Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Virus dealing with requesting money

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Virus dealing with requesting money

Unread postby Gary R » October 17th, 2013, 1:35 am

See if you can boot into safe mode, if you can please do the following ...

  • Plug in your USB drive and transfer a copy of FRST64 to the Desktop of the infected machine.
  • Double click Frst64.exe to launch it.
  • FRST will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press the Scan button.
    • When finished scanning 2 logs will open on your Desktop, FRST.txt and Addition.txt
    • Please post them in your next reply.

The logs that FRST creates when run in Safe Mode (or preferrably Normal Mode) are more inclusive than those produced when run in Recovery Environment. I need to see what else turns up, there's also a "Junction" in your computer that needs removing and that can't be done from RE. If we can boot into Safe Mode we can probably remove it, and that may allow us to boot properly without the BSOD (blue screen of death).
User avatar
Gary R
Administrator
Administrator
 
Posts: 21864
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove

Re: Virus dealing with requesting money

Unread postby palii » October 17th, 2013, 10:19 am

Good Morning,

Here are the two logs you requested. I was able to boot into safe mode by pressing f7 several times and picking the "safe mode" selection on the screen. Copied frst64.exe to the desktop and ran the program. It did not ask for a disclaimer, but it did produce two logs. WOW, wish I understood all that looks interesting :shock: :shock:

Also, since I am retired it would be nice to learn how and give back, but I need to be about 20 years younger and have the extra time to learn what you do. Your school or learning process sounds really good and I appreciate your efforts. You would make a good little profit if you wrote a book, but then you would not be here to help us. Thanks again and I await your reply.

FRST.TXT


Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by Deborah (administrator) on DEBORAH-PC on 17-10-2013 08:55:17
Running from C:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Safe Mode (minimal)

==================== Processes (Whitelisted) =================


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2281256 2012-01-11] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6489704 2011-06-18] (Realtek Semiconductor)
HKLM\...\Run: [RtkOSD] - C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe [995840 2010-01-12] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Java\jre6\bin\jusched.exe [172032 2010-05-15] (Sun Microsystems, Inc.)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [1712184 2010-02-09] ()
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-07-05] (Google Inc.)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [18642024 2013-02-28] (Skype Technologies S.A.)
HKCU\...409d6c4515e9\InprocServer32: [Default-shell32] C:\Users\Deborah\AppData\Local\Temp\stpxixy\sxkkxwy\wow64.dll ATTENTION! ====> ZeroAccess?
HKLM-x32\...\Run: [NortonOnlineBackupReminder] - C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [600936 2009-06-29] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-09-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2011-01-31] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [WirelessAssistant] - C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [421736 2012-03-27] (Apple Inc.)
HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [586296 2010-11-09] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254896 2012-09-17] (Sun Microsystems, Inc.)
HKU\Default\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-02-09] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=32
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
URLSearchHook: (No Name) - {c3d3840c-12ea-4461-a61d-190555fecc82} - No File
URLSearchHook: (No Name) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - No File
StartMenuInternet: IEXPLORE.EXE - %ProgramFiles(x86)%\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {66778C30-7ACC-4C16-975D-E0ED68404825} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {66778C30-7ACC-4C16-975D-E0ED68404825} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM-x32 - {9bd172ba-3f40-4303-bca1-0484b5ba2a7b} URL = http://search.mywebsearch.com/mywebsear ... searchfor={searchTerms}
SearchScopes: HKCU - DefaultScope {D14E65FB-0AD1-44B1-A334-31A08336F0E6} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKCU - {66778C30-7ACC-4C16-975D-E0ED68404825} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKCU - {9bd172ba-3f40-4303-bca1-0484b5ba2a7b} URL = http://search.mywebsearch.com/mywebsear ... searchfor={searchTerms}
SearchScopes: HKCU - {C04B7D22-5AEC-4561-8F49-27F6269208F6} URL = http://www2.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=82122&lng=en
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll (Symantec Corporation)
BHO-x32: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Toolbar BHO - {a916eefe-6a17-4d7d-a131-2738b260bb55} - C:\Program Files (x86)\Guffins\bar\1.bin\u4bar.dll (MindSpark)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
BHO-x32: Inbox Toolbar - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
BHO-x32: Search Assistant BHO - {d6a34acb-76fa-4a14-88ea-5d54797a2028} - C:\Program Files (x86)\Guffins\bar\1.bin\u4SrcAs.dll (COMPANYVERS_NAME)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Guffins - {de2fdf7c-2637-4ba3-b427-3fce2d331db5} - C:\Program Files (x86)\Guffins\bar\1.bin\u4bar.dll (MindSpark)
Toolbar: HKLM-x32 - &Inbox Toolbar - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {DE2FDF7C-2637-4BA3-B427-3FCE2D331DB5} - No File
Toolbar: HKCU - No Name - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shoc ... tor/sw.cab
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Handler-x32: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 208.180.42.68 208.180.42.100

==================== Services (Whitelisted) =================

S2 MediaMall Server; C:\Program Files (x86)\MediaMall\MediaMallServer.exe [2062200 2012-03-13] (MediaMall Technologies, Inc.)
S2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe [126392 2009-08-24] (Symantec Corporation)
S2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-06] ()

==================== Drivers (Whitelisted) ====================

S3 msvad_simple; C:\Windows\System32\drivers\povrtdev.sys [28528 2010-04-29] (MediaMall Technologies, Inc.)
S1 SRTSP; C:\Windows\system32\drivers\NISx64\1100000.088\SRTSP64.SYS [504880 2009-08-29] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\NISx64\1100000.088\SRTSPX64.SYS [32304 2009-08-29] (Symantec Corporation)
S3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20090829.019\ENG64.SYS [x]
S3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20090829.019\EX64.SYS [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-17 08:55 - 2013-10-02 09:47 - 01954124 _____ (Farbar) C:\FRST64.exe
2013-10-17 08:53 - 2013-10-17 08:53 - 00277040 _____ C:\Windows\Minidump\101713-42276-01.dmp
2013-10-17 00:14 - 2013-10-17 00:14 - 00277040 _____ C:\Windows\Minidump\101713-44397-01.dmp
2013-10-16 23:47 - 2013-10-16 23:47 - 00277040 _____ C:\Windows\Minidump\101613-33431-01.dmp
2013-10-16 23:43 - 2013-10-16 23:43 - 00277040 _____ C:\Windows\Minidump\101613-29718-01.dmp
2013-10-16 19:36 - 2013-10-16 19:36 - 00277040 _____ C:\Windows\Minidump\101613-41184-01.dmp
2013-10-16 19:16 - 2013-10-16 19:17 - 00277040 _____ C:\Windows\Minidump\101613-50091-01.dmp
2013-10-15 22:49 - 2013-10-15 22:49 - 00000000 __SHD C:\$$PendingFiles
2013-10-15 22:23 - 2013-10-15 22:23 - 00000000 ____D C:\FRST
2013-10-15 20:28 - 2013-10-15 20:28 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1ceca0fed0d75e.job

==================== One Month Modified Files and Folders =======

2013-10-17 08:53 - 2013-10-17 08:53 - 00277040 _____ C:\Windows\Minidump\101713-42276-01.dmp
2013-10-17 08:53 - 2013-04-29 14:37 - 00000000 ____D C:\Windows\Minidump
2013-10-17 08:52 - 2013-04-29 14:36 - 478734742 _____ C:\Windows\MEMORY.DMP
2013-10-17 02:36 - 2010-12-26 00:03 - 00000000 ____D C:\Users\Deborah
2013-10-17 00:16 - 2011-12-20 04:13 - 00000000 ____D C:\ProgramData\MediaMall
2013-10-17 00:14 - 2013-10-17 00:14 - 00277040 _____ C:\Windows\Minidump\101713-44397-01.dmp
2013-10-17 00:14 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-17 00:14 - 2009-07-13 23:51 - 00100350 _____ C:\Windows\setupact.log
2013-10-16 23:55 - 2009-07-14 00:08 - 00032590 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-10-16 23:55 - 2009-07-13 23:45 - 00023248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-16 23:55 - 2009-07-13 23:45 - 00023248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-16 23:54 - 2010-07-08 03:28 - 02035825 _____ C:\Windows\WindowsUpdate.log
2013-10-16 23:53 - 2010-12-26 07:54 - 00003942 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{314085F5-C77B-43FC-BDC4-DE3BB10CE702}
2013-10-16 23:47 - 2013-10-16 23:47 - 00277040 _____ C:\Windows\Minidump\101613-33431-01.dmp
2013-10-16 23:43 - 2013-10-16 23:43 - 00277040 _____ C:\Windows\Minidump\101613-29718-01.dmp
2013-10-16 22:39 - 2010-12-26 02:58 - 00000000 ____D C:\ProgramData\Recovery
2013-10-16 19:36 - 2013-10-16 19:36 - 00277040 _____ C:\Windows\Minidump\101613-41184-01.dmp
2013-10-16 19:17 - 2013-10-16 19:16 - 00277040 _____ C:\Windows\Minidump\101613-50091-01.dmp
2013-10-15 22:49 - 2013-10-15 22:49 - 00000000 __SHD C:\$$PendingFiles
2013-10-15 22:40 - 2010-07-08 03:44 - 00000000 ____D C:\ProgramData\Norton
2013-10-15 22:40 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-10-15 22:40 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2013-10-15 22:39 - 2010-07-08 04:18 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-10-15 22:39 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2013-10-15 22:23 - 2013-10-15 22:23 - 00000000 ____D C:\FRST
2013-10-15 21:13 - 2011-07-05 01:20 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-15 21:12 - 2010-12-26 01:58 - 00176400 _____ C:\Windows\PFRO.log
2013-10-15 20:28 - 2013-10-15 20:28 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1ceca0fed0d75e.job
2013-10-15 20:20 - 2011-04-25 21:45 - 75016696 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-15 20:15 - 2010-12-26 08:57 - 00000000 ____D C:\Users\Deborah\AppData\Roaming\HpUpdate
2013-10-15 20:14 - 2011-07-05 01:20 - 00003896 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-15 20:14 - 2011-07-05 01:20 - 00003644 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-10-15 20:08 - 2011-07-05 01:19 - 00000000 ____D C:\Users\Deborah\AppData\Roaming\Skype
2013-10-02 09:47 - 2013-10-17 08:55 - 01954124 _____ (Farbar) C:\FRST64.exe

Files to move or delete:
====================
C:\Users\Deborah\AppData\Roaming\skype.dat


Some content of TEMP:
====================
C:\Users\Deborah\AppData\Local\Temp\0.193393282823619.exe
C:\Users\Deborah\AppData\Local\Temp\0.2884516017999489.exe
C:\Users\Deborah\AppData\Local\Temp\ApnStub.exe
C:\Users\Deborah\AppData\Local\Temp\Extract.exe
C:\Users\Deborah\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\Deborah\AppData\Local\Temp\GoogleToolbarInstaller.exe
C:\Users\Deborah\AppData\Local\Temp\HPHelpUpdater.exe
C:\Users\Deborah\AppData\Local\Temp\HPQSi.exe
C:\Users\Deborah\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\Deborah\AppData\Local\Temp\Resource.exe
C:\Users\Deborah\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Deborah\AppData\Local\Temp\SP47636.exe
C:\Users\Deborah\AppData\Local\Temp\SP49521.exe
C:\Users\Deborah\AppData\Local\Temp\SP49522.exe
C:\Users\Deborah\AppData\Local\Temp\SP49524.exe
C:\Users\Deborah\AppData\Local\Temp\SP50718.exe
C:\Users\Deborah\AppData\Local\Temp\SP50720.exe
C:\Users\Deborah\AppData\Local\Temp\sp50843.exe.exe
C:\Users\Deborah\AppData\Local\Temp\SP51650.exe
C:\Users\Deborah\AppData\Local\Temp\SP51976.exe
C:\Users\Deborah\AppData\Local\Temp\SP52093.exe
C:\Users\Deborah\AppData\Local\Temp\sp52110.exe.exe
C:\Users\Deborah\AppData\Local\Temp\sp54373.exe
C:\Users\Deborah\AppData\Local\Temp\sp54620.exe
C:\Users\Deborah\AppData\Local\Temp\sp58915.exe
C:\Users\Deborah\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\Deborah\AppData\Local\Temp\UninstallHPTCA.exe
C:\Users\Deborah\AppData\Local\Temp\w7e1944.tmp.exe
C:\Users\Deborah\AppData\Local\Temp\w7e95DA.tmp.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\en-US => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender


LastRegBack: 2013-04-15 13:43

==================== End Of Log ============================


ADDITION.TXT



Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-10-2013
Ran by Deborah at 2013-10-17 08:55:57
Running from C:\
Boot Mode: Safe Mode (minimal)
==========================================================


==================== Security Center ========================

AV: Norton Internet Security (Disabled - Up to date) {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Disabled - Up to date) {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton Internet Security (Disabled) {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

==================== Installed Programs ======================

Acrobat.com (x32 Version: 1.6.65)
Adobe AIR (x32 Version: 1.5.0.7220)
Adobe Flash Player 10 ActiveX (x32 Version: 10.3.181.23)
Adobe Flash Player 10 ActiveX 64-bit (Version: 10.3.162.28)
Adobe Reader 9.4.4 MUI (x32 Version: 9.4.4)
Adobe Shockwave Player (x32 Version: 11.5.1.601)
Apple Application Support (x32 Version: 2.1.7)
Apple Mobile Device Support (Version: 5.1.1.4)
Apple Software Update (x32 Version: 2.1.3.127)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.82)
Blackhawk Striker 2 (x32 Version: 2.2.0.82)
Blasterball 3 (x32 Version: 2.2.0.82)
Bonjour (Version: 3.0.0.10)
Build-a-lot 2 (x32 Version: 2.2.0.82)
Cake Mania (x32 Version: 2.2.0.82)
Chuzzle Deluxe (x32 Version: 2.2.0.82)
Cisco EAP-FAST Module (x32 Version: 2.2.14)
Cisco LEAP Module (x32 Version: 1.0.19)
Cisco PEAP Module (x32 Version: 1.1.6)
CyberLink DVD Suite (x32 Version: 7.0.2216)
CyberLink MediaShow (x32 Version: 4.1.3419)
CyberLink PowerDVD 8 (x32 Version: 8.0.1.1110)
CyberLink YouCam (x32 Version: 3.0.2201)
D3DX10 (x32 Version: 15.4.2368.0902)
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.82)
Dora's Carnival Adventure (x32 Version: 2.2.0.82)
Escape Rosecliff Island (x32 Version: 2.2.0.82)
ESU for Microsoft Windows 7 (x32 Version: 1.0.0)
Faerie Solitaire (x32 Version: 2.2.0.82)
FATE (x32 Version: 2.2.0.82)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0)
Google Toolbar for Internet Explorer (x32 Version: 7.4.3607.2246)
Google Update Helper (x32 Version: 1.3.21.165)
Guffins (x32)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000)
HP Advisor (x32 Version: 3.4.10262.3295)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7)
HP Game Console (x32)
HP Games (x32 Version: 1.0.0.80)
HP Quick Launch (x32 Version: 2.3.6)
HP Setup (x32 Version: 1.2.3560.3170)
HP Smart Web Printing (x32 Version: 131.1.35898)
HP Software Framework (x32 Version: 4.0.108.1)
HP Support Assistant (x32 Version: 7.0.39.15)
HP Update (x32 Version: 5.003.001.001)
HP User Guides 0183 (x32 Version: 1.01.0001)
HP Wireless Assistant (x32 Version: 3.50.9.1)
Inbox Toolbar (x32 Version: 2.0.0.17)
Intel(R) Control Center (x32 Version: 1.2.1.1007)
Intel(R) Graphics Media Accelerator Driver (x32 Version: 8.15.10.2086)
Intel(R) Rapid Storage Technology (x32 Version: 9.6.2.1001)
iTunes (Version: 10.6.1.7)
Java Auto Updater (x32 Version: 2.0.7.2)
Java(TM) 6 Update 17 (64-bit) (Version: 6.0.170)
Java(TM) 6 Update 37 (x32 Version: 6.0.370)
Jewel Quest 3 (x32 Version: 2.2.0.82)
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.82)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
LabelPrint (x32 Version: 2.5.2215)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Live Search Toolbar (x32 Version: 3.0.566.0)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - English (x32 Version: 14.0.4763.1000)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
muvee Reveal (x32 Version: 7.0.43.12698)
Mystery P.I. - The New York Fortune (x32 Version: 2.2.0.82)
Need For Speed™ World (x32 Version: 1.0.0.1229)
Norton Internet Security (x32 Version: 17.0.0.136)
Norton Online Backup (x32 Version: 1.2.20.0)
Penguins! (x32 Version: 2.2.0.82)
PictureMover (x32 Version: 3.3.1.18)
Plants vs. Zombies (x32 Version: 2.2.0.82)
PlayOn (x32 Version: 3.4.29)
Poker Superstars III (x32 Version: 2.2.0.82)
Polar Bowler (x32 Version: 2.2.0.82)
Polar Golfer (x32 Version: 2.2.0.82)
Power2Go (x32 Version: 6.0.3415)
PowerDirector (x32 Version: 7.0.3420)
QuickTime (x32 Version: 7.72.80.56)
Realtek Ethernet Controller Driver For Windows 7 (x32 Version: 7.18.322.2010)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6206)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30105)
REALTEK Wireless LAN Software (x32 Version: 1.00.10.0104)
Recovery Manager (x32 Version: 5.5.2214)
ROBLOX Player for Deborah (HKCU)
RtVOsd (Version: 1.0.6)
Skype Toolbars (x32 Version: 5.5.7896)
Skype™ 6.3 (x32 Version: 6.3.105)
Synaptics Pointing Device Driver (Version: 15.1.6.64)
TextTwist 2 (x32 Version: 2.2.0.82)
Unity Web Player (HKCU Version: )
Unity Web Player (x32 Version: 2.5.5b4_50)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Virtual Families (x32 Version: 2.2.0.82)
Virtual Villagers - The Secret City (x32 Version: 2.2.0.82)
VoiceOver Kit (x32 Version: 1.42.128.0)
Wheel of Fortune 2 (x32 Version: 2.2.0.82)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3502.0922)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Messenger (x32 Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3502.0922)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live Sync (x32 Version: 14.0.8089.726)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
Wizard101 (x32 Version: 1.0.0)
World of Warcraft (x32 Version: 5.1.0.16357)
Zuma's Revenge (x32 Version: 2.2.0.82)

==================== Restore Points =========================

31-03-2013 07:25:07 Windows Update
04-04-2013 02:27:33 Windows Update
11-04-2013 02:59:41 Windows Update
11-04-2013 05:34:43 Windows Update
13-04-2013 02:04:51 Windows Update
18-04-2013 02:27:05 Windows Update
23-04-2013 02:13:23 Windows Update
25-04-2013 04:46:12 Windows Update
27-04-2013 03:22:16 Windows Defender Checkpoint
07-05-2013 04:21:38 Windows Update
16-10-2013 01:14:43 Windows Update

==================== Hosts content: ==========================

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {367D83D7-D8C1-403D-8746-B05F02912E96} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-03-21] (Hewlett-Packard)
Task: {433B0605-28AC-4149-B17A-92DA437AC57D} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {4397C71F-0D91-4134-AEB2-4E83BC33B396} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-07] ()
Task: {670D9084-E630-4612-9E62-7D3D52538103} - System32\Tasks\{C1754FE6-8363-47D3-BEF4-C07985ABF4B4} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2013-02-28] (Skype Technologies S.A.)
Task: {9089D036-1565-4C98-B751-C92AF9BEB730} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {9B0E2767-759E-467C-BA2C-0CA20ECC7587} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {B462EFEC-3C90-4735-B611-0B7C5D6FF305} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-07-05] (Google Inc.)
Task: {C346FAF7-5B73-42E8-BB88-0AEE762489EE} - \1426109628 No Task File
Task: {CE783393-CB8C-4D93-90CE-A3C9D864EF30} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-09-05] (Hewlett-Packard Company)
Task: {E4B43F0A-0F11-4E93-8DD7-6854941FEF27} - \win4036e0 No Task File
Task: {F3690BA2-9359-416D-9DC3-B11B2C6CCBDD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-07-05] (Google Inc.)
Task: {FADC0D64-DFB5-48A8-9857-75AF6FF53176} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1ceca0fed0d75e.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============


==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="1"

==================== Faulty Device Manager Devices =============

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/16/2013 11:55:04 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: Flash64_10_3_162.ocx, version: 10.3.162.28, time stamp: 0x4cd9fabd
Exception code: 0xc0000005
Fault offset: 0x00000000004f2ba0
Faulting process id: 0x3ac
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (10/15/2013 10:47:57 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000015335
Faulting process id: 0x1401c
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (10/15/2013 10:44:34 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: Flash64_10_3_162.ocx, version: 10.3.162.28, time stamp: 0x4cd9fabd
Exception code: 0xc0000005
Fault offset: 0x00000000004f2ba0
Faulting process id: 0x1054
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (10/15/2013 10:38:42 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: Flash64_10_3_162.ocx, version: 10.3.162.28, time stamp: 0x4cd9fabd
Exception code: 0xc0000005
Fault offset: 0x00000000004f2ba0
Faulting process id: 0x100dc
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (10/15/2013 10:33:16 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: Flash64_10_3_162.ocx, version: 10.3.162.28, time stamp: 0x4cd9fabd
Exception code: 0xc0000005
Fault offset: 0x00000000004f2ba0
Faulting process id: 0x2a0c
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (10/15/2013 10:27:12 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: Flash64_10_3_162.ocx, version: 10.3.162.28, time stamp: 0x4cd9fabd
Exception code: 0xc0000005
Fault offset: 0x00000000004f2ba0
Faulting process id: 0x32e4
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (10/15/2013 10:24:50 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: Flash64_10_3_162.ocx, version: 10.3.162.28, time stamp: 0x4cd9fabd
Exception code: 0xc0000005
Fault offset: 0x0000000000569409
Faulting process id: 0x170fc
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (10/15/2013 10:18:02 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: Flash64_10_3_162.ocx, version: 10.3.162.28, time stamp: 0x4cd9fabd
Exception code: 0xc0000005
Fault offset: 0x0000000000569409
Faulting process id: 0x76d8
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (10/15/2013 10:09:27 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: Flash64_10_3_162.ocx, version: 10.3.162.28, time stamp: 0x4cd9fabd
Exception code: 0xc0000005
Fault offset: 0x00000000004f2ba0
Faulting process id: 0xcf08
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (10/15/2013 10:07:10 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000015335
Faulting process id: 0x4888
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3


System errors:
=============
Error: (10/17/2013 08:55:41 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (10/17/2013 08:55:11 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (10/17/2013 08:54:41 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (10/17/2013 08:54:11 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (10/17/2013 08:53:46 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (10/17/2013 08:53:46 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (10/17/2013 08:53:46 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (10/17/2013 08:53:46 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (10/17/2013 08:53:46 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (10/17/2013 08:53:46 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================
Error: (10/16/2013 11:55:04 PM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc3c1Flash64_10_3_162.ocx10.3.162.284cd9fabdc000000500000000004f2ba03ac01cecaf404210c3aC:\Windows\system32\svchost.exeC:\Windows\system32\Macromed\Flash\Flash64_10_3_162.ocx48d9b6f2-36e8-11e3-9b6a-60eb693077d3

Error: (10/15/2013 10:47:57 PM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc3c1unknown0.0.0.000000000c000000500000000000153351401c01ceca22080d760cC:\Windows\system32\svchost.exeunknownbe35a8d8-3615-11e3-a191-60eb693077d3

Error: (10/15/2013 10:44:34 PM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc3c1Flash64_10_3_162.ocx10.3.162.284cd9fabdc000000500000000004f2ba0105401ceca21399e802aC:\Windows\system32\svchost.exeC:\Windows\system32\Macromed\Flash\Flash64_10_3_162.ocx44f7833e-3615-11e3-a191-60eb693077d3

Error: (10/15/2013 10:38:42 PM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc3c1Flash64_10_3_162.ocx10.3.162.284cd9fabdc000000500000000004f2ba0100dc01ceca20759637f5C:\Windows\system32\svchost.exeC:\Windows\system32\Macromed\Flash\Flash64_10_3_162.ocx7360dbb9-3614-11e3-a191-60eb693077d3

Error: (10/15/2013 10:33:16 PM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc3c1Flash64_10_3_162.ocx10.3.162.284cd9fabdc000000500000000004f2ba02a0c01ceca1fb175b659C:\Windows\system32\svchost.exeC:\Windows\system32\Macromed\Flash\Flash64_10_3_162.ocxb09b787e-3613-11e3-a191-60eb693077d3

Error: (10/15/2013 10:27:12 PM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc3c1Flash64_10_3_162.ocx10.3.162.284cd9fabdc000000500000000004f2ba032e401ceca1f4c2d1601C:\Windows\system32\svchost.exeC:\Windows\system32\Macromed\Flash\Flash64_10_3_162.ocxd6c80d4c-3612-11e3-a191-60eb693077d3

Error: (10/15/2013 10:24:50 PM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc3c1Flash64_10_3_162.ocx10.3.162.284cd9fabdc00000050000000000569409170fc01ceca1e6f23493aC:\Windows\system32\svchost.exeC:\Windows\system32\Macromed\Flash\Flash64_10_3_162.ocx83aa7354-3612-11e3-a191-60eb693077d3

Error: (10/15/2013 10:18:02 PM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc3c1Flash64_10_3_162.ocx10.3.162.284cd9fabdc0000005000000000056940976d801ceca1d21d57edeC:\Windows\system32\svchost.exeC:\Windows\system32\Macromed\Flash\Flash64_10_3_162.ocx8ffe86d9-3611-11e3-a191-60eb693077d3

Error: (10/15/2013 10:09:27 PM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc3c1Flash64_10_3_162.ocx10.3.162.284cd9fabdc000000500000000004f2ba0cf0801ceca1d0ab26212C:\Windows\system32\svchost.exeC:\Windows\system32\Macromed\Flash\Flash64_10_3_162.ocx5d7505d9-3610-11e3-a191-60eb693077d3

Error: (10/15/2013 10:07:10 PM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc3c1unknown0.0.0.000000000c00000050000000000015335488801ceca1c5b3fa71eC:\Windows\system32\svchost.exeunknown0b716503-3610-11e3-a191-60eb693077d3


CodeIntegrity Errors:
===================================
Date: 2013-10-17 00:14:39.418
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-10-17 00:10:42.228
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-10-16 23:48:43.602
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-10-16 23:44:07.492
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-10-16 19:36:56.499
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-10-16 19:33:38.908
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-10-16 19:13:19.328
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-10-15 22:54:19.903
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-10-15 22:33:48.916
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-10-15 22:25:14.893
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 30%
Total physical RAM: 3002.92 MB
Available physical RAM: 2091.46 MB
Total Pagefile: 6003.98 MB
Available Pagefile: 5111.19 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:283.49 GB) (Free:195.95 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:14.31 GB) (Free:2.36 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
Drive g: (MEMORIX1G) (Removable) (Total:0.96 GB) (Free:0.42 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298 GB) (Disk ID: 7D497DE8)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=283 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=14 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

========================================================
Disk: 1 (Size: 984 MB) (Disk ID: 4D63645D)
Partition 1: (Active) - (Size=984 MB) - (Type=06)

==================== End Of Log ============================
palii
Regular Member
 
Posts: 37
Joined: October 15th, 2013, 1:31 am

Re: Virus dealing with requesting money

Unread postby Gary R » October 17th, 2013, 10:38 am

OK, we've got a bit more to go at now, let's see if we can make a bit better progress this time ....

  • Click Start
  • Type notepad.exe in the search programs and files box and clcik Enter.
  • A blank Notepad page should open.
    • Copy/Paste the contents of the code box below into Notepad.
Code: Select all
HKCU\...409d6c4515e9\InprocServer32: [Default-shell32] C:\Users\Deborah\AppData\Local\Temp\stpxixy\sxkkxwy\wow64.dll ATTENTION! ====> ZeroAccess?
URLSearchHook: (No Name) - {c3d3840c-12ea-4461-a61d-190555fecc82} - No File
URLSearchHook: (No Name) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - No File
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {66778C30-7ACC-4C16-975D-E0ED68404825} URL = http://www.ask.com/web?q= {searchterms}&l=dis&o=ushpl
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {66778C30-7ACC-4C16-975D-E0ED68404825} URL = http://www.ask.com/web?q= {searchterms}&l=dis&o=ushpl
SearchScopes: HKLM-x32 - {9bd172ba-3f40-4303-bca1-0484b5ba2a7b} URL = http://search.mywebsearch.com/mywebsear ... searchfor= {searchTerms}
SearchScopes: HKCU - {66778C30-7ACC-4C16-975D-E0ED68404825} URL = http://www.ask.com/web?q= {searchterms}&l=dis&o=ushpl
SearchScopes: HKCU - {9bd172ba-3f40-4303-bca1-0484b5ba2a7b} URL = http://search.mywebsearch.com/mywebsear ... searchfor= {searchTerms}
SearchScopes: HKCU - {C04B7D22-5AEC-4561-8F49-27F6269208F6} URL = http://www2.inbox.com/search/dispatcher ... s&qkw= {searchTerms}&tbid=82122&lng=en
BHO-x32: Toolbar BHO - {a916eefe-6a17-4d7d-a131-2738b260bb55} - C:\Program Files (x86)\Guffins\bar\1.bin\u4bar.dll (MindSpark)
BHO-x32: Inbox Toolbar - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
BHO-x32: Search Assistant BHO - {d6a34acb-76fa-4a14-88ea-5d54797a2028} - C:\Program Files (x86)\Guffins\bar\1.bin\u4SrcAs.dll (COMPANYVERS_NAME)
Toolbar: HKLM-x32 - Guffins - {de2fdf7c-2637-4ba3-b427-3fce2d331db5} - C:\Program Files (x86)\Guffins\bar\1.bin\u4bar.dll (MindSpark)
Toolbar: HKLM-x32 - &Inbox Toolbar - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
Toolbar: HKCU - No Name - {DE2FDF7C-2637-4BA3-B427-3FCE2D331DB5} - No File
Toolbar: HKCU - No Name - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
Handler-x32: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
C:\Users\Deborah\AppData\Roaming\skype.dat
C:\Users\Deborah\AppData\Local\Temp\0.193393282823619.exe
C:\Users\Deborah\AppData\Local\Temp\0.2884516017999489.exe
C:\Users\Deborah\AppData\Local\Temp\ApnStub.exe
C:\Users\Deborah\AppData\Local\Temp\Extract.exe
C:\Users\Deborah\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\Deborah\AppData\Local\Temp\GoogleToolbarInstaller.exe
C:\Users\Deborah\AppData\Local\Temp\HPHelpUpdater.exe
C:\Users\Deborah\AppData\Local\Temp\HPQSi.exe
C:\Users\Deborah\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\Deborah\AppData\Local\Temp\Resource.exe
C:\Users\Deborah\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Deborah\AppData\Local\Temp\SP47636.exe
C:\Users\Deborah\AppData\Local\Temp\SP49521.exe
C:\Users\Deborah\AppData\Local\Temp\SP49522.exe
C:\Users\Deborah\AppData\Local\Temp\SP49524.exe
C:\Users\Deborah\AppData\Local\Temp\SP50718.exe
C:\Users\Deborah\AppData\Local\Temp\SP50720.exe
C:\Users\Deborah\AppData\Local\Temp\sp50843.exe.exe
C:\Users\Deborah\AppData\Local\Temp\SP51650.exe
C:\Users\Deborah\AppData\Local\Temp\SP51976.exe
C:\Users\Deborah\AppData\Local\Temp\SP52093.exe
C:\Users\Deborah\AppData\Local\Temp\sp52110.exe.exe
C:\Users\Deborah\AppData\Local\Temp\sp54373.exe
C:\Users\Deborah\AppData\Local\Temp\sp54620.exe
C:\Users\Deborah\AppData\Local\Temp\sp58915.exe
C:\Users\Deborah\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\Deborah\AppData\Local\Temp\UninstallHPTCA.exe
C:\Users\Deborah\AppData\Local\Temp\w7e1944.tmp.exe
C:\Users\Deborah\AppData\Local\Temp\w7e95DA.tmp.exe
DeleteJunctionsIndirectory: C:\Program Files\Windows Defender

    • Save it to the infected computer's Desktop as fixlist.txt (fixlist.txt must be in the same location as FRST64.exe or the fix won't work)

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Start FRST in a similar manner to when you ran a scan in safe mode earlier, but this time when it opens ....
    • Press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log fixlog.txt on your Desktop.
  • Post me the log please.

Next ....

See if you're now able to boot normally, and if you can ....

Download TDSSKiller.zip and extract it to your Desktop.
  • Double click on TDSSKiller.exe to launch it.
    • If using Vista or Windows7, when prompted by UAC allow the prompt.
  • Click on Start Scan
  • The scan will run.
  • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  • Post the contents in your next reply please.
  • DO NOT TRY TO FIX ANYTHING IT MAY FIND AT THIS POINT

Let me know if you're still unable to boot normally.

Summary of the logs I need from you in your next post:
  • Fixlog.txt
  • TDSSKiller log (if you're able to run it).


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21864
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Virus dealing with requesting money

Unread postby palii » October 17th, 2013, 3:19 pm

Hello,

I was able to run the program to produce the fixlog.txt that I have included. However, when I booted into the computer the normal way (I shut down the computer, turned in on) and was able to get to the desktop and then the BSOD happen. The computer restarted and gave me a screen saying that the computer had shut down improperty and gave me an option to do a check disk. I selected that and the computer started and the desktop opened. I waited about 10 minutes and did not get the BSOD.
At this point, I connected to the interent and got to the malware forum so that I could download the tdsskiller.exe. When I got to the process to select it so that I could download, I got the following message box "Current security setting will not allow to download". So, I was unable to download and run.

Here is the fixlog.txt:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-10-2013
Ran by Deborah at 2013-10-17 13:47:15 Run:3
Running from C:\
Boot Mode: Safe Mode (minimal)
==============================================

Content of fixlist:
*****************
Code: Select all
HKCU\...409d6c4515e9\InprocServer32: [Default-shell32] C:\Users\Deborah\AppData\Local\Temp\stpxixy\sxkkxwy\wow64.dll ATTENTION! ====> ZeroAccess?
URLSearchHook: (No Name) - {c3d3840c-12ea-4461-a61d-190555fecc82} - No File
URLSearchHook: (No Name) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - No File
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {66778C30-7ACC-4C16-975D-E0ED68404825} URL = http://www.ask.com/web?q= {searchterms}&l=dis&o=ushpl
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {66778C30-7ACC-4C16-975D-E0ED68404825} URL = http://www.ask.com/web?q= {searchterms}&l=dis&o=ushpl
SearchScopes: HKLM-x32 - {9bd172ba-3f40-4303-bca1-0484b5ba2a7b} URL = http://search.mywebsearch.com/mywebsear ... searchfor= {searchTerms}
SearchScopes: HKCU - {66778C30-7ACC-4C16-975D-E0ED68404825} URL = http://www.ask.com/web?q= {searchterms}&l=dis&o=ushpl
SearchScopes: HKCU - {9bd172ba-3f40-4303-bca1-0484b5ba2a7b} URL = http://search.mywebsearch.com/mywebsear ... searchfor= {searchTerms}
SearchScopes: HKCU - {C04B7D22-5AEC-4561-8F49-27F6269208F6} URL = http://www2.inbox.com/search/dispatcher ... s&qkw= {searchTerms}&tbid=82122&lng=en
BHO-x32: Toolbar BHO - {a916eefe-6a17-4d7d-a131-2738b260bb55} - C:\Program Files (x86)\Guffins\bar\1.bin\u4bar.dll (MindSpark)
BHO-x32: Inbox Toolbar - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
BHO-x32: Search Assistant BHO - {d6a34acb-76fa-4a14-88ea-5d54797a2028} - C:\Program Files (x86)\Guffins\bar\1.bin\u4SrcAs.dll (COMPANYVERS_NAME)
Toolbar: HKLM-x32 - Guffins - {de2fdf7c-2637-4ba3-b427-3fce2d331db5} - C:\Program Files (x86)\Guffins\bar\1.bin\u4bar.dll (MindSpark)
Toolbar: HKLM-x32 - &Inbox Toolbar - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
Toolbar: HKCU - No Name - {DE2FDF7C-2637-4BA3-B427-3FCE2D331DB5} - No File
Toolbar: HKCU - No Name - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
Handler-x32: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
C:\Users\Deborah\AppData\Roaming\skype.dat
C:\Users\Deborah\AppData\Local\Temp\0.193393282823619.exe
C:\Users\Deborah\AppData\Local\Temp\0.2884516017999489.exe
C:\Users\Deborah\AppData\Local\Temp\ApnStub.exe
C:\Users\Deborah\AppData\Local\Temp\Extract.exe
C:\Users\Deborah\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\Deborah\AppData\Local\Temp\GoogleToolbarInstaller.exe
C:\Users\Deborah\AppData\Local\Temp\HPHelpUpdater.exe
C:\Users\Deborah\AppData\Local\Temp\HPQSi.exe
C:\Users\Deborah\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\Deborah\AppData\Local\Temp\Resource.exe
C:\Users\Deborah\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Deborah\AppData\Local\Temp\SP47636.exe
C:\Users\Deborah\AppData\Local\Temp\SP49521.exe
C:\Users\Deborah\AppData\Local\Temp\SP49522.exe
C:\Users\Deborah\AppData\Local\Temp\SP49524.exe
C:\Users\Deborah\AppData\Local\Temp\SP50718.exe
C:\Users\Deborah\AppData\Local\Temp\SP50720.exe
C:\Users\Deborah\AppData\Local\Temp\sp50843.exe.exe
C:\Users\Deborah\AppData\Local\Temp\SP51650.exe
C:\Users\Deborah\AppData\Local\Temp\SP51976.exe
C:\Users\Deborah\AppData\Local\Temp\SP52093.exe
C:\Users\Deborah\AppData\Local\Temp\sp52110.exe.exe
C:\Users\Deborah\AppData\Local\Temp\sp54373.exe
C:\Users\Deborah\AppData\Local\Temp\sp54620.exe
C:\Users\Deborah\AppData\Local\Temp\sp58915.exe
C:\Users\Deborah\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\Deborah\AppData\Local\Temp\UninstallHPTCA.exe
C:\Users\Deborah\AppData\Local\Temp\w7e1944.tmp.exe
C:\Users\Deborah\AppData\Local\Temp\w7e95DA.tmp.exe
DeleteJunctionsIndirectory: C:\Program Files\Windows Defender


*****************

HKCU\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} => Key deleted successfully. If the key returned, move the associated file, reboot and list the key for deletion.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\\{c3d3840c-12ea-4461-a61d-190555fecc82} => Value deleted successfully.
HKCR\CLSID\{c3d3840c-12ea-4461-a61d-190555fecc82} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} => Value deleted successfully.
HKCR\CLSID\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{66778C30-7ACC-4C16-975D-E0ED68404825} => Key deleted successfully.
HKCR\CLSID\{66778C30-7ACC-4C16-975D-E0ED68404825} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{66778C30-7ACC-4C16-975D-E0ED68404825} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{66778C30-7ACC-4C16-975D-E0ED68404825} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9bd172ba-3f40-4303-bca1-0484b5ba2a7b} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{9bd172ba-3f40-4303-bca1-0484b5ba2a7b} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{66778C30-7ACC-4C16-975D-E0ED68404825} => Key deleted successfully.
HKCR\CLSID\{66778C30-7ACC-4C16-975D-E0ED68404825} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9bd172ba-3f40-4303-bca1-0484b5ba2a7b} => Key deleted successfully.
HKCR\CLSID\{9bd172ba-3f40-4303-bca1-0484b5ba2a7b} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6} => Key deleted successfully.
HKCR\CLSID\{C04B7D22-5AEC-4561-8F49-27F6269208F6} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a916eefe-6a17-4d7d-a131-2738b260bb55} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{a916eefe-6a17-4d7d-a131-2738b260bb55} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d6a34acb-76fa-4a14-88ea-5d54797a2028} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{d6a34acb-76fa-4a14-88ea-5d54797a2028} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{de2fdf7c-2637-4ba3-b427-3fce2d331db5} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{de2fdf7c-2637-4ba3-b427-3fce2d331db5} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => Value deleted successfully.
HKCR\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{DE2FDF7C-2637-4BA3-B427-3FCE2D331DB5} => Value deleted successfully.
HKCR\CLSID\{DE2FDF7C-2637-4BA3-B427-3FCE2D331DB5} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} => Value deleted successfully.
HKCR\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} => Key not found.
HKCR\Wow6432Node\PROTOCOLS\Handler\inbox => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{37540F19-DD4C-478B-B2DF-C19281BCAF27} => Key deleted successfully.
C:\Users\Deborah\AppData\Roaming\skype.dat => Moved successfully.
C:\Users\Deborah\AppData\Local\Temp\0.193393282823619.exe => Moved successfully.
C:\Users\Deborah\AppData\Local\Temp\0.2884516017999489.exe => Moved successfully.
C:\Users\Deborah\AppData\Local\Temp\ApnStub.exe => Moved successfully.
C:\Users\Deborah\AppData\Local\Temp\Extract.exe => Moved successfully.
C:\Users\Deborah\AppData\Local\Temp\FlashPlayerUpdate.exe => Moved successfully.
C:\Users\Deborah\AppData\Local\Temp\GoogleToolbarInstaller.exe => Moved successfully.
C:\Users\Deborah\AppData\Local\Temp\HPHelpUpdater.exe => Moved successfully.
C:\Users\Deborah\AppData\Local\Temp\HPQSi.exe => Moved successfully.
C:\Users\Deborah\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe => Moved successfully.
C:\Users\Deborah\AppData\Local\Temp\Resource.exe => Moved successfully.
C:\Users\Deborah\AppData\Local\Temp\SkypeSetup.exe => Moved successfully.
C:\Users\Deborah\AppData\Local\Temp\SP47636.exe => Moved successfully.
C:\Users\Deborah\AppData\Local\Temp\SP49521.exe => Moved successfully.
C:\Users\Deborah\AppData\Local\Temp\SP49522.exe => Moved successfully.
C:\Users\Deborah\AppData\Local\Temp\SP49524.exe => Moved successfully.
C:\Users\Deborah\AppData\Local\Temp\SP50718.exe => Moved successfully.
C:\Users\Deborah\AppData\Local\Temp\SP50720.exe => Moved successfully.
C:\Users\Deborah\AppData\Local\Temp\sp50843.exe.exe => Moved successfully.
C:\Users\Deborah\AppData\Local\Temp\SP51650.exe => Moved successfully.
C:\Users\Deborah\AppData\Local\Temp\SP51976.exe => Moved successfully.
C:\Users\Deborah\AppData\Local\Temp\SP52093.exe => Moved successfully.
C:\Users\Deborah\AppData\Local\Temp\sp52110.exe.exe => Moved successfully.
C:\Users\Deborah\AppData\Local\Temp\sp54373.exe => Moved successfully.
C:\Users\Deborah\AppData\Local\Temp\sp54620.exe => Moved successfully.
C:\Users\Deborah\AppData\Local\Temp\sp58915.exe => Moved successfully.
C:\Users\Deborah\AppData\Local\Temp\UninstallHPSA.exe => Moved successfully.
C:\Users\Deborah\AppData\Local\Temp\UninstallHPTCA.exe => Moved successfully.
C:\Users\Deborah\AppData\Local\Temp\w7e1944.tmp.exe => Moved successfully.
C:\Users\Deborah\AppData\Local\Temp\w7e95DA.tmp.exe => Moved successfully.
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking started.
"C:\Program Files\Windows Defender\en-US" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking completed.

==== End of Fixlog ====
palii
Regular Member
 
Posts: 37
Joined: October 15th, 2013, 1:31 am

Re: Virus dealing with requesting money

Unread postby Gary R » October 17th, 2013, 5:09 pm

OK, try downloading TDSSKiller using another computer, then transfer it to the infected computer's Desktop using your USB disk.

If you're able to do that then please run the TDSSKiller scan with the computer booted into normal mode, then post me the log please.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21864
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Virus dealing with requesting money

Unread postby palii » October 17th, 2013, 7:52 pm

Hello from a frustrated old man,

dealing with a mac and a pc to solve the problems has been a trying thing. Not sure if you want hear all the problems, but need to explain what happen on a couple things...

I was not able to copy the tdsskiller from my mac to my thumb drive as it would name it something that I could not open on the pc. On the pc side, I kept getting a name that I could not open. So, I research the error message dealing with unable to download on the pc. I changed a setting on internet explorer to allow and got it on the pc.

when I ran the tdsskiller, was not sure what was to happen, but it wanted an update restarted and i started the scan. Never noticed where it saved the report, but it did say at one point about a virus. this is where i got lost and make a mistake, it said "cure" and I hit continue thinking it would give instructions.....if I messed up I am sorry.

At this point, I did a control-a and then a control-c and now a control-v for this report.......

18:08:47.0110 0x0d84 TDSS rootkit removing tool 3.0.0.14 Oct 15 2013 15:35:38
18:08:47.0687 0x0d84 ============================================================
18:08:47.0687 0x0d84 Current date / time: 2013/10/17 18:08:47.0687
18:08:47.0687 0x0d84 SystemInfo:
18:08:47.0687 0x0d84
18:08:47.0687 0x0d84 OS Version: 6.1.7600 ServicePack: 0.0
18:08:47.0687 0x0d84 Product type: Workstation
18:08:47.0687 0x0d84 ComputerName: DEBORAH-PC
18:08:47.0687 0x0d84 UserName: Deborah
18:08:47.0687 0x0d84 Windows directory: C:\Windows
18:08:47.0687 0x0d84 System windows directory: C:\Windows
18:08:47.0687 0x0d84 Running under WOW64
18:08:47.0687 0x0d84 Processor architecture: Intel x64
18:08:47.0687 0x0d84 Number of processors: 2
18:08:47.0687 0x0d84 Page size: 0x1000
18:08:47.0687 0x0d84 Boot type: Normal boot
18:08:47.0687 0x0d84 ============================================================
18:08:47.0687 0x0d84 BG loaded
18:08:48.0530 0x0d84 System UUID: {A7A29094-323B-3A92-7F26-533D53744C2E}
18:08:52.0930 0x0d84 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:08:52.0992 0x0d84 Drive \Device\Harddisk1\DR1 - Size: 0x3D800000 (0.96 Gb), SectorSize: 0x200, Cylinders: 0x7D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:08:53.0008 0x0d84 ============================================================
18:08:53.0008 0x0d84 \Device\Harddisk0\DR0:
18:08:53.0039 0x0d84 MBR partitions:
18:08:53.0039 0x0d84 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
18:08:53.0039 0x0d84 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x236FA000
18:08:53.0039 0x0d84 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x2375E000, BlocksNum 0x1C9C800
18:08:53.0039 0x0d84 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x253FA800, BlocksNum 0x33AB0
18:08:53.0039 0x0d84 \Device\Harddisk1\DR1:
18:08:53.0039 0x0d84 MBR partitions:
18:08:53.0039 0x0d84 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0x1EBFE0
18:08:53.0039 0x0d84 ============================================================
18:08:53.0117 0x0d84 C: <-> \Device\Harddisk0\DR0\Partition2
18:08:56.0230 0x0d84 D: <-> \Device\Harddisk0\DR0\Partition3
18:08:57.0275 0x0d84 E: <-> \Device\Harddisk0\DR0\Partition4
18:08:57.0275 0x0d84 ============================================================
18:08:57.0275 0x0d84 Initialize success
18:08:57.0275 0x0d84 ============================================================
18:09:23.0503 0x0b44 ============================================================
18:09:23.0503 0x0b44 Scan started
18:09:23.0503 0x0b44 Mode: Manual;
18:09:23.0503 0x0b44 ============================================================
18:09:23.0503 0x0b44 KSN ping started
18:09:26.0404 0x0b44 KSN ping finished: true
18:09:51.0403 0x0b44 ================ Scan system memory ========================
18:09:51.0403 0x0b44 System memory - ok
18:09:51.0403 0x0b44 ================ Scan services =============================
18:09:57.0348 0x0b44 [ 1B00662092F9F9568B995902F0CC40D5, D345014CF146FA57B2682C189D5E7F27D4C78F321F2723D912D623E777C2BB70 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
18:09:57.0379 0x0b44 1394ohci - ok
18:09:57.0816 0x0b44 [ 6F11E88748CDEFD2F76AA215F97DDFE5, BD0B3561EDCDE5EFD89372793CFD09DF879709BF469542F4A049705CBA9FD060 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
18:09:57.0832 0x0b44 ACPI - ok
18:09:58.0113 0x0b44 [ 63B05A0420CE4BF0E4AF6DCC7CADA254, 56BCC219D6B886FD42B7D335B4A7BBA3C9BC148220CBD99F8583FB505DAE63BF ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
18:09:58.0144 0x0b44 AcpiPmi - ok
18:09:58.0534 0x0b44 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
18:09:58.0768 0x0b44 adp94xx - ok
18:10:00.0156 0x0b44 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
18:10:00.0219 0x0b44 adpahci - ok
18:10:00.0390 0x0b44 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
18:10:00.0406 0x0b44 adpu320 - ok
18:10:00.0546 0x0b44 [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:10:00.0546 0x0b44 AeLookupSvc - ok
18:10:01.0405 0x0b44 [ D1E343BC00136CE03C4D403194D06A80, 94F2543164A2CEA179EDE53E1294EE24391A59CAEFF83BA5CE9385E8E686E89C ] AERTFilters C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
18:10:01.0421 0x0b44 AERTFilters - ok
18:10:01.0811 0x0b44 [ DB9D6C6B2CD95A9CA414D045B627422E, A4A0B2ACBFE311C20EF9F06A49DBE02CE90433C2364B292F6E8F78F6C274DF88 ] AFD C:\Windows\system32\drivers\afd.sys
18:10:01.0826 0x0b44 AFD - ok
18:10:01.0998 0x0b44 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
18:10:02.0154 0x0b44 agp440 - ok
18:10:02.0435 0x0b44 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
18:10:02.0513 0x0b44 ALG - ok
18:10:03.0121 0x0b44 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
18:10:03.0152 0x0b44 aliide - ok
18:10:03.0324 0x0b44 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\DRIVERS\amdide.sys
18:10:03.0464 0x0b44 amdide - ok
18:10:03.0542 0x0b44 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
18:10:04.0369 0x0b44 AmdK8 - ok
18:10:04.0510 0x0b44 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
18:10:04.0541 0x0b44 AmdPPM - ok
18:10:05.0087 0x0b44 [ EC7EBAB00A4D8448BAB68D1E49B4BEB9, 786B30C86FA7FEC6BA2569FF818044AA0F7C134693304ED0FF7BD0541F9A755F ] amdsata C:\Windows\system32\drivers\amdsata.sys
18:10:05.0414 0x0b44 amdsata - ok
18:10:06.0631 0x0b44 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
18:10:06.0694 0x0b44 amdsbs - ok
18:10:07.0255 0x0b44 [ DB27766102C7BF7E95140A2AA81D042E, 489F812B596EA06E53D891CD05047AA17CDF752854BBD553BA65D10799AF78DF ] amdxata C:\Windows\system32\drivers\amdxata.sys
18:10:07.0302 0x0b44 amdxata - ok
18:10:09.0424 0x0b44 [ 42FD751B27FA0E9C69BB39F39E409594, DE349CAA570957868CA1CB0BE0FAF551CD4D44FD53EBC4391B9C1C7B9CF295D2 ] AppID C:\Windows\system32\drivers\appid.sys
18:10:09.0470 0x0b44 AppID - ok
18:10:09.0798 0x0b44 [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc C:\Windows\System32\appidsvc.dll
18:10:09.0814 0x0b44 AppIDSvc - ok
18:10:10.0172 0x0b44 [ D065BE66822847B7F127D1F90158376E, 20F911F390FF23C2C42361A449C4344DB59F1DC21EDD1E7EBC4E80914DEF7824 ] Appinfo C:\Windows\System32\appinfo.dll
18:10:10.0188 0x0b44 Appinfo - ok
18:10:11.0701 0x0b44 [ 7EF47644B74EBE721CC32211D3C35E76, 1381908E70567AAE5A8C96C4B7BF8E68748F64DE3243FD0FA8CC0E72DEEDA9A7 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:10:11.0732 0x0b44 Apple Mobile Device - ok
18:10:11.0810 0x0b44 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\DRIVERS\arc.sys
18:10:11.0826 0x0b44 arc - ok
18:10:11.0982 0x0b44 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
18:10:12.0060 0x0b44 arcsas - ok
18:10:12.0232 0x0b44 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:10:12.0232 0x0b44 AsyncMac - ok
18:10:12.0450 0x0b44 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\DRIVERS\atapi.sys
18:10:12.0512 0x0b44 atapi - ok
18:10:13.0542 0x0b44 [ 07721A77180EDD4D39CCB865BF63C7FD, 9E8117E747C86154F98F2686D805A981029CC5D11AFB115A529429C9A4579BE5 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:10:13.0573 0x0b44 AudioEndpointBuilder - ok
18:10:13.0838 0x0b44 [ 07721A77180EDD4D39CCB865BF63C7FD, 9E8117E747C86154F98F2686D805A981029CC5D11AFB115A529429C9A4579BE5 ] AudioSrv C:\Windows\System32\Audiosrv.dll
18:10:13.0854 0x0b44 AudioSrv - ok
18:10:14.0384 0x0b44 [ B20B5FA5CA050E9926E4D1DB81501B32, 91B9038349BA07E32DE809E6798167EE44087809EB1174B84EC16580040F1BE0 ] AxInstSV C:\Windows\System32\AxInstSV.dll
18:10:14.0416 0x0b44 AxInstSV - ok
18:10:14.0540 0x0b44 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
18:10:14.0681 0x0b44 b06bdrv - ok
18:10:15.0336 0x0b44 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
18:10:15.0367 0x0b44 b57nd60a - ok
18:10:15.0570 0x0b44 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
18:10:15.0601 0x0b44 BDESVC - ok
18:10:15.0757 0x0b44 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
18:10:15.0757 0x0b44 Beep - ok
18:10:16.0398 0x0b44 [ 4992C609A6315671463E30F6512BC022, 3020034556EAC25CD90F41D3BFFDD0BB2C3D1C5BAC4359F4B71B84A9FC404495 ] BFE C:\Windows\System32\bfe.dll
18:10:16.0429 0x0b44 BFE - ok
18:10:16.0819 0x0b44 [ 7F0C323FE3DA28AA4AA1BDA3F575707F, 7FF09CBC16A9E5F357A76FF79A3F0DD047957D474031F51A6BB4916C7911F005 ] BITS C:\Windows\System32\qmgr.dll
18:10:16.0850 0x0b44 BITS - ok
18:10:16.0913 0x0b44 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
18:10:16.0928 0x0b44 blbdrive - ok
18:10:17.0334 0x0b44 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
18:10:17.0349 0x0b44 Bonjour Service - ok
18:10:17.0646 0x0b44 [ 19D20159708E152267E53B66677A4995, 6401FA5C3EFF26BED075FEC68F868CD8D0598FDB45EA9381810615F7252F7A9A ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:10:17.0646 0x0b44 bowser - ok
18:10:17.0833 0x0b44 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:10:17.0849 0x0b44 BrFiltLo - ok
18:10:17.0880 0x0b44 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:10:17.0895 0x0b44 BrFiltUp - ok
18:10:17.0989 0x0b44 [ 6B054C67AAA87843504E8E3C09102009, 284AA58625FBDBFECB851A35407331B40BAEC141F2DCEDB9F15733BAB22F5C81 ] Browser C:\Windows\System32\browser.dll
18:10:17.0989 0x0b44 Browser - ok
18:10:18.0161 0x0b44 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
18:10:18.0348 0x0b44 Brserid - ok
18:10:18.0426 0x0b44 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
18:10:18.0457 0x0b44 BrSerWdm - ok
18:10:18.0519 0x0b44 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
18:10:18.0519 0x0b44 BrUsbMdm - ok
18:10:18.0691 0x0b44 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
18:10:18.0722 0x0b44 BrUsbSer - ok
18:10:18.0800 0x0b44 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
18:10:18.0831 0x0b44 BTHMODEM - ok
18:10:18.0972 0x0b44 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
18:10:18.0972 0x0b44 bthserv - ok
18:10:19.0019 0x0b44 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:10:19.0034 0x0b44 cdfs - ok
18:10:19.0284 0x0b44 [ 83D2D75E1EFB81B3450C18131443F7DB, F2C686C980D818E797818E75B808E1E0B51B2045840A4BFC32D860B7DB4DFA22 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
18:10:19.0299 0x0b44 cdrom - ok
18:10:19.0455 0x0b44 [ 312E2F82AF11E79906898AC3E3D58A1F, F6CB7D8B204B94F749D5DBEFD552150AAB16A34D629F87F73823A7504465F106 ] CertPropSvc C:\Windows\System32\certprop.dll
18:10:19.0471 0x0b44 CertPropSvc - ok
18:10:19.0533 0x0b44 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
18:10:19.0658 0x0b44 circlass - ok
18:10:19.0845 0x0b44 [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\Windows\system32\CLFS.sys
18:10:19.0877 0x0b44 CLFS - ok
18:10:20.0547 0x0b44 [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:10:20.0657 0x0b44 clr_optimization_v2.0.50727_32 - ok
18:10:20.0828 0x0b44 [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:10:20.0875 0x0b44 clr_optimization_v2.0.50727_64 - ok
18:10:21.0360 0x0b44 [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:10:21.0828 0x0b44 clr_optimization_v4.0.30319_32 - ok
18:10:22.0374 0x0b44 [ C6F9AF94DCD58122A4D7E89DB6BED29D, CB0E5AE60EC76323585FB86D89E8DB7ADB5EDF6EA3D0B27E9ECE75B8CAA8BFDE ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:10:22.0405 0x0b44 clr_optimization_v4.0.30319_64 - ok
18:10:22.0498 0x0b44 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
18:10:22.0498 0x0b44 CmBatt - ok
18:10:22.0576 0x0b44 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
18:10:22.0654 0x0b44 cmdide - ok
18:10:22.0873 0x0b44 [ CA7720B73446FDDEC5C69519C1174C98, F24796765587CC1D653A04783B1659564F42E600DA3AFA3DED724592B291D033 ] CNG C:\Windows\system32\Drivers\cng.sys
18:10:22.0920 0x0b44 CNG - ok
18:10:23.0091 0x0b44 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
18:10:23.0107 0x0b44 Compbatt - ok
18:10:23.0310 0x0b44 [ F26B3A86F6FA87CA360B879581AB4123, 723904362614FE47F6CC0EA0656BA1B47EA32D73BAFB61688A5E5CAE4340B1BF ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
18:10:23.0310 0x0b44 CompositeBus - ok
18:10:23.0372 0x0b44 COMSysApp - ok
18:10:23.0481 0x0b44 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
18:10:23.0528 0x0b44 crcdisk - ok
18:10:23.0731 0x0b44 [ BAF19B633933A9FB4883D27D66C39E9A, 2D8ABB5161736CCCADA67B3E6A8D70B0B5E1E3FE6084561891F394DA191B3439 ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:10:23.0731 0x0b44 CryptSvc - ok
18:10:24.0433 0x0b44 [ 72794D112CBAFF3BC0C29BF7350D4741, 060C207F27306A3464FBCD8B08BDC97E34923ECA349933ECB059848BD08F41ED ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
18:10:24.0464 0x0b44 cvhsvc - ok
18:10:24.0885 0x0b44 [ 7266972E86890E2B30C0C322E906B027, BFA30E85F5BD3AA933913BD7C6D2B5993DB7AFB0C98349B61A6BEF0BDC8A3680 ] DcomLaunch C:\Windows\system32\rpcss.dll
18:10:24.0916 0x0b44 DcomLaunch - ok
18:10:24.0994 0x0b44 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
18:10:25.0041 0x0b44 defragsvc - ok
18:10:25.0119 0x0b44 [ 9C253CE7311CA60FC11C774692A13208, 23507138576DB75AA8B7415140F7B5D8A90CB2661796223870461C721A36AEBF ] DfsC C:\Windows\system32\Drivers\dfsc.sys
18:10:25.0119 0x0b44 DfsC - ok
18:10:25.0275 0x0b44 [ CE3B9562D997F69B330D181A8875960F, 6FEE6622859198C5C13545867EF7CFE8EDC991360E976F792313DAA9C82CC5C8 ] Dhcp C:\Windows\system32\dhcpcore.dll
18:10:25.0275 0x0b44 Dhcp - ok
18:10:25.0353 0x0b44 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
18:10:25.0369 0x0b44 discache - ok
18:10:25.0478 0x0b44 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\DRIVERS\disk.sys
18:10:25.0494 0x0b44 Disk - ok
18:10:25.0572 0x0b44 [ 85CF424C74A1D5EC33533E1DBFF9920A, 882D5FA0D5EC053D76A0C46A6047A621D607651693CF94E5506219EECCC8D079 ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:10:25.0587 0x0b44 Dnscache - ok
18:10:25.0790 0x0b44 [ 14452ACDB09B70964C8C21BF80A13ACB, DA0AAAC04626EFF4256D7095FF1DDA1F1B17676E26990C418BDF5090476F2AB4 ] dot3svc C:\Windows\System32\dot3svc.dll
18:10:25.0821 0x0b44 dot3svc - ok
18:10:26.0055 0x0b44 [ 8C2BA6BEA949EE6E68385F5692BAFB94, 1047F473DCE0FB56BEA5C1B7929752C1FBAB5983C8202ABB4EEA48FCD60A353A ] DPS C:\Windows\system32\dps.dll
18:10:26.0071 0x0b44 DPS - ok
18:10:26.0196 0x0b44 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:10:26.0242 0x0b44 drmkaud - ok
18:10:26.0601 0x0b44 [ 1633B9ABF52784A1331476397A48CBEF, 697780697C4C55FCCF5FB65C93FB37B3F5A43BF0C59FDBB9EF822D0E993E47BD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:10:26.0632 0x0b44 DXGKrnl - ok
18:10:26.0726 0x0b44 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
18:10:26.0726 0x0b44 EapHost - ok
18:10:27.0444 0x0b44 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
18:10:27.0818 0x0b44 ebdrv - ok
18:10:27.0927 0x0b44 [ 156F6159457D0AA7E59B62681B56EB90, 27B855BF79490E4CC58D38A920C077A56785494BFFF0B448A898486009B24937 ] EFS C:\Windows\System32\lsass.exe
18:10:27.0927 0x0b44 EFS - ok
18:10:28.0395 0x0b44 [ 47C071994C3F649F23D9CD075AC9304A, B7AA2DD6AD14F18A19620F5FB79D50C630D3750E72DD67BF8D105CC4F5CE1D46 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
18:10:28.0520 0x0b44 ehRecvr - ok
18:10:28.0567 0x0b44 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
18:10:28.0582 0x0b44 ehSched - ok
18:10:28.0785 0x0b44 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
18:10:28.0879 0x0b44 elxstor - ok
18:10:28.0926 0x0b44 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
18:10:28.0926 0x0b44 ErrDev - ok
18:10:29.0284 0x0b44 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
18:10:29.0300 0x0b44 EventSystem - ok
18:10:29.0440 0x0b44 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
18:10:29.0456 0x0b44 exfat - ok
18:10:29.0550 0x0b44 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:10:29.0565 0x0b44 fastfat - ok
18:10:29.0940 0x0b44 [ D607B2F1BEE3992AA6C2C92C0A2F0855, E22301C8F01DBF0A38A85165959BB070647C996CB1BCD50FDFE3DDDCA427DF2A ] Fax C:\Windows\system32\fxssvc.exe
18:10:29.0955 0x0b44 Fax - ok
18:10:30.0080 0x0b44 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\DRIVERS\fdc.sys
18:10:30.0096 0x0b44 fdc - ok
18:10:30.0158 0x0b44 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
18:10:30.0174 0x0b44 fdPHost - ok
18:10:30.0220 0x0b44 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
18:10:30.0252 0x0b44 FDResPub - ok
18:10:30.0283 0x0b44 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:10:30.0298 0x0b44 FileInfo - ok
18:10:30.0330 0x0b44 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:10:30.0330 0x0b44 Filetrace - ok
18:10:30.0408 0x0b44 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
18:10:30.0423 0x0b44 flpydisk - ok
18:10:30.0579 0x0b44 [ F7866AF72ABBAF84B1FA5AA195378C59, 9D522044FE9C18FB3EC327E675737C01F2A8231DDE900421D3A431596946A7F8 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:10:30.0579 0x0b44 FltMgr - ok
18:10:31.0266 0x0b44 [ CB5E4B9C319E3C6BB363EB7E58A4A051, C9DCF2C2A6AFE0A0F3E23A265843D0C423C08B2E54702C5B389CF293D9A6BAC5 ] FontCache C:\Windows\system32\FntCache.dll
18:10:31.0312 0x0b44 FontCache - ok
18:10:31.0484 0x0b44 [ 8D89E3131C27FDD6932189CB785E1B7A, AC7DA4C5E6D2E41D1A1DE146E46F034FAF0FB11AD801F070F2D5CD08166E9EB7 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:10:31.0515 0x0b44 FontCache3.0.0.0 - ok
18:10:31.0578 0x0b44 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
18:10:31.0578 0x0b44 FsDepends - ok
18:10:31.0624 0x0b44 [ D3E3F93D67821A2DB2B3D9FAC2DC2064, 727FAA7E15A20ED3A37668D294ABDE6EAF1C87C34EE283C99EE3303E85001404 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:10:31.0656 0x0b44 Fs_Rec - ok
18:10:31.0890 0x0b44 [ 1F44F8559E61A8306ECC67BB1E168B7C, 5B7CDD4EDF128B48817145357BB36E2107F0D081C26004B44BFF7C63AD29D99B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
18:10:31.0905 0x0b44 fvevol - ok
18:10:31.0968 0x0b44 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
18:10:32.0124 0x0b44 gagp30kx - ok
18:10:32.0576 0x0b44 [ E53EE18A21C025DEABCFE0F72FC481BB, 4725BEA1AACDCEA8E2EF45DB6385BBD0261DD89D5582647355D8762DB1447743 ] GameConsoleService C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
18:10:32.0654 0x0b44 GameConsoleService - ok
18:10:32.0810 0x0b44 [ E403AACF8C7BB11375122D2464560311, 0427B8FFD999D256EA1A5135F218692959A7577CB32354D3087CF0FB4F0577DF ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:10:32.0810 0x0b44 GEARAspiWDM - ok
18:10:33.0262 0x0b44 [ FE5AB4525BC2EC68B9119A6E5D40128B, 088DE37982CEE78A0C1181389A3BFF1E352DF504074B3E8F3EA244DB271BF216 ] gpsvc C:\Windows\System32\gpsvc.dll
18:10:33.0294 0x0b44 gpsvc - ok
18:10:33.0762 0x0b44 [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:10:33.0762 0x0b44 gupdate - ok
18:10:33.0964 0x0b44 [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:10:33.0980 0x0b44 gupdatem - ok
18:10:34.0495 0x0b44 [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
18:10:34.0526 0x0b44 gusvc - ok
18:10:34.0588 0x0b44 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
18:10:34.0604 0x0b44 hcw85cir - ok
18:10:34.0744 0x0b44 [ 6410F6F415B2A5A9037224C41DA8BF12, 5B8452BC49FDA2215281D27B22FA9BE46B0460F51C4DC70E58B687CFB541F3A5 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:10:34.0807 0x0b44 HdAudAddService - ok
18:10:34.0963 0x0b44 [ 0A49913402747A0B67DE940FB42CBDBB, 61A45DBDCEB4A2D5C3C28F6BC8C5ADC51D0240A7553DF44BCC4355FC06F72B83 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
18:10:34.0963 0x0b44 HDAudBus - ok
18:10:34.0994 0x0b44 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
18:10:35.0010 0x0b44 HidBatt - ok
18:10:35.0384 0x0b44 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
18:10:35.0602 0x0b44 HidBth - ok
18:10:35.0649 0x0b44 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
18:10:35.0665 0x0b44 HidIr - ok
18:10:35.0758 0x0b44 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll
18:10:35.0805 0x0b44 hidserv - ok
18:10:35.0961 0x0b44 [ B3BF6B5B50006DEF50B66306D99FCF6F, D39A1DEBE7C464922919826D15199ED25E263BF58633593DD412D78F98921417 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
18:10:35.0992 0x0b44 HidUsb - ok
18:10:36.0070 0x0b44 [ EFA58EDE58DD74388FFD04CB32681518, 76D81F9BC1A4D85A779B79DEC23B79F1568AA236CD49247414093CDC1FCC150F ] hkmsvc C:\Windows\system32\kmsvc.dll
18:10:36.0086 0x0b44 hkmsvc - ok
18:10:36.0181 0x0b44 [ 046B2673767CA626E2CFB7FDF735E9E8, 9C932DCC5DE9B1919AB38C01D76AD7BBAF491DE6D158662407974748BC0B4C6C ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:10:36.0196 0x0b44 HomeGroupListener - ok
18:10:36.0352 0x0b44 [ 06A7422224D9865A5613710A089987DF, EF604B4B6918D3FDC8E90ED9004E6E7340E0F399C214C65CCE3A7C8C576FA1C0 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:10:36.0352 0x0b44 HomeGroupProvider - ok
18:10:36.0711 0x0b44 [ BB1FC298BE53AAB1E110F6E786BD8AC5, C2DA2C3CE96D5F8B50013063B5EF7BED7478636896C709A7AF34855B2E69B9F1 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
18:10:36.0727 0x0b44 HP Support Assistant Service - ok
18:10:37.0226 0x0b44 [ 9B7EDD3FE7C211C36E921D34D18A3A0A, 03A450F85A042F9668D1560FA2B8B89783568C87CDB1A8685CDA2AC9FE3761C3 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
18:10:37.0273 0x0b44 hpqwmiex - ok
18:10:37.0366 0x0b44 [ 0886D440058F203EBA0E1825E4355914, BC49C4CEFE324A08C864A4BF4FEA9A70151FAB7CC30BDC28344F3FFD2F500070 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
18:10:37.0382 0x0b44 HpSAMD - ok
18:10:37.0585 0x0b44 [ F630DD7564EBB7248A13B1CC774D9EA6, 53BDFDB7177606DCBB5098A417542F181487227FB73C5C93BE1275752D2C002A ] HPWMISVC C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
18:10:37.0585 0x0b44 HPWMISVC - ok
18:10:37.0881 0x0b44 [ CEE049CAC4EFA7F4E1E4AD014414A5D4, 433AE2D845850F1D7A48275BBD87B3F0E7DD48F2282C727C4B777ECD92CC331D ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:10:37.0912 0x0b44 HTTP - ok
18:10:37.0975 0x0b44 [ F17766A19145F111856378DF337A5D79, FC1633FB865A5324EBCBE5F97D297B899FABBDD965D862C2EFC743CD36F47E62 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
18:10:37.0990 0x0b44 hwpolicy - ok
18:10:38.0068 0x0b44 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
18:10:38.0068 0x0b44 i8042prt - ok
18:10:38.0302 0x0b44 [ 1384872112E8E7FD5786ECEB8BDDF4C9, DC7844691740805A94F2901F8CB56F1591AF4F0F9C6D92D6B8595F89E6FA5F02 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
18:10:38.0318 0x0b44 iaStor - ok
18:10:38.0567 0x0b44 [ B75E45C564E944A2657167D197AB29DA, 622EA73F4D9CAE17628C18148FB241817A0AE6D80A74B099204ED27C1A750B24 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
18:10:38.0583 0x0b44 iaStorV - ok
18:10:38.0989 0x0b44 [ 2F2BE70D3E02B6FA877921AB9516D43C, E04255EE4BD95FC1539EB1EB9F702B039F65993D31A4531DA487274543EF5226 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:10:39.0082 0x0b44 idsvc - ok
18:10:42.0405 0x0b44 [ 677AA5991026A65ADA128C4B59CF2BAD, 013F9D7362960EEE1DB70EE8B90A896EACA0B752924717FD019A6DD3BFF50C00 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
18:10:42.0779 0x0b44 igfx - ok
18:10:42.0998 0x0b44 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
18:10:43.0060 0x0b44 iirsp - ok
18:10:43.0279 0x0b44 [ C5B4683680DF085B57BC53E5EF34861F, 9C06517DFCB3ED7BB1166F7EB6CCC8713E6B68283C75420C0EDC182094AA1B8F ] IKEEXT C:\Windows\System32\ikeext.dll
18:10:43.0341 0x0b44 IKEEXT - ok
18:10:43.0747 0x0b44 [ D311E2DD59A34079D89C249B2A4D9FDB, F2DB1DBD5619A48545434983DDB5260A610F22B37E1D81720B688FEF95C9AD07 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
18:10:43.0825 0x0b44 IntcAzAudAddService - ok
18:10:44.0105 0x0b44 [ CFC68CA36A63637E8CA69669EE3693DA, AC30892868E0D0AC5C3E6309AB71A5C3C07460DCAE4DC03DD811FC208B2E6FC9 ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys
18:10:44.0105 0x0b44 IntcHdmiAddService - ok
18:10:44.0168 0x0b44 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\DRIVERS\intelide.sys
18:10:44.0183 0x0b44 intelide - ok
18:10:44.0293 0x0b44 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
18:10:44.0308 0x0b44 intelppm - ok
18:10:44.0495 0x0b44 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:10:44.0511 0x0b44 IPBusEnum - ok
18:10:44.0558 0x0b44 [ 722DD294DF62483CECAAE6E094B4D695, 41ABB42EF969EA8A84B546908EBBDC2411D964DE101CE6DD3D7ECF109085E0C0 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:10:44.0573 0x0b44 IpFilterDriver - ok
18:10:44.0917 0x0b44 [ F8E058D17363EC580E4B7232778B6CB5, 02352919F349C57930A0B032FBDC45327FB473D310DE7AC721F4694FDE7D21FB ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
18:10:44.0932 0x0b44 iphlpsvc - ok
18:10:45.0026 0x0b44 [ E2B4A4494DB7CB9B89B55CA268C337C5, C59BC4AA03D10647641EC7533F78BC7E2EA6FC48B8B2CF1A49B5148EF40A90FB ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
18:10:45.0057 0x0b44 IPMIDRV - ok
18:10:45.0104 0x0b44 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
18:10:45.0182 0x0b44 IPNAT - ok
18:10:45.0556 0x0b44 [ 50D6CCC6FF5561F9F56946B3E6164FB8, 27529E751D3CB13B651B54474F04A17DF5737AD0170CD41F601E779F90603D11 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
18:10:45.0587 0x0b44 iPod Service - ok
18:10:45.0697 0x0b44 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:10:45.0712 0x0b44 IRENUM - ok
18:10:45.0837 0x0b44 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
18:10:45.0853 0x0b44 isapnp - ok
18:10:46.0009 0x0b44 [ FA4D2557DE56D45B0A346F93564BE6E1, 2827EC3582FF59FFD55BBD4A4F0DDFFEAD4F2537FA043B3A69904FE920B1619C ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
18:10:46.0055 0x0b44 iScsiPrt - ok
18:10:46.0118 0x0b44 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
18:10:46.0118 0x0b44 kbdclass - ok
18:10:46.0180 0x0b44 [ 6DEF98F8541E1B5DCEB2C822A11F7323, F6EE4A7A6A7A1F243D32CA9241CA4816C92EB7BF2AADDD09234968C2CAAE6C0D ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
18:10:46.0212 0x0b44 kbdhid - ok
18:10:46.0244 0x0b44 [ 156F6159457D0AA7E59B62681B56EB90, 27B855BF79490E4CC58D38A920C077A56785494BFFF0B448A898486009B24937 ] KeyIso C:\Windows\system32\lsass.exe
18:10:46.0244 0x0b44 KeyIso - ok
18:10:46.0322 0x0b44 [ 4F4B5FDE429416877DE7143044582EB5, A28FFEA078DBD91F3CC28088810EEEB727107B3F0F48370B44D87DC8F8C55B99 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:10:46.0353 0x0b44 KSecDD - ok
18:10:46.0446 0x0b44 [ 6F40465A44ECDC1731BEFAFEC5BDD03C, 317334D414D0AF73CB4D9CA11EA80C641E786760B8800F2795D0CB38378DBB80 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
18:10:46.0524 0x0b44 KSecPkg - ok
18:10:46.0602 0x0b44 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
18:10:46.0602 0x0b44 ksthunk - ok
18:10:46.0805 0x0b44 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
18:10:46.0852 0x0b44 KtmRm - ok
18:10:46.0961 0x0b44 [ 81F1D04D4D0E433099365127375FD501, C2A81B5A482C974E8108806486EC28CB2D81400D42639682FE7B7A9BDF14BA9B ] LanmanServer C:\Windows\system32\srvsvc.dll
18:10:46.0977 0x0b44 LanmanServer - ok
18:10:47.0086 0x0b44 [ 27026EAC8818E8A6C00A1CAD2F11D29A, A12858CCB3B2419D66C667A46B106DA7A7BA97FFFA9634BFAE95DDF193C430D5 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:10:47.0086 0x0b44 LanmanWorkstation - ok
18:10:47.0211 0x0b44 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:10:47.0226 0x0b44 lltdio - ok
18:10:47.0351 0x0b44 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:10:47.0382 0x0b44 lltdsvc - ok
18:10:47.0429 0x0b44 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
18:10:47.0429 0x0b44 lmhosts - ok
18:10:47.0538 0x0b44 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
18:10:47.0554 0x0b44 LSI_FC - ok
18:10:47.0632 0x0b44 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
18:10:47.0648 0x0b44 LSI_SAS - ok
18:10:47.0757 0x0b44 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:10:47.0788 0x0b44 LSI_SAS2 - ok
18:10:47.0913 0x0b44 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:10:47.0928 0x0b44 LSI_SCSI - ok
18:10:47.0991 0x0b44 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
18:10:47.0991 0x0b44 luafv - ok
18:10:48.0162 0x0b44 [ EF586B959F747E74C76603FF16AE417B, 751AAB31D7B5542C06F1E9145AC2DCB073EAF7FE5FDE100ED404564D21317417 ] LVRS64 C:\Windows\system32\DRIVERS\lvrs64.sys
18:10:48.0209 0x0b44 LVRS64 - ok
18:10:49.0738 0x0b44 [ EDF73BFA1BD24D74D1D64DC0ED28A7CD, BD8D9D15C83EF1C9467A137764E128D80CFE58A2B728CDB57CB272D426702318 ] LVUVC64 C:\Windows\system32\DRIVERS\lvuvc64.sys
18:10:50.0081 0x0b44 LVUVC64 - ok
18:10:50.0331 0x0b44 [ F84C8F1000BC11E3B7B23CBD3BAFF111, BB4C4FFE3F6C9E5C16C06F6F666F177B94E1CF878397BCC0BDAF6EB3341AAED8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
18:10:50.0378 0x0b44 Mcx2Svc - ok
18:10:51.0345 0x0b44 [ BD985773F2163469D5C2952C599781D6, A663A90E0A59317827F426C98E18CD04965A00721B2E1BD80FCB533B9044C71D ] MediaMall Server C:\Program Files (x86)\MediaMall\MediaMallServer.exe
18:10:51.0423 0x0b44 MediaMall Server - ok
18:10:51.0470 0x0b44 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
18:10:51.0501 0x0b44 megasas - ok
18:10:51.0672 0x0b44 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
18:10:51.0719 0x0b44 MegaSR - ok
18:10:51.0860 0x0b44 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
18:10:51.0860 0x0b44 MMCSS - ok
18:10:51.0906 0x0b44 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
18:10:51.0922 0x0b44 Modem - ok
18:10:52.0078 0x0b44 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:10:52.0078 0x0b44 monitor - ok
18:10:52.0172 0x0b44 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
18:10:52.0172 0x0b44 mouclass - ok
18:10:52.0374 0x0b44 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
18:10:52.0390 0x0b44 mouhid - ok
18:10:52.0437 0x0b44 [ 791AF66C4D0E7C90A3646066386FB571, BF67643099494AEADDDC85E4D97AFF1017806A1DF554F9BE6C864FFECC9EAF42 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
18:10:52.0468 0x0b44 mountmgr - ok
18:10:52.0562 0x0b44 [ 609D1D87649ECC19796F4D76D4C15CEA, 5369F4C83FBAE9C4CFB9ACD36F07479E3F3FD784D79B82AE8D95B818B9F9CE00 ] mpio C:\Windows\system32\DRIVERS\mpio.sys
18:10:52.0577 0x0b44 mpio - ok
18:10:52.0624 0x0b44 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:10:52.0624 0x0b44 mpsdrv - ok
18:10:52.0936 0x0b44 [ AECAB449567D1846DAD63ECE49E893E3, 7A67A16A3E04574B7CAD097632ABA9B361BBEFDD6B36B7B8E3A1996EC529C2DC ] MpsSvc C:\Windows\system32\mpssvc.dll
18:10:52.0967 0x0b44 MpsSvc - ok
18:10:53.0076 0x0b44 [ 30524261BB51D96D6FCBAC20C810183C, 19598A9CD0EAAE4ACBF1069E721AB2853452F33FCFB3B5113F023A88A90BF42D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:10:53.0154 0x0b44 MRxDAV - ok
18:10:53.0279 0x0b44 [ 040D62A9D8AD28922632137ACDD984F2, D9457BDA88C2E3AA4E716C0657B77A4A3E212328CDABD5C18279B6440E1C1594 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:10:53.0279 0x0b44 mrxsmb - ok
18:10:53.0420 0x0b44 [ F0067552F8F9B33D7C59403AB808A3CB, 698B63528E1943BB4253BF7578DC128AA824C71BD04FF0521277E68B20656C02 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:10:53.0435 0x0b44 mrxsmb10 - ok
18:10:53.0498 0x0b44 [ 3C142D31DE9F2F193218A53FE2632051, 026B3A932A95D5160B64E470FC414F3D388D429317D5EAEA2D476F715C4CAE75 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:10:53.0498 0x0b44 mrxsmb20 - ok
18:10:53.0560 0x0b44 [ 5C37497276E3B3A5488B23A326A754B7, 9982FCDAFB963868EB93A4DEF811A3167488EB5246BAC3F4AE960506FDF63967 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
18:10:53.0607 0x0b44 msahci - ok
18:10:53.0685 0x0b44 [ 8D27B597229AED79430FB9DB3BCBFBD0, 3D58E08B47E8AE419D405BF263929DFA6F2F5F0C2D79FD8D6F2CED6452F6F248 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
18:10:53.0700 0x0b44 msdsm - ok
18:10:53.0747 0x0b44 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
18:10:53.0763 0x0b44 MSDTC - ok
18:10:53.0856 0x0b44 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:10:53.0856 0x0b44 Msfs - ok
18:10:53.0888 0x0b44 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
18:10:53.0903 0x0b44 mshidkmdf - ok
18:10:53.0950 0x0b44 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
18:10:53.0950 0x0b44 msisadrv - ok
18:10:54.0122 0x0b44 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:10:54.0200 0x0b44 MSiSCSI - ok
18:10:54.0200 0x0b44 msiserver - ok
18:10:54.0278 0x0b44 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:10:54.0293 0x0b44 MSKSSRV - ok
18:10:54.0340 0x0b44 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:10:54.0340 0x0b44 MSPCLOCK - ok
18:10:54.0434 0x0b44 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:10:54.0480 0x0b44 MSPQM - ok
18:10:54.0590 0x0b44 [ 89CB141AA8616D8C6A4610FA26C60964, 76E72F6A0348EDC58A8E6F88C7F024B8B077670400BD5A833811DAFCF9F517CC ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:10:54.0605 0x0b44 MsRPC - ok
18:10:54.0668 0x0b44 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
18:10:54.0668 0x0b44 mssmbios - ok
18:10:54.0714 0x0b44 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:10:54.0730 0x0b44 MSTEE - ok
18:10:54.0948 0x0b44 [ C83829C280F0207677B7AAA151EF9C4D, 3CD9E5C42391DCD6D7AC99C1100237BD54A57F1F5511811D6382D6EFB97D444E ] msvad_simple C:\Windows\system32\drivers\povrtdev.sys
18:10:54.0964 0x0b44 msvad_simple - ok
18:10:55.0011 0x0b44 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
18:10:55.0026 0x0b44 MTConfig - ok
18:10:55.0089 0x0b44 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
18:10:55.0104 0x0b44 Mup - ok
18:10:55.0292 0x0b44 [ 4987E079A4530FA737A128BE54B63B12, 27E51CC7D4D90DC4397575491DE7EFE15808709F097E2828E46AA73C771A47A4 ] napagent C:\Windows\system32\qagentRT.dll
18:10:55.0307 0x0b44 napagent - ok
18:10:55.0479 0x0b44 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:10:55.0494 0x0b44 NativeWifiP - ok
18:10:55.0853 0x0b44 NAVENG - ok
18:10:55.0869 0x0b44 NAVEX15 - ok
18:10:56.0165 0x0b44 [ CAD515DBD07D082BB317D9928CE8962C, 7AFA6D6154AC68F9FCC37B7B3324F7A170AE91035805026445F24F6EB4FB7F2E ] NDIS C:\Windows\system32\drivers\ndis.sys
18:10:56.0212 0x0b44 NDIS - ok
18:10:56.0306 0x0b44 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
18:10:56.0321 0x0b44 NdisCap - ok
18:10:56.0415 0x0b44 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:10:56.0430 0x0b44 NdisTapi - ok
18:10:56.0540 0x0b44 [ F105BA1E22BF1F2EE8F005D4305E4BEC, 723DA09E13D0F50634D9F114590B837D16F7B36AA0DA2AB8F8C2D9991624EA8F ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:10:56.0540 0x0b44 Ndisuio - ok
18:10:56.0602 0x0b44 [ 557DFAB9CA1FCB036AC77564C010DAD3, 8A21B342AFE5B498FB62EDDC81A3ADA9570677B7A382666090E0ABB1F85FEF29 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:10:56.0618 0x0b44 NdisWan - ok
18:10:56.0758 0x0b44 [ 659B74FB74B86228D6338D643CD3E3CF, 83D741B7A2A204A661A80C226212749F514800060D05E217FA6DC14D62F38F80 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:10:56.0774 0x0b44 NDProxy - ok
18:10:56.0820 0x0b44 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:10:56.0836 0x0b44 NetBIOS - ok
18:10:56.0976 0x0b44 [ 9162B273A44AB9DCE5B44362731D062A, 5A1BA6DBFEBB2618DC9D4CC55FA071C170A5D22FFB24CE62DD5B3210D8B45F39 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
18:10:56.0992 0x0b44 NetBT - ok
18:10:57.0023 0x0b44 [ 156F6159457D0AA7E59B62681B56EB90, 27B855BF79490E4CC58D38A920C077A56785494BFFF0B448A898486009B24937 ] Netlogon C:\Windows\system32\lsass.exe
18:10:57.0023 0x0b44 Netlogon - ok
18:10:57.0288 0x0b44 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
18:10:57.0304 0x0b44 Netman - ok
18:10:57.0600 0x0b44 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
18:10:57.0616 0x0b44 netprofm - ok
18:10:57.0694 0x0b44 [ 3E5A36127E201DDF663176B66828FAFE, 5A08BA9EFB1A72DF1DD839BA5FA2B8994012BA62A515588FF62333B33B60045B ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:10:57.0710 0x0b44 NetTcpPortSharing - ok
18:10:59.0238 0x0b44 [ 64428DFDAF6E88366CB51F45A79C5F69, 31187D38C1AB52120A3CB7AC3CE47ED9682AC37B0F06B9A9610C0065DD4E7B13 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
18:10:59.0550 0x0b44 netw5v64 - ok
18:10:59.0597 0x0b44 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
18:10:59.0675 0x0b44 nfrd960 - ok
18:10:59.0925 0x0b44 [ 2F86BE1818C2D7AC90478E3323EE7FCB, CE721FCFFDC9D24483DEB6BB77DAFEBE79BA143CA2EE68BF28E2A9297AADB2D4 ] NIS C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe
18:10:59.0925 0x0b44 NIS - ok
18:11:00.0112 0x0b44 [ D9A0CE66046D6EFA0C61BAA885CBA0A8, 06C3331C7F3EE0E0B95E8302CB80315E965587C4D6231785B8ACF3FAE4731FAF ] NlaSvc C:\Windows\System32\nlasvc.dll
18:11:00.0112 0x0b44 NlaSvc - ok
18:11:00.0252 0x0b44 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:11:00.0252 0x0b44 Npfs - ok
18:11:00.0362 0x0b44 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
18:11:00.0362 0x0b44 nsi - ok
18:11:00.0408 0x0b44 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:11:00.0408 0x0b44 nsiproxy - ok
18:11:00.0798 0x0b44 [ 9A6089B056EA1B83B36424FC9D0A300E, EA60282C5A32B497921B568C1FE735F5BDB9D954DDC4E609F7F3CAE5ED823CEC ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:11:00.0861 0x0b44 Ntfs - ok
18:11:00.0908 0x0b44 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
18:11:00.0908 0x0b44 Null - ok
18:11:01.0032 0x0b44 [ A4D9C9A608A97F59307C2F2600EDC6A4, D786F4CA2D10BAC31CE14A338C442F7027D4BB2E955AB99BC44C2F241D383BBE ] nvraid C:\Windows\system32\drivers\nvraid.sys
18:11:01.0079 0x0b44 nvraid - ok
18:11:01.0142 0x0b44 [ 6C1D5F70E7A6A3FD1C90D840EDC048B9, 8D5337742A0F5B04D636C163CE77D4A9B3684CF81170026912A402513B44BA77 ] nvstor C:\Windows\system32\drivers\nvstor.sys
18:11:01.0251 0x0b44 nvstor - ok
18:11:01.0282 0x0b44 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
18:11:01.0314 0x0b44 nv_agp - ok
18:11:01.0361 0x0b44 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
18:11:01.0408 0x0b44 ohci1394 - ok
18:11:01.0486 0x0b44 [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:11:01.0564 0x0b44 ose - ok
18:11:03.0264 0x0b44 [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:11:03.0607 0x0b44 osppsvc - ok
18:11:03.0732 0x0b44 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
18:11:03.0748 0x0b44 p2pimsvc - ok
18:11:03.0857 0x0b44 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
18:11:03.0888 0x0b44 p2psvc - ok
18:11:03.0951 0x0b44 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\DRIVERS\parport.sys
18:11:04.0013 0x0b44 Parport - ok
18:11:04.0060 0x0b44 [ 90061B1ACFE8CCAA5345750FFE08D8B8, 76309683FFDF380AF9C6E1D9A52E46B011A0BF1026D747181D01F3312B7541C7 ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:11:04.0091 0x0b44 partmgr - ok
18:11:04.0169 0x0b44 [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc C:\Windows\System32\pcasvc.dll
18:11:04.0185 0x0b44 PcaSvc - ok
18:11:04.0263 0x0b44 [ F36F6504009F2FB0DFD1B17A116AD74B, 33A4C217F7DC5E5B7E1B6CF335327C8FE6CC5D6D048D420252965574CAD83918 ] pci C:\Windows\system32\DRIVERS\pci.sys
18:11:04.0309 0x0b44 pci - ok
18:11:04.0341 0x0b44 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\DRIVERS\pciide.sys
18:11:04.0403 0x0b44 pciide - ok
18:11:04.0497 0x0b44 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
18:11:04.0543 0x0b44 pcmcia - ok
18:11:04.0590 0x0b44 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
18:11:04.0606 0x0b44 pcw - ok
18:11:04.0762 0x0b44 [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:11:04.0793 0x0b44 PEAUTH - ok
18:11:06.0010 0x0b44 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
18:11:06.0025 0x0b44 PerfHost - ok
18:11:06.0181 0x0b44 [ 557E9A86F65F0DE18C9B6751DFE9D3F1, 630EE5A80335929517A22D130C75CBCE882B92978372A6F36C30B9D353C7BB07 ] pla C:\Windows\system32\pla.dll
18:11:06.0259 0x0b44 pla - ok
18:11:06.0401 0x0b44 [ 98B1721B8718164293B9701B98C52D77, 27F5F00D4AA394D4D8D0A0062EDC3F944B603E07CAAEDC5CC959BA1E8C208C2A ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:11:06.0432 0x0b44 PlugPlay - ok
18:11:06.0463 0x0b44 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
18:11:06.0494 0x0b44 PNRPAutoReg - ok
18:11:06.0588 0x0b44 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
18:11:06.0604 0x0b44 PNRPsvc - ok
18:11:06.0713 0x0b44 [ 166EB40D1F5B47E615DE3D0FFFE5F243, E32BCCA0D25CD631C221986EBE9F6C54BF2F12DE1672D69CCC4E22AD07D0525A ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:11:06.0728 0x0b44 PolicyAgent - ok
18:11:06.0838 0x0b44 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
18:11:06.0838 0x0b44 Power - ok
18:11:06.0900 0x0b44 [ 27CC19E81BA5E3403C48302127BDA717, C580FC552DDF9C163FC325B38B05C06FFD696495E4C01514BCD6346CFE4F0B40 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:11:06.0900 0x0b44 PptpMiniport - ok
18:11:06.0931 0x0b44 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\DRIVERS\processr.sys
18:11:06.0947 0x0b44 Processor - ok
18:11:07.0009 0x0b44 [ 97293447431311C06703368AD0F6C4BE, 302A3CA8F6961717D95469B20A8A71954D4ECFCDF4638238D3D44AAE5A8D9B8B ] ProfSvc C:\Windows\system32\profsvc.dll
18:11:07.0025 0x0b44 ProfSvc - ok
18:11:07.0040 0x0b44 [ 156F6159457D0AA7E59B62681B56EB90, 27B855BF79490E4CC58D38A920C077A56785494BFFF0B448A898486009B24937 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:11:07.0040 0x0b44 ProtectedStorage - ok
18:11:07.0181 0x0b44 [ EE992183BD8EAEFD9973F352E587A299, 6B28930FAA0A54FAADDAF2231553D7F5D45C7227454C6D49A86DFC9EF6BC9043 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
18:11:07.0181 0x0b44 Psched - ok
18:11:07.0477 0x0b44 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
18:11:07.0540 0x0b44 ql2300 - ok
18:11:07.0586 0x0b44 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
18:11:07.0602 0x0b44 ql40xx - ok
18:11:07.0680 0x0b44 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
18:11:07.0696 0x0b44 QWAVE - ok
18:11:07.0742 0x0b44 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:11:07.0758 0x0b44 QWAVEdrv - ok
18:11:07.0789 0x0b44 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:11:07.0789 0x0b44 RasAcd - ok
18:11:07.0867 0x0b44 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
18:11:07.0867 0x0b44 RasAgileVpn - ok
18:11:07.0914 0x0b44 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
18:11:07.0914 0x0b44 RasAuto - ok
18:11:07.0976 0x0b44 [ 87A6E852A22991580D6D39ADC4790463, 0F757C6E5B57DFC239CE1BEC88EF16C07E7F1A40D629A9A6DF3CB6B88FB9E642 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:11:07.0976 0x0b44 Rasl2tp - ok
18:11:08.0054 0x0b44 [ 47394ED3D16D053F5906EFE5AB51CC83, FE5D1249788DB6D85C55769251B0AED738D3BBA04DF57124E03397D3C0599286 ] RasMan C:\Windows\System32\rasmans.dll
18:11:08.0070 0x0b44 RasMan - ok
18:11:08.0132 0x0b44 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:11:08.0132 0x0b44 RasPppoe - ok
18:11:08.0164 0x0b44 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:11:08.0179 0x0b44 RasSstp - ok
18:11:08.0273 0x0b44 [ 3BAC8142102C15D59A87757C1D41DCE5, C0C2C6887EA5A439E69221196348382ACE3E1942C9C6E0A970E153890F71724C ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:11:08.0288 0x0b44 rdbss - ok
18:11:08.0304 0x0b44 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
18:11:08.0304 0x0b44 rdpbus - ok
18:11:08.0335 0x0b44 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:11:08.0335 0x0b44 RDPCDD - ok
18:11:08.0398 0x0b44 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:11:08.0398 0x0b44 RDPENCDD - ok
18:11:08.0429 0x0b44 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
18:11:08.0429 0x0b44 RDPREFMP - ok
18:11:08.0507 0x0b44 [ 447DE7E3DEA39D422C1504F245B668B1, C54D90D2F9405E011E490D3C2F0F64488B87B969C95E367C076BBFCFD8654909 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:11:08.0522 0x0b44 RDPWD - ok
18:11:08.0616 0x0b44 [ 634B9A2181D98F15941236886164EC8B, 15C55F05FD3CD751F619F18E2ADF91552AE82146501CD031402277F496A5B7D8 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
18:11:08.0632 0x0b44 rdyboost - ok
18:11:08.0678 0x0b44 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
18:11:08.0710 0x0b44 RemoteAccess - ok
18:11:08.0756 0x0b44 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:11:08.0756 0x0b44 RemoteRegistry - ok
18:11:08.0975 0x0b44 [ 498EB62A160674E793FA40FD65390625, F7EFD480E6C95F5B6202EEB87F519A8A8187F7F26281FB3E302EDD1AD5771025 ] RichVideo C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
18:11:09.0006 0x0b44 RichVideo - ok
18:11:09.0068 0x0b44 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
18:11:09.0068 0x0b44 RpcEptMapper - ok
18:11:09.0131 0x0b44 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
18:11:09.0146 0x0b44 RpcLocator - ok
18:11:09.0224 0x0b44 [ 7266972E86890E2B30C0C322E906B027, BFA30E85F5BD3AA933913BD7C6D2B5993DB7AFB0C98349B61A6BEF0BDC8A3680 ] RpcSs C:\Windows\system32\rpcss.dll
18:11:09.0240 0x0b44 RpcSs - ok
18:11:09.0302 0x0b44 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:11:09.0302 0x0b44 rspndr - ok
18:11:09.0443 0x0b44 [ 483DF0B58CA532E5240E59DC41F30AA2, 3A5AC91E5B57B671072A40F38DA1F804ECDE30FB4D9042FB3FE7B7CA10C0D0BC ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
18:11:09.0458 0x0b44 RSUSBSTOR - ok
18:11:09.0552 0x0b44 [ 4FBDA07EF0A3097CE14C5CABF723B278, 6F1E21362F0057E9C6A180D9189AEB51761F4C019A6835E50E4AD19ED1F58FE6 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
18:11:09.0568 0x0b44 RTL8167 - ok
18:11:09.0677 0x0b44 [ 03E0627C26943916A7276AC5306206C7, AC3C3BC767FF66E232D40E16F5F8493311F8A5B17033A939DD3555199989D5A4 ] rtl8192se C:\Windows\system32\DRIVERS\rtl8192se.sys
18:11:09.0708 0x0b44 rtl8192se - ok
18:11:09.0864 0x0b44 [ 4EA7E5DF0CB237156176FA0349E6E87F, 542C5291369009FD9B52B5939E3B55E4CC37056E03815986CA1C1EFCFB52F5D6 ] RtVOsdService C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
18:11:09.0880 0x0b44 RtVOsdService - ok
18:11:09.0911 0x0b44 [ 156F6159457D0AA7E59B62681B56EB90, 27B855BF79490E4CC58D38A920C077A56785494BFFF0B448A898486009B24937 ] SamSs C:\Windows\system32\lsass.exe
18:11:09.0911 0x0b44 SamSs - ok
18:11:09.0958 0x0b44 [ E3BBB89983DAF5622C1D50CF49F28227, 49370DC142D577D657BF5755AA9B8625C35D3DDAF1F9466B4888507FB8E6FF07 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
18:11:09.0958 0x0b44 sbp2port - ok
18:11:10.0004 0x0b44 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:11:10.0020 0x0b44 SCardSvr - ok
18:11:10.0036 0x0b44 [ C94DA20C7E3BA1DCA269BC8460D98387, E1A5629728A79233B62BA87B4354BC3A332A853CC36A60E77B34923F4BCA8A61 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
18:11:10.0051 0x0b44 scfilter - ok
18:11:10.0285 0x0b44 [ 624D0F5FF99428BB90A5B8A4123E918E, 90A43E6F09B56CB86A3E3851F8E5ABB74905AEB70296F4B87BEDBC3027E65E86 ] Schedule C:\Windows\system32\schedsvc.dll
18:11:10.0332 0x0b44 Schedule - ok
18:11:10.0363 0x0b44 [ 312E2F82AF11E79906898AC3E3D58A1F, F6CB7D8B204B94F749D5DBEFD552150AAB16A34D629F87F73823A7504465F106 ] SCPolicySvc C:\Windows\System32\certprop.dll
18:11:10.0363 0x0b44 SCPolicySvc - ok
18:11:10.0457 0x0b44 [ 54E47AD086782D3AE9417C155CDCEB9B, 5143DC43B89F9143A56505FA20841AF15E7785A87F88195B08B3E09B87472A07 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
18:11:10.0472 0x0b44 sdbus - ok
18:11:10.0550 0x0b44 [ 765A27C3279CE11D14CB9E4F5869FCA5, B6C2EFFBA938828FEF7FE992A4C88B3154D053763C38762DCE13252FE9571FA1 ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:11:10.0566 0x0b44 SDRSVC - ok
18:11:10.0613 0x0b44 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
18:11:10.0613 0x0b44 secdrv - ok
18:11:10.0644 0x0b44 [ 463B386EBC70F98DA5DFF85F7E654346, 8E27B18B04AF587719D1DAE75A042DB998E06CAE112BD68626EF046036D2DCDC ] seclogon C:\Windows\system32\seclogon.dll
18:11:10.0644 0x0b44 seclogon - ok
18:11:10.0675 0x0b44 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll
18:11:10.0691 0x0b44 SENS - ok
18:11:10.0706 0x0b44 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
18:11:10.0722 0x0b44 SensrSvc - ok
18:11:10.0738 0x0b44 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
18:11:10.0738 0x0b44 Serenum - ok
18:11:10.0784 0x0b44 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\DRIVERS\serial.sys
18:11:10.0784 0x0b44 Serial - ok
18:11:10.0800 0x0b44 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
18:11:10.0816 0x0b44 sermouse - ok
18:11:10.0878 0x0b44 [ C3BC61CE47FF6F4E88AB8A3B429A36AF, 6CA53AD0CB7215BAE3467EC1FD490E3A18504BD6CD4F0FABF9BD37516AB9DFE0 ] SessionEnv C:\Windows\system32\sessenv.dll
18:11:10.0894 0x0b44 SessionEnv - ok
18:11:10.0909 0x0b44 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
18:11:10.0925 0x0b44 sffdisk - ok
18:11:10.0940 0x0b44 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
18:11:10.0940 0x0b44 sffp_mmc - ok
18:11:10.0956 0x0b44 [ 5588B8C6193EB1522490C122EB94DFFA, 53AE3597D3305F2839130A2F3567F1690564B922035503EB418B9DE1586AEA43 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
18:11:10.0972 0x0b44 sffp_sd - ok
18:11:10.0987 0x0b44 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
18:11:10.0987 0x0b44 sfloppy - ok
18:11:11.0112 0x0b44 [ C6CC9297BD53E5229653303E556AA539, 921E21EDED244FEE15B56564B97C97785F45AB862C1012BFA0B96B121DC90076 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
18:11:11.0143 0x0b44 Sftfs - ok
18:11:11.0252 0x0b44 [ 13693B6354DD6E72DC5131DA7D764B90, 447EFDA7CFB1F62EA316219D996406C8DC374097DB903F362D6E945227D8BB2D ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
18:11:11.0284 0x0b44 sftlist - ok
18:11:11.0330 0x0b44 [ 390AA7BC52CEE43F6790CDEA1E776703, 0D008289E4B14EF56D5233B7C8C789A36503FBAA8896660776557D6F08808FA7 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
18:11:11.0346 0x0b44 Sftplay - ok
18:11:11.0393 0x0b44 [ 617E29A0B0A2807466560D4C4E338D3E, 5E95D38DB9A6776EB4A15A952FA7949831D6F660EED8C3E79BD09D102BAC5D67 ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
18:11:11.0393 0x0b44 Sftredir - ok
18:11:11.0456 0x0b44 [ 8F571F016FA1976F445147E9E6C8AE9B, 527AB960F2E08F598D1B953BDA4EA749831DD3C765DA278044B8AB22365F02B5 ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
18:11:11.0456 0x0b44 Sftvol - ok
18:11:11.0550 0x0b44 [ C3CDDD18F43D44AB713CF8C4916F7696, 38093295825AFDD08D7E32CC4EF2A6C447F6D6E3C6F7EA5554C25E7C3F16FC92 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
18:11:11.0550 0x0b44 sftvsa - ok
18:11:11.0690 0x0b44 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
18:11:11.0737 0x0b44 SharedAccess - ok
18:11:11.0831 0x0b44 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF, 1C1D17301A4D37DBF906955CCABD2A3FDA47AFB24CBA978CF851123762249848 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:11:11.0846 0x0b44 ShellHWDetection - ok
18:11:11.0893 0x0b44 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:11:11.0909 0x0b44 SiSRaid2 - ok
18:11:11.0940 0x0b44 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
18:11:11.0940 0x0b44 SiSRaid4 - ok
18:11:12.0049 0x0b44 [ 7C15061CD0372487903B07B9BB03AFAD, FB96CDA29C7C1E8A315BA89E8B150918E59F32CE749D3EF43FCBEB3FB57BF1C6 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
18:11:12.0065 0x0b44 SkypeUpdate - ok
18:11:12.0096 0x0b44 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
18:11:12.0111 0x0b44 Smb - ok
18:11:12.0143 0x0b44 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:11:12.0143 0x0b44 SNMPTRAP - ok
18:11:12.0158 0x0b44 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
18:11:12.0174 0x0b44 spldr - ok
18:11:12.0221 0x0b44 [ 567977DC43CC13C4C35ED7084C0B84D5, 93EEC3ABA66DA83157F49F056EF1CB3355122204F2BB0F8B618064AF47D59A61 ] Spooler C:\Windows\System32\spoolsv.exe
18:11:12.0252 0x0b44 Spooler - ok
18:11:12.0720 0x0b44 [ 913D843498553A1BC8F8DBAD6358E49F, F8B931FDABF669D642CBDCD2FF31E07F8A5E2D5F72E11D4A8FF219CCFB5825E9 ] sppsvc C:\Windows\system32\sppsvc.exe
18:11:12.0891 0x0b44 sppsvc - ok
18:11:12.0923 0x0b44 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
18:11:12.0923 0x0b44 sppuinotify - ok
18:11:13.0001 0x0b44 [ 56979A80F6F9DF788A8BFCC1603DA40D, 7D8E8383F79CB03686E4DC9103475E845007863FD8C69D584A49148A0B38F9FD ] SRTSP C:\Windows\system32\drivers\NISx64\1100000.088\SRTSP64.SYS
18:11:13.0032 0x0b44 SRTSP - ok
18:11:13.0047 0x0b44 [ 3C3D82BB245AD1CB00ED48CB2F4AB385, A1FB489C1CC51BEFF6C80554F68C9D1F089A59A42D4D17ACEAD872995AFDD6BF ] SRTSPX C:\Windows\system32\drivers\NISx64\1100000.088\SRTSPX64.SYS
18:11:13.0047 0x0b44 SRTSPX - ok
18:11:13.0172 0x0b44 [ 2408C0366D96BCDF63E8F1C78E4A29C5, 66F646890695B5D80536E88B1566C8765D89CFE25954ED650F6D773EFF045016 ] srv C:\Windows\system32\DRIVERS\srv.sys
18:11:13.0188 0x0b44 srv - ok
18:11:13.0297 0x0b44 [ 76548F7B818881B47D8D1AE1BE9C11F8, 8F1356B07A6A55746FC71B6DB0322128941AE890850196F2B19BC01E6FC9B41C ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:11:13.0313 0x0b44 srv2 - ok
18:11:13.0359 0x0b44 [ 0C4540311E11664B245A263E1154CEF8, 63376322BFFAFF2F166AF3FDD3F1A346C21FAE21F406F659F8630779D1D6525D ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
18:11:13.0375 0x0b44 SrvHsfHDA - ok
18:11:13.0469 0x0b44 [ 02071D207A9858FBE3A48CBFD59C4A04, FEA4DEBAEC3465E0C7C1E8B721805922F6BBCB96A60A193B11688F4252F4B89E ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
18:11:13.0562 0x0b44 SrvHsfV92 - ok
18:11:13.0640 0x0b44 [ 18E40C245DBFAF36FD0134A7EF2DF396, 0138A68958112101A5D3BD94114F320CE80B0C9A93E009AC78DE7415FCCC7DE7 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
18:11:13.0687 0x0b44 SrvHsfWinac - ok
18:11:13.0749 0x0b44 [ 0AF6E19D39C70844C5CAA8FB0183C36E, 4494EEFDEA7198888D32E74727E5BC0AC628FFA70B1FE7EB59DBEEDC1A95D0DD ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:11:13.0749 0x0b44 srvnet - ok
18:11:13.0843 0x0b44 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:11:13.0859 0x0b44 SSDPSRV - ok
18:11:13.0905 0x0b44 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:11:13.0905 0x0b44 SstpSvc - ok
18:11:13.0937 0x0b44 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
18:11:13.0937 0x0b44 stexstor - ok
18:11:14.0108 0x0b44 [ 52D0E33B681BD0F33FDC08812FEE4F7D, BBEBC0773402F6697D2F14F63E5E4FDC2180466E7FDBD306E408535B10160249 ] stisvc C:\Windows\System32\wiaservc.dll
18:11:14.0124 0x0b44 stisvc - ok
18:11:14.0171 0x0b44 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
18:11:14.0171 0x0b44 swenum - ok
18:11:14.0233 0x0b44 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
18:11:14.0264 0x0b44 swprv - ok
18:11:14.0420 0x0b44 [ 961CFAC2A5318E212F459D651F28E0A4, 4FA1C9E3BD527E3B5AE9268955C48FDE8E75F33C333DC0AE768DAFE1F49D0B1B ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
18:11:14.0483 0x0b44 SynTP - ok
18:11:14.0607 0x0b44 [ 3C1284516A62078FB68F768DE4F1A7BE, 67ECD462335EF88773E4BAEAB230A68EC92A25F8CD8F115873F669205AE6A1A9 ] SysMain C:\Windows\system32\sysmain.dll
18:11:14.0685 0x0b44 SysMain - ok
18:11:14.0717 0x0b44 [ 238935C3CF2854886DC7CBB2A0E2CC66, BBF7A70BF218A544CC1A6FB81F75EAD29D418794162936BE197D6D61FE0DB1C4 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:11:14.0732 0x0b44 TabletInputService - ok
18:11:14.0779 0x0b44 [ 884264AC597B690C5707C89723BB8E7B, 9BF209A4128019421F7EC4AFF71103C5F411DB6CFB32AAC1633E789AD7A30708 ] TapiSrv C:\Windows\System32\tapisrv.dll
18:11:14.0795 0x0b44 TapiSrv - ok
18:11:14.0826 0x0b44 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
18:11:14.0826 0x0b44 TBS - ok
18:11:14.0966 0x0b44 [ 5CFB7AB8F9524D1A1E14369DE63B83CC, BC22FC5714A6A8F8CF95D3D9656332D7B315FF7CFA50C0DEB7437A30651D10C7 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:11:15.0075 0x0b44 Tcpip - ok
18:11:15.0200 0x0b44 [ 5CFB7AB8F9524D1A1E14369DE63B83CC, BC22FC5714A6A8F8CF95D3D9656332D7B315FF7CFA50C0DEB7437A30651D10C7 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
18:11:15.0278 0x0b44 TCPIP6 - ok
18:11:15.0325 0x0b44 [ 76D078AF6F587B162D50210F761EB9ED, 3813171036B4036306CADC29F877ADAE44B241DDF65B3699C352B7CDA9EC68C9 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:11:15.0325 0x0b44 tcpipreg - ok
18:11:15.0372 0x0b44 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:11:15.0372 0x0b44 TDPIPE - ok
18:11:15.0434 0x0b44 [ 7518F7BCFD4B308ABC9192BACAF6C970, CF08E547EF4059DA3F5A2FCBA98939E84092BB6E0E37F9BBCD1E4D9EBB8A58BB ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:11:15.0434 0x0b44 TDTCP - ok
18:11:15.0465 0x0b44 [ 079125C4B17B01FCAEEBCE0BCB290C0F, B2DF1F2317EF5DCF0A89327332E9F2770ED604005B3138C095FF01AA63B91437 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:11:15.0465 0x0b44 tdx - ok
18:11:15.0481 0x0b44 [ C448651339196C0E869A355171875522, C12441CF21D7D47804952B968689D78E3BA0323A90C4C811B54A6B2E6260BAD4 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
18:11:15.0497 0x0b44 TermDD - ok
18:11:15.0543 0x0b44 [ 0F05EC2887BFE197AD82A13287D2F404, 78C8A8FE9B1101430CA79875DA34413C35B6D7A5EE1932E454C50731335437A6 ] TermService C:\Windows\System32\termsrv.dll
18:11:15.0575 0x0b44 TermService - ok
18:11:15.0606 0x0b44 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
18:11:15.0606 0x0b44 Themes - ok
18:11:15.0621 0x0b44 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
18:11:15.0621 0x0b44 THREADORDER - ok
18:11:15.0637 0x0b44 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
18:11:15.0653 0x0b44 TrkWks - ok
18:11:15.0699 0x0b44 [ 840F7FB849F5887A49BA18C13B2DA920, A59C40A090E03C0136A865FC54508BA938E7B467C8198BC009FE263E6C275781 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:11:15.0699 0x0b44 TrustedInstaller - ok
18:11:15.0746 0x0b44 [ 61B96C26131E37B24E93327A0BD1FB95, 7C551B6FD0447258BC3FDED72D8D41A0E8B731562170C264295592D45F85D9FF ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:11:15.0762 0x0b44 tssecsrv - ok
18:11:15.0809 0x0b44 [ 3836171A2CDF3AF8EF10856DB9835A70, 74CD0A21B4E5B47E8D762CC28282CA8D512D424EC591D90099B9F8D034AA2FC2 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:11:15.0809 0x0b44 tunnel - ok
18:11:15.0855 0x0b44 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
18:11:15.0855 0x0b44 uagp35 - ok
18:11:15.0933 0x0b44 [ C06E6F4679CEB8F430B90A51D76D8D3C, A403592780F75425F40F8E443EBE83CEF9FA8A20EB9597FBFF691298CE323B57 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:11:15.0949 0x0b44 udfs - ok
18:11:15.0980 0x0b44 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:11:15.0996 0x0b44 UI0Detect - ok
18:11:16.0011 0x0b44 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
18:11:16.0011 0x0b44 uliagpkx - ok
18:11:16.0043 0x0b44 [ EAB6C35E62B1B0DB0D1B48B671D3A117, E65034BF757AE4D21F69D7A91A7990E326A29A0CE9F871FD704B5E6CCC821FF0 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
18:11:16.0058 0x0b44 umbus - ok
18:11:16.0074 0x0b44 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
18:11:16.0074 0x0b44 UmPass - ok
18:11:16.0136 0x0b44 [ 8B802B483CBDE06F62DBC04DC7AFAF8E, 92E20096D2953DF8C4812EED2ED1A8AD1AF9CE20740B3ACDA33A1DC5B4D0E00B ] UMVPFSrv C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
18:11:16.0152 0x0b44 UMVPFSrv - ok
18:11:16.0199 0x0b44 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
18:11:16.0214 0x0b44 upnphost - ok
18:11:16.0277 0x0b44 [ FB251567F41BC61988B26731DEC19E4B, 6A535F5A18EB43DD2E18AF0A05301630A1D1484B7D85DA79A7CD122DA4D018E2 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
18:11:16.0292 0x0b44 USBAAPL64 - ok
18:11:16.0370 0x0b44 [ 77B01BC848298223A95D4EC23E1785A1, 7D0FBBA746588401400226BB966507EE34EEBB2F4F16607601E3D7383CAD34E2 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
18:11:16.0370 0x0b44 usbaudio - ok
18:11:16.0417 0x0b44 [ 537A4E03D7103C12D42DFD8FFDB5BDC9, 4E6F43A27E629C9769FAEF305BDCD3D7EDBEE1A98B919AF95CF045407A4297D6 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
18:11:16.0417 0x0b44 usbccgp - ok
18:11:16.0448 0x0b44 [ AF0892A803FDDA7492F595368E3B68E7, F263346DEB4D742EB436CF578F187AC8521D84CED52E98475E6198EC52244F07 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
18:11:16.0464 0x0b44 usbcir - ok
18:11:16.0495 0x0b44 [ FBB21EBE49F6D560DB37AC25FBC68E66, 0F7B2F9BB4062FE24698FF6E5738E83B7FDA9E7FDE9206BEF18C8818627FF2CC ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
18:11:16.0495 0x0b44 usbehci - ok
18:11:16.0542 0x0b44 [ 6B7A8A99C4A459E73C286A6763EA24CC, 3A8D6AE1D970AAEC4E08B76DB1B2C06AC003AF4F50339416072973E89F660EE2 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
18:11:16.0557 0x0b44 usbhub - ok
18:11:16.0573 0x0b44 [ 8C88AA7617B4CBC2E4BED61D26B33A27, 4575F0DDFF68C5632CBB7BE93A66FFEDD85BD4D4AEE79C44B2EDA4F8642C6EBF ] usbohci C:\Windows\system32\drivers\usbohci.sys
18:11:16.0589 0x0b44 usbohci - ok
18:11:16.0620 0x0b44 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
18:11:16.0620 0x0b44 usbprint - ok
18:11:16.0667 0x0b44 [ F39983647BC1F3E6100778DDFE9DCE29, 3BD36594F7C753680DB5A4354B1D6A33FC3011631D2D56DD4B2464AA99C85F7B ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:11:16.0667 0x0b44 USBSTOR - ok
18:11:16.0698 0x0b44 [ 0B5B3B2DF3FD1709618ACFA50B8392B0, 19F040A16C86C475DD33D935E6244593EC73FF9F8C872BC060DDD8AE4F3EDB55 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
18:11:16.0698 0x0b44 usbuhci - ok
18:11:16.0745 0x0b44 [ 7CB8C573C6E4A2714402CC0A36EAB4FE, FCD65AA3723617F58F77C4DA93CE910C712B8AA9411B5C4A60DC6C684EA53C1B ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
18:11:16.0760 0x0b44 usbvideo - ok
18:11:16.0776 0x0b44 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
18:11:16.0791 0x0b44 UxSms - ok
18:11:16.0807 0x0b44 [ 156F6159457D0AA7E59B62681B56EB90, 27B855BF79490E4CC58D38A920C077A56785494BFFF0B448A898486009B24937 ] VaultSvc C:\Windows\system32\lsass.exe
18:11:16.0807 0x0b44 VaultSvc - ok
18:11:16.0838 0x0b44 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
18:11:16.0854 0x0b44 vdrvroot - ok
18:11:16.0916 0x0b44 [ 44D73E0BBC1D3C8981304BA15135C2F2, 2849387BBCFB0189AF5604D2F7A631BD5D6BBB2CA73AF6E870069AF382A74DED ] vds C:\Windows\System32\vds.exe
18:11:16.0932 0x0b44 vds - ok
18:11:16.0963 0x0b44 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:11:16.0963 0x0b44 vga - ok
18:11:16.0979 0x0b44 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
18:11:16.0979 0x0b44 VgaSave - ok
18:11:17.0010 0x0b44 [ C82E748660F62A242B2DFAC1442F22A4, 24AD6CAA918C5AB6F461D88825885C8637C224001AAD7A80BDC240368CDB0B7E ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
18:11:17.0010 0x0b44 vhdmp - ok
18:11:17.0041 0x0b44 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
18:11:17.0041 0x0b44 viaide - ok
18:11:17.0057 0x0b44 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3, 91F2B935E1E88C5542650F7D679A75D0562F4A5812179D1EC146D4B6351361E2 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
18:11:17.0072 0x0b44 volmgr - ok
18:11:17.0103 0x0b44 [ 99B0CBB569CA79ACAED8C91461D765FB, 5BE394A39A941DE2AA1212E66B7068F90D423FA816238657CB9B2DA8BBE69B9B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:11:17.0119 0x0b44 volmgrx - ok
18:11:17.0228 0x0b44 [ 9E425AC5C9A5A973273D169F43B4F5E1, 64C9A9D4A39865E56F01B4FDE1B56034C4B2A2AEF2ABE15EC1C37911C59595B0 ] volsnap C:\Windows\system32\drivers\volsnap.sys
18:11:17.0244 0x0b44 volsnap - ok
18:11:17.0275 0x0b44 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
18:11:17.0275 0x0b44 vsmraid - ok
18:11:17.0384 0x0b44 [ 787898BF9FB6D7BD87A36E2D95C899BA, A6C0C7402B1A198E7B3D6D7D283FCB5815AC429DA68FC9B54C67707F3233CCB5 ] VSS C:\Windows\system32\vssvc.exe
18:11:17.0447 0x0b44 VSS - ok
18:11:17.0493 0x0b44 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
18:11:17.0493 0x0b44 vwifibus - ok
18:11:17.0540 0x0b44 [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
18:11:17.0540 0x0b44 vwififlt - ok
18:11:17.0587 0x0b44 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
18:11:17.0603 0x0b44 W32Time - ok
18:11:17.0634 0x0b44 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
18:11:17.0634 0x0b44 WacomPen - ok
18:11:17.0681 0x0b44 [ 47CA49400643EFFD3F1C9A27E1D69324, 7EFD3405282264F7987172B226882FCDD223F771959B9CEBEBF9ECEA317D85B0 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
18:11:17.0696 0x0b44 WANARP - ok
18:11:17.0712 0x0b44 [ 47CA49400643EFFD3F1C9A27E1D69324, 7EFD3405282264F7987172B226882FCDD223F771959B9CEBEBF9ECEA317D85B0 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:11:17.0712 0x0b44 Wanarpv6 - ok
18:11:17.0837 0x0b44 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
18:11:17.0899 0x0b44 WatAdminSvc - ok
18:11:18.0242 0x0b44 [ 5AB1BB85BD8B5089CC5D64200DEDAE68, 28777D4F3CD07C8E3465B6DA0FCA994E0B93071A3A0D4D1D64C1DF633DD1C64F ] wbengine C:\Windows\system32\wbengine.exe
18:11:18.0336 0x0b44 wbengine - ok
18:11:18.0367 0x0b44 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
18:11:18.0383 0x0b44 WbioSrvc - ok
18:11:18.0445 0x0b44 [ DD1BAE8EBFC653824D29CCF8C9054D68, 81D6640222FE276D721168745F6BB905D4E756909A9B2C706AF25465D748772D ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:11:18.0461 0x0b44 wcncsvc - ok
18:11:18.0492 0x0b44 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:11:18.0507 0x0b44 WcsPlugInService - ok
18:11:18.0554 0x0b44 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\DRIVERS\wd.sys
18:11:18.0554 0x0b44 Wd - ok
18:11:18.0617 0x0b44 [ 442783E2CB0DA19873B7A63833FF4CB4, 09254970265476214F3187CC22A4F9C7C2769D419600E83FBE302C3A103E527F ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
18:11:18.0648 0x0b44 Wdf01000 - ok
18:11:18.0679 0x0b44 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:11:18.0695 0x0b44 WdiServiceHost - ok
18:11:18.0695 0x0b44 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:11:18.0710 0x0b44 WdiSystemHost - ok
18:11:18.0741 0x0b44 [ 733006127F235BE7C35354EBEE7B9A7B, 2C7E7030D586C36261F33F29883337695493D48CEA415D6DBA7C5635845A5B32 ] WebClient C:\Windows\System32\webclnt.dll
18:11:18.0773 0x0b44 WebClient - ok
18:11:18.0819 0x0b44 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
18:11:18.0835 0x0b44 Wecsvc - ok
18:11:18.0851 0x0b44 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:11:18.0866 0x0b44 wercplsupport - ok
18:11:18.0897 0x0b44 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
18:11:18.0913 0x0b44 WerSvc - ok
18:11:18.0960 0x0b44 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
18:11:18.0960 0x0b44 WfpLwf - ok
18:11:18.0991 0x0b44 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
18:11:18.0991 0x0b44 WIMMount - ok
18:11:19.0007 0x0b44 WinDefend - ok
18:11:19.0007 0x0b44 WinHttpAutoProxySvc - ok
18:11:19.0069 0x0b44 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:11:19.0085 0x0b44 Winmgmt - ok
18:11:19.0365 0x0b44 [ 41FBB751936B387F9179E7F03A74FE29, 7A73D887BEC19DFC485ED42B4E6ABEBF824555139B81EA30731A00773E707464 ] WinRM C:\Windows\system32\WsmSvc.dll
18:11:19.0459 0x0b44 WinRM - ok
18:11:19.0537 0x0b44 [ 817EAFF5D38674EDD7713B9DFB8E9791, F6E0BFC503BA7395F92989C11B454D1F1E58E29302BA203801449A2C5236E84D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
18:11:19.0553 0x0b44 WinUsb - ok
18:11:19.0615 0x0b44 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
18:11:19.0646 0x0b44 Wlansvc - ok
18:11:19.0833 0x0b44 [ 7E47C328FC4768CB8BEAFBCFAFA70362, C98BD6A0C2F70E069D5FD3BAB31BD028DFEAC0490D180BBC28A14BE375897D8C ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:11:19.0911 0x0b44 wlidsvc - ok
18:11:19.0989 0x0b44 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
18:11:20.0005 0x0b44 WmiAcpi - ok
18:11:20.0067 0x0b44 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:11:20.0083 0x0b44 wmiApSrv - ok
18:11:20.0161 0x0b44 WMPNetworkSvc - ok
18:11:20.0223 0x0b44 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:11:20.0239 0x0b44 WPCSvc - ok
18:11:20.0286 0x0b44 [ 2E57DDF2880A7E52E76F41C7E96D327B, D24E19B6091C197D77D71BC044CE2E5A57BE0A2F00D1BB0732E380A398230E63 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:11:20.0286 0x0b44 WPDBusEnum - ok
18:11:20.0317 0x0b44 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:11:20.0348 0x0b44 ws2ifsl - ok
18:11:20.0379 0x0b44 [ 8F9F3969933C02DA96EB0F84576DB43E, C424D7B881A4DCC348433CF02044383013E32DB94CC66D1D20E1866CB3B0F952 ] wscsvc C:\Windows\System32\wscsvc.dll
18:11:20.0395 0x0b44 wscsvc - ok
18:11:20.0395 0x0b44 WSearch - ok
18:11:20.0754 0x0b44 [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv C:\Windows\system32\wuaueng.dll
18:11:20.0847 0x0b44 wuauserv - ok
18:11:20.0894 0x0b44 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
18:11:20.0894 0x0b44 WudfPf - ok
18:11:20.0925 0x0b44 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
18:11:20.0941 0x0b44 WUDFRd - ok
18:11:20.0972 0x0b44 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:11:20.0988 0x0b44 wudfsvc - ok
18:11:21.0066 0x0b44 [ 9A3452B3C2A46C073166C5CF49FAD1AE, D6F95F51D8E37BA4CF403965EC08CCFEEA9EEFDBFC7752432EAEC19925BDA115 ] WwanSvc C:\Windows\System32\wwansvc.dll
18:11:21.0081 0x0b44 WwanSvc - ok
18:11:21.0206 0x0b44 [ B3EEACF62445E24FBB2CD4B0FB4DB026, 2E5B6220094C47754233EDA59E6514CE47AC6C6879F367C72B2C02330EABE8E0 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
18:11:21.0222 0x0b44 yukonw7 - ok
18:11:21.0253 0x0b44 ================ Scan global ===============================
18:11:21.0284 0x0b44 [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
18:11:21.0362 0x0b44 [ 3FB74FF230B5D240A57AE1C4A3D0459D, 7A4036CAC3BAAEC719E4152F2CAA9D9B69DACBDC7502147D7160D04AE70BC8DF ] C:\Windows\system32\winsrv.dll
18:11:21.0378 0x0b44 [ 3FB74FF230B5D240A57AE1C4A3D0459D, 7A4036CAC3BAAEC719E4152F2CAA9D9B69DACBDC7502147D7160D04AE70BC8DF ] C:\Windows\system32\winsrv.dll
18:11:21.0440 0x0b44 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
18:11:21.0565 0x0b44 [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
18:11:21.0581 0x0b44 [ Global ] - ok
18:11:21.0581 0x0b44 ================ Scan MBR ==================================
18:11:21.0596 0x0b44 [ 53686036AA8CEA3923D0EAD2C16B7C54 ] \Device\Harddisk0\DR0
18:11:22.0329 0x0b44 \Device\Harddisk0\DR0 - ok
18:11:22.0345 0x0b44 [ 65E858A8A0293BE11A920B0BC99D695E ] \Device\Harddisk1\DR1
18:11:22.0361 0x0b44 \Device\Harddisk1\DR1 - ok
18:11:22.0361 0x0b44 ================ Scan VBR ==================================
18:11:22.0392 0x0b44 [ A8C0F21291F22603D07C39A71FEAD7AD ] \Device\Harddisk0\DR0\Partition1
18:11:22.0392 0x0b44 \Device\Harddisk0\DR0\Partition1 - ok
18:11:22.0423 0x0b44 [ B3F25BB8B8FB144D3AFA48ABB65DD031 ] \Device\Harddisk0\DR0\Partition2
18:11:22.0439 0x0b44 \Device\Harddisk0\DR0\Partition2 - ok
18:11:22.0485 0x0b44 [ 3A38D4BC34E9AD3527C878E4DD8C1C0A ] \Device\Harddisk0\DR0\Partition3
18:11:22.0517 0x0b44 \Device\Harddisk0\DR0\Partition3 - ok
18:11:22.0548 0x0b44 [ 18CF3D847145E0AEF9BDA7F15EFFB6AE ] \Device\Harddisk0\DR0\Partition4
18:11:22.0548 0x0b44 \Device\Harddisk0\DR0\Partition4 - ok
18:11:22.0548 0x0b44 [ 96B5F651EE5AEFF20F384E1434FB3302 ] \Device\Harddisk1\DR1\Partition1
18:11:22.0548 0x0b44 \Device\Harddisk1\DR1\Partition1 - ok
18:11:22.0563 0x0b44 Waiting for KSN requests completion. In queue: 281
18:11:23.0577 0x0b44 Waiting for KSN requests completion. In queue: 281
18:11:24.0591 0x0b44 Waiting for KSN requests completion. In queue: 281
18:11:25.0606 0x0b44 Waiting for KSN requests completion. In queue: 281
18:11:26.0620 0x0b44 Waiting for KSN requests completion. In queue: 281
18:11:27.0634 0x0b44 Waiting for KSN requests completion. In queue: 281
18:11:28.0648 0x0b44 Waiting for KSN requests completion. In queue: 281
18:11:29.0662 0x0b44 Waiting for KSN requests completion. In queue: 281
18:11:30.0676 0x0b44 Waiting for KSN requests completion. In queue: 281
18:11:31.0691 0x0b44 Waiting for KSN requests completion. In queue: 281
18:11:32.0705 0x0b44 Waiting for KSN requests completion. In queue: 281
18:11:33.0719 0x0b44 Waiting for KSN requests completion. In queue: 281
18:11:34.0733 0x0b44 Waiting for KSN requests completion. In queue: 281
18:11:35.0747 0x0b44 Waiting for KSN requests completion. In queue: 281
18:11:36.0762 0x0b44 Waiting for KSN requests completion. In queue: 281
18:11:37.0776 0x0b44 Waiting for KSN requests completion. In queue: 281
18:11:38.0822 0x0b44 AV detected via SS2: Norton Internet Security, C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\WSCStub.exe ( 17.0.0.0 ), 0x50000 ( disabled : updated )
18:11:38.0822 0x0b44 FW detected via SS2: Norton Internet Security, C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\WSCStub.exe ( 17.0.0.0 ), 0x50010 ( disabled )
18:11:38.0837 0x0b44 Win FW state via NFP2: enabled
18:11:43.0269 0x0b44 ============================================================
18:11:43.0269 0x0b44 Scan finished
18:11:43.0269 0x0b44 ============================================================
18:11:43.0284 0x095c Detected object count: 0
18:11:43.0284 0x095c Actual detected object count: 0
palii
Regular Member
 
Posts: 37
Joined: October 15th, 2013, 1:31 am

Re: Virus dealing with requesting money

Unread postby Gary R » October 18th, 2013, 1:38 am

OK, that log looks clean, which is good.

So, now that we can boot into Normal Mode, there's a couple of additional scans I'd like you to run for me, the first is similar in type to FRST, but it's a bit wider ranging in scope, and allows me to do a few things that FRST does not. The second is a "General Purpose" Malware scan to see what else there is that needs removing from your daughter's machine. The scans we've run so far are specific to the infection we've been dealing with, and therefore do not detect other infections. Since most Malware does not "travel alone", we need to find out what else may be lurking on her machine.

So first ....

Download OTL by OldTimer to your Desktop.

If you already have a copy of OTL delete it and use this version.

  • Double click OTL.exe to launch the programme.
  • Check the following.
    • Scan all users.
    • Standard Output.
    • Lop check.
    • Purity check.
  • Under Extra Registry section, select Use SafeList
  • Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
  • When finished it will produce two logs.
    • OTL.txt (open on your desktop).
    • Extras.txt (minimised in your taskbar)
  • Please post me both logs.

Next ....

Please run a scan with ESET Online Scanner This will usually take a long time, often hours, but it is very thorough and doesn't usually miss much. It will not remove anything it finds, but I can do that when I've seen the log it produces. Not everything found in a scan is actually always malicious, which is why we generally prefer to remove things manually rather than use "automatic" means.

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
  • Please go HERE then click on Run ESET Online Scanner
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed click on Start to start the scan.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed you will be presented with a list of found threats ....
    • Click on the List of found threats link
    • Click on Export to text file
    • Save as ESET.txt to your Desktop
  • Exit out of ESET Online Scanner.
  • Post me the contents of ESET.txt please.

Summary of the logs I need from you in your next post:
  • OTL.txt
  • Extras.txt
  • E-Set log


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21864
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Virus dealing with requesting money

Unread postby palii » October 18th, 2013, 11:09 am

Hello and I guess good afternoon to you across the big pond,
Here is my status from your last request.

I was able to run the OTL program and got the two files you want and they follow in the next 3 post.

However, when I started the eset process, about 15 percent into the process I got the BSOD. I restarted and then windows presented to me "configuring service pack, do not turn off your computer". It loaded the service pack, restarted and had a problem with internet explorer. Got internet explorer to work, and restarted eset.exe. It finished about an hour long and I have the report of 36 items found...WOW. Can not wait for your next message.

Again, I appreciate your efforts in solving this problem.
palii
Regular Member
 
Posts: 37
Joined: October 15th, 2013, 1:31 am

Re: Virus dealing with requesting money

Unread postby palii » October 18th, 2013, 11:11 am

Here is OTL.txt

OTL logfile created on: 10/18/2013 7:26:01 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Deborah\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.93 Gb Total Physical Memory | 1.27 Gb Available Physical Memory | 43.28% Memory free
5.86 Gb Paging File | 4.02 Gb Available in Paging File | 68.52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.49 Gb Total Space | 205.47 Gb Free Space | 72.48% Space Free | Partition Type: NTFS
Drive D: | 14.31 Gb Total Space | 2.36 Gb Free Space | 16.50% Space Free | Partition Type: NTFS
Drive E: | 99.34 Mb Total Space | 95.41 Mb Free Space | 96.05% Space Free | Partition Type: FAT32
Drive G: | 983.72 Mb Total Space | 429.20 Mb Free Space | 43.63% Space Free | Partition Type: FAT

Computer Name: DEBORAH-PC | User Name: Deborah | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/10/18 07:21:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Deborah\Desktop\OTL.exe
PRC - [2012/09/17 13:41:58 | 000,508,336 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2012/03/13 21:54:21 | 002,062,200 | ---- | M] (MediaMall Technologies, Inc.) -- C:\Program Files (x86)\MediaMall\MediaMallServer.exe
PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/06/12 10:51:04 | 000,240,288 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10s_ActiveX.exe
PRC - [2011/04/01 05:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2010/11/09 16:20:36 | 000,586,296 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2010/11/09 16:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2010/07/08 03:44:01 | 000,729,664 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\17.0.0.136\InstStub.exe
PRC - [2009/08/24 17:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe


========== Modules (No Company Name) ==========

MOD - [2013/02/16 22:43:51 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\05682429807d34d6ff05a77ea153935f\System.Windows.Forms.ni.dll
MOD - [2013/01/15 22:42:01 | 000,997,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\ee4683cbfd60ee35d95e2e6d32fc3981\System.Management.ni.dll
MOD - [2013/01/10 22:01:12 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\0aeaf4f1629dbe8eafc8f47b1795b18a\PresentationFramework.Aero.ni.dll
MOD - [2013/01/10 22:00:44 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\01b47a246b4ec7bfec31bf4503aceda1\System.Runtime.Remoting.ni.dll
MOD - [2013/01/10 22:00:41 | 006,618,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\d0dd051976a66e08325379754531421c\System.Data.ni.dll
MOD - [2013/01/10 22:00:23 | 014,325,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\36b839247bd1d22a7fd014a74abe9729\PresentationFramework.ni.dll
MOD - [2013/01/10 21:59:46 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\e2ee5d77ebe0bd025e7a7a317a43d677\System.Drawing.ni.dll
MOD - [2013/01/10 21:59:42 | 012,218,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\549690bfac66934b7c7fd5cf8b120b7c\PresentationCore.ni.dll
MOD - [2013/01/10 21:59:29 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\82a4c4666ad83c3a375210247e69646b\WindowsBase.ni.dll
MOD - [2013/01/10 21:59:23 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\10aba2c167cc1119b80159fd9ac71ca8\System.Xml.ni.dll
MOD - [2013/01/10 21:59:17 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\96a3b737db1e72adaf32d2b350e50c23\System.Configuration.ni.dll
MOD - [2013/01/10 21:59:16 | 007,974,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c54750e64ba10d0fb7b6a636fb3695ca\System.ni.dll
MOD - [2013/01/10 21:59:06 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b0b8554c05f194f546a8ed531320760b\mscorlib.ni.dll
MOD - [2012/12/13 21:56:03 | 000,037,280 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll
MOD - [2012/12/12 00:32:37 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2012/10/06 05:54:27 | 000,630,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2012/10/06 05:54:26 | 003,190,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2012/08/31 06:02:23 | 004,550,656 | ---- | M] () -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/02/09 20:58:30 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2010/02/09 20:58:28 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
MOD - [2010/02/09 20:58:24 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
MOD - [2010/02/09 20:58:24 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll
MOD - [2010/02/09 20:58:22 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
MOD - [2010/02/09 20:58:22 | 000,005,632 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
MOD - [2010/02/09 20:58:18 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
MOD - [2010/02/09 20:58:14 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
MOD - [2009/06/10 16:23:20 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2009/06/10 16:23:19 | 000,114,688 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
MOD - [2009/06/10 16:23:17 | 002,933,248 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2009/06/10 16:22:40 | 000,010,752 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll


========== Services (SafeList) ==========

SRV:64bit: - [2010/06/24 15:24:12 | 000,315,392 | ---- | M] (Realtek Semiconductor Corp.) [Auto | Running] -- C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe -- (RtVOsdService)
SRV:64bit: - [2009/11/17 21:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/09/27 12:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/03/13 21:54:21 | 002,062,200 | ---- | M] (MediaMall Technologies, Inc.) [Auto | Running] -- C:\Program Files (x86)\MediaMall\MediaMallServer.exe -- (MediaMall Server)
SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/04/01 05:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2010/11/09 16:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/04 13:03:42 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/08/24 17:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe -- (NIS)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/01 01:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/01/11 02:43:57 | 001,390,640 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/06/18 08:43:36 | 000,347,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/04/01 05:07:54 | 004,184,672 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2011/04/01 05:06:22 | 000,341,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011/03/11 01:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/08/25 20:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/04/29 13:40:54 | 000,028,528 | ---- | M] (MediaMall Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\povrtdev.sys -- (msvad_simple)
DRV:64bit: - [2010/04/13 09:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/03/05 14:57:18 | 000,144,896 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV:64bit: - [2010/01/19 20:55:34 | 001,088,544 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2009/09/22 20:39:00 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/08/29 19:16:41 | 000,504,880 | R--- | M] (Symantec Corporation) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1100000.088\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2009/08/29 19:16:41 | 000,032,304 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1100000.088\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 15:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/09/22 20:39:00 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{D14E65FB-0AD1-44B1-A334-31A08336F0E6}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{D14E65FB-0AD1-44B1-A334-31A08336F0E6}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = BF E7 6A 02 82 C7 9C 41 B9 B6 29 FC 05 BD 3C 18 [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = BF E7 6A 02 82 C7 9C 41 B9 B6 29 FC 05 BD 3C 18 [binary data]

IE - HKU\S-1-5-21-3172863894-2395903967-2637854924-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKU\S-1-5-21-3172863894-2395903967-2637854924-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=32
IE - HKU\S-1-5-21-3172863894-2395903967-2637854924-1000\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = BF E7 6A 02 82 C7 9C 41 B9 B6 29 FC 05 BD 3C 18 [binary data]
IE - HKU\S-1-5-21-3172863894-2395903967-2637854924-1000\..\SearchScopes,DefaultScope = {D14E65FB-0AD1-44B1-A334-31A08336F0E6}
IE - HKU\S-1-5-21-3172863894-2395903967-2637854924-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SKPT_en
IE - HKU\S-1-5-21-3172863894-2395903967-2637854924-1000\..\SearchScopes\{D14E65FB-0AD1-44B1-A334-31A08336F0E6}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-3172863894-2395903967-2637854924-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3172863894-2395903967-2637854924-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Guffins.com/Plugin: C:\Program Files (x86)\Guffins\bar\1.bin\NPu4Stub.dll (MindSpark)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files (x86)\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Users\Deborah\AppData\Local\Roblox\Versions\version-3ebe0cca16b6421c\\NPRobloxProxy.dll ()
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Deborah\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/05/15 00:56:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4C0766D3-67A7-45a3-85A2-752F77312F32}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\u4ffxtbr@Guffins.com: C:\Program Files (x86)\Guffins\bar\1.bin [2011/10/24 22:52:12 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\CoIEPlg.dll (Symantec Corporation)
O3:64bit: - HKU\S-1-5-21-3172863894-2395903967-2637854924-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtkOSD] C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKU\.DEFAULT..\Run: [Svc2dll] C:\Windows\SysWOW64\config\systemprofile\AppData\Local\svcxdcl32.exe ()
O4 - HKU\S-1-5-18..\Run: [Svc2dll] C:\Windows\SysWOW64\config\systemprofile\AppData\Local\svcxdcl32.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3172863894-2395903967-2637854924-1000..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_37)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.180.42.68 208.180.42.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5F84E90B-B1ED-4E4E-8812-BE62672D74D7}: DhcpNameServer = 208.180.42.68 208.180.42.100
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/10/18 07:23:02 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2013/10/18 07:21:24 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Deborah\Desktop\OTL.exe
[2013/10/18 07:18:24 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2013/10/17 18:06:10 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013/10/17 08:55:03 | 001,954,124 | ---- | C] (Farbar) -- C:\FRST64.exe
[2013/10/15 22:49:01 | 000,000,000 | -HSD | C] -- C:\$$PendingFiles
[2013/10/15 22:23:38 | 000,000,000 | ---D | C] -- C:\FRST
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/10/18 07:21:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Deborah\Desktop\OTL.exe
[2013/10/18 07:21:07 | 000,662,760 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/10/18 07:21:07 | 000,120,162 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/10/18 07:21:07 | 000,005,396 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/10/18 07:19:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/18 07:16:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/17 18:15:49 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/17 18:15:49 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/17 18:07:32 | 2361,593,856 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/17 17:11:41 | 470,026,646 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/10/17 16:57:38 | 000,351,485 | ---- | M] () -- C:\tdsskiller.zip.zip
[2013/10/15 20:28:46 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1ceca0fed0d75e.job
[2013/10/02 09:47:30 | 001,954,124 | ---- | M] (Farbar) -- C:\FRST64.exe
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/10/17 17:32:59 | 000,351,485 | ---- | C] () -- C:\tdsskiller.zip.zip
[2013/10/15 20:28:46 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1ceca0fed0d75e.job

========== ZeroAccess Check ==========

[2013/05/29 14:39:32 | 000,002,048 | -HS- | M] () -- C:\$Recycle.Bin\S-1-5-18\$e014aa789f6512053d27cce98cac3927\@
[2013/05/29 14:39:28 | 000,042,496 | -HS- | M] () -- C:\$Recycle.Bin\S-1-5-18\$e014aa789f6512053d27cce98cac3927\n
[2013/05/29 14:39:28 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin\S-1-5-18\$e014aa789f6512053d27cce98cac3927\L
[2013/05/29 14:39:28 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin\S-1-5-18\$e014aa789f6512053d27cce98cac3927\U
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 20:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/11/24 19:30:00 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\Need for Speed World
[2010/12/26 00:08:30 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\PictureMover
[2012/11/24 21:32:25 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\SoftGrid Client
[2011/03/13 22:46:50 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\TP
[2011/07/15 01:42:53 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



< End of report >
palii
Regular Member
 
Posts: 37
Joined: October 15th, 2013, 1:31 am

Re: Virus dealing with requesting money

Unread postby palii » October 18th, 2013, 11:17 am

Here is Extras.txt

The file is to long to post, so I will break it up

OTL Extras logfile created on: 10/18/2013 7:26:01 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Deborah\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.93 Gb Total Physical Memory | 1.27 Gb Available Physical Memory | 43.28% Memory free
5.86 Gb Paging File | 4.02 Gb Available in Paging File | 68.52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.49 Gb Total Space | 205.47 Gb Free Space | 72.48% Space Free | Partition Type: NTFS
Drive D: | 14.31 Gb Total Space | 2.36 Gb Free Space | 16.50% Space Free | Partition Type: NTFS
Drive E: | 99.34 Mb Total Space | 95.41 Mb Free Space | 96.05% Space Free | Partition Type: FAT32
Drive G: | 983.72 Mb Total Space | 429.20 Mb Free Space | 43.63% Space Free | Partition Type: FAT

Computer Name: DEBORAH-PC | User Name: Deborah | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E92D0F0-222A-4CB6-9B33-42AE951FAFBE}" = lport=2869 | protocol=6 | dir=in | app=system |
"{291CED68-F1D2-48C6-8DE6-A0B7D526C7E5}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{623EFC25-19E0-4C41-8840-D824B238949A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{CAB3403B-4189-4AE9-8751-58BA225A7617}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{D378C1DB-B67A-4782-9466-A0FF927591E4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0047701C-D208-46B4-97A5-FA54F90A6C86}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{00A160D1-3BFA-488F-9D09-BC77800AB086}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{00FB084D-DC67-42D4-98BD-7075777A8170}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{010C50F7-D5CC-48A1-9D1A-7B7B1899A331}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{02A09A79-0008-4EC9-BB66-DB542EFB3C16}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{030B3777-3908-4E08-8154-FC72778C643F}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{03475BA0-AB7D-4B35-83A5-CB821AADE0B3}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{038F4120-2366-41D4-ACAA-390EB8535686}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{03D0B2DA-2526-4322-BCF3-DE82BE58401F}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{03F51FB0-B5DD-4882-B684-24BCC52FA67D}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{046B50CF-FC70-4C89-B78B-FDC7B8C2F188}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{04944E30-E48A-4BB7-BCDF-30541D4095FD}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{04B1595C-A359-4C25-8120-CAE3E61EAD09}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{04B71ADC-B54E-4E5E-BE5B-2643A0DF3E3A}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{04E3440C-38DE-46FB-AE88-55F3132FFD73}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{052552B0-0B3A-4A7C-8B7A-D3A7FF1CC38D}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{056EDB1A-0309-4694-A0C1-DD3A60A3E952}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{06135A70-E6DE-49EC-B385-BFC9D2269649}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{062AF479-020F-4F3E-9AE3-C2B897FAA0EC}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{065C0D27-6751-4181-98D1-A380CA2C4780}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{06715693-83DF-4621-B0BA-1051F2CC506B}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{086B59B1-ED1E-4366-BB8A-5F280F874F1C}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{09E61784-016F-4F38-8E0F-B96C7F3D6730}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{0A282799-6048-4613-987C-F439D14C3D61}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{0AD21321-3437-4523-8BEC-58A2A8897094}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{0AE276C9-737B-4699-867E-FD84D098B559}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{0AF7A458-3325-4602-A980-F8681574F630}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{0B0D0E01-6524-484E-B1D7-0F21E2C84BA6}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{0B5EA4FC-AD0E-4A1A-8D89-AAEE43B6275C}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{0C921D8B-1840-4FA7-B2EE-B379C519EA2E}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{0CA48753-659E-4633-91B0-1B53F20A4372}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{0CB80408-C640-42D5-BD3C-4CF6BF78D40A}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{0CE70644-9011-48AE-B441-BA3127916C63}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{0D43008B-B345-49C7-BE1C-386D75DBB555}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{0D92C537-FA3D-4A0C-AEE8-968C09064BA7}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{0E027C77-10AB-4539-BBB1-97A9BB988299}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{0E5509E7-3CC9-4BC0-A91D-EE41431CB730}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{0E752F75-5CA1-47AE-8C5D-8C609438C51A}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{0EB1A5AE-C884-4C2F-AA92-C1AAFE2FAEC3}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{0EB60F1F-7B6B-4F1D-A512-FA18DF5DC019}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{0EEE69FA-1DE1-445E-9005-3534D91B97D4}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{0EF802B6-4AEF-448B-A2CA-88FA69EE585B}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{0F12B256-3498-4B3A-84DE-CCD2808C418F}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{0F48012C-4134-4B71-B061-FD04CA209F55}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{0FDD5CEE-369E-407C-A798-0283F8C196E3}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{0FEE9308-38A8-440B-8D34-BCB2E464F1DF}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{107D0D56-4DA8-4AC6-8827-77DDBFC07F1C}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{10A2F5F8-6D1A-49DD-92FD-DB5A8B0A7889}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{11205D2E-5D27-4D79-906A-EA3331511A5B}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{119234C6-3233-4604-A19D-1EFD4B2BE316}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{1236439E-613B-422B-A37F-76E86076ECA7}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{12851B86-C20A-4645-A7B4-B318A744A77C}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{132B8B70-64EB-48CD-B144-9C84A45F6149}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{13D81233-EE8C-469E-8C94-8F88A4385082}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{1511B7F9-1288-44C4-AD93-E4C59CF42016}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{15192B2C-CE23-44AC-A490-E705D41BFB89}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{152F4C6B-C0B5-4FDB-8858-2C2DAC5803EF}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{1591D568-517C-4160-881E-20B6E92AD22A}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{15C01309-E2E3-4BCE-9F16-EFC5219F1931}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{1626DE59-910C-41BA-A9A8-9CE9D9CF8AD6}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{16404748-47CA-4261-AF93-FE68E21353FA}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{169B6EE6-B22C-4035-8489-9BB7DD93CFE3}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{16E6EBD1-A0BE-4F0F-BBE6-8652994FB8C5}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{174F42A5-FF63-4144-939C-3BEB2EF89A02}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{176EF680-78DB-47D3-8E45-65E9496FCB27}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{17A02F14-5B60-4BCF-9F67-B7F5996DF9C7}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{1801F1E5-8AF1-40DE-9C50-7D3E1AC8C0C8}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{18A3F1AC-E10D-484D-9A98-9A1082D986FA}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{18AD0C4D-18D9-4F51-87B7-2EB67465B67D}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{18FE3A7A-4A6C-450A-8D8E-E2DA18ABB73D}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{192344A6-ACCD-4DD6-9027-99A648EB60A0}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{198A38A1-FEC4-4426-AAFB-8C86C17199D4}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{19A6F576-E1B2-4724-8052-66E614C7D8D0}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{1A464AA5-24D8-43FA-A772-DAD58F9FFBAD}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{1AB3DD18-4397-4DE6-8337-5C986E5841FF}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{1B2845DF-14CA-42A5-A6E6-4ADFA43E8BEE}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{1B5D2316-31D5-4543-BAED-B275E78311B9}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{1B860A3D-5B6D-46C4-81C0-455B37C2B9AB}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{1C97CF0C-C9E4-4A1A-B3E4-65AF3A16589D}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{1E3FCB12-EFA2-417A-BB84-45AEC2DA436B}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{1E40BEC1-6BA3-44D4-B430-1FEAFC4740DE}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{1EACDA19-34CC-47D1-81B7-B6B2A0302191}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{1EE71EE8-E22C-4FBF-848F-309874794AF2}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{1F2A8B47-9FB6-4AA2-AA00-B9A5D3402446}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{1F41B12B-C533-400C-ABF3-5F4005F3EA54}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{1F5F70AA-109B-492E-988D-B2512F98ED54}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{1F63DF4F-34B4-4F1F-AEDD-ADA3E54B4B01}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{1FF0ABDB-950F-47C1-833B-22C2C53004C7}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{20BD36B3-E33D-4F67-9E07-14ABFB8ACE09}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{2238B99C-CE67-49E4-9EF4-C1E4B6AD44D8}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{22E56C98-FF43-4148-BDFA-457346A7D4F5}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{23703156-04AD-4FE2-ABE2-C7CECDEEB8AB}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{23E2963F-1E68-4EE5-A4ED-37D4DB7B5376}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{2489361D-E140-4A93-A79E-D423CB0EBC55}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{24C31BED-DDEB-40BE-B4BA-675329F7546D}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{25369357-41F5-4923-BADD-56D013CFF6EC}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{25E820BF-8232-4E40-83ED-FB2B4FD81C84}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{25F66CB6-8CB8-46B4-809A-2DD314345A45}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{263CB51B-7D15-47A2-9086-034F2F68D126}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{2656EEE8-774A-44BA-8F7D-A4E189720765}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{26BDFBA9-01C6-4B13-BFB7-92072174D87C}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{26C8607C-2B3A-4C8D-846F-8F16B359F105}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{271FE891-5562-4842-8AFE-39DE9FDC1749}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{276184EC-05CD-4048-93AC-9916A06A919B}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{281D47AC-8FAA-4FFE-B5E5-A773169D3A7E}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{288B8535-F174-4B88-B8BF-548F89BC2E10}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{289D8892-5CCC-4399-904A-5220D697C5B9}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{28B2E58C-E3FC-4A6E-A854-AE6F82A42419}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{28D11AEF-2CA5-4954-8E80-A302840DE526}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"{296E85C6-1793-4AC9-878F-0D3B71610FFD}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{297CBB9A-3B64-435C-983B-3EB0EC479D32}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{299AB570-6761-4BAA-9E2E-009A68C81A95}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{29A108E9-FCF9-465C-9C52-0955339508EC}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{29F51C46-8D58-489E-B85F-679C447C31B8}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{2B12CEF2-47D2-455D-B026-0A7FE31F58E2}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{2BDD42E5-8B77-4463-BB0E-4F60C2E05D57}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{2C1E6058-C296-4137-B1FF-264F68FDB84C}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{2CA6B2E6-E4AC-4E5B-91CB-03F45C8D1D2E}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{2D266CF1-6158-48C9-A073-7E0609713460}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{2D32D2EF-8654-4444-86ED-02FC2B613A95}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{2DEFC19D-62A3-474D-9E7A-7F9291012B50}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{2E91CA1F-AF76-4CB5-BDA6-788FE127C4A1}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{2F707A74-27BA-41C1-9D76-822572636E89}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{309E3B31-7807-4CC2-B672-7CD869A70067}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{3106BDF0-EE15-420D-B9E9-A73C99974EC3}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{314B0DC0-0D75-4D8A-8426-7DFB21010CFC}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{316FDC4B-BD38-418D-9250-B47CCF0913D1}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{32C1ACD0-899E-48C7-9094-E4CF3D268379}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{330A331C-ADD1-4E15-BE74-BEF13810AAF5}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{334F101B-7C37-4BF2-8307-B8F792AB7939}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{34DC3A39-4F10-4624-B8D0-EEFAD871E90E}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{34E75749-EB37-45FA-91C7-E9619F6359E5}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{362192A2-ADF0-476D-8E64-C5DEF09FC345}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{3631F3E1-3E0F-447F-93EF-4708FEDAB6F4}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{36513C35-9668-4A7C-87D7-A8C48F458B2B}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{37B3E5C7-78B6-4B8A-BB43-CA9F795FFD3F}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{37B8FE4A-3E84-4240-A9D5-1E4A7ADA6E78}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{385A1F07-8EB1-463C-BF6F-37E1879E4C1C}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{3898DFC0-882C-4DA6-8D2D-338315518840}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{396031C7-C567-46A3-B4E7-6426A4C3D6AB}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{399D0D9A-440B-4989-BBB7-B9684F5967CC}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{3A004C12-C123-4060-83F2-21FCC5CE4BEE}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{3A36C8D4-1D9E-4954-85EF-E5E73D6AEB93}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{3A84B7B5-0FCB-41B1-84FD-BF443CAD6F2D}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{3B8EA456-9267-47E8-ADF3-4FC46FEAC3C3}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{3BB9C435-4B42-45FB-80ED-DA2C039CFA06}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{3BC86A8B-D313-4841-9C16-62160BEE9D17}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{3C19AB35-80CA-482B-A92F-9E25B99277D6}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3C98B640-1FB0-4963-8FBD-8AADD97D96DA}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{3D1A1AC6-5248-4605-8E7B-89DF2A83FA6E}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{3D253AB0-D87E-4B70-83DF-E98C700C0EDD}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{3DC5A3E3-EADC-4FE3-8CCA-20DDBFE78204}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{3DD39195-623E-4187-9956-E3D66AA98C7B}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{3EB33BB1-D4FD-494A-9B61-E92059744DA0}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{3F36D841-A901-4680-B415-BD4428E9DF23}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{3F52EAE2-28BF-4520-BB6F-F57D373070F5}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{3F7972D1-7368-4415-BCA1-A924AB08673B}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{3FFE64CB-04C7-417F-8EFD-ACD2EFC108D4}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{4043807F-7EF6-4FB8-A348-3E9CF9C5E90C}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{4074FE9D-A632-4E72-9CC0-976BC9ED2201}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{4181633E-C34A-4964-B753-6D114148BCDA}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{41A808DA-59EA-4BC4-96D5-3BB3087316D4}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{41DD36D4-646D-4DBA-A5FE-CE8D5760EAAC}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{42022E91-5708-4399-AB45-E3777D33DAF1}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{42477F62-9EAF-4BD4-8E7D-E1FC51509392}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{44975240-6FEE-4BBA-B50D-AF0ED960DCC6}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{44C57F90-03CC-4E20-A6F2-7F05E9495C7F}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{45243879-3E00-4258-98CE-9EFA6E871D85}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{454D6A26-B8E9-49CB-841F-178E312463F1}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{45CEF55D-2850-434E-8A13-69C098D44D60}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{45D3EB47-8163-465F-B74F-E42ABFEAF7D0}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{460520A4-77E5-41AF-A3B4-BF0AA1369AE3}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{46C77F22-5228-4C1F-810E-133E22446582}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{474066ED-1E86-4F67-9788-1E1E54A31D0F}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{47BCCF4B-B016-4BFD-AB96-BF3782F6EAF5}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{47C83EFE-9C10-453F-B7B8-3ECAC148386A}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{482D36AE-C703-43A6-A073-49B903978982}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{48443715-2735-4A59-8363-A7A4082F4DF0}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{48988E31-2ECE-4F6F-98F6-ECE16F99A7EE}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{48B54C86-C743-4BB1-A20B-DB7EDD3AA010}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{4900E0F0-F647-4477-AB28-C610114B7E87}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{4A7A1FAC-37AA-4948-9A2F-830FF156AABB}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{4AB67434-4D36-48AA-B6FE-EFD333FC9E1E}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{4B5EA855-8D6A-401A-9A18-BF31680FD8FA}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{4B89B19F-74A6-498C-B36E-52A5E1073961}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{4BCB7CAB-F8D8-4B93-9BD8-C4A26EF5043F}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{4D22B8E5-FA16-44D3-A51B-3391E38B0F2F}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{4D2D7156-2058-4EDB-A55D-A447ACE1756F}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{4E679B7C-5C71-42AE-A468-5C56FE2AB5E1}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{4E6DCCC8-EFFE-48C2-9FD1-22445AF79473}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{4ED1224B-E348-4385-BD5E-E81AA833E953}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{512BB191-37C9-494F-9E6F-4E4D767FBEA2}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{5161F2C3-ACDA-4A02-94C9-813C1164B257}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{516AD636-2CEA-4C0C-90F6-CCAE109360C9}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpdevicedetection3.exe |
"{51C33550-3751-471F-B619-5C1C67849119}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{51CD67BE-BA03-4DDA-8A70-A02522D03FBF}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{521ADFF2-FD35-4D72-92F7-EFA187342DA4}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{52651DAF-A0A4-4947-9665-9154368F48A2}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{527B5A95-662C-4C42-A55F-2235CEFEB3C8}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{52B0C7D7-D737-44F7-9BC6-AD06C9197F68}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{52B14AEC-DE0F-4C55-B7CD-1AC1DF5C1719}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{5341447D-9F45-4FCB-85FE-71D49C3B1DE1}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{535803C5-0426-40A1-8969-3A82DBE8E6A0}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{53BA69BF-30AF-40E0-AA59-810953752A1E}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{54BE2723-7909-49BA-AE5D-C9411403F161}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{55465E80-F961-4A39-BD21-9CD892B37501}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{564E800D-921A-48E1-B5B0-DE42E6A1CC8D}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{56957AA5-FE91-4A30-90D6-72BD0C23D63B}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{574E5908-0D28-4146-AD43-F4697FE4E8FD}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{579CF4FF-66D3-4E60-B497-328C35AA35EF}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{5812BA26-653A-4483-B882-B071C29DBE71}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{59385455-5D66-476C-BD7C-4ABFCBAA6E3D}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{59F7CEBF-D16B-4E68-A377-0968B506EF70}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{59FAB36B-BC3F-4FAE-BD81-09474AFFA493}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{5A2215E1-75BF-4623-AD02-2272EFBEDC4A}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{5AB52E26-B29C-408C-ACBC-DC6D1A866ED7}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{5B1D8FAC-A202-478B-978C-45DC9DD810A5}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{5C727479-2EC0-4FE7-AF35-4FF9D129B2E4}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{5C8FD729-6435-4A00-A2B8-DE8E480FF45E}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{5D2F80A9-3015-4BDD-A51A-EEB44AA3A070}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{5D5AE7A9-280C-4905-8F32-9029629D833E}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{5D761DAB-E096-41F3-9031-DBAB59C258B2}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{5E0A9345-3460-4D7A-8F1A-3374EAFCDCE8}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{608D9BC8-9BE3-49A3-B531-B77D924FA60B}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{60B76175-C57C-4EC8-A9CE-5731B71FA79D}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{61324BBB-B464-4F84-A613-0327B9A6A502}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{61986B62-6266-4525-9358-F11611EF85DA}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{622BF12A-458F-4CB6-86BF-547E3867FA83}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{6273398C-B61B-4FAD-9F66-E7B63006DE76}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{62C03B78-A950-4F2F-A54E-C72B0E7CAC3E}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{62F0FE3C-5BD4-44FB-AC31-272B2D1A2012}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{630BC89D-8174-4E03-84BA-88F2890063CB}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{63AF21FE-0D19-43B0-8ADC-AE4006B08934}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{63F6AB38-9FAE-4DDB-BE6E-00F2772020F8}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{6540F5E6-E593-48D4-A02B-C6597C0B24AD}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{658CA75A-BF2C-4D58-9258-E6A93D4D809A}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{65C8BCF2-84D4-4716-894F-ADB55FECE1DC}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{6616C30D-1EA1-49AC-AAAA-ACC394541902}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{66AF260C-44BC-46CA-8794-47024CF471FE}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{682BB066-0355-40B2-B1F0-C0D40168CFA9}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{686D7700-A00C-4664-AE83-B5E53FB39562}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{689DDB1E-8C7C-461D-A54D-259568FCC92C}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{68D5F2FD-B98C-4A92-B1E9-B51524987912}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{68FA4064-8B49-4698-870B-B8C6F3316241}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{690D23AD-9F03-4467-BBD4-75C1DA08B479}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{69166F5A-ADA9-4178-AC7C-BFF6E5F71B50}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{6A09337C-A6AA-4F91-9F34-480207A6DEF8}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{6A37AD05-9A4C-4923-8530-99B5CEA4A4FD}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{6AED6822-AFD1-49A7-B1D4-F276B493D391}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{6B1096DD-00DC-43E0-B384-597454E2FA81}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{6B58EF73-35C7-4AE1-BF8B-A7199A41FD66}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{6BEB22D6-EF11-4CEA-9E4B-EFFCDB097564}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{6C945000-A23C-4996-97B3-948A68F8B08E}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{6D69DCC0-33EE-4DEF-B078-E465008DD1FA}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{6E668463-D380-4E4F-9242-7931A6B0A794}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{6E97FCCE-D718-4D40-BFA1-D899CC82EC5F}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{6EEFE0E2-BB97-44CE-BEA5-4977F0E39738}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{6FBAB8EF-E902-4BD9-94AC-CC8844A1B7BE}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{7071C426-5A44-41BF-AB4B-AED3960655C9}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{70A022DF-8E20-48DE-B788-F51CAA9A1D3C}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{70EE258E-E06F-4A30-BD5D-68AFF6EEA7F9}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{718A48A3-3885-4999-AAB8-847575CE168A}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{71A96702-CE6F-481A-9298-9DFD6E62FC7D}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{71A9A0A1-169A-40CB-9FE9-F3292685C92B}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{71F4A130-32A7-4E70-9DDE-AD34131A6137}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{724F6A13-DD93-48E3-9A5E-45A42CF3702A}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{72590D08-0794-409A-BD47-E839D9583895}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{7294D681-73F9-4DFB-98DC-6FD43AFE1E80}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{72F6A9F4-0CFB-477C-9016-52D73C7063C6}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{738069D3-0294-4B61-8614-AA8A925AA0E0}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{73918D3B-351F-4F1E-8517-45AEDCAD6EC9}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{73DA14ED-AB52-4EC2-86A5-E4E892BF57D8}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{73F4692F-EA82-46B9-B493-0D8A90EEE254}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{740FCB78-B21B-40B2-B0CC-3DE93F765B05}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{741D0AB7-BC92-4D28-A929-6AB83808EE29}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{7434D5BF-56F7-4A34-881C-91DE60D4AF79}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{745F5672-282F-4D5C-B84F-D2E440259AAA}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{752EF72D-9E47-4A85-BEEA-4FE71743F95F}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{7533D614-6F0E-4EB4-B401-A15F63348701}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{75EBCE98-79B0-4113-B859-4908F77A3A5E}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{7600087E-A1A0-4474-8985-71E0D2F642FD}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{7600904D-D2EC-40EA-B751-4EC09A85E390}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{76BE78D7-6659-4C12-8C85-D8F4D1C26195}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{770A28FF-A86E-4981-858A-4ACF7F6FDA9D}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{7829C452-B77E-4D9A-BF94-B93B54E147FD}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{78321702-F775-4562-809E-BA08A6CB286E}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{788EF519-88B1-4B4E-8730-6B819F389986}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{7891C8FF-96E1-443C-9029-66684204ADC8}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{78A71DAD-A26B-4C59-8B5C-8163DAD40922}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{78E31205-2D07-4529-A3EB-86DB25B4234A}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{7A1F2F67-95CD-422E-8F85-0C2E62EE58DE}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{7AD453AF-9865-486C-82C0-F3801EC7CF8D}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{7AE19882-05F5-46A1-AE52-4B49561C4646}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{7AE8622F-5F2C-45A6-9826-AE0A3BF5D0B4}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{7B145BD0-A1A0-4885-A335-5640B025A4CE}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{7B41A9CD-819F-496D-9F91-B14ABD70A48B}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{7B545F34-ACD3-4D05-B1B5-D122CB924BB5}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{7BDDB880-66C6-44BF-9C5F-6DD731D31150}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{7F1ECCA7-CE3D-4906-B825-7F82620C637A}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{7F227895-A5B2-413B-AEDD-4E218043527C}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{7F3F83FA-176E-40E8-8E28-27B8B0382170}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{80B60081-BA2C-4706-A857-A388F5FA9B92}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{80F566CC-61FF-4A61-AA94-8640FC83C3B0}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{8244DB28-B523-4AE2-85E2-38BD66C11D45}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{8266FB60-8A3E-496D-9370-098FAFC462B9}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{82991FA0-3031-4A32-B9BE-AC179CEC28C0}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{83E97D0C-B702-4341-9C20-CB0275431B26}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{840CF9CC-DD83-44A9-9116-5CD8C4999CCD}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{844C6FC3-D39B-4F59-A053-7BE75820208F}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{84EC615C-ECBA-4824-917F-50D3BAABE1C7}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{85CEFA67-0A55-4906-915C-398705F1C473}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{87558345-BD9F-426D-905F-6B85373442BE}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{876A6202-6543-457B-982B-9734C2D6CDE1}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{88DAF6CA-9BE0-494D-BE69-1F3E0D5607EB}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{89F57A46-A6C2-4B44-9115-25809460B44E}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{8B085002-C665-45D0-9721-8DA487E3FF5D}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{8C15C5B7-600E-4713-950D-51BDBCC04FBD}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{8C5BA63D-94B8-43B6-B393-391395326AEE}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{8CB14746-0539-46E6-86C2-F23D9CEB82AE}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{8CD0A7DF-9B51-4233-81F2-BD485755E172}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{8D7E3EBD-BAA5-400D-AA1D-C9D544D65452}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{8DA487D5-659C-46EE-BC1F-3574ED406CCC}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{8E7CBF4A-0D56-403B-BAE9-75210DFA4C9A}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{8ED771FD-8189-4970-A937-99C3D496781B}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{8EFDEB9A-9951-493E-B53E-55505BAF8110}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{8F139EC8-CB6A-4639-B4B7-83169E9E4ECB}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{8F49F5D3-68F5-4313-8CAC-DA5C2FD1AA00}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{8F6C735E-A0F2-4555-B19B-D490644ABFF9}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{90175B80-3FFA-40A8-9127-BD3666D0BEC9}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{90B6E4F2-5BCA-4042-9399-95D8991AD792}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{9118753E-F5C0-4F75-BC8C-79797B46D9E9}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{91B3549D-B550-4F96-9EA0-695D2E74F4C6}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{9204E4E9-0C83-4464-89C1-1F0FA92DC6C1}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{93A07ED3-7599-4B0E-9BEC-6A4F2ACD51CA}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{947B8363-461A-4954-A885-60D4F176A2BF}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{94B743C0-F40F-4DD8-824C-2C5BFFADFB3A}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{9503CD6D-1C7E-44CD-8392-B7C6D709830B}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{9533A959-9AE6-480B-9277-CF3D68E11254}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{961FD713-99E5-4207-9D94-BEEAD2228CD3}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{96782F52-4E61-47AF-87B0-3E9262E3BDC3}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{96DEEF1E-AC18-4336-B6E4-AC3D9F931C64}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{96E08AF1-FD33-4346-BA18-C61E21193BB8}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{979014BC-3BB1-4640-A417-7036D2701D52}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{97E6497F-1211-45C6-86A7-7CCB81A9EF37}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{9876DA84-8FDA-4755-943C-44E6F8BD8B33}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{99B9FFAF-2421-409F-94CE-B6EBB0B06E80}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{99D0F04F-AD39-4915-B675-B5B288ACC2F6}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{9A716C41-F526-42F9-970F-018488DC169B}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{9A72BE07-80FC-44D1-934C-626B2708F34D}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{9B4CDA15-A282-44C5-AC12-89E45169A2DA}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{9B879DB7-6AAC-485D-A4F8-E686C594B3B9}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{9C24EDB2-20C6-4929-A8A8-485C0C2C10F2}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{9C570F7A-504A-43A6-812B-24B315EF2D80}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{9C93263D-0720-4766-B6FB-875939C9DE55}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{9D5E9216-F7DB-4B1B-AF1B-8E081D9A2190}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{9E0DADEC-4D8C-462F-B166-57528682E411}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{9EB43D80-B65F-4F9F-A7F0-E9365921359C}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{9F9D2608-5BBC-4486-8DB5-DCB4E91FAC42}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |
"{A1039DFA-0AA4-4B37-B96B-078AEDE30D02}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{A149639D-33BC-498F-88F7-8F9D13FFB1AD}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{A1842FC8-D311-4598-BF4E-DD0AE077A6BA}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{A1F394FE-2F81-4A59-B5E8-3B85F727C47A}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{A2253EF8-0EA6-493C-ACF7-1151CBFC6F46}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{A299F033-85B0-4557-85E6-470301C367BA}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{A29BC2A8-9A90-4BE0-96FC-7546A018B644}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{A2EF58D9-C1B0-45D1-93C9-FD99E923E6F2}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{A2F6C830-C22C-4B05-8FBF-FC918F9C5B8B}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{A353DE79-21C3-4515-95F7-4DE2BED1CF60}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{A3EB74BB-45C0-474B-8945-3645310ACD83}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{A4C75296-9346-4EDD-AEC3-C1EC54FEF1FF}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{A5177827-F648-4A79-99E4-E3B3BB556039}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{A51DDF2A-E9B5-452E-B91A-8A5CA385D495}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{A5632432-7FEC-4B1F-A445-75BC9F11D4D7}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{A568132B-237D-4D19-A148-48A39FE38EF2}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{A59B1035-8B0C-41BD-A3EA-01F73845AA08}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{A5B2E7CD-F4C3-4390-93DA-F9710783E532}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"{A5F84AE9-A78F-4029-B908-EB3E78DD5A27}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{A68877F8-7E0B-4027-8633-F605B6D8B847}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{A6A9193B-E873-4F9A-AC2A-7D6593903BEB}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{A75E7F9B-CBEB-4A4A-97B7-87D0A01FB046}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{A781EF12-712F-4853-826A-A806386746C4}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{A78A064A-C6CD-4C5D-B718-DC2AF9542780}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{A8422F7D-8279-43F8-8C85-04429A435494}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{AAA0C03C-6216-495C-889A-BD200CAE1923}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{AB034FE1-B458-4469-9F87-41251F9B46C3}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{AB6E204B-9BDB-403A-B540-61DFBA2457BA}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{ABB4AA54-A265-41BA-9601-7183C749514F}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{AD83823A-2387-4676-9219-206DD5F9C977}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{AE49593C-9114-43ED-879F-1BB6BB01B77D}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{AEF04F6D-73D0-48DD-AF36-268165AC5FF5}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{AF16A640-9EFF-4470-91D9-82F81A71FE1F}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{AF188F49-1EA3-4417-B9C9-5902CBDF301A}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{AF4C48C8-67F6-40E3-BB04-B953E7572E1E}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{AF64EABC-57A0-4F37-972C-D03B4F0DF39B}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{B02D64E2-7E96-4150-BC9B-18122319B479}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{B073C925-A33D-4640-9A75-9D5244E57857}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{B110D1F8-BE65-49EA-94BB-49F4004D2699}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{B1721127-0661-4E77-AEF2-7935F4199FCD}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{B1A33495-D974-42CB-AA1F-AE1A319A8E71}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{B1CF7B6F-1738-423F-8C8F-8110E00713F5}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{B2458027-9284-4D5E-B83E-5E60EC9E88B6}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{B2AF944D-D41B-49FE-A213-7E05BF3230E0}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{B2BE327F-19D2-4605-B8C9-1CC5737F0F0C}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{B31B8C46-4E0D-4764-9360-E2269AAD64C8}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{B3FEF8F6-4623-4B01-B260-3D678A3FE89F}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{B54E1210-1BA0-4B97-A087-CA06574F9B9D}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{B56893EE-8CF2-4BB4-BA1F-2337C4BFB940}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd8\powerdvd8.exe |
"{B5B38ED1-65F3-432A-8542-5EC08749C8EB}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{B5BA59EE-52AD-4128-AF2A-DF5DAEE35190}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{B61B99D0-DDF6-4FAB-96E4-50EDD7F3D7D5}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{B6637DD7-4A36-4243-8D82-2B34AE0D814B}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{B6E67012-0DC0-4302-B236-5BAA8EEAB7F3}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{B7322A27-5A00-4BC4-A5C1-51FBBE0AA1FC}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{B7C6EBA9-7647-416B-8216-AFA4AB0AE3C5}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{B7F87E10-A726-46B5-9B53-EB3CD4984E6A}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{B8A2E225-7383-4F1F-BD9E-97A46082E11C}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{B953FBF9-04EE-48C5-A27E-EC39B6C29E6F}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{B96F1AC4-76AC-4559-B8E4-3AEB1773ADB6}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{B9D2777B-98AF-469D-8E58-E0A5A2880E98}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{BA0DD0A8-3422-4F11-B227-69D49B4452CE}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{BA21ABBE-12CA-43B7-9AF9-D6669AEA75E0}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{BA5FA7A8-C12E-4B5F-B09C-44CF43D882E6}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{BA97FB2A-F779-4165-8C59-B78F5B7DA786}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{BAC32C9F-4715-4C23-9CFE-4F30AAC0FD7D}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{BACA7995-B982-4A75-A0A8-869048F13B33}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{BB5116C2-8DB2-433B-BE2A-5AE9855A7619}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{BB67B5A2-548D-4EAE-8E40-445B164F8BB3}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
palii
Regular Member
 
Posts: 37
Joined: October 15th, 2013, 1:31 am

Re: Virus dealing with requesting money

Unread postby palii » October 18th, 2013, 11:18 am

part 2 of extras.txt


-3023-4AA2-BAAA-D3B42A7FA450}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.e"{BB82D64F-49A6-491C-80A9-B634CE7495D7}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{BBB54E8D-8ABA-4B04-B0F1-FCFD81112D44}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{BD38D137xe |
"{BDA9CEF9-EAB9-4C3F-A4E0-F7FC04AB7098}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{BDFAAB7A-269C-44A5-B1C1-7D953C86392A}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{BE5BA03C-D54E-4BCF-8930-F8632D217A52}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{BF18525E-EA5C-4086-A72D-1F8F19361BC2}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{BF883270-D600-4080-B96A-057C48EC4C65}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{BF9C48EE-97DA-4C16-8E89-BDF122E0CD5E}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{C00A6B7A-3295-4787-A88B-CBAF09FDC077}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{C1829E1B-3F5A-4C3A-AA00-3B59FD116FF2}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{C183F299-6E68-4CC0-8986-C25E2B3B758B}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{C1DAC57E-B628-469A-A09A-6A0B42B8529B}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{C294DBD2-C8B3-4EE8-92E4-5DDF20CF6F0F}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |
"{C2DBDE34-141B-44DE-B0C7-3BDB4C161A2B}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{C302CFF2-18C5-4C41-8589-B1C1166BB5F3}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{C69842C9-56EF-4FEF-A584-2DDFB4463C0F}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{C772315D-0C6A-4289-9226-67C6AF573BFA}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{C84FFC84-8BBD-4624-A89F-0B4E6A6E0254}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{C88F80F3-3900-46BA-AF9A-FD633DC2C1E4}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{C8DCFA3A-F4E4-4B25-B906-1969368E08E4}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{C91F4959-971D-4D52-A92E-FBF96B06557E}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{CA74DFC8-A33F-4F2C-9B9F-9B636CC640A8}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{CB538AF2-656B-492E-86ED-A81F3AFD2CE6}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{CB9C5463-EE8C-4E62-87D9-F0C88CA21711}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{CBB53E5A-B3E5-40C5-9B1A-2B4007F1D6B8}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{CC807E3E-46E5-4518-B256-EAA167E37656}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{CD0D399B-74EB-4D9D-88DF-63047D1A3AF7}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{CD28D0E2-E376-42D1-88A0-0F4796A0D40D}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{CF8A7568-AD53-46DA-979C-C6CA1F6A5265}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{CFB5C408-2203-4438-B4E9-2224F34F27E4}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{D21F6FA1-34F1-4F25-8A39-4E9EFBE944C4}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{D2758ED6-6806-4496-97C2-02611DAF4F49}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{D27C404E-3379-49EB-87BA-1340F7F04BC3}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{D346E5CE-780B-4A1E-9545-AA3EDE395012}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{D4E32AAB-6D25-48D9-9DCD-59FE1E36B47E}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{D5B699CC-65AB-411B-B98B-672F698E9A42}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{D6DE1173-7384-431B-9F0C-E4ACA1FA0857}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{D6E1704E-C48A-4AA0-A106-6B671D32D305}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{D6EB49BE-EF8B-4402-BE8D-A14CE8568962}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{D720A896-77BB-43AA-8383-7DC3542292D5}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{D7327A87-5396-45D0-89A9-5937BDCDFCEA}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{D7E64380-523D-4FC0-9E6E-94DA9296A737}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{D8DE7BAA-E00F-4186-A316-23D29FD06816}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{D94D6C81-9E64-47CC-ABD6-205F589B6297}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{D99AD3A5-631A-4864-8B7A-D812A4E1321A}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{DA3CBE97-F20A-4FBF-90E8-19A553BA5BFD}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{DA72E4DA-5253-42DE-B047-2AC5B2533C89}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{DA8202EB-1E6A-4761-B651-AFEEE6FFB09F}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{DABB8ABD-C84D-4138-844B-AA9B737A2D2A}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{DAFF8149-CC50-4372-93CE-78F825B9FF7D}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{DB38B64C-2B8E-4AEE-83B8-33092AB1764C}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{DB4971FE-7C30-429D-92CB-8DCA2726B393}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{DB506D54-1FEB-48BA-A248-A7581D856C1B}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{DC556663-4CDB-429E-AAD0-2DD4EC4B886D}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{DD1AD485-02A7-46C7-BEB7-F490FFF5D196}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{DDE0849F-E194-4A88-B525-C629C1DA8932}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{DE35009C-964A-48EB-9878-1DED996D1FAA}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{DF0D40C0-8FEF-4FAC-962B-A440A764B0A4}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{DF330ED3-8C16-4A52-B509-13715DED5500}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{DFA5403D-5CF1-4632-9A0C-EE335D603357}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{E0297E64-486E-4AFF-82E6-56FDAECF2BC3}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{E07FB6D7-0A90-4951-BC37-E7EA1F3C003B}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{E1026F1D-02A6-459D-9A46-F1DDE5446AE0}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{E11375EF-5384-48E4-893D-2E70865822DD}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{E1211B38-E6F1-4793-9BA6-B1701758E614}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{E198E9F1-97FE-4012-BCE0-CC5153308F28}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{E19CD74B-867F-4D2B-8B81-2F249FEA9DB9}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{E1EA5FF4-3D0C-43AE-BFC7-0A57F668B61B}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{E2472828-95DC-42FB-8330-C6088BB3F6B7}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{E2DED5A5-B6B0-42BF-9599-1EDBDF4522FD}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{E30719E0-DD93-4737-B322-49A20516E71A}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{E30F0A13-A26C-44D4-AC1A-20E305AC576B}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{E3BCB2D9-BA52-4B97-AA0E-FA10E2EFE9DE}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{E3C273D5-AB5F-4C19-927D-B3B29AB17F0E}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{E443721F-31E8-447A-87C0-E65D8233ED85}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{E473E287-80ED-4F0F-876B-4E7DEE1C92E6}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{E4C2FF72-8A09-4B48-A177-71DC956309BD}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{E522B736-795F-48EC-A9BA-CEF8634E35FE}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{E56980DD-1F5C-4A39-BA40-82BCE9CEE603}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{E579F71D-3C4B-43FD-9974-426AEA115EB1}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{E5A26FDA-322F-4924-B566-33EF9DEB978C}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{E5A341F4-6777-474C-907B-FE3F160C105C}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{E5EFD8B3-DEDC-4B39-9307-AC8FBA8CDA32}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{E75D6521-E2A9-4823-AE86-603DD89D32E0}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{E81B7F29-AE87-4181-8F6E-9BD73CA9F9E6}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{E8F3D2E4-4AF0-4716-8324-187B15F462F8}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{E929A8C8-6FA9-42C0-A865-187E9AAE6932}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{E92DD54A-F50A-4B3D-B2DA-9FA37E6B768D}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{EAC42958-4C4A-4F70-8909-144A11FD6034}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{EAFACED1-3C0E-4918-88C6-EA9A504EB27A}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{EB8454C1-66C9-457E-B20B-E3A6FD4BE59A}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{EB8522BD-865B-48A2-A086-42D1E20C3607}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{EB8F488D-7346-40E5-8F38-1D36307957C7}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{EC4E0B11-FE75-4694-95B9-196FCC6FF4B0}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{ED383813-6521-411C-AD8F-0A3E8B30DCD8}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{EDE6315F-6323-4EEF-AE81-6EF24647FF6F}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{EF08E781-4B2D-4CE4-90F5-09EB40982EB5}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{EFA27796-1CB4-45CF-A1BB-E56C67662C13}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{EFDBCE4E-50C9-40C8-94EE-2189EDEC5D72}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{F0542F97-2F6B-4F54-986B-895C1113B800}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{F0F2CE0B-A833-4B8B-8BEC-0AD76897DAE7}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F120826B-26D3-4E27-B0F5-92B308C28D88}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{F12BD8B8-E420-432C-9A08-C6BED014B277}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{F14555A8-A389-4C31-8992-A49F10DD1492}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{F15804CE-8881-4922-A8C2-0A0C8E373686}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{F1B339BD-9CAC-4F88-9062-743D06F11505}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{F1D7FE75-58BF-4D98-B140-8B7FD4994F7D}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{F267167D-D132-4BD6-B4F5-491F1C681F7A}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{F2C73B96-97B3-498C-8089-2EAFF1DD4AEA}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{F4415F2E-DE65-41AA-A903-B5471D118EF7}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{F4FE5AA1-FFEE-47C6-A9B5-4A51DFD0B347}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{F52507AD-8338-44B0-A0EB-FCBE613AE046}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{F537DE27-4A4B-4207-883C-D4D3BE1B24F7}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{F59806FF-6F2D-4600-8704-8D530C94EFC3}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{F5E6889F-38C9-45FE-93A1-428C076C5077}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{F6047158-8B6D-4431-93DB-E771D1D83232}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{F61D4594-2CCD-4353-B280-0A42CADC2F56}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{F6359129-0824-483A-9DA6-A74215C97200}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{F675325D-4283-43F2-BEB2-3F88EFA53519}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{F79AD6C4-AAB7-47C1-8866-D5DBB7478844}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{F7A6B17E-E5ED-4D0B-8D7D-317689455421}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{F7FA62FD-DBE5-4404-B41F-A15C42919938}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{F801B4A0-4DD1-49D1-AF83-041C12E7FF8D}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{F879CAD5-EC16-4BF1-B554-6F793FA5A139}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{F882BEFA-6708-4598-BF6F-008BDA4B7C78}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{F88D8852-B54A-487B-ABBE-A470CC79C5D3}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{F8987F76-8441-4EF5-83C9-C0CDD19AF118}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{F91279DF-4646-4CEC-BAB4-38CB25DAD3EB}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{F923C7D1-F3E2-48EE-B39E-EB86DC933081}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{F94BB87B-2F11-4C40-B566-1BFEE0DCE25B}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{F95B2816-1F9D-41A5-8442-7ADD0EE5860D}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{F9A3B2FC-FDBC-4533-B0FC-AA3A765BC28A}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{FA12BB52-D9F8-4B0D-84F3-EA0ABAC3ADA3}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{FACFAFD2-5BBB-4E36-8578-56808E3075B8}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{FB787A28-6228-4460-AFBA-9B60A571F06A}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{FB7FBDFD-9C90-451D-B892-B2C27A1CB0AA}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{FBA379DA-6F9B-4DD4-9F8C-326E1492C0A5}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{FC88D478-D2FC-4ADB-9EB8-964DAE3D3EC6}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{FCF14BCC-E6D9-4953-8980-7B03AA030F3C}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{FEB9EC23-33F3-4ED7-AAEC-CA57E39AE405}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{FF031253-A24E-4565-AE66-C8D8BE199E8C}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{FF2D669F-D558-4EC7-84CA-E2710A075855}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{FF2EB9B7-7FCA-434C-B4D9-A95C45404C4D}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"TCP Query User{053AD2DB-2019-4629-9F97-B2B57AC3F6E9}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe |
"TCP Query User{3E5CF42C-88D8-47EB-BB5B-3538CEDE31A9}C:\program files (x86)\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe |
"TCP Query User{8867CD6A-7848-4544-A86D-FD6500C27296}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe |
"TCP Query User{8CB88D6A-D905-4D08-8530-A37D907D79E7}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=6 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe |
"UDP Query User{33C8E09B-153B-446D-963E-2A66709FE79E}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=17 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe |
"UDP Query User{48C6A5AA-38E0-4A85-BA3D-DAD24E4F5375}C:\program files (x86)\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe |
"UDP Query User{DBDA26D0-3B05-4EFB-85CD-52F4446C3624}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe |
"UDP Query User{E241FCA3-268F-463C-9491-14035AF65197}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{091A0130-A82F-4A6D-9C61-3BBBB3289030}" = RtVOsd
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416017FF}" = Java(TM) 6 Update 17 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX 64" = Adobe Flash Player 10 ActiveX 64-bit
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B99A52F-A87D-470B-BBDC-1FE4B7B1EA8A}" = PlayOn
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{17B4760F-334B-475D-829F-1A3E94A6A4E6}" = HP Setup
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1896E712-2B3D-45eb-BCE9-542742A51032}" = PictureMover
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216037FF}" = Java(TM) 6 Update 37
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{47D7C9B8-BD44-4D2E-9040-E946477B2F9A}" = Microsoft Live Search Toolbar
"{49A143E9-4A6A-43E7-86B1-388194C79248}" = HP Smart Web Printing
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant
"{612AD33D-9824-4E87-8396-92374E91C4BB}_is1" = Inbox Toolbar
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}" = VoiceOver Kit
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{901F0D4C-009D-1112-8DE4-03599E7B0C5C}" = REALTEK Wireless LAN Software
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{97174E88-52F9-445A-A28E-704A45332D19}" = HP Software Framework
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}" = Wizard101
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.4.4 MUI
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{BC146E5F-A2B0-40DB-90E7-2833807E98DF}" = HP User Guides 0183
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}" = Adobe Shockwave Player
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE626616-D7C4-4F00-7E0B-EAF26FA65749}" = muvee Reveal
"{DF802C05-4660-418c-970C-B988ADB1D316}" = Microsoft Live Search Toolbar
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB58480C-0721-483C-B354-9D35A147999F}" = HP Quick Launch
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Guffinsbar Uninstall" = Guffins
"HP Smart Web Printing" = HP Smart Web Printing
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"My HP Game Console" = HP Game Console
"NIS" = Norton Internet Security
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"UnityWebPlayer" = Unity Web Player
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"World of Warcraft" = World of Warcraft
"WT082122" = Blackhawk Striker 2
"WT082124" = Blasterball 3
"WT082133" = Dora's Carnival Adventure
"WT082141" = FATE
"WT082168" = Penguins!
"WT082170" = Plants vs. Zombies
"WT082171" = Poker Superstars III
"WT082172" = Polar Bowler
"WT082173" = Polar Golfer
"WT082188" = Virtual Families
"WT082189" = Wheel of Fortune 2
"WT082192" = Bejeweled 2 Deluxe
"WT082200" = Chuzzle Deluxe
"WT082241" = Virtual Villagers - The Secret City
"WT082396" = Diner Dash 2 Restaurant Rescue
"WT082438" = Build-a-lot 2
"WT082442" = Faerie Solitaire
"WT082443" = Jewel Quest 3
"WT082456" = Mystery P.I. - The New York Fortune
"WT082463" = Zuma's Revenge
"WT082468" = Jewel Quest Solitaire 2
"WT083477" = Cake Mania
"WT083484" = Escape Rosecliff Island
"WT083491" = TextTwist 2

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"JNLP" = JNLP

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"JNLP" = JNLP

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3172863894-2395903967-2637854924-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{373B1718-8CC5-4567-8EE2-9033AD08A680}" = ROBLOX Player for Deborah
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 1/3/2013 6:58:37 PM | Computer Name = Deborah-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1280

Error - 1/4/2013 1:17:34 AM | Computer Name = Deborah-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 1/4/2013 1:17:34 AM | Computer Name = Deborah-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1404

Error - 1/4/2013 1:17:34 AM | Computer Name = Deborah-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1404

Error - 1/4/2013 1:17:35 AM | Computer Name = Deborah-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 1/4/2013 1:17:35 AM | Computer Name = Deborah-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2418

Error - 1/4/2013 1:17:35 AM | Computer Name = Deborah-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2418

Error - 1/4/2013 1:17:36 AM | Computer Name = Deborah-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 1/4/2013 1:17:36 AM | Computer Name = Deborah-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3432

Error - 1/4/2013 1:17:36 AM | Computer Name = Deborah-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3432

[ Hewlett-Packard Events ]
Error - 6/27/2012 2:39:40 PM | Computer Name = Deborah-PC | Source = HPSF.exe | ID = 4000
Description =

Error - 6/27/2012 2:39:40 PM | Computer Name = Deborah-PC | Source = HPSF.exe | ID = 4000
Description =

Error - 7/30/2012 12:49:22 AM | Computer Name = Deborah-PC | Source = HPSFMsgr.exe | ID = 2000
Description = HP Error ID: -2147467261 at HPSA_Messenger.MessengerPopUpWindow.AppTimerEndHandler()
Message:
Object reference not set to an instance of an object. StackTrace: at HPSA_Messenger.MessengerPopUpWindow.AppTimerEndHandler()
Source:
HPSFMsgr Name: HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: en-US RAM: 3002 Ram
Utilization: 40 TargetSite: Void AppTimerEndHandler()

Error - 8/8/2012 12:09:02 PM | Computer Name = Deborah-PC | Source = HPSF.exe | ID = 4000
Description =

Error - 9/15/2012 3:08:50 AM | Computer Name = Deborah-PC | Source = HPSF.exe | ID = 4000
Description =

Error - 9/28/2012 5:06:02 AM | Computer Name = Deborah-PC | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: Failed to perform update. StackTrace: at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager InnerException.Message:
Object '/376b4b01_ac9f_408e_afe5_6163f3e728a2/wuzjbcvqgqu7rdocsx4q9y2m_15.rem'
has been disconnected or does not exist at the server. Name: hpsa_service.exe Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 3002 Ram Utilization: 60 TargetSite: Void UpdateDetail(System.String)

Error - 9/28/2012 5:06:11 AM | Computer Name = Deborah-PC | Source = HPSF.exe | ID = 4000
Description =

Error - 11/29/2012 11:56:34 PM | Computer Name = Deborah-PC | Source = HPSF.exe | ID = 4000
Description =

Error - 12/11/2012 11:04:24 PM | Computer Name = Deborah-PC | Source = HPSF.exe | ID = 4000
Description =

Error - 12/11/2012 11:04:26 PM | Computer Name = Deborah-PC | Source = HPSF.exe | ID = 4000
Description =

[ System Events ]
Error - 10/17/2013 7:03:13 PM | Computer Name = Deborah-PC | Source = Service Control Manager | ID = 7034
Description = The User Profile Service service terminated unexpectedly. It has
done this 4 time(s).

Error - 10/17/2013 7:05:29 PM | Computer Name = Deborah-PC | Source = Service Control Manager | ID = 7034
Description = The Application Information service terminated unexpectedly. It has
done this 5 time(s).

Error - 10/17/2013 7:05:29 PM | Computer Name = Deborah-PC | Source = Service Control Manager | ID = 7034
Description = The Multimedia Class Scheduler service terminated unexpectedly. It
has done this 6 time(s).

Error - 10/17/2013 7:05:29 PM | Computer Name = Deborah-PC | Source = Service Control Manager | ID = 7034
Description = The User Profile Service service terminated unexpectedly. It has
done this 5 time(s).

Error - 10/17/2013 7:05:29 PM | Computer Name = Deborah-PC | Source = Service Control Manager | ID = 7034
Description = The Windows Management Instrumentation service terminated unexpectedly.
It has done this 5 time(s).

Error - 10/17/2013 7:06:19 PM | Computer Name = Deborah-PC | Source = Service Control Manager | ID = 7034
Description = The Windows Management Instrumentation service terminated unexpectedly.
It has done this 6 time(s).

Error - 10/17/2013 7:07:29 PM | Computer Name = Deborah-PC | Source = SRTSP | ID = 524292
Description = Error loading virus definitions.

Error - 10/17/2013 7:07:29 PM | Computer Name = Deborah-PC | Source = SRTSP | ID = 524293
Description = Error loading Symantec real time Anti-Virus driver.

Error - 10/17/2013 7:08:20 PM | Computer Name = Deborah-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SRTSP

Error - 10/18/2013 8:16:46 AM | Computer Name = Deborah-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Wlansvc service.


< End of report >
palii
Regular Member
 
Posts: 37
Joined: October 15th, 2013, 1:31 am

Re: Virus dealing with requesting money

Unread postby palii » October 18th, 2013, 11:26 am

Here is ESET.txt


C:\6741457.exe a variant of Win32/Kryptik.BAAT trojan
C:\$Recycle.Bin\S-1-5-18\$e014aa789f6512053d27cce98cac3927\n Win64/Sirefef.AR trojan
C:\$Recycle.Bin\S-1-5-21-3172863894-2395903967-2637854924-1000\$RYYKL5A.exe a variant of Win32/Kryptik.BGIK trojan
C:\FRST\Quarantine\0.944271476802374.exe a variant of Win32/Kryptik.QHP trojan
C:\FRST\Quarantine\ApnStub.exe a variant of Win32/Bundled.Toolbar.Ask application
C:\FRST\Quarantine\Guffins.exe a variant of Win32/AdInstaller application
C:\FRST\Quarantine\msiexec.exe a variant of Win32/Kryptik.QHP trojan
C:\FRST\Quarantine\skype.dat Win32/LockScreen.APR trojan
C:\FRST\Quarantine\w7e1944.tmp.exe probably unknown NewHeur_PE virus
C:\FRST\Quarantine\w7e95DA.tmp.exe probably unknown NewHeur_PE virus
C:\FRST\Quarantine\wow.dll Win32/Olmarik.AZB trojan
C:\FRST\Quarantine\wow64.dll Win64/Olmarik.AW trojan
C:\Program Files (x86)\Guffins\bar\1.bin\NPu4Stub.dll Win32/Toolbar.MyWebSearch.T application
C:\Program Files (x86)\Guffins\bar\1.bin\u4auxstb.dll Win32/Toolbar.MyWebSearch.W application
C:\Program Files (x86)\Guffins\bar\1.bin\u4bar.dll a variant of Win32/Toolbar.MyWebSearch.W application
C:\Program Files (x86)\Guffins\bar\1.bin\u4brmon.exe Win32/Toolbar.MyWebSearch.W application
C:\Program Files (x86)\Guffins\bar\1.bin\u4datact.dll a variant of Win32/Toolbar.MyWebSearch.A application
C:\Program Files (x86)\Guffins\bar\1.bin\u4html.dll probably a variant of Win32/Toolbar.MyWebSearch.F application
C:\Program Files (x86)\Guffins\bar\1.bin\u4htmlmu.dll probably a variant of Win32/Toolbar.MyWebSearch.B application
C:\Program Files (x86)\Guffins\bar\1.bin\u4ieovr.dll probably a variant of Win32/Toolbar.MyWebSearch.P application
C:\Program Files (x86)\Guffins\bar\1.bin\u4impipe.exe Win32/Toolbar.MyWebSearch.W application
C:\Program Files (x86)\Guffins\bar\1.bin\u4Plugin.dll a variant of Win32/Toolbar.MyWebSearch application
C:\Program Files (x86)\Guffins\bar\1.bin\u4skin.dll a variant of Win32/Toolbar.MyWebSearch.P application
C:\Program Files (x86)\Guffins\bar\1.bin\u4skplay.exe Win32/Toolbar.MyWebSearch.W application
C:\Users\Deborah\AppData\Local\Apple\AppleUpdate\Appleupdt32.dll probably a variant of Win32/Boaxxe.C trojan
C:\Users\Deborah\AppData\Local\Hewlett-Packard\Hewlett-PackardUpdate\Hewlett-Packardupdt32.dll probably a variant of Win32/Boaxxe.C trojan
C:\Users\Deborah\AppData\Local\{37E5EE49-A6B1-4F2B-AD27-62515171EAF9}\{37E5EE49-A6B1-4F2B-AD27-62515171EAF9}Update\{37E5EE49-A6B1-4F2B-AD27-62515171EAF9}updt32.dll probably a variant of Win32/Boaxxe.C trojan
C:\Users\Deborah\AppData\LocalLow\GuffinsEI\Installr\Cache\000A0905.exe a variant of Win32/Toolbar.MyWebSearch.O application
C:\Users\Deborah\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\7d358f61-619e667f a variant of Java/TrojanDownloader.OpenStream.NCM trojan
C:\Users\Deborah\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\58630b2b-59a0c1c2 Java/TrojanDownloader.OpenStream.NCM trojan
C:\Users\Deborah\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\5e44d8b8-6c18ea95 a variant of Java/Agent.DT trojan
C:\Windows\System32\srrstr.dll a variant of Win32/TrojanDownloader.Tracur.I trojan
C:\Windows\System32\config\systemprofile\AppData\Local\svcxdcl32.exe a variant of Win32/Kryptik.BAAT trojan
C:\Windows\SysWOW64\srrstr.dll a variant of Win32/TrojanDownloader.Tracur.I trojan
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\svcxdcl32.exe a variant of Win32/Kryptik.BAAT trojan
C:\Windows\Temp\jar_cache2790831757733536342.tmp Java/Exploit.Agent.OLM trojan
palii
Regular Member
 
Posts: 37
Joined: October 15th, 2013, 1:31 am

Re: Virus dealing with requesting money

Unread postby Gary R » October 18th, 2013, 6:05 pm

Please go to Control Panel > Programs > Uninstall a program and Uninstall the following:

Java(TM) 6 Update 17 (64-bit)
Java(TM) 6 Update 37


Old versions of Java can be exploited.

Reboot your computer when both are removed

To be honest, unless you have a specific need for Java I do not recommend people to install it. Very few sites these days use Java, yet almost everyone has it installed, mostly because they confuse it with Javascript, which almost all websites use, but which is not the same thing at all. Javascript interpreters are built in to all web browsers and there is no need to add a plug-in.

Next ...

  • Double click OTL.exe to launch the programme.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.
Code: Select all
:OTL
FF - HKLM\Software\MozillaPlugins\@Guffins.com/Plugin: C:\Program Files (x86)\Guffins\bar\1.bin\NPu4Stub.dll (MindSpark)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\u4ffxtbr@Guffins.com: C:\Program Files (x86)\Guffins\bar\1.bin [2011/10/24 22:52:12 | 000,000,000 | ---D | M]
O4 - HKU\.DEFAULT..\Run: [Svc2dll] C:\Windows\SysWOW64\config\systemprofile\AppData\Local\svcxdcl32.exe ()
O4 - HKU\S-1-5-18..\Run: [Svc2dll] C:\Windows\SysWOW64\config\systemprofile\AppData\Local\svcxdcl32.exe ()
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_37)

:Files
ipconfig /flushdns /c
C:\6741457.exe
C:\$Recycle.Bin\S-1-5-18\$e014aa789f6512053d27cce98cac3927\n 
C:\$Recycle.Bin\S-1-5-21-3172863894-2395903967-2637854924-1000\$RYYKL5A.exe
C:\Program Files (x86)\Guffins
C:\Users\Deborah\AppData\Local\Apple\AppleUpdate\Appleupdt32.dll
C:\Users\Deborah\AppData\Local\Hewlett-Packard\Hewlett-PackardUpdate\Hewlett-Packardupdt32.dll
C:\Users\Deborah\AppData\Local\{37E5EE49-A6B1-4F2B-AD27-62515171EAF9}\{37E5EE49-A6B1-4F2B-AD27-62515171EAF9}Update\{37E5EE49-A6B1-4F2B-AD27-62515171EAF9}updt32.dll
C:\Users\Deborah\AppData\LocalLow\GuffinsEI\Installr\Cache\000A0905.exe
C:\Users\Deborah\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\7d358f61-619e667f
C:\Users\Deborah\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\58630b2b-59a0c1c2
C:\Users\Deborah\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\5e44d8b8-6c18ea95
C:\Windows\System32\srrstr.dll
C:\Windows\System32\config\systemprofile\AppData\Local\svcxdcl32.exe
C:\Windows\SysWOW64\srrstr.dll
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\svcxdcl32.exe
C:\Windows\Temp\jar_cache2790831757733536342.tmp

:Commands
[emptytemp]
[resethosts]

  • Click the Run Fix button.
  • OTL will now process the instructions.
  • When finished a box will open asking you to open the fix log, click OK.
  • The fix log will open.
  • Copy/Paste the log in your next reply please.

Note: If necessary, OTL may re-boot your computer, or request that you do so, if it does, re-boot your computer. A log will be produced upon re-boot.

Please let me know how your daughter's computer is running now. Is she able to access her personal files and folders now ?
User avatar
Gary R
Administrator
Administrator
 
Posts: 21864
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Virus dealing with requesting money

Unread postby palii » October 18th, 2013, 7:26 pm

Hello Again across the Big Pond


Here is a list of what I did:

  • Deleted the following files as requested
    Java(TM) 6 Update 17 (64-bit)
    Java(TM) 6 Update 37
  • Ran OTL with the requested file
  • OTL reboot the system

I do have a question about Java as I keep getting a message that it wants to install. Is there a way to stop that update?

We were able to reboot this time without the BSOD. Windows at first started doing updates, but it did settle down and loaded the desktop. I am able to go to the computer and look at files, access the internet, and see what programs are loaded. A program keeps popping up stating that the 30 day trail period is over, but did not write it down.

Below is the report generated by OTL

All processes killed
Error: Unable to interpret <Code: Select all:OTL> in the current context!
Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@Guffins.com/Plugin: C:\Program Files (x86)\Guffins\bar\1.bin\NPu4Stub.dll (MindSpark)> in the current context!
Error: Unable to interpret <FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\u4ffxtbr@Guffins.com: C:\Program Files (x86)\Guffins\bar\1.bin [2011/10/24 22:52:12 | 000,000,000 | ---D | M]> in the current context!
Error: Unable to interpret <O4 - HKU\.DEFAULT..\Run: [Svc2dll] C:\Windows\SysWOW64\config\systemprofile\AppData\Local\svcxdcl32.exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\S-1-5-18..\Run: [Svc2dll] C:\Windows\SysWOW64\config\systemprofile\AppData\Local\svcxdcl32.exe ()> in the current context!
Error: Unable to interpret <O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)> in the current context!
Error: Unable to interpret <O16:64bit: - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)> in the current context!
Error: Unable to interpret <O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)> in the current context!
Error: Unable to interpret <O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_37)> in the current context!
Error: Unable to interpret <O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_37)> in the current context!
Error: Unable to interpret <O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_37)> in the current context!
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Deborah\Desktop\cmd.bat deleted successfully.
C:\Users\Deborah\Desktop\cmd.txt deleted successfully.
C:\6741457.exe moved successfully.
C:\$Recycle.Bin\S-1-5-18\$e014aa789f6512053d27cce98cac3927\n moved successfully.
C:\$Recycle.Bin\S-1-5-21-3172863894-2395903967-2637854924-1000\$RYYKL5A.exe moved successfully.
C:\Program Files (x86)\Guffins\bar\Settings folder moved successfully.
C:\Program Files (x86)\Guffins\bar\Message folder moved successfully.
C:\Program Files (x86)\Guffins\bar\IE9Mesg folder moved successfully.
C:\Program Files (x86)\Guffins\bar\1.bin\chrome folder moved successfully.
C:\Program Files (x86)\Guffins\bar\1.bin folder moved successfully.
C:\Program Files (x86)\Guffins\bar folder moved successfully.
C:\Program Files (x86)\Guffins folder moved successfully.
C:\Users\Deborah\AppData\Local\Apple\AppleUpdate\Appleupdt32.dll moved successfully.
C:\Users\Deborah\AppData\Local\Hewlett-Packard\Hewlett-PackardUpdate\Hewlett-Packardupdt32.dll moved successfully.
C:\Users\Deborah\AppData\Local\{37E5EE49-A6B1-4F2B-AD27-62515171EAF9}\{37E5EE49-A6B1-4F2B-AD27-62515171EAF9}Update\{37E5EE49-A6B1-4F2B-AD27-62515171EAF9}updt32.dll moved successfully.
C:\Users\Deborah\AppData\LocalLow\GuffinsEI\Installr\Cache\000A0905.exe moved successfully.
C:\Users\Deborah\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\7d358f61-619e667f moved successfully.
C:\Users\Deborah\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\58630b2b-59a0c1c2 moved successfully.
C:\Users\Deborah\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\5e44d8b8-6c18ea95 moved successfully.
C:\Windows\System32\srrstr.dll moved successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\svcxdcl32.exe moved successfully.
File\Folder C:\Windows\SysWOW64\srrstr.dll not found.
File\Folder C:\Windows\SysWOW64\config\systemprofile\AppData\Local\svcxdcl32.exe not found.
C:\Windows\Temp\jar_cache2790831757733536342.tmp moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Deborah
->Temp folder emptied: 258784562 bytes
->Temporary Internet Files folder emptied: 453081613 bytes
->Java cache emptied: 1356300 bytes
->Flash cache emptied: 581499 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1390322752 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 171630720 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 150966 bytes
RecycleBin emptied: 1444751 bytes

Total Files Cleaned = 2,172.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.69.0 log created on 10182013_173533

Files\Folders moved on Reboot...
C:\Users\Deborah\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Deborah\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VC5SD4O4\DroidSans[1].woff moved successfully.
C:\Users\Deborah\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UG6JSL8I\viewtopic[2].htm moved successfully.
C:\Users\Deborah\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MCWJS9T3\sh138[1].htm moved successfully.
C:\Users\Deborah\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Deborah\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YHR3UEZL\2F5.0%2520%2528compatible%253B%2520MSIE%25209.0%253B%2520Windows%2520NT%25206.1%253B%2520Win64%253B%2520x64%253B%2520Trident%252F5[1].htm not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YHR3UEZL\OlMqGxERHFVHDVlbFxkWal5VVV5TVTEDPB8cFB0cAksSRUIjCkhCWhBUKDEAExQAFQAIAAQSRWVcW0hbXBd9MVZFTElMUTBcFhgZa1AyQV1RGHBfPEFJQSteX14REA%3D%3D[1].htm not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YHR3UEZL\sz=728x90;u=xbAAXbk6olvi94Lon0ZVD7P_jrdjxa81-6dT7NEhQobPmCTArbjW1XdIQ4UwME5rRojvTloS4DsfmYj08jHLK3JgPdT8QVEAmSSQ;ord=$%7BXBID_ORD%7D[1].htm not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L1072XF3\enabled%22_%20%22true%22%7D%7D,%20%22type%22_%20%22custom%22,%20%22id%22_%20%22vcl-grab-list-block-healthywaytocook_jb-1%22%7D%7D%7D[1].js not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L1072XF3\m_source%3D65687978%26utm_medium%3Dcpc%26utm_campaign%3D65687978_578720_293524_114851_301_70001%26click%3D525e0b8f3176abdc04a7267b.3[1].htm not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7CFLCJTK\enabled%22_%20%22true%22%7D%7D,%20%22type%22_%20%22custom%22,%20%22id%22_%20%22vcl-grab-list-block-healthywaytocook_jb-2%22%7D%7D%7D[1].js not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7CFLCJTK\enabled%22_%20%22true%22%7D%7D,%20%22type%22_%20%22custom%22,%20%22id%22_%20%22vcl-grab-list-block-healthywaytocook_jb-4%22%7D%7D%7D[1].js not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5OC0NEVQ\%3Bk%3Bdcopt_unesc%3D1%3Bu%3DxbAAXbk6r-oZ6iwV2Khg8EZ9KCUz3vhRk6GqtESyV_JClS4P8R_H41KxY4DPVwQJrTQerN-Ddq1Lg3zpFrO_DlapoEQmDGjE-8mg%3F[1].htm not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5OC0NEVQ\enabled%22_%20%22true%22%7D%7D,%20%22type%22_%20%22custom%22,%20%22id%22_%20%22vcl-grab-list-block-healthywaytocook_jb-0%22%7D%7D%7D[1].js not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5OC0NEVQ\enabled%22_%20%22true%22%7D%7D,%20%22type%22_%20%22custom%22,%20%22id%22_%20%22vcl-grab-list-block-healthywaytocook_jb-3%22%7D%7D%7D[1].js not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1YW3DES3\%22_%20%22%22,%20%22variableGroups%22_%20[]%7D]%7D,%20%22loadFirstListItem%22_%20%22true%22,%20%22autoplay%22_%20%22on%22%7D%7D%7D%7D[1].js not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1YW3DES3\rHAbPyBblbd499Hj4I6KPNJT_k7k2Dmah2DOvk6KE9eG7gtRPzjwUVkTUyNnwfeSfXOCiqp4_YDvTnip_lcsezjw4apXCThYvVU0I72-Q7PSOUx37uRN38s_FndKyDXLJRCd[1].htm not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1YW3DES3\vnv5v773H8TJcAlReGDxu1bcSuNS8TD3jnm7hDMjYeCYwIuqKkKEBh_rR85QHeAU_PbH4zLX0HEuTpU2yM6iS3rAz6VtZwnnyWIFOYaKiSLiltL5_3h5BV9BEBf6JSLxgaB9[1].htm not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
palii
Regular Member
 
Posts: 37
Joined: October 15th, 2013, 1:31 am

Re: Virus dealing with requesting money

Unread postby Gary R » October 18th, 2013, 7:37 pm

You copied the " Code: select all" line, and as a result the fix did not operate correctly, please repeat the instructions in my last post for OTL, but this time do not copy/paste Code: Select All with the rest of the fix script.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21864
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 50 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware