Broadband Tech &rarr; Security &rarr; Security Cleanup > [Spyware] InfoAtoms?

[Spyware] InfoAtoms?

A few days ago, I was running a Malware Bytes scan and it popped up with PUP.InfoAtoms as Registry keys. It also seems to have installed some Firefox extension as well. But it's disabled and with no remove button.

I removed the detected files as MBAM suggested, but they were back after a restart. How do I permanently remove this crud off my system? And how big of a threat is it?

actions · 2013-Apr-18 11:44 am ·

lilhurricane
Crunchin' For Cures
Premium,Mod
join:2003-01-11
Purple Zone
kudos:56

Reviews:

If you'd like guided assistance, please follow all the steps for our forum carefully, there are no shortcuts:

»Security Cleanup FAQ »Mandatory Steps Before Requesting Assistance

Our FAQ will tell you what programs we need and how to attempt to get them to run .

It will also show what logs need to be attached to your post - as well as where & how to locate them

»Security Cleanup FAQ »How to post for assistance
»Security Cleanup FAQ »So...What is this Forum all about?
--
~Safe Hex~ Team Discovery ~ Project Hope ~ Like A Hurricane~

actions · 2013-Apr-18 12:15 pm ·

your moderator at work

Chris 313
Come get some
Premium
join:2004-07-18
Houma, LA

1 recommendation

reply to lilhurricane

Re: [Spyware] InfoAtoms?

I'm running all the goodies now. Will be back later today to post logs.

actions · 2013-Apr-27 3:41 pm ·

Chris 313
Come get some
Premium
join:2004-07-18
Houma, LA

Reviews:

·Vonage

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.04.27.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: CHRIS [administrator]

4/27/2013 2:38:23 PM
MBAM-log-2013-04-27 (16-50-42).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 507611
Time elapsed: 2 hour(s), 11 minute(s), 43 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{103089DA-0F31-4A8B-843F-7D24A7FE8345} (PUP.InfoAtoms) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{103089DA-0F31-4A8B-843F-7D24A7FE8345} (PUP.InfoAtoms) -> No action taken.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

actions · 2013-Apr-28 5:05 pm ·

Chris 313
Come get some
Premium
join:2004-07-18
Houma, LA

Reviews:

·Vonage

# AdwCleaner v2.202 - Logfile created 04/27/2013 at 16:59:50
# Updated 23/04/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Owner - CHRIS
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Owner\My Documents\Downloads\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

File Deleted : C:\END
Folder Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6q4koygb.Firefox 3 New Profile\jetpack
Folder Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gb5qppc6.Default User\CT1009511
Folder Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gb5qppc6.Default User\extensions\{0c3bf3a6-1f4f-458d-809f-a526443db045}

***** [Registry] *****

Key Deleted : HKCU\Software\Iminent
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BHO.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v20.0.1 (en-US)

File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3he4e4dq\prefs.js

Deleted : user_pref("extensions.videofinder@veoh.com.install-event-fired", true);
Deleted : user_pref("extensions.web@veoh.com.install-event-fired", true);

File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6q4koygb.Firefox 3 New Profile\prefs.js

Deleted : user_pref("extensions.searchrecs@veoh.com.install-event-fired", true);
Deleted : user_pref("extensions.speeddial.thumbnail-3-url", "hxxp://bl104w.blu104.mail.live.com/mail/InboxLigh[...]
Deleted : user_pref("extensions.veohsearchrecs.SupportedSites", "\r\nresults revision[...]
Deleted : user_pref("extensions.veohsearchrecs.VeohVersion", "1.5.1");
Deleted : user_pref("extensions.veohsearchrecs.id", "78b65e0c4-bc43-2110-0067-056c23bb9ec");
Deleted : user_pref("extensions.veohsearchrecs.lastsitedate", "3");
Deleted : user_pref("extensions.videofinder@veoh.com.install-event-fired", true);
Deleted : user_pref("extensions.web@veoh.com.install-event-fired", true);

File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6xc7x6n1.Firefox Blank Profile For DD-WRT Speed Testing\prefs.js

Deleted : user_pref("extensions.videofinder@veoh.com.install-event-fired", true);
Deleted : user_pref("extensions.web@veoh.com.install-event-fired", true);

File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8rl5aqsd.Firefox 13.01 Profile for TMP Dev Build problem testing - July 10, 2012\prefs.js

Deleted : user_pref("extensions.videofinder@veoh.com.install-event-fired", true);
Deleted : user_pref("extensions.web@veoh.com.install-event-fired", true);

File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\dwoqvcbg.FireFox 12 Blank Profile For Quick Checks\prefs.js

Deleted : user_pref("extensions.videofinder@veoh.com.install-event-fired", true);
Deleted : user_pref("extensions.web@veoh.com.install-event-fired", true);

File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f7ce5zwb.Chris' Firefox 3 Test Profile\prefs.js

[OK] File is clean.

File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\fhhpp386.Firefox 7 Profile 11 4 2011\prefs.js

Deleted : user_pref("extensions.videofinder@veoh.com.install-event-fired", true);
Deleted : user_pref("extensions.web@veoh.com.install-event-fired", true);

File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\fxqqaos4.E3 2013 - Xbox 720 Unveiling\prefs.js

[OK] File is clean.

File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gb5qppc6.Default User\prefs.js

Deleted : user_pref("CT1009511.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy");
Deleted : user_pref("CT1009511.CTID", "CT1009511");
Deleted : user_pref("CT1009511.CTPBaseServerUrl", "hxxp://services.conduit.com/");
Deleted : user_pref("CT1009511.CommunityChanged", false);
Deleted : user_pref("CT1009511.DialogsAlignMode", "LTR");
Deleted : user_pref("CT1009511.EMailNotifierPollDate", "Thu Apr 17 2008 18:38:10 GMT-0500 (Central Daylight Ti[...]
Deleted : user_pref("CT1009511.EnableUsage", true);
Deleted : user_pref("CT1009511.FeedPollDate128261952513119353", "Thu Apr 17 2008 16:21:05 GMT-0500 (Central Da[...]
Deleted : user_pref("CT1009511.FeedPollDate128261952513119354", "Thu Apr 17 2008 16:21:09 GMT-0500 (Central Da[...]
Deleted : user_pref("CT1009511.FirstTime", true);
Deleted : user_pref("CT1009511.Initialize", true);
Deleted : user_pref("CT1009511.IsGrouping", false);
Deleted : user_pref("CT1009511.IsMulticommunity", false);
Deleted : user_pref("CT1009511.LanguagePackLastCheckTime", "Thu Apr 17 2008 16:20:58 GMT-0500 (Central Dayligh[...]
Deleted : user_pref("CT1009511.LanguagePackReloadInterval", "24");
Deleted : user_pref("CT1009511.LastLogin", "Thu Apr 17 2008 16:20:57 GMT-0500 (Central Daylight Time)");
Deleted : user_pref("CT1009511.Locale", "en-US");
Deleted : user_pref("CT1009511.LoginCache", "3");
Deleted : user_pref("CT1009511.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT1009511.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT1009511.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT1009511.RadioIsPodcast", false);
Deleted : user_pref("CT1009511.RadioLastCheckTime", "Thu Apr 17 2008 16:21:14 GMT-0500 (Central Daylight Time)[...]
Deleted : user_pref("CT1009511.RadioLastUpdateIPServer", "0");
Deleted : user_pref("CT1009511.RadioLastUpdateServer", "128363166521070000");
Deleted : user_pref("CT1009511.RadioMediaType", "Media Player");
Deleted : user_pref("CT1009511.RadioMenuSelectedID", "EBRadioMenu_CT10095114175264");
Deleted : user_pref("CT1009511.RadioStationName", "Radio%20Hip-Hop%2FRap(USA)");
Deleted : user_pref("CT1009511.RadioStationURL", "hxxp://206.51.233.231/007HipHop");
Deleted : user_pref("CT1009511.SHRINK_TOOLBAR", 1);
Deleted : user_pref("CT1009511.Server", "hxxp://users.conduit.com");
Deleted : user_pref("CT1009511.SettingsLastUpdate", "1208358209");
Deleted : user_pref("CT1009511.ThirdPartyComponentsInterval", "24");
Deleted : user_pref("CT1009511.ThirdPartyComponentsLastCheck", "Sun Apr 06 2008 08:52:52 GMT-0500 (Central Day[...]
Deleted : user_pref("CT1009511.ThirdPartyComponentsLastUpdate", "1204161746");
Deleted : user_pref("CT1009511.ToolbarAlignMode", "SYSTEM");
Deleted : user_pref("CT1009511.ToolbarName", "Applian Media");
Deleted : user_pref("CT1009511.UserID", "UN20080406085246540");
Deleted : user_pref("CT1009511.VusualLastUpdateTime", "1191835852");
Deleted : user_pref("CT1009511.WeatherNetwork", "");
Deleted : user_pref("CT1009511.WeatherPollDate", "Thu Apr 17 2008 18:22:30 GMT-0500 (Central Daylight Time)");
Deleted : user_pref("CT1009511.WeatherUnit", "F");
Deleted : user_pref("extensions.speeddial.thumbnail-3-url", "hxxp://bl104w.blu104.mail.live.com/mail/InboxLigh[...]
Deleted : user_pref("extensions.speeddial.thumbnail-61-label", "2GB kit (1GBx2), 240-pin DIMM, DDR2 PC2-5300 u[...]

File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\txogy8ht.Malware Bytes Testing Profile 4 18 13\prefs.js

[OK] File is clean.

File : C:\Documents and Settings\MCX1\Application Data\Mozilla\Firefox\Profiles\52qc1fdg.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v26.0.1410.64

File : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

-\\ Opera v12.14.1738.0

File : C:\Documents and Settings\Owner\Application Data\Opera\Opera\operaprefs.ini

Deleted : application/x-veohversion4-plugin=6,,C:\Program Files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion[...]
Deleted : application/x-veohtvplugin=6,,C:\Program Files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll,VeohTV[...]
Deleted : application/x-webplayervideoplugin=6,,C:\Program Files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoP[...]
Deleted : application/x-veohversion4-plugin=,0
Deleted : application/x-veohtvplugin=,0
Deleted : application/x-webplayervideoplugin=,0

*************************

AdwCleaner[R1].txt - [13506 octets] - [27/04/2013 16:57:22]
AdwCleaner[S1].txt - [13702 octets] - [27/04/2013 16:59:50]

########## EOF - C:\AdwCleaner[S1].txt - [13763 octets] ##########

actions · 2013-Apr-28 5:06 pm ·

Chris 313
Come get some
Premium
join:2004-07-18
Houma, LA

Reviews:

·Vonage

OTL.Txt 226,604 bytes
OTL Log

actions · 2013-Apr-28 5:09 pm ·

Chris 313
Come get some
Premium
join:2004-07-18
Houma, LA

Reviews:

·Vonage

OTL Extras logfile created on: 4/27/2013 5:22:32 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Owner\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.35 Gb Available Physical Memory | 72.35% Memory free
5.08 Gb Paging File | 4.28 Gb Available in Paging File | 84.27% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 293.43 Gb Total Space | 6.54 Gb Free Space | 2.23% Space Free | Partition Type: NTFS
Drive D: | 4.65 Gb Total Space | 2.39 Gb Free Space | 51.42% Space Free | Partition Type: FAT32
Drive K: | 465.76 Gb Total Space | 1.32 Gb Free Space | 0.28% Space Free | Partition Type: NTFS

Computer Name: CHRIS | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]

[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\PROGRAM FILES\MOZILLA FIREFOX\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\PROGRAM FILES\MOZILLA FIREFOX\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
https [open] -- "C:\PROGRAM FILES\MOZILLA FIREFOX\firefox.exe" -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[color=#E56717]========== System Restore Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"3776:UDP" = 3776:UDP:*:Enabled:Media Center Extender Service
"3390:TCP" = 3390:TCP:*:Enabled:Remote Media Center Experience
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader -- (America Online, Inc.)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\WINDOWS\ehome\ehshell.exe" = C:\WINDOWS\ehome\ehshell.exe:LocalSubNet:Enabled:Media Center -- (Microsoft Corporation)
"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player -- (Veoh Networks)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3 -- (Trend Media Corporation Limited)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"C:\Program Files\Steam\SteamApps\common\vampire the masquerade - bloodlines\vampire.exe" = C:\Program Files\Steam\SteamApps\common\vampire the masquerade - bloodlines\vampire.exe:*:Enabled:Vampire: The Masquerade - Bloodlines -- ()
"C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe" = C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)
"C:\Program Files\Trillian\trillian.exe" = C:\Program Files\Trillian\trillian.exe:*:Enabled:Trillian -- (Cerulean Studios)
"C:\Documents and Settings\Owner\Application Data\BTLive\BTLive.exe" = C:\Documents and Settings\Owner\Application Data\BTLive\BTLive.exe:*:Enabled:BTLive
"C:\Program Files\FAHClient\FAHClient.exe" = C:\Program Files\FAHClient\FAHClient.exe:*:Enabled:FAHClient -- ()
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk
"C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" = C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Program Files\Raptr\raptr.exe" = C:\Program Files\Raptr\raptr.exe:*:Enabled:Raptr Desktop App -- (Raptr, Inc)
"C:\Program Files\Raptr\raptr_im.exe" = C:\Program Files\Raptr\raptr_im.exe:*:Enabled:Raptr IM -- (Raptr, Inc)
"C:\Program Files\ASUS\Printer Utilities\UsbService.exe" = C:\Program Files\ASUS\Printer Utilities\UsbService.exe:*:Enabled:ASUS Virtual USB Service -- ()
"C:\Documents and Settings\Owner\Local Settings\temp\pftC8.tmp\Printer.exe" = C:\Documents and Settings\Owner\Local Settings\temp\pftC8.tmp\Printer.exe:*:Enabled:ASUS Virtual USB Utility

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1B15D991-5619-4BC1-B71E-3DE793B792FC}" = ArcSoft MediaConverter 2
"{1CA2E5E4-F4FE-44B4-95E9-77523FB95838}" = EPSON Stylus Photo RX595 Series Scanner Driver Update
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}" = Rhapsody Player Engine
"{23FE964A-853B-4176-86D7-9E18B5CA1FC0}" = Media Center Extender
"{268278CF-FB69-4D98-B70E-BFEC1CDCA225}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}" = BD Advisor 2.0
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D008E41-F84D-4CC1-A8CF-B8419E51ACDF}" = Intel Audio Studio
"{3D1B20A6-E31D-4BB5-BC5C-DDD3B0D91728}" = Intel Audio Studio
"{3EDFFD11-B9AB-4296-9757-B5AF1F2B8E5C}" = Beyond TV DVD Burning Foundation
"{419CF344-3D94-4DAD-99C8-EA7B00E5EA8B}" = AcronisÂ TrueÂ ImageÂ Home
"{4360BB46-507E-4361-8DCB-4FF9BDC9907B}" = SnagIt 7
"{4394DC3A-5DAC-4C80-A86E-FF462D0AD653}" = Windows 7 Upgrade Advisor Beta
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{456A5815-604D-4D72-94DF-346D2B978A59}_is1" = GOG.com Downloader version 3.0.25
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skypeâ„¢ 6.3
"{5A4B3F22-A5DF-43D7-89A7-6121F5431F32}" = UV Realtime
"{5AF4B3C4-C393-48D7-AC7E-8E7615579548}" = Adobe AIR
"{5CA6F170-E18D-4B4C-8670-3ED096478C41}" = Philips SPC620NC Webcam
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{62BFB4C2-8C4E-4D91-BD7D-81C06EAAC3C0}" = Windows Rights Management Client with Service Pack 2
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{63A5F548-B114-4413-BD9E-5EAF35F90779}" = RRDtool
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}" = Digital Media Reader
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{8ED262EE-FC73-47A9-BB86-D92223246881}" = PowerChute Personal Edition 3.0.2
"{901B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 307.74
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 307.74
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.53
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7607FC8-72AD-486D-B6B7-A402D5876309}" = PerfectDisk 11 Professional
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}" = System Requirements Lab for Intel
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D03E7B00-CA85-4684-9321-1888873C34BD}" = ArcSoft PhotoImpression 6
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{DDDD90B2-80F2-413A-8A8E-38C5076A7DBA}" = Dragon NaturallySpeaking 9
"{DE1AF137-C455-494A-A817-EFE44BCCFDEE}" = Works Upgrade
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{EA1FAE0F-2354-4E32-B423-ABAE8E358F91}" = RealDownloader
"{EA57A1B9-0DD2-44DD-9B70-64E8DA553F6F}" = Philips VLounge
"{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility SP2
"{FA6381E9-96D2-4F6F-866C-4D16E5986FF6}" = TweetDeck
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}" = EPSON Print CD
"5FEE3C222325A264A4ADFAFE92FBE33C1BC7586F" = Windows Driver Package - Philips USB (09/28/2007 1.61.1.5790)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AI RoboForm" = RoboForm 7-8-8-5 (All Users)
"Amazon Kindle" = Amazon Kindle
"AnyDVD" = AnyDVD
"Applian Director1.1" = Applian Director
"avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"CleanUp!" = CleanUp!
"CloneDVD2" = CloneDVD2
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1" = Soft Data Fax Modem with SmartCP
"DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
"DUMeter3_is1" = DU Meter
"E282DC1D6894F97E03EDDD547CB2781C096540CD" = Windows Driver Package - Philips (SPC620) Image (09/28/2007 1.61.1.5790)
"EHome Devices" = Media Center Extender
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v4.60
"FAHClient" = FAHClient
"FileZilla Client" = FileZilla Client 3.2.6.1
"FlashGet3.7" = FlashGet3.7
"Foxit Reader_is1" = Foxit Reader
"Free Window Registry Repair" = Free Window Registry Repair
"Glary Utilities_is1" = Glary Utilities 2.28.0.1011
"Gmail Notifier" = Gmail Notifier
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA
"InstallShield_{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}" = Digital Media Reader
"KLiteCodecPack_is1" = K-Lite Codec Pack 8.0.0 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"MozBackup_is1" = MozBackup 1.4.4
"Mozilla Firefox 20.0.1 (x86 en-US)" = Mozilla Firefox 20.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero OEM
"Nero BurnRights!UninstallKey" = Nero BurnRights
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OnlineArmor_is1" = Online Armor 6.0
"Opera 12.14.1738" = Opera 12.14
"Raptr" = Raptr
"RealPlayer 16.0" = RealPlayer
"ReplayMusic5.20" = Replay Music 5
"ReplayMusic5.30" = Replay Music 5
"ReplayMusic5.40" = Replay Music 5
"ReplayMusic5.45" = Replay Music 5
"ReplayMusic5.50" = Replay Music 5
"Rhapsody" = Rhapsody
"Si Meter" = Si Meter
"Silent Package Run-Time Sample" = EPSON RX595 User's Guide
"SlimBrowser" = FlashPeak SlimBrowser
"softOSD Client" = softOSD Client (Build 1465)
"Startup Delayer" = Startup Delayer v2.5 (build 138)
"Steam App 2600" = Vampire: The Masquerade - Bloodlines
"SystemRequirementsLab" = System Requirements Lab
"Taskbar Shuffle_is1" = Taskbar Shuffle version 2.5
"TaskSwitchXP" = TaskSwitchXP
"Trillian" = Trillian
"Tunatic" = Tunatic
"Universal Extractor_is1" = Universal Extractor 1.5
"Unlocker" = Unlocker 1.8.5
"Vampire - The Masquerade - Redemption_is1" = Vampire - The Masquerade - Redemption
"Veoh Web Player Beta" = Veoh Web Player
"VLC media player" = VLC media player 2.0.6
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows Script" = Microsoft Windows Script 5.7
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinPcapInst" = WinPcap 4.1.2
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2006Setup" = Microsoft Works Suite 2006 Setup Launcher
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xbox_360_CC_Driver" = Xbox 360 Controller for Windows
"YInstHelper" = Yahoo! Install Manager

[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"HuluDesktop" = HuluDesktop
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"Steam App 7050" = Project: Snowblind Demo
"Steam App 7820" = Stubbs The Zombie Demo

[color=#E56717]========== Last 20 Event Log Errors ==========[/color]

[ Application Events ]
Error - 4/27/2013 3:28:48 PM | Computer Name = CHRIS | Source = Media Center Scheduler | ID = 0
Description =

Error - 4/27/2013 3:29:13 PM | Computer Name = CHRIS | Source = Media Center Scheduler | ID = 0
Description =

Error - 4/27/2013 3:29:17 PM | Computer Name = CHRIS | Source = Media Center Scheduler | ID = 0
Description =

Error - 4/27/2013 3:30:22 PM | Computer Name = CHRIS | Source = Media Center Scheduler | ID = 0
Description =

Error - 4/27/2013 3:30:23 PM | Computer Name = CHRIS | Source = Media Center Scheduler | ID = 0
Description =

Error - 4/27/2013 6:09:02 PM | Computer Name = CHRIS | Source = Media Center Scheduler | ID = 0
Description =

Error - 4/27/2013 6:09:35 PM | Computer Name = CHRIS | Source = Media Center Scheduler | ID = 0
Description =

Error - 4/27/2013 6:09:38 PM | Computer Name = CHRIS | Source = Media Center Scheduler | ID = 0
Description =

Error - 4/27/2013 6:10:45 PM | Computer Name = CHRIS | Source = Media Center Scheduler | ID = 0
Description =

Error - 4/27/2013 6:11:17 PM | Computer Name = CHRIS | Source = Media Center Scheduler | ID = 0
Description =

[ Media Center Events ]
Error - 7/19/2010 9:56:02 AM | Computer Name = CHRIS | Source = Recording | ID = 19
Description = The recording schedule has been corrupted and was automatically deleted
on 7/19/2010 8:56:02 AM. You may need to reschedule your recordings.

Error - 1/2/2011 9:36:33 AM | Computer Name = CHRIS | Source = Recording | ID = 19
Description = The recording schedule has been corrupted and was automatically deleted
on 1/2/2011 7:36:33 AM. You may need to reschedule your recordings.

[ System Events ]
Error - 4/27/2013 6:08:49 PM | Computer Name = CHRIS | Source = Service Control Manager | ID = 7000
Description = The Audio Service service failed to start due to the following error:
%%3

Error - 4/27/2013 6:08:49 PM | Computer Name = CHRIS | Source = Service Control Manager | ID = 7001
Description = The Windows Media Player Network Sharing Service service depends on
the Universal Plug and Play Device Host service which failed to start because of
the following error: %%1058

Error - 4/27/2013 6:09:01 PM | Computer Name = CHRIS | Source = Service Control Manager | ID = 7023
Description = The Media Center Receiver Service service terminated with the following
error: %%2147746132

Error - 4/27/2013 6:09:03 PM | Computer Name = CHRIS | Source = Service Control Manager | ID = 7023
Description = The Media Center Receiver Service service terminated with the following
error: %%2147746132

Error - 4/27/2013 6:09:34 PM | Computer Name = CHRIS | Source = Service Control Manager | ID = 7023
Description = The Media Center Receiver Service service terminated with the following
error: %%2147746132

Error - 4/27/2013 6:09:38 PM | Computer Name = CHRIS | Source = Service Control Manager | ID = 7023
Description = The Media Center Receiver Service service terminated with the following
error: %%2147746132

Error - 4/27/2013 6:10:46 PM | Computer Name = CHRIS | Source = Service Control Manager | ID = 7023
Description = The Media Center Receiver Service service terminated with the following
error: %%2147746132

Error - 4/27/2013 6:11:00 PM | Computer Name = CHRIS | Source = Service Control Manager | ID = 7001
Description = The Windows Media Player Network Sharing Service service depends on
the Universal Plug and Play Device Host service which failed to start because of
the following error: %%1058

Error - 4/27/2013 6:11:17 PM | Computer Name = CHRIS | Source = DCOM | ID = 10010
Description = The server {F4396DC6-E851-4D3A-8D01-34E6949F3500} did not register
with DCOM within the required timeout.

Error - 4/27/2013 6:11:17 PM | Computer Name = CHRIS | Source = Service Control Manager | ID = 7023
Description = The Media Center Receiver Service service terminated with the following
error: %%2147746132

actions · 2013-Apr-28 5:10 pm ·

Chris 313
Come get some
Premium
join:2004-07-18
Houma, LA

Reviews:

·Vonage

Results of screen317's Security Check version 0.99.63
Windows XP Service Pack 3 x86
Internet Explorer 8
[u]``````````````Antivirus/Firewall Check:``````````````[/u]
Windows Firewall Disabled!
avast! Antivirus
Microsoft Security Essentials
Antivirus up to date!
[u]`````````Anti-malware/Other Utilities Check:`````````[/u]
MVPS Hosts File
Spybot - Search & Destroy
SUPERAntiSpyware Free Edition
Malwarebytes Anti-Malware version 1.75.0.1300
CCleaner
JavaFX 2.1.1
Java 7 Update 21
Adobe Flash Player 11.6.602.180
Mozilla Firefox (20.0.1)
[u]````````Process Check: objlist.exe by Laurent````````[/u]
Tall Emu Online Armor OAcat.exe
Tall Emu Online Armor oasrv.exe
Tall Emu Online Armor oaui.exe
Tall Emu Online Armor OAhlp.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastUI.exe
[u]`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C:: 13% [color=red]Defragment your hard drive soon! (Do NOT defrag if SSD!)[/color]
[u]````````````````````End of Log``````````````````````[/u]

actions · 2013-Apr-28 5:11 pm ·

Chris 313
Come get some
Premium
join:2004-07-18
Houma, LA

Reviews:

·Vonage

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=8
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=f0803b8ebf627b43b3a5922daad97887
# engine=13711
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-04-28 01:33:03
# local_time=2013-04-27 08:33:03 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=774 16777213 100 91 11346080 142901055 0 0
# compatibility_mode=5892 16777213 44 30 11346614 19534397 0 0
# compatibility_mode=6401 16777213 66 100 0 17814659 0 0
# scanned=144518
# found=0
# cleaned=0
# scan_time=8532

actions · 2013-Apr-28 5:12 pm ·

Chris 313
Come get some
Premium
join:2004-07-18
Houma, LA

1 recommendation

Ok. There are all the logs as laid out in that FAQ. If Ya'll need anything else posted or run, let me know and we'll go from there.

I look forward to getting my system clean once again.

actions · 2013-Apr-28 5:14 pm ·

lilhurricane
Crunchin' For Cures
Premium,Mod
join:2003-01-11
Purple Zone
kudos:56

1 recommendation

Stand by, Chris - we'll get you looked over soon

actions · 2013-Apr-28 10:53 pm ·

LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26

Reviews:

1 recommendation

reply to Chris 313

First:
The MBAM log show detects were not selected for removal. That would explain why the re-appeared.

Run MBAM again, time select all removal.

From the Mandatory Steps...
"Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
Make sure that everything is checked, and click Remove Selected."

Second:
Please download [color=blue]Malwarebytes Anti-Rootkit[/color]

and save it to your desktop.
[*]Be sure to print out and follow these [color=blue]instructions[/color] for performing a scan.
[*][color=red]Caution[/color]: This is a beta version so also read the disclaimer and [color=blue]back up[/color] all your data before using.
[*]When the scan completes, click on the Cleanup button to remove any threats found and reboot the computer if prompted to do so.
[*]Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
[*]If there are problems with Internet access, Windows Update, Windows Firewall or other system issues, run the fixdamage tool located in the folder Malwarebytes Anti-Rootkit was run from and reboot your computer.
[*]Two files (mbar-log-YYYY-MM-DD, system-log.txt) will be created and saved within that same folder.
[*]Copy and paste the contents of these two log files in your next reply.

Note: Further documentation on this tool can be found in the ReadMe.rtf file which is located in the Malwarebytes Anti-Rootkit (mbar) folder.
--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2011
Gladiator Security Forum

actions · 2013-Apr-29 10:57 am ·

Chris 313
Come get some
Premium
join:2004-07-18
Houma, LA

Reviews:

·Vonage

In reading your post, I'm more then a little shamed to have made such a noob mistake. I guess since I've not had to deal with cleaning up infections for almost a decade, I've forgotten the basics since I'm so used to see my programs come up with nothing and not having to do anything or the program being on auto and checking the boxes and things by default. (Except maybe your standard cookies and the like that are removed and replaced next time you visit any sites)

Ran MBAM today, didn't find the two InfoAtoms Registry keys that kept popping up. Came up with nothing. Restarted, ran again. Nothing again. So yay!

Now the only thing I see left over is that damned unremovable InfoAtoms Firefox extension that is listed in my add-ons as disabled, but is still there and with no remove button.

I'm off to download the MBAM Anti-rootkit program as suggested. Will run it and report back as requested.

EDIT: Did you get the links to the anti rootkit right? I go to make the download from the link you posted and it says TOPIC RELATED SEARCHES AT HTTP.COM and a blank white page with nothing.

actions · 2013-Apr-29 6:04 pm ·

LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26

1 recommendation

reply to Chris 313

Sorry about that....

Here's a good link to MBAR:
»www.malwarebytes.org/products/mbar/

actions · 2013-Apr-29 7:01 pm ·

Chris 313
Come get some
Premium
join:2004-07-18
Houma, LA

Reviews:

·Vonage

Still running the Anti rootkit you suggested after I downloaded it from your link. I think it may be not working since it hasn't moved a muscle for about a day.

Do I just leave it or stop and restart it? Ditch it altogether and try another AR program perhaps?

actions · 2013-May-1 8:05 pm ·

LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26

reply to Chris 313

Stop it, reboot and restart.

actions · 2013-May-1 9:55 pm ·

Chris 313
Come get some
Premium
join:2004-07-18
Houma, LA

Done and done. I'm back to where I was and it's only been minutes now. Not hours.

actions · 2013-May-1 11:04 pm ·

LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26

Reviews:

1 recommendation

reply to Chris 313

OK. Go ahead and cancel MBAR and uninstall it.

Let's run TDSSKiller instead..

Download and run TDSS Killer, posting the log in this thread. Please post the log, even if nothing is detected.

You'll find the link(s) and instruction(s) here:
»Security Cleanup FAQ »Rootkit Detection Applications
--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2011
Gladiator Security Forum

actions · 2013-May-2 12:25 pm ·

LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26

Reviews:

reply to Chris 313

OK. Go ahead and cancel MBAR and uninstall it.

Let's run TDSSKiller instead..

Download and run TDSS Killer, posting the log in this thread. Please post the log, even if nothing is detected.

You'll find the link(s) and instruction(s) here:
»support.kaspersky.com/5350?el=88446

See Item #1 on that page for links, etc
--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2011
Gladiator Security Forum

actions · 2013-May-2 12:27 pm ·

Chris 313
Come get some
Premium
join:2004-07-18
Houma, LA

Reviews:

·Vonage

said by LoPhatPhuud:

OK. Go ahead and cancel MBAR and uninstall it.

Let's run TDSSKiller instead..

Download and run TDSS Killer, posting the log in this thread. Please post the log, even if nothing is detected.

You'll find the link(s) and instruction(s) here:
»support.kaspersky.com/5350?el=88446

See Item #1 on that page for links, etc

Ok. Downloaded, ran and done in like a minute. Found nothing.

How do I post the log now? I didn't see it save anywhere or a copy to file button.

actions · 2013-May-3 12:27 am ·

LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26

Reviews:

1 recommendation

reply to Chris 313

I need to see the log. When you start the TDSS Killer program, on the top right of the window should be 'Report'. Try clicking that.

If that fails, a log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
Copy and paste the contents of that file in your next reply.
--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2011
Gladiator Security Forum

actions · 2013-May-3 10:49 am ·

Chris 313
Come get some
Premium
join:2004-07-18
Houma, LA

Reviews:

·Vonage

23:21:23.0703 5488 TDSS rootkit removing tool 2.8.17.0 Apr 11 2013 11:56:34
23:21:24.0812 5488 ============================================================
23:21:24.0812 5488 Current date / time: 2013/05/02 23:21:24.0812
23:21:24.0812 5488 SystemInfo:
23:21:24.0812 5488
23:21:24.0812 5488 OS Version: 5.1.2600 ServicePack: 3.0
23:21:24.0812 5488 Product type: Workstation
23:21:24.0812 5488 ComputerName: CHRIS
23:21:24.0827 5488 UserName: Owner
23:21:24.0827 5488 Windows directory: C:\WINDOWS
23:21:24.0827 5488 System windows directory: C:\WINDOWS
23:21:24.0827 5488 Processor architecture: Intel x86
23:21:24.0827 5488 Number of processors: 2
23:21:24.0827 5488 Page size: 0x1000
23:21:24.0827 5488 Boot type: Normal boot
23:21:24.0827 5488 ============================================================
23:21:27.0484 5488 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
23:21:27.0484 5488 Drive \Device\Harddisk1\DR3 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
23:21:27.0718 5488 ============================================================
23:21:27.0718 5488 \Device\Harddisk0\DR0:
23:21:27.0718 5488 MBR partitions:
23:21:27.0718 5488 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x950A60, BlocksNum 0x24ADCC61
23:21:27.0718 5488 \Device\Harddisk0\DR0\Partition2: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x950A21
23:21:27.0718 5488 \Device\Harddisk1\DR3:
23:21:27.0718 5488 MBR partitions:
23:21:27.0718 5488 \Device\Harddisk1\DR3\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
23:21:27.0718 5488 ============================================================
23:21:27.0749 5488 C: \Device\Harddisk0\DR0\Partition1
23:21:27.0749 5488 D: \Device\Harddisk0\DR0\Partition2
23:21:27.0796 5488 K: \Device\Harddisk1\DR3\Partition1
23:21:27.0843 5488 ============================================================
23:21:27.0843 5488 Initialize success
23:21:27.0843 5488 ============================================================
23:21:48.0638 6652 ============================================================
23:21:48.0638 6652 Scan started
23:21:48.0638 6652 Mode: Manual;
23:21:48.0638 6652 ============================================================
23:21:49.0279 6652 ================ Scan system memory ========================
23:21:49.0341 6652 System memory - ok
23:21:49.0341 6652 ================ Scan services =============================
23:21:49.0419 6652 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
23:21:49.0419 6652 !SASCORE - ok
23:21:49.0623 6652 [ C07D5197410AAB28D0D93F943F59656D ] 6to4 C:\WINDOWS\System32\6to4svc.dll
23:21:49.0623 6652 6to4 - ok
23:21:49.0685 6652 [ 149A8F7ADF9742554DC323E290551E3E ] Aavmker4 C:\WINDOWS\system32\drivers\Aavmker4.sys
23:21:49.0685 6652 Aavmker4 - ok
23:21:49.0701 6652 Abiosdsk - ok
23:21:49.0716 6652 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
23:21:49.0732 6652 abp480n5 - ok
23:21:49.0763 6652 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:21:49.0794 6652 ACPI - ok
23:21:49.0810 6652 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
23:21:49.0826 6652 ACPIEC - ok
23:21:49.0888 6652 [ D1CAF120EB58C76E557170B3E5558429 ] AcrSch2Svc C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
23:21:49.0904 6652 AcrSch2Svc - ok
23:21:49.0998 6652 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
23:21:50.0013 6652 AdobeFlashPlayerUpdateSvc - ok
23:21:50.0029 6652 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
23:21:50.0029 6652 adpu160m - ok
23:21:50.0060 6652 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
23:21:50.0091 6652 aec - ok
23:21:50.0123 6652 [ A7B8A3A79D35215D798A300DF49ED23F ] Afc C:\WINDOWS\system32\drivers\Afc.sys
23:21:50.0138 6652 Afc - ok
23:21:50.0169 6652 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
23:21:50.0185 6652 AFD - ok
23:21:50.0201 6652 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
23:21:50.0201 6652 agp440 - ok
23:21:50.0216 6652 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
23:21:50.0216 6652 agpCPQ - ok
23:21:50.0232 6652 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
23:21:50.0248 6652 Aha154x - ok
23:21:50.0263 6652 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
23:21:50.0279 6652 aic78u2 - ok
23:21:50.0279 6652 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
23:21:50.0294 6652 aic78xx - ok
23:21:50.0326 6652 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
23:21:50.0326 6652 Alerter - ok
23:21:50.0357 6652 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
23:21:50.0357 6652 ALG - ok
23:21:50.0373 6652 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
23:21:50.0373 6652 AliIde - ok
23:21:50.0388 6652 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
23:21:50.0404 6652 alim1541 - ok
23:21:50.0419 6652 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
23:21:50.0451 6652 amdagp - ok
23:21:50.0482 6652 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
23:21:50.0498 6652 amsint - ok
23:21:50.0544 6652 [ A349D54FB743B9CB7AB7E49007B85B09 ] AnyDVD C:\WINDOWS\system32\Drivers\AnyDVD.sys
23:21:50.0544 6652 AnyDVD - ok
23:21:50.0591 6652 [ 107AB19CC1D40B9D04537F6EEAAC34C9 ] APC Data Service C:\Program Files\APC\PowerChute Personal Edition\dataserv.exe
23:21:50.0607 6652 APC Data Service - ok
23:21:50.0638 6652 [ C7F8C8080B055B3DE9A8141DFD8E308A ] APC UPS Service C:\Program Files\APC\PowerChute Personal Edition\mainserv.exe
23:21:50.0654 6652 APC UPS Service - ok
23:21:50.0748 6652 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:21:50.0748 6652 Apple Mobile Device - ok
23:21:50.0779 6652 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
23:21:50.0826 6652 AppMgmt - ok
23:21:50.0857 6652 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
23:21:50.0857 6652 Arp1394 - ok
23:21:50.0873 6652 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
23:21:50.0888 6652 asc - ok
23:21:50.0888 6652 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
23:21:50.0904 6652 asc3350p - ok
23:21:50.0919 6652 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
23:21:50.0919 6652 asc3550 - ok
23:21:50.0982 6652 [ B979979AB8027F7F53FB16EC4229B7DB ] Aspi32 C:\WINDOWS\system32\drivers\Aspi32.sys
23:21:50.0982 6652 Aspi32 - ok
23:21:51.0076 6652 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
23:21:51.0091 6652 aspnet_state - ok
23:21:51.0123 6652 [ DE6ED95AEF259979B2830450072A627B ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
23:21:51.0138 6652 aswFsBlk - ok
23:21:51.0154 6652 [ 84F0BE324EE111338589F448C3E8BAB2 ] aswMon2 C:\WINDOWS\system32\drivers\aswMon2.sys
23:21:51.0169 6652 aswMon2 - ok
23:21:51.0185 6652 [ 7C9F0A2AB17D52261A9252A2EB320884 ] AswRdr C:\WINDOWS\system32\drivers\AswRdr.sys
23:21:51.0185 6652 AswRdr - ok
23:21:51.0232 6652 [ B32E9AD44A1DBB3E8095E80F8DF32B03 ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
23:21:51.0263 6652 aswSnx - ok
23:21:51.0310 6652 [ 67B558895695545FB0568B7541F3BCA7 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
23:21:51.0326 6652 aswSP - ok
23:21:51.0341 6652 [ E3E73B2B73A4DFADFDDF557192C4B08A ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
23:21:51.0357 6652 aswTdi - ok
23:21:51.0388 6652 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:21:51.0388 6652 AsyncMac - ok
23:21:51.0419 6652 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
23:21:51.0419 6652 atapi - ok
23:21:51.0435 6652 Atdisk - ok
23:21:51.0466 6652 [ A42FA313DF3937F9EDF028EA0E153DCE ] ATIAVPCI C:\WINDOWS\system32\DRIVERS\atinavxx.sys
23:21:51.0497 6652 ATIAVPCI - ok
23:21:51.0529 6652 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:21:51.0529 6652 Atmarpc - ok
23:21:51.0560 6652 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
23:21:51.0576 6652 AudioSrv - ok
23:21:51.0607 6652 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
23:21:51.0607 6652 audstub - ok
23:21:51.0669 6652 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
23:21:51.0669 6652 avast! Antivirus - ok
23:21:51.0716 6652 [ EA377A8E8E1000877210259750CBBF5F ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys
23:21:51.0732 6652 b57w2k - ok
23:21:51.0763 6652 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
23:21:51.0763 6652 Beep - ok
23:21:51.0810 6652 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
23:21:52.0029 6652 BITS - ok
23:21:52.0091 6652 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
23:21:52.0107 6652 Bonjour Service - ok
23:21:52.0138 6652 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
23:21:52.0154 6652 Browser - ok
23:21:52.0169 6652 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
23:21:52.0185 6652 cbidf - ok
23:21:52.0201 6652 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
23:21:52.0201 6652 cbidf2k - ok
23:21:52.0232 6652 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
23:21:52.0232 6652 CCDECODE - ok
23:21:52.0279 6652 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
23:21:52.0294 6652 cd20xrnt - ok
23:21:52.0310 6652 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
23:21:52.0310 6652 Cdaudio - ok
23:21:52.0326 6652 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
23:21:52.0341 6652 Cdfs - ok
23:21:52.0372 6652 [ 223DEA13C9D064BABC882B4727F6F905 ] Cdr4_xp C:\WINDOWS\system32\drivers\Cdr4_xp.sys
23:21:52.0372 6652 Cdr4_xp - ok
23:21:52.0404 6652 [ 9E26599599D178E71AFB5599E146031A ] Cdralw2k C:\WINDOWS\system32\drivers\Cdralw2k.sys
23:21:52.0419 6652 Cdralw2k - ok
23:21:52.0435 6652 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:21:52.0451 6652 Cdrom - ok
23:21:52.0451 6652 Changer - ok
23:21:52.0513 6652 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
23:21:52.0513 6652 CiSvc - ok
23:21:52.0544 6652 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
23:21:52.0544 6652 ClipSrv - ok
23:21:52.0622 6652 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:21:52.0685 6652 clr_optimization_v2.0.50727_32 - ok
23:21:52.0716 6652 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:21:52.0779 6652 clr_optimization_v4.0.30319_32 - ok
23:21:52.0794 6652 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
23:21:52.0810 6652 CmdIde - ok
23:21:52.0810 6652 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
23:21:52.0826 6652 Compbatt - ok
23:21:52.0841 6652 COMSysApp - ok
23:21:52.0872 6652 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
23:21:52.0888 6652 Cpqarray - ok
23:21:52.0919 6652 [ D01F685F8B4598D144B0CCE9FF95D8D5 ] cpudrv C:\Program Files\SystemRequirementsLab\cpudrv.sys
23:21:52.0935 6652 cpudrv - ok
23:21:52.0950 6652 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
23:21:52.0966 6652 CryptSvc - ok
23:21:52.0997 6652 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
23:21:53.0013 6652 dac2w2k - ok
23:21:53.0029 6652 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
23:21:53.0044 6652 dac960nt - ok
23:21:53.0075 6652 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
23:21:53.0122 6652 DcomLaunch - ok
23:21:53.0138 6652 [ 4BB22F61E7257ED353A39130B3ED2461 ] DefragFS C:\WINDOWS\system32\drivers\DefragFS.sys
23:21:53.0154 6652 DefragFS - ok
23:21:53.0185 6652 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
23:21:53.0200 6652 Dhcp - ok
23:21:53.0200 6652 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
23:21:53.0216 6652 Disk - ok
23:21:53.0232 6652 dmadmin - ok
23:21:53.0279 6652 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
23:21:53.0310 6652 dmboot - ok
23:21:53.0325 6652 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
23:21:53.0341 6652 dmio - ok
23:21:53.0357 6652 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
23:21:53.0357 6652 dmload - ok
23:21:53.0388 6652 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
23:21:53.0404 6652 dmserver - ok
23:21:53.0419 6652 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
23:21:53.0435 6652 DMusic - ok
23:21:53.0466 6652 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
23:21:53.0466 6652 Dnscache - ok
23:21:53.0513 6652 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
23:21:53.0529 6652 Dot3svc - ok
23:21:53.0544 6652 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
23:21:53.0560 6652 dpti2o - ok
23:21:53.0575 6652 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
23:21:53.0591 6652 drmkaud - ok
23:21:53.0638 6652 [ 43605AC698961377384B7C5D28E5B667 ] DUMeterDrv C:\Program Files\DU Meter\DUM_XP32.SYS
23:21:53.0638 6652 DUMeterDrv - ok
23:21:53.0638 6652 DUMeterSvc - ok
23:21:53.0700 6652 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
23:21:53.0716 6652 EapHost - ok
23:21:53.0763 6652 [ 5D1347AA5AE6E2F77D7F4F8372D95AC9 ] ehRecvr C:\WINDOWS\eHome\ehRecvr.exe
23:21:53.0779 6652 ehRecvr - ok
23:21:53.0841 6652 [ A53243709439AC2A4C216B817F8D7411 ] ehSched C:\WINDOWS\eHome\ehSched.exe
23:21:53.0841 6652 ehSched - ok
23:21:53.0872 6652 [ B83BDCCBACB65BAA9E20888DD0083A16 ] ElbyCDIO C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
23:21:53.0888 6652 ElbyCDIO - ok
23:21:53.0919 6652 [ FD9FC82F134B1C91004FFC76A5AE494B ] ENTECH C:\WINDOWS\system32\DRIVERS\ENTECH.sys
23:21:53.0935 6652 ENTECH - ok
23:21:53.0950 6652 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
23:21:53.0966 6652 ERSvc - ok
23:21:53.0997 6652 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
23:21:54.0044 6652 Eventlog - ok
23:21:54.0075 6652 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
23:21:54.0091 6652 EventSystem - ok
23:21:54.0107 6652 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
23:21:54.0122 6652 Fastfat - ok
23:21:54.0154 6652 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
23:21:54.0169 6652 FastUserSwitchingCompatibility - ok
23:21:54.0232 6652 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
23:21:54.0232 6652 Fdc - ok
23:21:54.0263 6652 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
23:21:54.0279 6652 Fips - ok
23:21:54.0294 6652 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
23:21:54.0310 6652 Flpydisk - ok
23:21:54.0341 6652 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
23:21:54.0341 6652 FltMgr - ok
23:21:54.0404 6652 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
23:21:54.0404 6652 FontCache3.0.0.0 - ok
23:21:54.0450 6652 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:21:54.0450 6652 Fs_Rec - ok
23:21:54.0482 6652 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:21:54.0497 6652 Ftdisk - ok
23:21:54.0529 6652 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
23:21:54.0529 6652 GEARAspiWDM - ok
23:21:54.0575 6652 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:21:54.0575 6652 Gpc - ok
23:21:54.0607 6652 [ FDC2FD610584A5C4BA29B4F0DF62F93E ] hcwPP2 C:\WINDOWS\system32\DRIVERS\hcwPP2.sys
23:21:54.0622 6652 hcwPP2 - ok
23:21:54.0654 6652 [ E31363D186B3E1D7C4E9117884A6AEE5 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
23:21:54.0685 6652 HDAudBus - ok
23:21:54.0763 6652 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
23:21:54.0778 6652 helpsvc - ok
23:21:54.0810 6652 [ 748031FF4FE45CCC47546294905FEAB8 ] HidBatt C:\WINDOWS\system32\DRIVERS\HidBatt.sys
23:21:54.0825 6652 HidBatt - ok
23:21:54.0841 6652 [ BB1A6FB7D35A91E599973FA74A619056 ] HidIr C:\WINDOWS\system32\DRIVERS\hidir.sys
23:21:54.0857 6652 HidIr - ok
23:21:54.0872 6652 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
23:21:54.0888 6652 HidServ - ok
23:21:54.0935 6652 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
23:21:54.0935 6652 HidUsb - ok
23:21:54.0997 6652 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
23:21:55.0013 6652 hkmsvc - ok
23:21:55.0044 6652 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
23:21:55.0044 6652 hpn - ok
23:21:55.0091 6652 [ B6B0721A86E51D141EC55C3CC1CA5686 ] HSFHWBS2 C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
23:21:55.0107 6652 HSFHWBS2 - ok
23:21:55.0153 6652 [ B2DFC168D6F7512FAEA085253C5A37AD ] HSF_DP C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
23:21:55.0200 6652 HSF_DP - ok
23:21:55.0247 6652 [ 698204D9C2832E53633E53A30A53FC3D ] HSF_DPV C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
23:21:55.0278 6652 HSF_DPV - ok
23:21:55.0310 6652 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
23:21:55.0325 6652 HTTP - ok
23:21:55.0357 6652 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
23:21:55.0403 6652 HTTPFilter - ok
23:21:55.0419 6652 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
23:21:55.0435 6652 i2omgmt - ok
23:21:55.0450 6652 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
23:21:55.0450 6652 i2omp - ok
23:21:55.0482 6652 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
23:21:55.0497 6652 i8042prt - ok
23:21:55.0560 6652 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
23:21:55.0575 6652 IDriverT - ok
23:21:55.0669 6652 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:21:55.0716 6652 idsvc - ok
23:21:55.0747 6652 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
23:21:55.0763 6652 Imapi - ok
23:21:55.0794 6652 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
23:21:55.0810 6652 ImapiService - ok
23:21:55.0857 6652 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
23:21:55.0857 6652 ini910u - ok
23:21:55.0888 6652 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
23:21:55.0903 6652 IntelIde - ok
23:21:55.0950 6652 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
23:21:55.0950 6652 intelppm - ok
23:21:56.0013 6652 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
23:21:56.0013 6652 Ip6Fw - ok
23:21:56.0060 6652 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:21:56.0075 6652 IpFilterDriver - ok
23:21:56.0091 6652 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:21:56.0091 6652 IpInIp - ok
23:21:56.0122 6652 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:21:56.0169 6652 IpNat - ok
23:21:56.0216 6652 [ E46B17060D3962A384AE484094614788 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
23:21:56.0232 6652 iPod Service - ok
23:21:56.0278 6652 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:21:56.0278 6652 IPSec - ok
23:21:56.0310 6652 [ B43B36B382AEA10861F7C7A37F9D4AE2 ] IrBus C:\WINDOWS\system32\DRIVERS\IrBus.sys
23:21:56.0357 6652 IrBus - ok
23:21:56.0372 6652 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
23:21:56.0388 6652 IRENUM - ok
23:21:56.0419 6652 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:21:56.0419 6652 isapnp - ok
23:21:56.0528 6652 [ 5739F2821D49975CEDE6BF0153D0CF01 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
23:21:56.0544 6652 JavaQuickStarterService - ok
23:21:56.0575 6652 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:21:56.0591 6652 Kbdclass - ok
23:21:56.0622 6652 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
23:21:56.0622 6652 kbdhid - ok
23:21:56.0653 6652 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
23:21:56.0685 6652 kmixer - ok
23:21:56.0716 6652 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
23:21:56.0731 6652 KSecDD - ok
23:21:56.0747 6652 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
23:21:56.0778 6652 lanmanserver - ok
23:21:56.0810 6652 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
23:21:56.0841 6652 lanmanworkstation - ok
23:21:56.0856 6652 lbrtfdc - ok
23:21:56.0919 6652 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
23:21:56.0935 6652 LmHosts - ok
23:21:56.0966 6652 [ 4A5FFDF0FE830C448830BD4B02B02B4B ] mbamchameleon C:\WINDOWS\system32\drivers\mbamchameleon.sys
23:21:56.0981 6652 mbamchameleon - ok
23:21:56.0997 6652 [ AC444C4F2333B61CF9A295763A793FE0 ] mbamswissarmy C:\WINDOWS\system32\drivers\mbamswissarmy.sys
23:21:57.0013 6652 mbamswissarmy - ok
23:21:57.0060 6652 [ BEC8D118490817F93FBE620B30EC7264 ] McrdSvc C:\WINDOWS\ehome\McrdSvc.exe
23:21:57.0060 6652 McrdSvc - ok
23:21:57.0091 6652 [ 5BB01B9F582259D1FB7653C5C1DA3653 ] MCSTRM C:\WINDOWS\system32\drivers\MCSTRM.sys
23:21:57.0106 6652 MCSTRM - ok
23:21:57.0138 6652 [ E246A32C445056996074A397DA56E815 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
23:21:57.0138 6652 mdmxsdk - ok
23:21:57.0185 6652 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
23:21:57.0200 6652 Messenger - ok
23:21:57.0231 6652 [ B7521F69C0A9B29D356157229376FB21 ] MHN C:\WINDOWS\System32\mhn.dll
23:21:57.0263 6652 MHN - ok
23:21:57.0294 6652 [ 7F2F1D2815A6449D346FCCCBC569FBD6 ] MHNDRV C:\WINDOWS\system32\DRIVERS\mhndrv.sys
23:21:57.0310 6652 MHNDRV - ok
23:21:57.0310 6652 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
23:21:57.0325 6652 mnmdd - ok
23:21:57.0356 6652 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
23:21:57.0372 6652 mnmsrvc - ok
23:21:57.0403 6652 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
23:21:57.0403 6652 Modem - ok
23:21:57.0435 6652 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:21:57.0435 6652 Mouclass - ok
23:21:57.0481 6652 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
23:21:57.0481 6652 mouhid - ok
23:21:57.0513 6652 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
23:21:57.0528 6652 MountMgr - ok
23:21:57.0591 6652 [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
23:21:57.0591 6652 MozillaMaintenance - ok
23:21:57.0622 6652 [ C0F8E0C2C3C0437CF37C6781896DC3EC ] MPE C:\WINDOWS\system32\DRIVERS\MPE.sys
23:21:57.0638 6652 MPE - ok
23:21:57.0669 6652 [ EE728AF83850DDAD9A3FCAC0AAB3AD97 ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
23:21:57.0685 6652 MpFilter - ok
23:21:57.0763 6652 MpKsl5fb297da - ok
23:21:57.0810 6652 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
23:21:57.0810 6652 mraid35x - ok
23:21:57.0841 6652 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:21:57.0856 6652 MRxDAV - ok
23:21:57.0919 6652 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:21:57.0950 6652 MRxSmb - ok
23:21:57.0981 6652 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
23:21:57.0997 6652 MSDTC - ok
23:21:58.0013 6652 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
23:21:58.0028 6652 Msfs - ok
23:21:58.0044 6652 MSIServer - ok
23:21:58.0060 6652 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:21:58.0091 6652 MSKSSRV - ok
23:21:58.0153 6652 [ E077FCA2A7E79FB9BF67D3E30B5CE593 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
23:21:58.0153 6652 MsMpSvc - ok
23:21:58.0169 6652 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:21:58.0185 6652 MSPCLOCK - ok
23:21:58.0200 6652 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
23:21:58.0216 6652 MSPQM - ok
23:21:58.0231 6652 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:21:58.0247 6652 mssmbios - ok
23:21:58.0278 6652 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
23:21:58.0294 6652 MSTEE - ok
23:21:58.0309 6652 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
23:21:58.0325 6652 Mup - ok
23:21:58.0356 6652 [ E1CDF20697D992CF83FF86DD04DF1285 ] mxnic C:\WINDOWS\system32\DRIVERS\mxnic.sys
23:21:58.0372 6652 mxnic - ok
23:21:58.0388 6652 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
23:21:58.0403 6652 NABTSFEC - ok
23:21:58.0450 6652 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
23:21:58.0481 6652 napagent - ok
23:21:58.0497 6652 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
23:21:58.0513 6652 NDIS - ok
23:21:58.0544 6652 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
23:21:58.0544 6652 NdisIP - ok
23:21:58.0575 6652 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:21:58.0591 6652 NdisTapi - ok
23:21:58.0606 6652 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:21:58.0622 6652 Ndisuio - ok
23:21:58.0638 6652 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:21:58.0638 6652 NdisWan - ok
23:21:58.0684 6652 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
23:21:58.0700 6652 NDProxy - ok
23:21:58.0731 6652 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
23:21:58.0747 6652 NetBIOS - ok
23:21:58.0763 6652 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
23:21:58.0809 6652 NetBT - ok
23:21:58.0841 6652 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
23:21:58.0856 6652 NetDDE - ok
23:21:58.0872 6652 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
23:21:58.0888 6652 NetDDEdsdm - ok
23:21:58.0950 6652 [ 4D3581A2F8006074F470CE471A2C59D7 ] NetFxUpdate_v1.1.4322 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
23:21:58.0950 6652 NetFxUpdate_v1.1.4322 - ok
23:21:58.0981 6652 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
23:21:58.0997 6652 Netlogon - ok
23:21:59.0044 6652 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
23:21:59.0075 6652 Netman - ok
23:21:59.0106 6652 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:21:59.0122 6652 NetTcpPortSharing - ok
23:21:59.0153 6652 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
23:21:59.0169 6652 NIC1394 - ok
23:21:59.0200 6652 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
23:21:59.0216 6652 Nla - ok
23:21:59.0278 6652 [ B48DC6ABCD3AEFF8618350CCBDC6B09A ] NPF C:\WINDOWS\system32\drivers\npf.sys
23:21:59.0278 6652 NPF - ok
23:21:59.0325 6652 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
23:21:59.0325 6652 Npfs - ok
23:21:59.0388 6652 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
23:21:59.0434 6652 Ntfs - ok
23:21:59.0450 6652 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
23:21:59.0466 6652 NtLmSsp - ok
23:21:59.0497 6652 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
23:21:59.0544 6652 NtmsSvc - ok
23:21:59.0575 6652 [ CF7E041663119E09D2E118521ADA9300 ] NuidFltr C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
23:21:59.0575 6652 NuidFltr - ok
23:21:59.0591 6652 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
23:21:59.0622 6652 Null - ok
23:21:59.0934 6652 [ 74DD5CBB027D3AEA11AE1AB794AA1F4F ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
23:22:00.0294 6652 nv - ok
23:22:00.0356 6652 [ F6D0A922BD18260609D7219B4519F845 ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
23:22:00.0387 6652 NVSvc - ok
23:22:00.0481 6652 [ 3C4D7533121337F5691F56E0E3AF4D35 ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
23:22:00.0512 6652 nvUpdatusService - ok
23:22:00.0559 6652 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:22:00.0575 6652 NwlnkFlt - ok
23:22:00.0606 6652 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:22:00.0622 6652 NwlnkFwd - ok
23:22:00.0669 6652 [ 1A008CBB313F7A6644B883AE1829393B ] OAcat C:\Program Files\Online Armor\OAcat.exe
23:22:00.0684 6652 OAcat - ok
23:22:00.0747 6652 [ C0BA927C3A1A62F2BF664F242D91C082 ] OADevice C:\WINDOWS\system32\drivers\OADriver.sys
23:22:00.0747 6652 OADevice - ok
23:22:00.0778 6652 [ C968369E2BC5F6A8426C1E7D78E33F1B ] oahlpXX C:\WINDOWS\system32\drivers\oahlp32.sys
23:22:00.0794 6652 oahlpXX - ok
23:22:00.0825 6652 [ 04E7E92CD91E61E0CC1BDF849032AD81 ] OAmon C:\WINDOWS\system32\drivers\OAmon.sys
23:22:00.0841 6652 OAmon - ok
23:22:00.0872 6652 [ F3250D94BEE44A0D00939F10830B3563 ] OAnet C:\WINDOWS\system32\drivers\OAnet.sys
23:22:00.0872 6652 OAnet - ok
23:22:00.0919 6652 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
23:22:00.0919 6652 ohci1394 - ok
23:22:00.0966 6652 [ C90018BAFDC7098619A4A95B046B30F3 ] P3 C:\WINDOWS\system32\DRIVERS\p3.sys
23:22:00.0981 6652 P3 - ok
23:22:01.0012 6652 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
23:22:01.0028 6652 Parport - ok
23:22:01.0044 6652 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
23:22:01.0059 6652 PartMgr - ok
23:22:01.0091 6652 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
23:22:01.0106 6652 ParVdm - ok
23:22:01.0122 6652 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
23:22:01.0137 6652 PCI - ok
23:22:01.0153 6652 PCIDump - ok
23:22:01.0200 6652 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
23:22:01.0200 6652 PCIIde - ok
23:22:01.0231 6652 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
23:22:01.0247 6652 Pcmcia - ok
23:22:01.0341 6652 [ 3FF5226C6DD90FE5F83D56C8A2C43E27 ] PDAgent C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
23:22:01.0387 6652 PDAgent - ok
23:22:01.0419 6652 PDCOMP - ok
23:22:01.0466 6652 [ F10B9417F2FB8FC9BAD241EF390CA609 ] PDEngine C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
23:22:01.0497 6652 PDEngine - ok
23:22:01.0512 6652 PDFRAME - ok
23:22:01.0559 6652 [ 3B2F443B8E23D17D46F0E43E2FC42CFE ] PdiPorts C:\WINDOWS\system32\Drivers\PdiPorts.sys
23:22:01.0575 6652 PdiPorts - ok
23:22:01.0575 6652 PDRELI - ok
23:22:01.0591 6652 PDRFRAME - ok
23:22:01.0606 6652 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
23:22:01.0622 6652 perc2 - ok
23:22:01.0653 6652 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
23:22:01.0684 6652 perc2hib - ok
23:22:01.0731 6652 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
23:22:01.0762 6652 PlugPlay - ok
23:22:01.0778 6652 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
23:22:01.0794 6652 PolicyAgent - ok
23:22:01.0840 6652 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:22:01.0856 6652 PptpMiniport - ok
23:22:01.0887 6652 [ 33D7285F12D934268A34206DFC4AD1B3 ] PrismXL C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
23:22:01.0903 6652 PrismXL - ok
23:22:01.0950 6652 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
23:22:01.0965 6652 ProtectedStorage - ok
23:22:02.0012 6652 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:22:02.0012 6652 Ptilink - ok
23:22:02.0044 6652 [ 49452BFCEC22F36A7A9B9C2181BC3042 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
23:22:02.0059 6652 PxHelp20 - ok
23:22:02.0090 6652 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
23:22:02.0106 6652 ql1080 - ok
23:22:02.0137 6652 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
23:22:02.0137 6652 Ql10wnt - ok
23:22:02.0169 6652 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
23:22:02.0169 6652 ql12160 - ok
23:22:02.0184 6652 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
23:22:02.0200 6652 ql1240 - ok
23:22:02.0215 6652 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
23:22:02.0231 6652 ql1280 - ok
23:22:02.0262 6652 [ D2EA58899FCF66539FAD12897B787216 ] QWAVE C:\WINDOWS\system32\qwave.dll
23:22:02.0309 6652 QWAVE - ok
23:22:02.0325 6652 [ 2BB1D2BAF3493362E5C1949C5F210D5F ] QWAVEDRV C:\WINDOWS\system32\DRIVERS\qwavedrv.sys
23:22:02.0340 6652 QWAVEDRV - ok
23:22:02.0356 6652 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:22:02.0372 6652 RasAcd - ok
23:22:02.0403 6652 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
23:22:02.0434 6652 RasAuto - ok
23:22:02.0465 6652 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:22:02.0481 6652 Rasl2tp - ok
23:22:02.0528 6652 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
23:22:02.0559 6652 RasMan - ok
23:22:02.0590 6652 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:22:02.0590 6652 RasPppoe - ok
23:22:02.0622 6652 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
23:22:02.0637 6652 Raspti - ok
23:22:02.0669 6652 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:22:02.0700 6652 Rdbss - ok
23:22:02.0715 6652 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:22:02.0731 6652 RDPCDD - ok
23:22:02.0778 6652 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
23:22:02.0794 6652 rdpdr - ok
23:22:02.0887 6652 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
23:22:02.0903 6652 RDPWD - ok
23:22:02.0965 6652 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
23:22:02.0997 6652 RDSessMgr - ok
23:22:03.0059 6652 [ 89525CC2DBAD44F7199B9CC188B3F9C5 ] RealNetworks Downloader Resolver Service C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
23:22:03.0059 6652 RealNetworks Downloader Resolver Service - ok
23:22:03.0090 6652 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
23:22:03.0090 6652 redbook - ok
23:22:03.0137 6652 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
23:22:03.0153 6652 RemoteAccess - ok
23:22:03.0184 6652 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
23:22:03.0200 6652 RemoteRegistry - ok
23:22:03.0247 6652 [ 868E6C58E9B301A768AE50E2A8E3C5D5 ] RMSvc C:\WINDOWS\ehome\RMSvc.exe
23:22:03.0262 6652 RMSvc - ok
23:22:03.0294 6652 [ B60F58F175DE20A6739194E85B035178 ] rpcapd C:\Program Files\WinPcap\rpcapd.exe
23:22:03.0294 6652 rpcapd - ok
23:22:03.0325 6652 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
23:22:03.0340 6652 RpcLocator - ok
23:22:03.0387 6652 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
23:22:03.0419 6652 RpcSs - ok
23:22:03.0450 6652 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
23:22:03.0481 6652 RSVP - ok
23:22:03.0512 6652 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
23:22:03.0528 6652 SamSs - ok
23:22:03.0575 6652 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
23:22:03.0575 6652 SASDIFSV - ok
23:22:03.0606 6652 [ 7CE61C25C159F50F9EAF6D77FC83FA35 ] SASENUM C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
23:22:03.0606 6652 SASENUM - ok
23:22:03.0637 6652 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
23:22:03.0653 6652 SASKUTIL - ok
23:22:03.0700 6652 [ B244960E5A1DB8E9D5D17086DE37C1E4 ] sbp2port C:\WINDOWS\system32\DRIVERS\sbp2port.sys
23:22:03.0715 6652 sbp2port - ok
23:22:03.0747 6652 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
23:22:03.0793 6652 SCardSvr - ok
23:22:03.0840 6652 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
23:22:03.0887 6652 Schedule - ok
23:22:03.0934 6652 [ 695745CCE49C346DAB9620519B3E1970 ] se32 C:\WINDOWS\system32\Drivers\se32.sys
23:22:03.0950 6652 se32 - ok
23:22:03.0965 6652 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:22:03.0981 6652 Secdrv - ok
23:22:04.0012 6652 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
23:22:04.0043 6652 seclogon - ok
23:22:04.0059 6652 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
23:22:04.0090 6652 SENS - ok
23:22:04.0137 6652 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] Serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
23:22:04.0137 6652 Serenum - ok
23:22:04.0168 6652 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
23:22:04.0184 6652 Serial - ok
23:22:04.0293 6652 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
23:22:04.0325 6652 Sfloppy - ok
23:22:04.0340 6652 sfng32 - ok
23:22:04.0387 6652 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
23:22:04.0403 6652 SharedAccess - ok
23:22:04.0450 6652 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
23:22:04.0481 6652 ShellHWDetection - ok
23:22:04.0512 6652 Simbad - ok
23:22:04.0543 6652 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
23:22:04.0559 6652 sisagp - ok
23:22:04.0637 6652 [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
23:22:04.0653 6652 SkypeUpdate - ok
23:22:04.0731 6652 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
23:22:04.0731 6652 SLIP - ok
23:22:04.0809 6652 [ E78C98378A071CE4D48A7C514FA98FA1 ] snapman C:\WINDOWS\system32\DRIVERS\snapman.sys
23:22:04.0825 6652 snapman - ok
23:22:04.0887 6652 [ 6814593E768E1481A48DEC4D475A8A3B ] softOSD C:\Program Files\softOSD\softOSD.exe
23:22:04.0903 6652 softOSD - ok
23:22:04.0934 6652 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
23:22:04.0950 6652 Sparrow - ok
23:22:05.0028 6652 [ 989F82C6124AD104326EE9BA36CBB94D ] SPC620 C:\WINDOWS\system32\drivers\SPC620.sys
23:22:05.0043 6652 SPC620 - ok
23:22:05.0075 6652 [ F4E08D4D9D62A67F6CE411C3D5CB59DA ] SPC620m C:\WINDOWS\system32\drivers\SPC620m.sys
23:22:05.0075 6652 SPC620m - ok
23:22:05.0106 6652 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
23:22:05.0122 6652 splitter - ok
23:22:05.0168 6652 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
23:22:05.0184 6652 Spooler - ok
23:22:05.0215 6652 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
23:22:05.0231 6652 sr - ok
23:22:05.0262 6652 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
23:22:05.0309 6652 srservice - ok
23:22:05.0340 6652 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
23:22:05.0356 6652 Srv - ok
23:22:05.0372 6652 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
23:22:05.0403 6652 SSDPSRV - ok
23:22:05.0496 6652 STacSV - ok
23:22:05.0575 6652 [ 6AD7569CC5E40B94932EC56097C5DCCD ] STHDA C:\WINDOWS\system32\drivers\sthda.sys
23:22:05.0590 6652 STHDA - ok
23:22:05.0637 6652 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
23:22:05.0715 6652 stisvc - ok
23:22:05.0746 6652 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
23:22:05.0762 6652 streamip - ok
23:22:05.0809 6652 [ 86CA1A5C15A5A98D5533945FB1120B05 ] SunkFilt C:\WINDOWS\System32\Drivers\sunkfilt.sys
23:22:05.0809 6652 SunkFilt - ok
23:22:05.0950 6652 [ A54B4FBC24C4EDE34BEB5F8D8974752A ] SvcOnlineArmor C:\Program Files\Online Armor\oasrv.exe
23:22:05.0981 6652 SvcOnlineArmor - ok
23:22:06.0012 6652 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
23:22:06.0028 6652 swenum - ok
23:22:06.0059 6652 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
23:22:06.0075 6652 swmidi - ok
23:22:06.0090 6652 SwPrv - ok
23:22:06.0153 6652 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
23:22:06.0168 6652 symc810 - ok
23:22:06.0184 6652 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
23:22:06.0200 6652 symc8xx - ok
23:22:06.0215 6652 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
23:22:06.0231 6652 sym_hi - ok
23:22:06.0246 6652 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
23:22:06.0262 6652 sym_u3 - ok
23:22:06.0309 6652 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
23:22:06.0325 6652 sysaudio - ok
23:22:06.0371 6652 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
23:22:06.0403 6652 SysmonLog - ok
23:22:06.0434 6652 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
23:22:06.0481 6652 TapiSrv - ok
23:22:06.0528 6652 [ 4AFB3B0919649F95C1964AA1FAD27D73 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:22:06.0559 6652 Tcpip - ok
23:22:06.0590 6652 [ 4E53BBCC4BE37D7A4BD6EF1098C89FF7 ] Tcpip6 C:\WINDOWS\system32\DRIVERS\tcpip6.sys
23:22:06.0606 6652 Tcpip6 - ok
23:22:06.0637 6652 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
23:22:06.0668 6652 TDPIPE - ok
23:22:06.0684 6652 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
23:22:06.0700 6652 TDTCP - ok
23:22:06.0731 6652 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
23:22:06.0746 6652 TermDD - ok
23:22:06.0778 6652 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
23:22:06.0825 6652 TermService - ok
23:22:06.0856 6652 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
23:22:06.0871 6652 Themes - ok
23:22:06.0903 6652 [ B84B82C0CBEB1B0D7EB7A946BADE5830 ] tifsfilter C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
23:22:06.0918 6652 tifsfilter - ok
23:22:06.0965 6652 [ 74711884439BDF9CCF446C79CB05FAC0 ] timounter C:\WINDOWS\system32\DRIVERS\timntr.sys
23:22:07.0012 6652 timounter - ok
23:22:07.0059 6652 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
23:22:07.0090 6652 TlntSvr - ok
23:22:07.0137 6652 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
23:22:07.0153 6652 TosIde - ok
23:22:07.0184 6652 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
23:22:07.0215 6652 TrkWks - ok
23:22:07.0262 6652 [ 8F861EDA21C05857EB8197300A92501C ] tunmp C:\WINDOWS\system32\DRIVERS\tunmp.sys
23:22:07.0262 6652 tunmp - ok
23:22:07.0309 6652 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
23:22:07.0324 6652 Udfs - ok
23:22:07.0371 6652 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
23:22:07.0387 6652 ultra - ok
23:22:07.0434 6652 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
23:22:07.0449 6652 Update - ok
23:22:07.0496 6652 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
23:22:07.0543 6652 upnphost - ok
23:22:07.0574 6652 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
23:22:07.0606 6652 UPS - ok
23:22:07.0637 6652 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
23:22:07.0653 6652 usbaudio - ok
23:22:07.0699 6652 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
23:22:07.0715 6652 usbccgp - ok
23:22:07.0746 6652 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
23:22:07.0746 6652 usbehci - ok
23:22:07.0778 6652 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:22:07.0793 6652 usbhub - ok
23:22:07.0824 6652 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
23:22:07.0824 6652 usbprint - ok
23:22:07.0871 6652 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
23:22:07.0871 6652 usbscan - ok
23:22:07.0918 6652 [ 1A07FFEF61431F492AB8CCF77FD242B2 ] UsbService C:\Program Files\ASUS\Printer Utilities\UsbService.exe
23:22:07.0918 6652 UsbService - ok
23:22:07.0949 6652 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:22:07.0965 6652 USBSTOR - ok
23:22:07.0981 6652 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
23:22:07.0996 6652 usbuhci - ok
23:22:08.0028 6652 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
23:22:08.0043 6652 VgaSave - ok
23:22:08.0059 6652 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
23:22:08.0074 6652 viaagp - ok
23:22:08.0090 6652 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
23:22:08.0106 6652 ViaIde - ok
23:22:08.0121 6652 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
23:22:08.0137 6652 VolSnap - ok
23:22:08.0184 6652 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
23:22:08.0215 6652 VSS - ok
23:22:08.0293 6652 [ C21DBD71AA028B3D213460F88D43BBFD ] vuhub C:\WINDOWS\system32\DRIVERS\vuhub.sys
23:22:08.0309 6652 vuhub - ok
23:22:08.0356 6652 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
23:22:08.0418 6652 W32Time - ok
23:22:08.0449 6652 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:22:08.0465 6652 Wanarp - ok
23:22:08.0496 6652 [ 0A716C08CB13C3A8F4F51E882DBF7416 ] wanatw C:\WINDOWS\system32\DRIVERS\wanatw4.sys
23:22:08.0512 6652 wanatw - ok
23:22:08.0559 6652 [ BBCFEAB7E871CDDAC2D397EE7FA91FDC ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
23:22:08.0590 6652 Wdf01000 - ok
23:22:08.0606 6652 WDICA - ok
23:22:08.0653 6652 [ 2F4B3C0E58D4A7BD8E38D1CD9CA47691 ] Wdm1 C:\WINDOWS\system32\Drivers\usbbc.sys
23:22:08.0684 6652 Wdm1 - ok
23:22:08.0715 6652 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
23:22:08.0731 6652 wdmaud - ok
23:22:08.0778 6652 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
23:22:08.0809 6652 WebClient - ok
23:22:08.0856 6652 [ 74CF3F2E4E40C4A2E18D39D6300A5C24 ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
23:22:08.0887 6652 winachsf - ok
23:22:08.0965 6652 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
23:22:08.0981 6652 winmgmt - ok
23:22:09.0043 6652 [ 18F347402DA544A780949B8FDF83351B ] WinRM C:\WINDOWS\system32\WsmSvc.dll
23:22:09.0106 6652 WinRM - ok
23:22:09.0184 6652 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
23:22:09.0231 6652 WmdmPmSN - ok
23:22:09.0309 6652 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
23:22:09.0340 6652 Wmi - ok
23:22:09.0371 6652 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
23:22:09.0387 6652 WmiApSrv - ok
23:22:09.0465 6652 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
23:22:09.0496 6652 WMPNetworkSvc - ok
23:22:09.0606 6652 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
23:22:09.0652 6652 WPFFontCache_v0400 - ok
23:22:09.0715 6652 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
23:22:09.0715 6652 WS2IFSL - ok
23:22:09.0746 6652 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
23:22:09.0793 6652 wscsvc - ok
23:22:09.0809 6652 WSearch - ok
23:22:09.0887 6652 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
23:22:09.0918 6652 WSTCODEC - ok
23:22:09.0965 6652 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
23:22:10.0012 6652 wuauserv - ok
23:22:10.0074 6652 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
23:22:10.0106 6652 WudfPf - ok
23:22:10.0137 6652 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
23:22:10.0137 6652 WudfRd - ok
23:22:10.0184 6652 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
23:22:10.0231 6652 WudfSvc - ok
23:22:10.0277 6652 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
23:22:10.0324 6652 WZCSVC - ok
23:22:10.0356 6652 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
23:22:10.0402 6652 xmlprov - ok
23:22:10.0434 6652 [ 7A35352BCDFF34D0A6E59D8267B3FCB7 ] xnacc C:\WINDOWS\system32\DRIVERS\xnacc.sys
23:22:10.0465 6652 xnacc - ok
23:22:10.0496 6652 [ A640C90B007762939507C28A021BE3B3 ] xusb21 C:\WINDOWS\system32\DRIVERS\xusb21.sys
23:22:10.0512 6652 xusb21 - ok
23:22:10.0559 6652 ================ Scan global ===============================
23:22:10.0574 6652 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
23:22:10.0621 6652 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
23:22:10.0684 6652 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
23:22:10.0762 6652 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
23:22:10.0793 6652 [Global] - ok
23:22:10.0793 6652 ================ Scan MBR ==================================
23:22:10.0824 6652 [ B20939CD98B7710036274839082AE757 ] \Device\Harddisk0\DR0
23:22:10.0996 6652 \Device\Harddisk0\DR0 - ok
23:22:11.0012 6652 [ 35C6B2FCDE68FACBEFE0A4A7200BAE58 ] \Device\Harddisk1\DR3
23:22:14.0293 6652 \Device\Harddisk1\DR3 - ok
23:22:14.0293 6652 ================ Scan VBR ==================================
23:22:14.0293 6652 [ 452DE70B37BF12C2365CB461F7B8D984 ] \Device\Harddisk0\DR0\Partition1
23:22:14.0293 6652 \Device\Harddisk0\DR0\Partition1 - ok
23:22:14.0308 6652 [ 0695E3E5810681371E3FF8CCB12DBA04 ] \Device\Harddisk0\DR0\Partition2
23:22:14.0308 6652 \Device\Harddisk0\DR0\Partition2 - ok
23:22:14.0324 6652 [ 47D458C80C7FA1088E48BE2A67BAD904 ] \Device\Harddisk1\DR3\Partition1
23:22:14.0324 6652 \Device\Harddisk1\DR3\Partition1 - ok
23:22:14.0324 6652 ============================================================
23:22:14.0324 6652 Scan finished
23:22:14.0324 6652 ============================================================
23:22:14.0355 6984 Detected object count: 0
23:22:14.0355 6984 Actual detected object count: 0

actions · 2013-May-4 10:45 pm ·

LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26

1 recommendation

reply to Chris 313

Thanks, the TDSS Killer log was clean.

Time for a reality check.

What problem(s), if any, are still unresolved?

actions · 2013-May-5 10:53 am ·

Chris 313
Come get some
Premium
join:2004-07-18
Houma, LA

Reviews:

·Vonage

Excellent. As far as I'm aware, the only thing left is the unremovable (and disabled from the start) InfoAtoms firefox extension in my Add-ons list. How would I remove that?

Other then that, I'm good. And this experience has taught me a few things. Guess instead of just virus scanning my software downloads, I'll be MBAMing them too.

actions · 2013-May-5 9:52 pm ·

LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26

Reviews:

1 recommendation

reply to Chris 313

See if this helps removing the InfoAtoms extension.

»support.mozilla.org/en-US/kb/Can···20add-on

Here's another if the first one fails...
»www.ghacks.net/2012/02/04/how-to···-option/

Once we resolve this issue, we can start cleanup.
--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2011
Gladiator Security Forum

actions · 2013-May-6 10:39 am ·

Chris 313
Come get some
Premium
join:2004-07-18
Houma, LA

Reviews:

·Vonage

said by LoPhatPhuud:

Neither of those links seemed to help anything. InfoAtoms extension isn't listed anywhere in the extensions folder, despite seeing this in the Troubleshooting Firefox section:

InfoAtoms1.6.0.1 false infoatoms@infoatoms.com

Firefox safe mode didn't do anything either to make removing this crap easy.

Did I miss something somewhere? This is the last remaining crap hanging around. It's been disabled from minute one. Do I have to enable this thing for it to show in the extension folder?

Thanks for sticking it out thus far.

actions · 2013-May-8 4:12 am ·

LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26

Reviews:

1 recommendation

reply to Chris 313

Sorry, I missed the notice of your reply.

I want to verify whether the InfoAtoms is indeed hiding in your Firefox extensions.

To verify it you'll need to install a new extension; Extension List Dumper.

You'll find it here: »addons.mozilla.org/en-us/firefox···-dumper/

Once installed, open the Add-Ons window (Firefox -> Add-ons). At the top left should be a 'Dump List' button. Press it, and save the text file to the Desktop.

Post that log in this thread.
--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2011
Gladiator Security Forum

actions · 2013-May-20 11:12 am ·

Chris 313
Come get some
Premium
join:2004-07-18
Houma, LA

Reviews:

·Vonage

1 edit

said by LoPhatPhuud:

It's quite alright. Been a bit busy myself. And while Firefox has disabled InfoAtoms, I've seen it in my Chrome and other browser installs. I find it more annoying then damaging.

Still, I want this crap off my machine! ^_^

Will be back with the results you wanted ASAP and we'll go from there. With ya'll's help I'm sure we'll find this crap and rip it out by the roots!

Application: Firefox 21.0 (20130511120803)
Operating System: WINNT (x86-msvc)

- Adblock Plus 2.2.4
{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
»adblockplus.org/en/
May 9, 2013 01:49:52
August 22, 2012 15:49:10
Ads were yesterday!
- Adblock Plus Pop-up Addon 0.7
adblockpopups@jessehakanen.net
»jessehakanen.net/adblockpluspopupaddon/
March 3, 2013 17:18:52
August 22, 2012 15:50:22
Makes it easy to block pop-ups with Adblock Plus.
- avast! WebRep 7.0.1474 (Disabled)
wrc@avast.com
»www.avast.com/
December 6, 2012 21:02:38
Web Reputation Plugin
- DSLR Notifier 2 3.2.9
{9dfaef2c-b772-4bde-b5fc-1f69bd105c17}
»addons.mozilla.org/en-US/firefox···ifier-2/
April 10, 2013 12:14:27
April 6, 2013 09:06:50
DSLR/BBR IM and updated post notifier
- Element Hiding Helper for Adblock Plus 1.2.3
elemhidehelper@adblockplus.org
»adblockplus.org/en/elemhidehelper
August 22, 2012 15:49:34
Helps you create element hiding rules for Adblock Plus to fight the text ads.
- Extension List Dumper 1.15.2
extensionlistdumper@sogame.cat
»www.sogame.cat/
May 25, 2013 07:56:08
Dumps a list of the installed extensions.
- Flashblock 1.5.17
{3d7eb24f-2740-49df-8937-200b1cc08f8a}
»flashblock.mozdev.org/
April 16, 2013 07:13:32
August 22, 2012 15:50:22
Replaces Flash objects with a button you can click to view them.
- InfoAtoms 1.6.0.1 (Disabled)
infoatoms@infoatoms.com
»www.infoatoms.com
May 18, 2013 02:49:56
April 13, 2013 19:21:28
InfoAtoms - Be Curious
- Microsoft .NET Framework Assistant 0.0.0 (Disabled)
{20a82645-c095-46ed-80e3-08825760534b}
»www.windowsclient.net/
July 13, 2010 02:49:25
Adds ClickOnce support and the ability to report installed .NET versions to the web server.
- RealDownloader 1.3.1
{DAC3F861-B30D-40dd-9166-F4E75327FAC7}
»www.real.com
April 17, 2013 01:47:04
Detects all recordable content on the browser
- RoboForm Toolbar for Firefox 7.8.9.5
{22119944-ED35-4ab1-910B-E619EA06A115}
»www.roboform.com
May 18, 2013 00:25:58
January 20, 2012 03:06:06
RoboForm is password manager and form filler for Firefox.
- Tab Mix Plus 0.4.1.1pre.130522a
{dc572301-7619-498c-a57d-39143191b318}
»tmp.garyr.net
May 23, 2013 22:43:47
February 22, 2013 15:55:58
Tab browsing with an added boost.
- TooManyTabs 1.4.1
TooManyTabs@visibotech.com
»www.visibotech.com/
April 20, 2013 14:42:44
April 17, 2013 01:14:58
TooManyTabs allows you to store as many tabs as you like by adding extra rows in the Firefox!
- Veoh Browser Plug-in 1.3 (Disabled, Incompatible)
videofinder@veoh.com
»www.veoh.com
April 8, 2008 16:17:30
Add videos and videocasts to the Veoh Player
- Veoh Web Player Video Finder 1.4 (Disabled, Incompatible)
web@veoh.com
»www.veoh.com
April 26, 2009 15:53:49
Add videos and videocasts to the Veoh Web Player

actions · 2013-May-25 8:54 am ·

LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26

Reviews: