00:59:17.0734 4108 [ C194FC7F26B62DA92D121C3564F20712 ] snapman C:\Windows\system32\DRIVERS\snapman.sys 00:59:17.0741 4108 snapman - ok 00:59:17.0771 4108 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 00:59:17.0774 4108 SNMPTRAP - ok 00:59:17.0808 4108 [ 12583AF6CBE0050651EAF2723B3AD7B3 ] speedfan C:\Windows\syswow64\speedfan.sys 00:59:17.0810 4108 speedfan - ok 00:59:17.0837 4108 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 00:59:17.0838 4108 spldr - ok 00:59:17.0876 4108 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe 00:59:17.0886 4108 Spooler - ok 00:59:17.0961 4108 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe 00:59:17.0997 4108 sppsvc - ok 00:59:18.0010 4108 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 00:59:18.0011 4108 sppuinotify - ok 00:59:18.0064 4108 [ 51DE15CA5C05BCA46D8B110CD00A02FB ] sptd C:\Windows\system32\Drivers\sptd.sys 00:59:18.0064 4108 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 51DE15CA5C05BCA46D8B110CD00A02FB 00:59:18.0071 4108 sptd ( LockedFile.Multi.Generic ) - warning 00:59:18.0072 4108 sptd - detected LockedFile.Multi.Generic (1) 00:59:18.0098 4108 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys 00:59:18.0111 4108 srv - ok 00:59:18.0121 4108 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 00:59:18.0135 4108 srv2 - ok 00:59:18.0147 4108 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 00:59:18.0160 4108 srvnet - ok 00:59:18.0190 4108 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 00:59:18.0201 4108 SSDPSRV - ok 00:59:18.0290 4108 [ A61D617F37456D9D32F98BF70EB5D414 ] sshd C:\cygwin\bin\cygrunsrv.exe 00:59:18.0291 4108 sshd - ok 00:59:18.0314 4108 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 00:59:18.0318 4108 SstpSvc - ok 00:59:18.0343 4108 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys 00:59:18.0344 4108 stexstor - ok 00:59:18.0387 4108 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll 00:59:18.0402 4108 stisvc - ok 00:59:18.0423 4108 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys 00:59:18.0424 4108 storflt - ok 00:59:18.0440 4108 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys 00:59:18.0442 4108 storvsc - ok 00:59:18.0458 4108 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys 00:59:18.0459 4108 swenum - ok 00:59:18.0497 4108 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 00:59:18.0508 4108 swprv - ok 00:59:18.0519 4108 Synth3dVsc - ok 00:59:18.0570 4108 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll 00:59:18.0596 4108 SysMain - ok 00:59:18.0620 4108 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll 00:59:18.0622 4108 TabletInputService - ok 00:59:18.0648 4108 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll 00:59:18.0665 4108 TapiSrv - ok 00:59:18.0694 4108 [ 4430E9B4C60AAB672D16E801BAD0555E ] tbhsd C:\Windows\system32\drivers\tbhsd.sys 00:59:18.0696 4108 tbhsd - ok 00:59:18.0716 4108 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 00:59:18.0719 4108 TBS - ok | actions · 2012-Sep-25 1:59 pm · (locked) | mmainprize |
00:59:18.0767 4108 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys 00:59:18.0791 4108 Tcpip - ok 00:59:18.0818 4108 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 00:59:18.0825 4108 TCPIP6 - ok 00:59:18.0849 4108 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 00:59:18.0850 4108 tcpipreg - ok 00:59:18.0880 4108 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 00:59:18.0881 4108 TDPIPE - ok 00:59:18.0906 4108 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 00:59:18.0907 4108 TDTCP - ok 00:59:18.0948 4108 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 00:59:18.0951 4108 tdx - ok 00:59:18.0971 4108 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys 00:59:18.0972 4108 TermDD - ok 00:59:18.0998 4108 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll 00:59:19.0011 4108 TermService - ok 00:59:19.0025 4108 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 00:59:19.0028 4108 Themes - ok 00:59:19.0047 4108 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 00:59:19.0048 4108 THREADORDER - ok 00:59:19.0090 4108 [ 6ADC063FD51F03EF0CAB3E716A725BD2 ] timounter C:\Windows\system32\DRIVERS\timntr.sys 00:59:19.0107 4108 timounter - ok 00:59:19.0120 4108 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 00:59:19.0123 4108 TrkWks - ok 00:59:19.0178 4108 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 00:59:19.0186 4108 TrustedInstaller - ok 00:59:19.0215 4108 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 00:59:19.0217 4108 tssecsrv - ok 00:59:19.0253 4108 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 00:59:19.0255 4108 TsUsbFlt - ok 00:59:19.0259 4108 tsusbhub - ok 00:59:19.0296 4108 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 00:59:19.0298 4108 tunnel - ok 00:59:19.0344 4108 [ 711561440FDC396CB6E4C69C13375A38 ] tvnserver C:\Program Files (x86)\TightVNC\tvnserver.exe 00:59:19.0355 4108 tvnserver - ok 00:59:19.0381 4108 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys 00:59:19.0382 4108 uagp35 - ok 00:59:19.0400 4108 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 00:59:19.0409 4108 udfs - ok 00:59:19.0432 4108 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 00:59:19.0436 4108 UI0Detect - ok 00:59:19.0454 4108 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 00:59:19.0455 4108 uliagpkx - ok 00:59:19.0481 4108 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys 00:59:19.0483 4108 umbus - ok 00:59:19.0496 4108 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys 00:59:19.0497 4108 UmPass - ok 00:59:19.0523 4108 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll 00:59:19.0529 4108 UmRdpService - ok 00:59:19.0594 4108 [ 927754ABF077AEB5504BE4E0F2C60C1B ] UMVPFSrv C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe 00:59:19.0602 4108 UMVPFSrv - ok 00:59:19.0649 4108 [ 9DC07E73A4ABB9ACF692113B36A5009F ] UnlockerDriver5 C:\Program Files\Unlocker\UnlockerDriver5.sys 00:59:19.0650 4108 UnlockerDriver5 - ok 00:59:19.0668 4108 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 00:59:19.0675 4108 upnphost - ok 00:59:19.0697 4108 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys 00:59:19.0699 4108 usbaudio - ok 00:59:19.0723 4108 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 00:59:19.0725 4108 usbccgp - ok 00:59:19.0742 4108 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys 00:59:19.0744 4108 usbcir - ok 00:59:19.0760 4108 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys 00:59:19.0761 4108 usbehci - ok 00:59:19.0787 4108 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 00:59:19.0794 4108 usbhub - ok 00:59:19.0818 4108 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys 00:59:19.0819 4108 usbohci - ok 00:59:19.0851 4108 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 00:59:19.0852 4108 usbprint - ok 00:59:19.0882 4108 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 00:59:19.0884 4108 usbscan - ok 00:59:19.0910 4108 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 00:59:19.0911 4108 USBSTOR - ok 00:59:19.0939 4108 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 00:59:19.0940 4108 usbuhci - ok 00:59:19.0969 4108 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys 00:59:19.0973 4108 usbvideo - ok 00:59:19.0990 4108 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 00:59:19.0994 4108 UxSms - ok 00:59:20.0003 4108 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe 00:59:20.0004 4108 VaultSvc - ok 00:59:20.0019 4108 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 00:59:20.0020 4108 vdrvroot - ok 00:59:20.0050 4108 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe 00:59:20.0060 4108 vds - ok 00:59:20.0068 4108 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 00:59:20.0070 4108 vga - ok 00:59:20.0083 4108 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 00:59:20.0084 4108 VgaSave - ok 00:59:20.0090 4108 VGPU - ok 00:59:20.0113 4108 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 00:59:20.0117 4108 vhdmp - ok 00:59:20.0165 4108 [ 8F69C38A8BA725F891F26AAC8888696E ] VIAHdAudAddService C:\Windows\system32\drivers\viahduaa.sys 00:59:20.0180 4108 VIAHdAudAddService - ok 00:59:20.0188 4108 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys 00:59:20.0189 4108 viaide - ok 00:59:20.0238 4108 [ 94CF2D157C8FD9089AFA5DA78AA64C65 ] VMAuthdService C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe 00:59:20.0240 4108 VMAuthdService - ok 00:59:20.0258 4108 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys 00:59:20.0268 4108 vmbus - ok 00:59:20.0292 4108 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys 00:59:20.0293 4108 VMBusHID - ok 00:59:20.0348 4108 [ 87FC1DD880E8CAC4FAEBB84AF61A87C4 ] vmci C:\Windows\system32\DRIVERS\vmci.sys 00:59:20.0350 4108 vmci - ok 00:59:20.0375 4108 [ B259C31378BC855AFD1B53F59311C251 ] VMnetAdapter C:\Windows\system32\DRIVERS\vmnetadapter.sys 00:59:20.0376 4108 VMnetAdapter - ok 00:59:20.0393 4108 [ DEC4CE720FFEDA939CF1BA315CFBD993 ] VMnetBridge C:\Windows\system32\DRIVERS\vmnetbridge.sys 00:59:20.0394 4108 VMnetBridge - ok 00:59:20.0407 4108 VMnetDHCP - ok 00:59:20.0420 4108 [ EC9456D3E0E194D67D7430C7AB4EAB2C ] VMnetuserif C:\Windows\system32\drivers\vmnetuserif.sys 00:59:20.0421 4108 VMnetuserif - ok 00:59:20.0452 4108 [ 18903CA7936912C337C9D28858880CF2 ] VMUSBArbService C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe 00:59:20.0463 4108 VMUSBArbService - ok 00:59:20.0469 4108 VMware NAT Service - ok 00:59:20.0641 4108 [ 8C01AE115E9E6806A25A9B5136FD6FC0 ] VMwareHostd C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe 00:59:20.0758 4108 VMwareHostd - ok 00:59:20.0787 4108 [ 940933DEF15495D50DC1232E28C70B48 ] vmx86 C:\Windows\system32\drivers\vmx86.sys 00:59:20.0788 4108 vmx86 - ok 00:59:20.0814 4108 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys 00:59:20.0815 4108 volmgr - ok 00:59:20.0848 4108 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 00:59:20.0862 4108 volmgrx - ok 00:59:20.0892 4108 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys 00:59:20.0904 4108 volsnap - ok 00:59:20.0930 4108 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys 00:59:20.0941 4108 vsmraid - ok 00:59:20.0987 4108 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe 00:59:21.0007 4108 VSS - ok 00:59:21.0107 4108 [ 6107E33A30C0B923F31C872E1980D2D1 ] vstor2-mntapi10-shared C:\Windows\syswow64\drivers\vstor2-mntapi10-shared.sys 00:59:21.0108 4108 vstor2-mntapi10-shared - ok 00:59:21.0139 4108 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys 00:59:21.0140 4108 vwifibus - ok 00:59:21.0178 4108 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 00:59:21.0189 4108 W32Time - ok 00:59:21.0206 4108 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys 00:59:21.0207 4108 WacomPen - ok 00:59:21.0245 4108 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 00:59:21.0247 4108 WANARP - ok 00:59:21.0254 4108 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 00:59:21.0255 4108 Wanarpv6 - ok 00:59:21.0292 4108 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe 00:59:21.0307 4108 WatAdminSvc - ok 00:59:21.0340 4108 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe 00:59:21.0362 4108 wbengine - ok 00:59:21.0371 4108 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 00:59:21.0387 4108 WbioSrvc - ok 00:59:21.0399 4108 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll 00:59:21.0417 4108 wcncsvc - ok 00:59:21.0431 4108 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 00:59:21.0433 4108 WcsPlugInService - ok 00:59:21.0464 4108 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys 00:59:21.0465 4108 Wd - ok 00:59:21.0489 4108 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 00:59:21.0505 4108 Wdf01000 - ok 00:59:21.0516 4108 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 00:59:21.0519 4108 WdiServiceHost - ok 00:59:21.0529 4108 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 00:59:21.0532 4108 WdiSystemHost - ok 00:59:21.0549 4108 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll 00:59:21.0562 4108 WebClient - ok 00:59:21.0591 4108 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 00:59:21.0603 4108 Wecsvc - ok 00:59:21.0620 4108 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 00:59:21.0624 4108 wercplsupport - ok 00:59:21.0664 4108 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 00:59:21.0667 4108 WerSvc - ok 00:59:21.0694 4108 [ DE6968588A51E02EA55BA2C331673EF0 ] wfcs C:\Program Files\Windows Firewall Control\wfcs.exe 00:59:21.0703 4108 wfcs - ok 00:59:21.0721 4108 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 00:59:21.0721 4108 WfpLwf - ok 00:59:21.0747 4108 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 00:59:21.0748 4108 WIMMount - ok 00:59:21.0762 4108 WinDefend - ok 00:59:21.0772 4108 WinHttpAutoProxySvc - ok 00:59:21.0820 4108 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 00:59:21.0832 4108 Winmgmt - ok 00:59:21.0882 4108 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll 00:59:21.0907 4108 WinRM - ok 00:59:21.0943 4108 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 00:59:21.0944 4108 WinUsb - ok 00:59:21.0996 4108 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 00:59:22.0015 4108 Wlansvc - ok 00:59:22.0117 4108 [ 357CABBF155AFD1D3926E62539D2A3A7 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 00:59:22.0145 4108 wlidsvc - ok 00:59:22.0174 4108 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 00:59:22.0175 4108 WmiAcpi - ok 00:59:22.0204 4108 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 00:59:22.0217 4108 wmiApSrv - ok 00:59:22.0237 4108 WMPNetworkSvc - ok 00:59:22.0247 4108 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 00:59:22.0249 4108 WPCSvc - ok 00:59:22.0271 4108 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 00:59:22.0275 4108 WPDBusEnum - ok 00:59:22.0294 4108 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 00:59:22.0295 4108 ws2ifsl - ok 00:59:22.0324 4108 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll 00:59:22.0328 4108 wscsvc - ok 00:59:22.0333 4108 WSearch - ok 00:59:22.0402 4108 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 00:59:22.0427 4108 wuauserv - ok 00:59:22.0448 4108 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 00:59:22.0450 4108 WudfPf - ok 00:59:22.0490 4108 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 00:59:22.0500 4108 WUDFRd - ok 00:59:22.0523 4108 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 00:59:22.0527 4108 wudfsvc - ok 00:59:22.0547 4108 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll 00:59:22.0557 4108 WwanSvc - ok 00:59:22.0632 4108 [ 74983ADDCA2D9618512C088D856D6615 ] {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC} C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl 00:59:22.0640 4108 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC} - ok 00:59:22.0653 4108 ================ Scan global =============================== 00:59:22.0679 4108 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 00:59:22.0704 4108 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll 00:59:22.0712 4108 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll 00:59:22.0736 4108 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 00:59:22.0751 4108 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 00:59:22.0758 4108 [Global] - ok 00:59:22.0758 4108 ================ Scan MBR ================================== 00:59:22.0773 4108 [ 273EE1C54B713D6A159355940806F408 ] \Device\Harddisk0\DR0 00:59:22.0822 4108 \Device\Harddisk0\DR0 - ok 00:59:22.0826 4108 [ EFA978CACFC94837A0424E0BAF924522 ] \Device\Harddisk1\DR1 00:59:23.0144 4108 \Device\Harddisk1\DR1 - ok 00:59:23.0161 4108 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk2\DR2 00:59:23.0164 4108 \Device\Harddisk2\DR2 - ok 00:59:23.0178 4108 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk3\DR3 00:59:23.0181 4108 \Device\Harddisk3\DR3 - ok 00:59:23.0182 4108 [ 88BF09299B7111FD5EEBA047AD977B3C ] \Device\Harddisk4\DR4 00:59:23.0184 4108 \Device\Harddisk4\DR4 - ok 00:59:23.0185 4108 ================ Scan VBR ================================== 00:59:23.0186 4108 [ CB6F0F9A868C80EB84D573A92CB5B656 ] \Device\Harddisk0\DR0\Partition1 00:59:23.0187 4108 \Device\Harddisk0\DR0\Partition1 - ok 00:59:23.0189 4108 [ B68A6027FDB2B11089A5BF841CA6F76A ] \Device\Harddisk1\DR1\Partition1 00:59:23.0190 4108 \Device\Harddisk1\DR1\Partition1 - ok 00:59:23.0197 4108 [ 966FA51D2C972022FBCEA85A1F5EE823 ] \Device\Harddisk1\DR1\Partition2 00:59:23.0213 4108 \Device\Harddisk1\DR1\Partition2 - ok 00:59:23.0228 4108 [ 88AD180E63F93507F4251987BDA82D21 ] \Device\Harddisk1\DR1\Partition3 00:59:23.0246 4108 \Device\Harddisk1\DR1\Partition3 - ok 00:59:23.0250 4108 [ E1D798F6FCF18268031B6F1908A32360 ] \Device\Harddisk2\DR2\Partition1 00:59:23.0252 4108 \Device\Harddisk2\DR2\Partition1 - ok 00:59:23.0255 4108 [ 879A8983D4E89DF488A62358CA765B2F ] \Device\Harddisk3\DR3\Partition1 00:59:23.0257 4108 \Device\Harddisk3\DR3\Partition1 - ok 00:59:23.0259 4108 [ 9B110138804CFBC35238816C76A9DA0A ] \Device\Harddisk4\DR4\Partition1 00:59:23.0261 4108 \Device\Harddisk4\DR4\Partition1 - ok 00:59:23.0261 4108 ============================================================ 00:59:23.0261 4108 Scan finished 00:59:23.0261 4108 ============================================================ 00:59:23.0269 5212 Detected object count: 1 00:59:23.0269 5212 Actual detected object count: 1 00:59:41.0068 5212 sptd ( LockedFile.Multi.Generic ) - skipped by user 00:59:41.0068 5212 sptd ( LockedFile.Multi.Generic ) - User select action: Skip 01:00:00.0420 5196 Deinitialize success | actions · 2012-Sep-25 2:00 pm · (locked) |
1 recommendation |
to mmainprize
The logs are all clean. You've checked the MBAM results and confirmed the false positives. TDSS Killer is ok, the detect is not a sign of an exploit. Nothing more to do except cleanup. Cleaning Up:Delete TFC: - Delete the TFC icon on your Desktop
Delete OTL: - Double click the OTL icon on your Desktop
- Press the 'Cleanup' button
Delete Security Check: - Delete the SecurityCheck icon on your Desktop
Delete Malware Bytes: - We recommend that you keep MalwareBytes (MBAM) and run it every week. There is no charge to keep the program however the real time protection will stop after the trial period. Be sure to update the definitions before each use. If you decide not to keep MBAM, use Add/Remove Programs to uninstall it.
Delete Sophos AntiRootkit- If we asked you to run Sophos AntiRootkit program, uninstall it thru Add/Remove Programs.
Other Programs: - If we asked you to install any other programs that are not removed by the OTL cleanup procedure, we will provide separate removal instructions.
| actions · 2012-Sep-25 2:28 pm · (locked) | |
Well that is good news.
Thanks LoPhatPhuud, for your analysis of the logs. | actions · 2012-Sep-25 2:40 pm · (locked) |
|