Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Infestation

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Infestation

Unread postby stararc » June 25th, 2012, 12:54 am

Hi there,

Recently got a rather large infestation, using a combi of S&D, Malwarebytes and SUPERantispyware and hijackthis to get rid of it. However, still have this left:


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 05:45:00, on 25/06/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16446)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Remote Mouse\server\server.exe
C:\Users\Matt\AppData\Roaming\Harmon\Harmon.exe
C:\Windows\syswow64\svchost.exe
C:\Users\Matt\AppData\Roaming\RealTek\rtamon.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Templates\shfusion.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
C:\Users\Matt\AppData\Local\Temp\netiomig.exe
C:\Program Files (x86)\Verbatim GREEN BUTTON\GREEN BUTTON.exe
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\cmd.exe
C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Users\Matt\AppData\Local\Temp\nSClearText.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\Aube.exe
C:\Users\Matt\AppData\Local\Temp\nSClearText.exe
C:\Users\Matt\AppData\Local\Temp\nSClearText.exe
C:\Users\Matt\AppData\Local\Temp\nSClearText.exe
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Emory Homer Eldin.scr
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Users\Matt\AppData\Roaming\udwrnm.exe
C:\Users\Matt\AppData\Local\Temp\nSClearText.exe
C:\Users\Matt\AppData\Local\Temp\nSClearText.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F3 - REG:win.ini: load=C:\Users\Matt\C_1bits.exe
F2 - REG:system.ini: UserInit=Userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll
O4 - HKLM\..\Run: [AceGain LiveUpdate] C:\Program Files (x86)\AceGain\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKLM\..\Run: [NokiaMusic FastStart] "C:\Program Files (x86)\Nokia\Nokia Music Player\NokiaMusicPlayer.exe" /command:faststart
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NBAgent] "C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe" /WinStart
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Aube] C:\Windows\Aube.exe
O4 - HKLM\..\Run: [RkFDRUUzNDNFNEIyNDUwMU] C:\Users\Matt\C_1bits.exe
O4 - HKLM\..\Run: [NUJDNUY1NzJDQkIwQkFEME] C:\Users\Matt\libwin.exe
O4 - HKLM\..\Run: [QzBFRjZFRDM5ODJGNDRCNz] C:\Users\Matt\WINrich.exe
O4 - HKLM\..\Run: [RkQ1MkY1RTVBOTRDRTc0Qz] C:\Users\Matt\vdsC_2.exe
O4 - HKLM\..\Run: [Rundll32.exe] C:\Users\Matt\AppData\Roaming\System\Java.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Matt\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Remote Mouse] C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Epson Stylus SX430(Network)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHAE.EXE /FU "C:\Users\Matt\AppData\Local\Temp\E_SF5E9.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKCU\..\Run: [RealTek Audio] C:\Users\Matt\AppData\Roaming\RealTek\rtamon.exe
O4 - HKCU\..\Run: [Harmon] C:\Users\Matt\AppData\Roaming\Harmon\Harmon.exe
O4 - HKCU\..\Run: [JIJ] C:\Users\Matt\AppData\Roaming\JIJ.exe
O4 - HKCU\..\Run: [runservice] C:\Users\Matt\Documents\runservice.exe
O4 - HKCU\..\Run: [Runnservices] C:\Users\Matt\Documents\Runnservices.exe
O4 - HKCU\..\Run: [Microsoft® Windows® Operating System] C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Templates\shfusion.exe
O4 - HKCU\..\Run: [a] C:\Users\Matt\Desktop\cmd.exe
O4 - HKCU\..\Run: [b] C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\cmd.exe
O4 - HKCU\..\Run: [c] C:\Users\Matt\Documents\cmd.exe
O4 - HKCU\..\Run: [d] C:\Users\Matt\Favorites\cmd.exe
O4 - HKCU\..\Run: [e] C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\cmd.exe
O4 - HKCU\..\Run: [Startup Key] C:\Users\Matt\AppData\Local\Temp\Name.exe
O4 - HKLM\..\Policies\Explorer\Run: [57943] C:\PROGRA~3\LOCALS~1\Temp\mseacq.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3110688605-1108793113-2133267777-1006\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'post-gres')
O4 - HKUS\S-1-5-21-3110688605-1108793113-2133267777-1006\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'post-gres')
O4 - Startup: 6364233374544.exe
O4 - Startup: 7213318599544.exe
O4 - Startup: cmd.exe
O4 - Startup: Verbatim GREEN BUTTON.lnk = C:\Program Files (x86)\Verbatim GREEN BUTTON\GREEN BUTTON.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://*.broadband.o2.co.uk
O15 - Trusted Zone: *.sony.com
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ABBYY FineReader 9.0 Sprint Licensing Service (ABBYY.Licensing.FineReader.Sprint.9.0) - ABBYY - C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\Windows\system32\libusbd-nt.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Process Monitor (LVPrcS64) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SupportSoft Sprocket Service (O2DA) (sprtsvc_O2DA) - SupportSoft, Inc. - C:\Program Files (x86)\O2 Assistant\bin\sprtsvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files (x86)\Common Files\supportsoft\bin\ssrc.exe
O23 - Service: SupportSoft Repair Service (O2DA) (tgsrvc_O2DA) - SupportSoft, Inc. - C:\Program Files (x86)\O2 Assistant\bin\tgsrvc.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 16137 bytes


According to hijackthis.de, "C:\Windows\syswow64\svchost.exe" is a nasty (of course!!). However, can't seem to find it in my hijackthis scan. Any help appreciated.
stararc
Active Member
 
Posts: 14
Joined: June 25th, 2012, 12:51 am
Advertisement
Register to Remove

Re: Infestation

Unread postby Gary R » June 27th, 2012, 9:31 am

Looking over your log, back soon.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Infestation

Unread postby Gary R » June 27th, 2012, 9:32 am

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the "Malware Removal" forum and wait for help.


Unless informed of in advance, failure to post replies within 3 days will result in this thread being closed.


Hi stararc

I'm Gary R,

Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

I'd also recommend that you create a System Restore Point that we can restore to if necessary.

  • Click Start, and type Create a restore point into the Search programs and files box.
  • Now click on the Create a restore point icon at the top of the find list.
  • This will open a System Properties box, with the System Protection tab open ...
    • Click on the Create button in the lower part of the window.
    • Type Pre Malware Cleanup into the description box, then click Create.
    • Windows will now create a Restore Point and notify you when finished.
    • Exit any open windows.

Please observe these rules while we work:
  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to install any new software (other than those I ask you to) until we've got your computer clean.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If your defensive programmes warn you about any of those tools, be assured that they are not infected, and are safe to use.
If you can do these things, everything should go smoothly.
  • As you're using Vista or Windows7, it will be necessary to right click all tools we use and select ----> Run as Administrator

It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


Download OTL by OldTimer to your Desktop.

If you already have a copy of OTL delete it and use this version.

  • Double click OTL.exe to launch the programme.
  • Check the following.
    • Scan all users.
    • Standard Output.
    • Lop check.
    • Purity check.
  • Under Extra Registry section, select Use SafeList
  • Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
  • When finished it will produce two logs.
    • OTL.txt (open on your desktop).
    • Extras.txt (minimised in your taskbar)
  • Please post me both logs.

Next

Download TDSSKiller.zip and extract it to your Desktop.
  • Double click on TDSSKiller.exe to launch it.
    • If using Vista or Windows7, when prompted by UAC allow the prompt.
  • Click on Change parameters
    • Check Detect TDLFS file system
    • Click OK
  • Click on Start Scan
  • The scan will run.
  • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  • Post the contents in your next reply please.
  • DO NOT TRY TO FIX ANYTHING AT THIS POINT

Summary of the logs I need from you in your next post:
  • OTL.txt
  • Extras.txt
  • TDSSKiller log


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Infestation

Unread postby stararc » June 27th, 2012, 12:05 pm

The requested is below.

A few notes to point out: I have had another go at clearing out as much as I can, using autoruns and common sense. A reasonable amount was deleted, resulting in some improvement but not complete and I'm sure there is at least some viruses still left.

Thanks,

Stararc.



OTL logfile created on: 27/06/2012 16:48:46 - Run 1
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Matt\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 1.69 Gb Available Physical Memory | 42.38% Memory free
8.00 Gb Paging File | 5.39 Gb Available in Paging File | 67.46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 107.30 Gb Free Space | 23.04% Space Free | Partition Type: NTFS
Drive F: | 931.28 Gb Total Space | 684.73 Gb Free Space | 73.53% Space Free | Partition Type: FAT32

Computer Name: MATT-PC | User Name: Matt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/27 16:48:04 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Matt\Downloads\OTL.exe
PRC - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/11/10 10:17:04 | 003,514,176 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/05/18 17:56:08 | 001,540,096 | ---- | M] (Nokia) -- C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe
PRC - [2011/05/10 14:24:46 | 000,872,448 | ---- | M] () -- C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
PRC - [2011/03/29 16:25:52 | 000,756,417 | ---- | M] () -- C:\Program Files (x86)\Remote Mouse\server\server.exe
PRC - [2011/03/09 12:47:24 | 033,486,152 | ---- | M] (Sports Interactive) -- C:\Program Files (x86)\Sports Interactive\Football Manager 2011\fm.exe
PRC - [2010/12/14 17:59:24 | 000,467,216 | ---- | M] () -- C:\Program Files (x86)\Verbatim GREEN BUTTON\GREEN BUTTON.exe
PRC - [2010/11/20 13:16:56 | 000,776,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\calc.exe
PRC - [2010/10/12 13:56:40 | 000,979,328 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
PRC - [2010/04/23 15:04:12 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\O2 Assistant\bin\sprtsvc.exe
PRC - [2010/04/23 15:04:12 | 000,185,640 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\O2 Assistant\bin\tgsrvc.exe
PRC - [2010/03/25 18:42:36 | 000,388,096 | ---- | M] (Trend Micro Inc.) -- C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
PRC - [2010/03/14 21:34:10 | 001,086,760 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe
PRC - [2010/01/27 07:33:54 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2009/10/07 02:47:22 | 000,125,464 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
PRC - [2009/05/14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
PRC - [2009/03/13 06:50:20 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe
PRC - [2009/03/13 06:48:48 | 003,678,208 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
PRC - [2009/01/26 15:31:12 | 005,365,592 | ---- | M] (Safer Networking Limited) -- C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
PRC - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/07 09:14:43 | 000,441,880 | ---- | M] () -- C:\Users\Matt\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppgooglenaclpluginchrome.dll
MOD - [2012/06/07 09:14:42 | 003,922,456 | ---- | M] () -- C:\Users\Matt\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
MOD - [2012/06/07 09:13:27 | 000,553,496 | ---- | M] () -- C:\Users\Matt\AppData\Local\Google\Chrome\Application\19.0.1084.56\libglesv2.dll
MOD - [2012/06/07 09:13:26 | 000,117,784 | ---- | M] () -- C:\Users\Matt\AppData\Local\Google\Chrome\Application\19.0.1084.56\libegl.dll
MOD - [2012/06/07 09:13:16 | 000,134,696 | ---- | M] () -- C:\Users\Matt\AppData\Local\Google\Chrome\Application\19.0.1084.56\avutil-51.dll
MOD - [2012/06/07 09:13:15 | 000,250,408 | ---- | M] () -- C:\Users\Matt\AppData\Local\Google\Chrome\Application\19.0.1084.56\avformat-54.dll
MOD - [2012/06/07 09:13:14 | 002,375,720 | ---- | M] () -- C:\Users\Matt\AppData\Local\Google\Chrome\Application\19.0.1084.56\avcodec-54.dll
MOD - [2012/06/07 08:23:19 | 009,252,040 | ---- | M] () -- C:\Users\Matt\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
MOD - [2011/07/29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/05/10 14:24:46 | 000,872,448 | ---- | M] () -- C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
MOD - [2011/03/29 16:25:52 | 000,756,417 | ---- | M] () -- C:\Program Files (x86)\Remote Mouse\server\server.exe
MOD - [2011/03/17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/12/14 17:59:24 | 000,467,216 | ---- | M] () -- C:\Program Files (x86)\Verbatim GREEN BUTTON\GREEN BUTTON.exe
MOD - [2010/10/20 16:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/06/22 14:54:20 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\Sports Interactive\Football Manager 2011\IntelLaptopGamingVista.dll
MOD - [2010/03/19 21:54:40 | 000,073,728 | ---- | M] () -- C:\Program Files (x86)\Remote Mouse\server\_ctypes.pyd
MOD - [2010/03/19 21:54:18 | 000,665,600 | ---- | M] () -- C:\Program Files (x86)\Remote Mouse\server\_ssl.pyd
MOD - [2010/03/19 21:53:22 | 000,040,448 | ---- | M] () -- C:\Program Files (x86)\Remote Mouse\server\_socket.pyd
MOD - [2010/01/13 07:36:00 | 000,010,752 | ---- | M] () -- C:\Program Files (x86)\Remote Mouse\server\autopy.mouse.pyd
MOD - [2010/01/13 07:35:52 | 000,011,776 | ---- | M] () -- C:\Program Files (x86)\Remote Mouse\server\autopy.key.pyd
MOD - [2009/07/05 20:35:54 | 000,167,936 | ---- | M] () -- C:\Program Files (x86)\Remote Mouse\server\win32gui.pyd
MOD - [2009/07/05 20:35:52 | 000,096,256 | ---- | M] () -- C:\Program Files (x86)\Remote Mouse\server\win32api.pyd
MOD - [2009/07/05 20:35:18 | 000,110,592 | ---- | M] () -- C:\Program Files (x86)\Remote Mouse\server\pywintypes26.dll
MOD - [2008/06/19 17:35:36 | 000,333,288 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy\sqlite3.dll
MOD - [2008/03/05 09:34:32 | 000,795,520 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy\Plugins\Fennel.dll
MOD - [2008/03/04 14:52:00 | 000,790,392 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy\Plugins\Chai.dll
MOD - [2008/02/26 11:04:40 | 000,717,176 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy\Plugins\Mate.dll
MOD - [2007/12/24 01:05:00 | 000,121,344 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy\Plugins\TCPIPAddress.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/04/20 02:04:20 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/10/07 02:47:10 | 000,191,000 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/02/15 14:30:18 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/01/06 00:08:58 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/10/27 11:34:30 | 000,718,384 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011/06/18 02:36:39 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/04/23 15:04:16 | 000,383,408 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\SupportSoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2010/04/23 15:04:12 | 000,206,120 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\O2 Assistant\bin\sprtsvc.exe -- (sprtsvc_O2DA) SupportSoft Sprocket Service (O2DA)
SRV - [2010/04/23 15:04:12 | 000,185,640 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\O2 Assistant\bin\tgsrvc.exe -- (tgsrvc_O2DA) SupportSoft Repair Service (O2DA)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/27 07:33:54 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)
SRV - [2009/03/13 06:50:20 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe -- (pgsql-8.3)
SRV - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)
SRV - [2005/03/09 21:50:18 | 000,018,944 | ---- | M] (http://libusb-win32.sourceforge.net) [Auto | Stopped] -- C:\Windows\SysWOW64\libusbd-nt.exe -- (libusbd)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/01/04 16:52:22 | 000,279,616 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/08/17 13:58:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2011/08/17 13:58:22 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2011/08/17 13:58:20 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2011/08/17 13:58:16 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/05/10 08:06:14 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2011/04/20 02:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011/04/20 02:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/04/20 01:22:34 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/08 02:41:39 | 000,116,752 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/01/08 02:23:24 | 000,097,040 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 11:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010/08/19 20:24:34 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2010/07/09 13:19:02 | 000,021,480 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz134_x64.sys -- (cpuz134)
DRV:64bit: - [2010/05/06 10:21:46 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/11/09 04:28:08 | 000,091,568 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2009/10/07 02:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2009/10/07 02:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2009/10/05 17:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/09/23 19:23:02 | 006,180,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/01 00:01:34 | 000,327,576 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2009/04/30 23:55:56 | 002,755,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LV302V64.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV:64bit: - [2009/04/30 23:55:46 | 000,015,896 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lv302a64.sys -- (lvpepf64)
DRV:64bit: - [2008/08/28 13:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2008/07/26 16:26:34 | 000,050,072 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV:64bit: - [2005/03/29 02:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2011/10/26 11:21:35 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/10/26 11:21:35 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011/10/26 11:21:35 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3110688605-1108793113-2133267777-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3110688605-1108793113-2133267777-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
IE - HKU\S-1-5-21-3110688605-1108793113-2133267777-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 31 C1 C5 F1 A9 DF CC 01 [binary data]
IE - HKU\S-1-5-21-3110688605-1108793113-2133267777-1001\..\SearchScopes,DefaultScope = {68871CF4-A4C2-4B00-9713-8E058BB821C1}
IE - HKU\S-1-5-21-3110688605-1108793113-2133267777-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3110688605-1108793113-2133267777-1001\..\SearchScopes\{68871CF4-A4C2-4B00-9713-8E058BB821C1}: "URL" = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=
IE - HKU\S-1-5-21-3110688605-1108793113-2133267777-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3110688605-1108793113-2133267777-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Web Search..."
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://vshare.toolbarhome.com/?hp=df"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: vshare@toolbar:2.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.740
FF - prefs.js..extensions.enabledItems: fe_3.6@nokia.com:1.7.56.205
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}:6.0.30
FF - prefs.js..extensions.enabledItems: e-webprint@epson.com:1.09.00
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145
FF - prefs.js..keyword.URL: "http://vshare.toolbarhome.com/search.aspx?srch=ku&q="


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@wolfram.com/Mathematica: C:\Program Files (x86)\Common Files\Wolfram Research\Browser\8.0.1.2077975\npmathplugin.dll (Wolfram Research, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Matt\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Matt\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files (x86)\Nokia\Nokia PC Suite 7\bkmrksync\ [2011/09/27 21:54:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fe_3.6@nokia.com: C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_3.6 [2011/12/20 15:20:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/03/17 15:04:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\e-webprint@epson.com: C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2012/05/09 09:43:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/09/07 15:38:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/14 12:35:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_7.0@nokia.com: C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_7.0 [2011/12/20 15:20:33 | 000,000,000 | ---D | M]

[2010/03/06 02:06:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Extensions
[2012/06/27 00:18:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\fo7vxqyo.default\extensions
[2011/11/08 01:47:09 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\fo7vxqyo.default\extensions\firefox@tvunetworks.com
[2012/06/27 00:18:35 | 000,000,000 | ---D | M] (vShare) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\fo7vxqyo.default\extensions\vshare@toolbar
[2012/06/23 11:20:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/05/26 16:55:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/27 13:39:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/05/16 15:17:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/31 21:28:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/02/22 03:04:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/09/07 01:38:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2012/01/09 10:10:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
[2012/03/17 15:04:32 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012/05/09 09:43:42 | 000,000,000 | ---D | M] (E-Web Print) -- C:\PROGRAM FILES (X86)\EPSON SOFTWARE\E-WEB PRINT\FIREFOX ADD-ON
[2011/09/27 21:54:21 | 000,000,000 | ---D | M] (PC Sync 2 Synchronisation Extension) -- C:\PROGRAM FILES (X86)\NOKIA\NOKIA PC SUITE 7\BKMRKSYNC
[2011/12/20 15:20:26 | 000,000,000 | ---D | M] (Firefox Synchronisation Extension) -- C:\PROGRAM FILES (X86)\NOKIA\NOKIA SUITE\CONNECTORS\BOOKMARKS CONNECTOR\FIREFOXEXTENSION_3.6
[2011/11/10 06:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/03 10:14:54 | 000,083,456 | ---- | M] (vShare.tv ) -- C:\Program Files (x86)\mozilla firefox\plugins\npvsharetvplg.dll
[2010/08/24 18:58:51 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2010/08/24 18:58:51 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2010/08/24 18:58:51 | 000,000,769 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2010/08/24 18:58:51 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=
CHR - default_search_provider: suggest_url =
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Matt\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Matt\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Matt\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: vShare.tv plug-in (Enabled) = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\chvsharetvplg.dll
CHR - plugin: vShare.tv plug-in (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npvsharetvplg.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
CHR - plugin: Wolfram Mathematica (Enabled) = C:\Program Files (x86)\Common Files\Wolfram Research\Browser\8.0.1.2077975\npmathplugin.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files (x86)\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Matt\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: TVU Web Player for FireFox (Enabled) = C:\Windows\system32\TVUAx\npTVUAx.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Add to Amazon Wish List = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.8_0\
CHR - Extension: Google Search = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: vshare plugin = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/06/27 16:33:13 | 000,445,061 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.1001-search.info
O1 - Hosts: 127.0.0.1 1001-search.info
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.139mm.com
O1 - Hosts: 15294 more lines...
O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (E-Web Print) - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (E-Web Print) - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [AceGain LiveUpdate] C:\Program Files (x86)\AceGain\LiveUpdate\LiveUpdate.exe File not found
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [HKLM] C:\Windows\InstallDir\Server.exe ()
O4 - HKLM..\Run: [NBAgent] C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [NokiaMusic FastStart] C:\Program Files (x86)\Nokia\Nokia Music Player\NokiaMusicPlayer.exe (Nokia)
O4 - HKLM..\Run: [RemoteTool] C:\Users\Matt\AppData\Roaming\System\Client.exe File not found
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3110688605-1108793113-2133267777-1001..\Run: [] File not found
O4 - HKU\S-1-5-21-3110688605-1108793113-2133267777-1001..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-3110688605-1108793113-2133267777-1001..\Run: [Epson Stylus SX430(Network)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHAE.EXE /FU "C:\Users\Matt\AppData\Local\Temp\E_SF5E9.tmp" /EF "HKCU" File not found
O4 - HKU\S-1-5-21-3110688605-1108793113-2133267777-1001..\Run: [HKCU] C:\Windows\InstallDir\Server.exe ()
O4 - HKU\S-1-5-21-3110688605-1108793113-2133267777-1001..\Run: [Remote Mouse] C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe ()
O4 - HKU\S-1-5-21-3110688605-1108793113-2133267777-1001..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - HKU\S-1-5-21-3110688605-1108793113-2133267777-1001..\Run: [Windows MSIE] C:\Windows\SysWOW64\calc.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3110688605-1108793113-2133267777-1006..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-3110688605-1108793113-2133267777-1006..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verbatim GREEN BUTTON.lnk = C:\Program Files (x86)\Verbatim GREEN BUTTON\GREEN BUTTON.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\S-1-5-21-3110688605-1108793113-2133267777-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-21-3110688605-1108793113-2133267777-1001\..Trusted Domains: o2.co.uk ([*.broadband] http in Trusted sites)
O15 - HKU\S-1-5-21-3110688605-1108793113-2133267777-1001\..Trusted Domains: o2.co.uk ([*.broadband] https in Trusted sites)
O15 - HKU\S-1-5-21-3110688605-1108793113-2133267777-1001\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3110688605-1108793113-2133267777-1006\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-21-3110688605-1108793113-2133267777-1006\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-21-3110688605-1108793113-2133267777-1006\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-21-3110688605-1108793113-2133267777-1006\..Trusted Domains: sony.com ([]* in )
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1940E80B-539D-4CA6-AFD3-864335D57A8E}: DhcpNameServer = 82.132.254.3 82.132.254.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9951A7A4-0B54-4D34-BAA6-D31913755ECB}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E3DEFA4F-2F8B-4775-B820-961E7067A2DB}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\SYSTEM32\Userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll) - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/10/14 12:56:44 | 000,000,049 | -H-- | M] () - F:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{d1279fd7-cd77-11e0-8520-002618dd09f1}\Shell - "" = AutoRun
O33 - MountPoints2\{d1279fd7-cd77-11e0-8520-002618dd09f1}\Shell\AutoRun\command - "" = I:\NokiaPCIA_Autorun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\SETUP.EXE
O33 - MountPoints2\E\Shell\configure\command - "" = E:\SETUP.EXE
O33 - MountPoints2\E\Shell\install\command - "" = E:\SETUP.EXE
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\RunGame.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/26 18:55:42 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{6645674A-503E-4905-8F43-877A98366F09}
[2012/06/26 18:55:32 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{B67FFA0A-4C44-4CE9-A7C7-25844BE38953}
[2012/06/26 18:22:51 | 000,000,000 | ---D | C] -- C:\Users\Matt\Desktop\Autoruns
[2012/06/25 23:23:12 | 000,815,616 | ---- | C] (Ufasoft) -- C:\Windows\SysWow64\usft_ext.dll
[2012/06/25 23:23:12 | 000,708,096 | ---- | C] (Ufasoft) -- C:\Windows\SysWow64\miner.dll
[2012/06/25 18:33:45 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Akamai
[2012/06/25 14:30:01 | 000,240,128 | ---- | C] (mqqpk tiuffyo ltws fgbno) -- C:\Users\Matt\Documents\Facebook.exe
[2012/06/25 12:34:55 | 000,233,472 | ---- | C] (gdefsv fcwc rmpt pvsvdot) -- C:\Users\Matt\Documents\Services.zgy
[2012/06/25 12:18:55 | 000,387,584 | RHS- | C] (sxuakcqb tmtd pxym ksv) -- C:\Users\Matt\vidKBD.exe
[2012/06/25 09:54:57 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Applet
[2012/06/25 08:52:38 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\FastTrack
[2012/06/25 07:17:45 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\MSDCSC
[2012/06/25 06:58:31 | 000,387,584 | RHS- | C] (sxuakcqb tmtd pxym ksv) -- C:\Users\Matt\odeKB.exe
[2012/06/25 05:43:59 | 000,233,472 | ---- | C] (gdefsv fcwc rmpt pvsvdot) -- C:\Users\Matt\Documents\Services.exe
[2012/06/25 05:42:54 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012/06/25 05:42:54 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012/06/25 05:42:54 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012/06/25 05:42:46 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012/06/25 05:42:46 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012/06/25 05:42:46 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012/06/25 05:42:31 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012/06/25 05:42:31 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012/06/25 05:38:35 | 000,397,312 | RHS- | C] (hudnwjxc bujjle wljg qkpft) -- C:\Windows\SysWow64\siuocjq
[2012/06/25 00:14:48 | 000,000,000 | -H-D | C] -- C:\Users\Matt\AppData\Roaming\System
[2012/06/24 23:06:59 | 000,397,312 | RHS- | C] (hudnwjxc bujjle wljg qkpft) -- C:\Users\Matt\kankey.exe
[2012/06/24 21:29:08 | 000,233,472 | ---- | C] (putuic hkppoit aqvb hiblc) -- C:\Users\Matt\Documents\Runnservices.zgy
[2012/06/24 21:16:51 | 000,233,472 | ---- | C] (putuic hkppoit aqvb hiblc) -- C:\Users\Matt\Documents\Runnservices.exe
[2012/06/24 21:07:38 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Users\Matt\Desktop\spybotsd162.exe
[2012/06/24 20:59:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/06/24 20:58:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/06/24 20:58:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/06/24 20:50:31 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012/06/24 20:50:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012/06/24 20:43:08 | 000,397,312 | RHS- | C] (hudnwjxc bujjle wljg qkpft) -- C:\Users\Matt\cnvopen.exe
[2012/06/24 20:43:06 | 000,397,312 | RHS- | C] (hudnwjxc bujjle wljg qkpft) -- C:\Users\Matt\sysapi-ms-win-core-.exe
[2012/06/24 20:43:06 | 000,397,312 | RHS- | C] (hudnwjxc bujjle wljg qkpft) -- C:\Users\Matt\Documents\runservice.zgy
[2012/06/24 14:41:06 | 000,180,224 | -H-- | C] (0dg29VsSVTzIJS) -- C:\ProgramData\wscntfy.exe
[2012/06/24 14:41:06 | 000,180,224 | -H-- | C] (0dg29VsSVTzIJS) -- C:\Program Files\Common Files\lsmass.exe
[2012/06/24 06:44:03 | 000,720,896 | RHS- | C] (AutoIt Team) -- C:\Users\Matt\libwin.exe
[2012/06/23 21:49:05 | 000,430,080 | RHS- | C] (AutoIt Team) -- C:\Users\Matt\C_1bits.exe
[2012/06/23 03:52:27 | 000,000,000 | RHSD | C] -- C:\Users\Matt\AppData\Roaming\Harmon
[2012/06/23 03:51:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Local Settings
[2012/06/22 22:08:46 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{F66FA6D2-5F62-40C8-A0BD-DC65CE194FB7}
[2012/06/22 22:08:34 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{0A7A0EE5-2424-4AD1-81EF-7D1738140029}
[2012/06/20 07:27:38 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{4861C3BD-061F-4358-B0C6-7856CAEDC038}
[2012/06/20 07:27:27 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{F1BA0379-9CB6-479C-85F5-60404BDA224E}
[2012/06/19 03:24:50 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{5AFAA438-E8C4-41F5-B0F5-E7CAA4560275}
[2012/06/19 03:24:39 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{5BD95B5A-E3F4-4406-BE18-CA9BC11186C8}
[2012/06/15 11:47:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AC3Filter
[2012/06/15 11:47:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AC3Filter
[2012/06/15 11:45:13 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\DDMSettings
[2012/06/15 06:53:22 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{676817FB-3AEB-495F-8CBF-824393AA75D6}
[2012/06/13 15:11:13 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/06/13 15:11:13 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/06/13 15:11:12 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/06/13 15:11:12 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/06/13 15:11:10 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/06/13 15:11:10 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/06/13 15:11:09 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/06/13 15:11:09 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/06/13 15:11:07 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/06/13 15:11:07 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/06/13 15:11:07 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/06/13 15:11:06 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/06/13 15:11:06 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/06/13 15:10:01 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012/06/13 15:10:00 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012/06/13 15:09:53 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/06/13 15:09:53 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/06/13 15:09:53 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/06/13 15:09:52 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012/06/13 15:09:52 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012/06/13 15:09:51 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2012/06/13 15:09:46 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/06/13 15:09:45 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/06/13 15:09:44 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/06/12 10:43:03 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{9F9C83D3-A4A8-4D14-8A02-F522258E20B3}
[2012/06/12 10:42:53 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{E0AEB663-5B71-4843-8CF8-CF06988E1334}
[2012/06/11 11:41:37 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{128F35C1-79F2-4881-9896-6BD8285D1AD5}
[2012/06/11 11:41:26 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{9523FD39-AD06-4E96-A38A-5C603A501275}
[2012/06/02 23:01:07 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{05A7E3AE-F466-4E03-9F94-990C398B011B}
[2012/06/02 23:00:54 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{8CBC383E-1180-4432-8BA9-A909F2D1B46B}
[2012/05/31 17:50:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/05/31 17:50:25 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/05/31 17:50:23 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/05/31 17:50:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/05/29 07:11:35 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{381BA3C0-9A03-4EFE-BF4F-A8E9F9806406}
[2012/05/29 07:11:20 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{372E8410-B9E4-4A75-B20E-80204A0D9E8D}
[2011/02/23 14:24:45 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Users\Matt\AppData\Roaming\jew2.exe

========== Files - Modified Within 30 Days ==========

[2012/06/27 16:49:11 | 000,013,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/27 16:49:11 | 000,013,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/27 16:37:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/27 16:37:24 | 3220,578,304 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/27 16:33:13 | 000,445,061 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/06/27 13:47:21 | 000,000,000 | -HS- | M] () -- C:\Users\Matt\AppData\Roaming\52491698bb5f9c7c96d65390f4e8b830
[2012/06/27 13:47:16 | 000,000,000 | -HS- | M] () -- C:\Users\Matt\AppData\Roaming\f73f04e8f7fccf7bbcc49e8902e6af25
[2012/06/27 13:47:16 | 000,000,000 | -HS- | M] () -- C:\Users\Matt\AppData\Roaming\26e4874716958807c537dff3f7346185iQXh5xYL
[2012/06/27 13:26:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3110688605-1108793113-2133267777-1001UA.job
[2012/06/27 13:20:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/27 09:33:34 | 525,336,829 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/06/27 01:12:01 | 000,837,112 | ---- | M] () -- C:\Windows\smss.exe
[2012/06/26 22:36:40 | 000,303,616 | RHS- | M] () -- C:\Windows\Ignacio Maximo Herbert.exe
[2012/06/26 21:56:48 | 000,479,232 | -H-- | M] () -- C:\Users\Matt\Documents\chrome.exe
[2012/06/26 21:56:48 | 000,479,232 | -H-- | M] () -- C:\Users\Matt\chrome.exe
[2012/06/26 04:13:20 | 000,016,384 | ---- | M] () -- C:\Windows\SysWow64\run.exe
[2012/06/25 23:34:19 | 000,000,090 | ---- | M] () -- C:\Windows\SysWow64\run.bat
[2012/06/25 22:21:05 | 000,000,082 | -H-- | M] () -- C:\Windows\SysWow64\25-06-2012
[2012/06/25 21:48:09 | 000,799,144 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/25 21:48:09 | 000,677,998 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/25 21:48:09 | 000,130,654 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/25 18:49:28 | 000,004,096 | ---- | M] () -- C:\Windows\ClientLoad.exe
[2012/06/25 18:30:58 | 000,001,227 | ---- | M] () -- C:\Windows\SysWow64\mail.dat
[2012/06/25 18:30:48 | 000,063,310 | ---- | M] () -- C:\Windows\SysWow64\chro.dat
[2012/06/25 18:30:47 | 000,001,626 | ---- | M] () -- C:\Windows\SysWow64\ffpw.dat
[2012/06/25 17:34:41 | 001,012,910 | ---- | M] () -- C:\Users\Matt\Documents\tmp4E6E.exe
[2012/06/25 17:34:36 | 001,012,910 | ---- | M] () -- C:\Users\Matt\Documents\tmp50AF.exe
[2012/06/25 14:30:01 | 000,240,128 | ---- | M] (mqqpk tiuffyo ltws fgbno) -- C:\Users\Matt\Documents\Facebook.exe
[2012/06/25 14:27:32 | 000,184,320 | RHS- | M] () -- C:\Users\Matt\C_1NO.exe
[2012/06/25 12:34:54 | 000,233,472 | ---- | M] (gdefsv fcwc rmpt pvsvdot) -- C:\Users\Matt\Documents\Services.zgy
[2012/06/25 12:19:02 | 000,387,584 | RHS- | M] (sxuakcqb tmtd pxym ksv) -- C:\Users\Matt\vidKBD.exe
[2012/06/25 06:58:33 | 000,387,584 | RHS- | M] (sxuakcqb tmtd pxym ksv) -- C:\Users\Matt\odeKB.exe
[2012/06/25 05:43:59 | 000,233,472 | ---- | M] (gdefsv fcwc rmpt pvsvdot) -- C:\Users\Matt\Documents\Services.exe
[2012/06/25 05:38:38 | 000,397,312 | RHS- | M] (hudnwjxc bujjle wljg qkpft) -- C:\Windows\SysWow64\siuocjq
[2012/06/25 00:18:26 | 000,397,312 | RHS- | M] (hudnwjxc bujjle wljg qkpft) -- C:\Users\Matt\kankey.exe
[2012/06/24 21:16:51 | 000,233,472 | ---- | M] (putuic hkppoit aqvb hiblc) -- C:\Users\Matt\Documents\Runnservices.zgy
[2012/06/24 21:16:51 | 000,233,472 | ---- | M] (putuic hkppoit aqvb hiblc) -- C:\Users\Matt\Documents\Runnservices.exe
[2012/06/24 21:14:40 | 000,249,971 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120627-163313.backup
[2012/06/24 21:10:29 | 000,001,286 | ---- | M] () -- C:\Users\Matt\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/06/24 21:08:09 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Users\Matt\Desktop\spybotsd162.exe
[2012/06/24 20:50:31 | 000,002,971 | ---- | M] () -- C:\Users\Matt\Desktop\HiJackThis.lnk
[2012/06/24 20:43:08 | 000,397,312 | RHS- | M] (hudnwjxc bujjle wljg qkpft) -- C:\Users\Matt\sysapi-ms-win-core-.exe
[2012/06/24 20:43:08 | 000,397,312 | RHS- | M] (hudnwjxc bujjle wljg qkpft) -- C:\Users\Matt\Documents\runservice.zgy
[2012/06/24 20:43:08 | 000,397,312 | RHS- | M] (hudnwjxc bujjle wljg qkpft) -- C:\Users\Matt\cnvopen.exe
[2012/06/24 19:03:41 | 000,000,000 | ---- | M] () -- C:\gcqshw.exe
[2012/06/24 19:02:39 | 000,179,712 | RHS- | M] () -- C:\Users\Matt\WINrich.exe
[2012/06/24 14:41:05 | 000,180,224 | -H-- | M] (0dg29VsSVTzIJS) -- C:\ProgramData\wscntfy.exe
[2012/06/24 14:41:05 | 000,180,224 | -H-- | M] (0dg29VsSVTzIJS) -- C:\Program Files\Common Files\lsmass.exe
[2012/06/24 06:44:05 | 000,720,896 | RHS- | M] (AutoIt Team) -- C:\Users\Matt\libwin.exe
[2012/06/24 01:42:11 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3110688605-1108793113-2133267777-1001Core.job
[2012/06/23 22:40:22 | 000,001,233 | ---- | M] () -- C:\Windows\SysWow64\mess.dat
[2012/06/23 21:49:06 | 000,430,080 | RHS- | M] (AutoIt Team) -- C:\Users\Matt\C_1bits.exe
[2012/06/23 21:20:48 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/06/23 21:20:48 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/06/23 21:17:38 | 000,017,408 | -H-- | M] () -- C:\ntldr.exe
[2012/06/23 07:11:06 | 000,030,208 | -H-- | M] () -- C:\Users\Matt\Documents\cmd.exe
[2012/06/23 03:52:19 | 000,303,616 | RHS- | M] () -- C:\Windows\Aube.exe
[2012/06/13 15:38:21 | 000,457,688 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/09 07:32:36 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_netaapl64_01009.Wdf
[2012/06/06 13:21:30 | 000,210,060 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat
[2012/06/02 23:19:46 | 000,038,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012/06/02 23:19:42 | 000,057,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012/06/02 23:19:42 | 000,044,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012/06/02 23:19:23 | 000,701,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012/06/02 23:15:31 | 002,622,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012/06/02 23:15:08 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012/06/02 15:19:42 | 000,186,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012/06/02 15:15:12 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012/05/31 19:42:37 | 000,815,616 | ---- | M] (Ufasoft) -- C:\Windows\SysWow64\usft_ext.dll
[2012/05/31 19:42:37 | 000,708,096 | ---- | M] (Ufasoft) -- C:\Windows\SysWow64\miner.dll
[2012/05/30 16:11:33 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf

========== Files Created - No Company Name ==========

[2012/06/27 13:47:21 | 000,000,000 | -HS- | C] () -- C:\Users\Matt\AppData\Roaming\52491698bb5f9c7c96d65390f4e8b830
[2012/06/27 13:47:16 | 000,000,000 | -HS- | C] () -- C:\Users\Matt\AppData\Roaming\f73f04e8f7fccf7bbcc49e8902e6af25
[2012/06/27 01:12:04 | 000,837,112 | ---- | C] () -- C:\Windows\smss.exe
[2012/06/27 00:21:21 | 000,000,000 | -HS- | C] () -- C:\Users\Matt\AppData\Roaming\26e4874716958807c537dff3f7346185iQXh5xYL
[2012/06/26 22:36:46 | 000,303,616 | RHS- | C] () -- C:\Windows\Ignacio Maximo Herbert.exe
[2012/06/26 21:56:44 | 000,479,232 | -H-- | C] () -- C:\Users\Matt\Documents\chrome.exe
[2012/06/26 21:56:44 | 000,479,232 | -H-- | C] () -- C:\Users\Matt\chrome.exe
[2012/06/25 23:33:59 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\run.exe
[2012/06/25 23:23:12 | 000,000,090 | ---- | C] () -- C:\Windows\SysWow64\run.bat
[2012/06/25 21:07:51 | 000,000,082 | -H-- | C] () -- C:\Windows\SysWow64\25-06-2012
[2012/06/25 18:49:28 | 000,004,096 | ---- | C] () -- C:\Windows\ClientLoad.exe
[2012/06/25 17:34:29 | 001,012,910 | ---- | C] () -- C:\Users\Matt\Documents\tmp50AF.exe
[2012/06/25 17:34:28 | 001,012,910 | ---- | C] () -- C:\Users\Matt\Documents\tmp4E6E.exe
[2012/06/25 14:27:30 | 000,184,320 | RHS- | C] () -- C:\Users\Matt\C_1NO.exe
[2012/06/24 20:59:06 | 000,001,286 | ---- | C] () -- C:\Users\Matt\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/06/24 20:50:31 | 000,002,971 | ---- | C] () -- C:\Users\Matt\Desktop\HiJackThis.lnk
[2012/06/24 19:16:19 | 525,336,829 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/06/24 19:03:41 | 000,000,000 | ---- | C] () -- C:\gcqshw.exe
[2012/06/24 19:02:38 | 000,179,712 | RHS- | C] () -- C:\Users\Matt\WINrich.exe
[2012/06/23 22:40:22 | 000,001,233 | ---- | C] () -- C:\Windows\SysWow64\mess.dat
[2012/06/23 21:17:37 | 000,017,408 | -H-- | C] () -- C:\ntldr.exe
[2012/06/23 07:11:06 | 000,030,208 | -H-- | C] () -- C:\Users\Matt\Documents\cmd.exe
[2012/06/23 04:08:47 | 000,001,227 | ---- | C] () -- C:\Windows\SysWow64\mail.dat
[2012/06/23 04:08:37 | 000,063,310 | ---- | C] () -- C:\Windows\SysWow64\chro.dat
[2012/06/23 04:08:37 | 000,001,626 | ---- | C] () -- C:\Windows\SysWow64\ffpw.dat
[2012/06/23 03:52:25 | 000,303,616 | RHS- | C] () -- C:\Windows\Aube.exe
[2012/06/09 07:32:36 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_netaapl64_01009.Wdf
[2012/06/06 13:21:30 | 000,210,060 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012/05/30 16:11:33 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
[2012/04/19 01:30:23 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2011/12/30 18:37:59 | 000,386,923 | ---- | C] () -- C:\Windows\KMSAct.exe
[2011/11/23 00:48:53 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2011/09/28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/09/19 20:41:32 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\SI.bin
[2011/09/14 11:47:40 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/05/28 23:16:14 | 000,000,126 | ---- | C] () -- C:\Windows\CDPlayer.ini
[2011/03/17 17:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/02/23 14:26:31 | 000,805,567 | -HS- | C] () -- C:\Users\Matt\AppData\Roaming\8CDC6D.exe
[2011/01/08 02:17:24 | 000,033,792 | ---- | C] () -- C:\Windows\SysWow64\drivers\libusb0.sys
[2010/02/27 17:27:45 | 1630,076,928 | ---- | C] () -- C:\Program Files (x86)\Rugby 2008

========== LOP Check ==========

[2010/04/08 03:09:13 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\.purple
[2012/03/02 02:38:43 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\2K Sports
[2010/03/22 04:53:08 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\acccore
[2011/12/02 00:54:33 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\BlackBean
[2010/08/29 00:49:03 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\BSD
[2012/01/26 21:07:34 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\DAEMON Tools Lite
[2012/04/27 16:48:34 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Epson
[2011/11/01 01:18:40 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\go
[2012/06/23 03:52:27 | 000,000,000 | RHSD | M] -- C:\Users\Matt\AppData\Roaming\Harmon
[2011/11/30 22:11:24 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\HEM Data
[2010/01/27 10:25:41 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Leadertech
[2011/01/08 02:22:17 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\MotioninJoy
[2011/12/20 15:14:04 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Nokia
[2010/12/31 12:22:00 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\OpenOffice.org
[2012/03/16 20:20:51 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Opera
[2011/09/27 21:42:42 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\PC Suite
[2010/01/19 01:02:51 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\postgresql
[2010/08/29 12:04:37 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Red Kawa
[2010/06/24 02:18:23 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Sinvise Systems
[2011/12/11 10:25:55 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Sports Interactive
[2011/05/03 17:11:19 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Spotify
[2011/01/11 00:42:45 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Star Ruler
[2012/06/25 19:01:41 | 000,000,000 | -H-D | M] -- C:\Users\Matt\AppData\Roaming\System
[2011/10/12 00:07:48 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\The Creative Assembly
[2012/06/25 22:22:02 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\uTorrent
[2011/01/12 11:00:55 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Windows Live Writer
[2010/09/02 10:39:23 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\WindSolutions
[2012/06/26 14:09:28 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
stararc
Active Member
 
Posts: 14
Joined: June 25th, 2012, 12:51 am

Re: Infestation

Unread postby stararc » June 27th, 2012, 12:08 pm

OTL Extras logfile created on: 27/06/2012 16:48:51 - Run 1
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Matt\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 1.69 Gb Available Physical Memory | 42.38% Memory free
8.00 Gb Paging File | 5.39 Gb Available in Paging File | 67.46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 107.30 Gb Free Space | 23.04% Space Free | Partition Type: NTFS
Drive F: | 931.28 Gb Total Space | 684.73 Gb Free Space | 73.53% Space Free | Partition Type: FAT32

Computer Name: MATT-PC | User Name: Matt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"EnableFirewall" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 1
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe" = C:\Windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe:*:Enabled:Windows Messanger -- (Microsoft Corporation)
"C:\Users\Matt\AppData\Roaming\jew2.exe" = C:\Users\Matt\AppData\Roaming\jew2.exe:*:Enabled:Windows Messanger -- (Microsoft Corporation)
"C:\Users\Matt\AppData\Local\Temp\svchost.exe" = C:\Users\Matt\AppData\Local\Temp\svchost.exe:*:Enabled:Windows Messanger -- (Microsoft Corporation)
"C:\Users\Matt\AppData\Local\Temp\ForceOP.exe" = C:\Users\Matt\AppData\Local\Temp\ForceOP.exe:*:Enabled:Windows Messanger
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" = C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe:*:Enabled:Windows Messanger
"C:\Users\Matt\AppData\Roaming\0XY79Z331C.exe" = C:\Users\Matt\AppData\Roaming\0XY79Z331C.exe:*:Enabled:Windows Messanger
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" = C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe:*:Enabled:Windows Messanger -- (Microsoft Corporation)
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe" = C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe:*:Enabled:Windows Messanger -- (Microsoft Corporation)
"C:\Users\Matt\AppData\Roaming\O0EOG6827U.exe" = C:\Users\Matt\AppData\Roaming\O0EOG6827U.exe:*:Enabled:Windows Messanger
"C:\Users\Matt\AppData\Roaming\taskgmr.exe" = C:\Users\Matt\AppData\Roaming\taskgmr.exe:*:Enabled:Windows Messanger
"C:\Users\Matt\AppData\Local\Temp\69522.exe" = C:\Users\Matt\AppData\Local\Temp\69522.exe:*:Enabled:Windows Messanger
"C:\Users\Matt\AppData\Local\Temp\12er4.exe" = C:\Users\Matt\AppData\Local\Temp\12er4.exe:*:Enabled:Windows Messanger
"C:\Users\Matt\AppData\Local\Temp\6375.exe" = C:\Users\Matt\AppData\Local\Temp\6375.exe:*:Enabled:Windows Messanger -- (transition sagas)
"C:\Users\Matt\AppData\Roaming\windowsdefender.exe" = C:\Users\Matt\AppData\Roaming\windowsdefender.exe:*:Enabled:Windows Messanger
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe" = C:\Windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe:*:Enabled:Windows Messanger -- (Microsoft Corporation)
"C:\Users\Matt\AppData\Roaming\jew2.exe" = C:\Users\Matt\AppData\Roaming\jew2.exe:*:Enabled:Windows Messanger -- (Microsoft Corporation)
"C:\Users\Matt\AppData\Local\Temp\svchost.exe" = C:\Users\Matt\AppData\Local\Temp\svchost.exe:*:Enabled:Windows Messanger -- (Microsoft Corporation)
"C:\Users\Matt\AppData\Local\Temp\ForceOP.exe" = C:\Users\Matt\AppData\Local\Temp\ForceOP.exe:*:Enabled:Windows Messanger
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" = C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe:*:Enabled:Windows Messanger
"C:\Users\Matt\AppData\Roaming\0XY79Z331C.exe" = C:\Users\Matt\AppData\Roaming\0XY79Z331C.exe:*:Enabled:Windows Messanger
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" = C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe:*:Enabled:Windows Messanger -- (Microsoft Corporation)
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe" = C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe:*:Enabled:Windows Messanger -- (Microsoft Corporation)
"C:\Users\Matt\AppData\Roaming\O0EOG6827U.exe" = C:\Users\Matt\AppData\Roaming\O0EOG6827U.exe:*:Enabled:Windows Messanger
"C:\Users\Matt\AppData\Roaming\taskgmr.exe" = C:\Users\Matt\AppData\Roaming\taskgmr.exe:*:Enabled:Windows Messanger
"C:\Users\Matt\AppData\Local\Temp\69522.exe" = C:\Users\Matt\AppData\Local\Temp\69522.exe:*:Enabled:Windows Messanger
"C:\Users\Matt\AppData\Local\Temp\12er4.exe" = C:\Users\Matt\AppData\Local\Temp\12er4.exe:*:Enabled:Windows Messanger
"C:\Users\Matt\AppData\Local\Temp\6375.exe" = C:\Users\Matt\AppData\Local\Temp\6375.exe:*:Enabled:Windows Messanger -- (transition sagas)
"C:\Users\Matt\AppData\Roaming\windowsdefender.exe" = C:\Users\Matt\AppData\Roaming\windowsdefender.exe:*:Enabled:Windows Messanger


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{136D4D43-70C7-4325-A32A-156F992F3E08}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{3EC4F7CE-625D-4225-85DB-257F4AE6BDC6}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{3F5BD454-E6DC-43AE-9F97-89702F25E1F4}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{41BA8923-3A7A-49D4-830E-538662EB2C13}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{5B86E695-665E-44F5-941B-032E6D1887A7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6F4A1159-F9D3-458D-8B98-629C6C6C8C34}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{9FD1A73B-414E-401E-92A7-16EBA5EF2D96}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A767FEEB-8740-43E6-B11E-214BBD292650}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{BB07E6BA-B8D9-40C9-AABD-1FAC0A4A0852}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CE9E570A-44AC-42D2-9605-F16E696F27D8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D65AEB8E-8188-450B-BBEA-609D13879071}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E2A322C3-AB00-4568-9638-B174F1D0D8FE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E75C9D0E-438B-4FA7-851F-327482D44E2B}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{E78B696D-2081-40DD-BF92-9F6A76459409}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{F36DBB0F-9D0A-467B-9AD1-EEFD6AF2E8B6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0033E88F-62C5-489A-9332-B99DCD83800E}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{00BA6A25-CA88-4207-A345-A43EE5F2A4F1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{01379858-75C6-4524-B7DB-45E9249B3B6D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\quake 3 arena\quake3.exe |
"{017CC208-786D-488C-B0F2-A9B697F72930}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dc universe online\launchpad.exe |
"{01C33ECE-10E6-4D54-9FCE-5024F19C506F}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{01D6F13E-368A-49F1-9E3F-D82BD2C23D55}" = dir=in | app=c:\users\matt\appdata\roaming\harmon\harmon.exe |
"{0250988B-8A98-49C5-82D3-F0F9C674C18A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\quake 2\quake2.exe |
"{02A44A1B-07BE-49B8-A46C-573FB04A838F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{03796C9A-4DAE-42C1-95EE-88BB3F405D47}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\empire total war\empire.exe |
"{05E8AD8F-BF05-481F-8DAB-94BEB4BF1B5A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{05EC229D-C396-48FA-8AA7-62A12A409B92}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rome total war gold\rometw.exe |
"{0652CD52-D057-4149-9FBC-8D5197D036BD}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{06592266-E063-4A02-AABA-1A4AA5A66B79}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{07C77D18-FF7F-4C11-A07F-EB7D980BB5DC}" = protocol=17 | dir=in | app=c:\users\matt\appdata\local\temp\17952.exe |
"{07D70041-85EE-4B69-A35D-4F35C2129407}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{07EC68C9-5F83-4ED8-B831-1E9EBFF10E12}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{09A0D740-1784-4285-A4EB-BDB9433B737E}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{0A861166-CD6D-4CD5-B955-DCEFF5222C76}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{0ACF49E7-4132-43E2-912F-9CFB6D33EDCC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0B12FE0B-EA31-4CED-8A06-43E25FA793B0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\outrun2006 coast 2 coast\or2006c2c.exe |
"{0B849CF8-E1DB-4BA0-BF03-BD853BB36BD0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rome total war gold\rometw.exe |
"{0BAECD50-F404-429C-8093-EF493571ED6E}" = dir=in | app=c:\users\matt\appdata\roaming\harmon\harmon.exe |
"{0BF7791B-00F8-4820-B40F-F0155C06BF53}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\lsass.exe |
"{0CAF6F06-5F7F-400C-92C2-9143FB9DF7BC}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\lsass.exe |
"{0CCBECFB-5C6F-411C-B9CA-720F2B979A2F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0CDB11C1-9F5C-4978-A9FB-40034F1B4042}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{0CEBCC4C-879C-4515-B3C7-32CCAB581A15}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{0DADAB83-6F8D-4924-944F-3DF09D84433F}" = protocol=6 | dir=in | app=c:\users\matt\appdata\roaming\leopold\leopold.exe |
"{0DBC860D-9F44-4AC9-B0B3-3EFA6D376A20}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\outrun2006 coast 2 coast\config.exe |
"{0DFC81C0-D402-4EEF-A7DE-9B99EE95FC3D}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{0E5C71C6-E34B-4901-A28F-DC2F0EB8DA4E}" = dir=in | app=c:\windows\aube.exe |
"{0ED9234F-5CB6-4192-BFE0-912D0ED0DE59}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{0F1C1290-E043-4127-AAF4-D6EFE1A25C48}" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{0F293612-C257-406C-A962-6A285A1A79BE}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{0FEC2539-6A6A-43AF-9D8E-E83F275DFA00}" = protocol=6 | dir=in | app=c:\program files (x86)\o2\agent\bin\bcont_nm.exe |
"{100B4B4A-6219-4D20-9848-E6DE5735A34E}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{102A15CB-ACBD-413C-936E-0F8CD87898C4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hacker evolution duality demo\hacker evolution duality.exe |
"{10946590-67A3-4C89-821D-86D9176237C5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{10EC3845-3C8B-4665-B307-1CEC28C7296E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{1148E368-0D44-4969-A87B-8536BE3CEDC0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{11AE1FA8-D6E3-4A89-BF8C-938D769B02AF}" = dir=in | app=c:\users\matt\appdata\roaming\harmon\harmon.exe |
"{123EA571-921F-4B18-8AB0-75C3E7BB9837}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2 demo\shogun2.exe |
"{1273C7F1-D855-4889-B627-6D308A3F0DCC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{12E77C7E-562B-4208-B55E-2F692E39833A}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{1450D3FB-38C2-404B-8F5B-A3CCFB562102}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe |
"{14B652F4-3321-438E-A36E-040D234E6725}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{14BEB126-A149-411D-84D7-1793A93789B2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\global agenda live\binaries\launcherbin\hirezlauncherui.exe |
"{15A634F5-3F5E-4C78-A1FA-AF73E8FA8ED5}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{15D96224-E0BF-4CA1-AAEB-44909F84FDE3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{16ACD15E-DC64-491E-94F1-2366FB542ECD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{171D7959-3591-4B1B-A73B-4D6EFC877234}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |
"{173C48F1-B15B-4B86-9A7A-D08D11068E73}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{174342A5-28FB-4246-98FB-820751968B35}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{179D9E2E-5626-464F-855C-362DEB680DC2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |
"{1817C475-0FCF-4A16-BD9C-283665791473}" = protocol=6 | dir=in | app=c:\program files (x86)\spotify\spotify.exe |
"{18F2E99E-E2DC-4182-B7F1-EB3FCA5F6296}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{18F48BA2-460E-4F27-9E8B-AB3E87756A07}" = dir=in | app=c:\users\matt\appdata\roaming\harmon\harmon.exe |
"{19640553-625D-4E0D-97D3-C2848ED3BEBD}" = dir=in | app=c:\windows\aube.exe |
"{1A8D811C-1765-4836-8D18-C1AD4D11B2E4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1AD8FB87-CBCB-4496-B4C3-E01488636BD6}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{1B7A9416-09F2-4606-B0EF-A8C8C4E8657E}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{1CA62E86-09A6-42E0-A0ED-84AF2A16FFB0}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{1CD0AA3C-7821-4A2B-8A5C-57A1B9DB8177}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{1CD9B5EE-1E53-449C-B3E0-3AC1FC25B885}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{1DC8D43E-3C61-44BC-960F-A83001C02613}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1E5AAA4A-6529-4FCC-B61F-3FD5A6A88CF0}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{1EF54717-4361-4310-A5A4-AF32987089E3}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{1F79E656-F04B-4DED-B6B1-E185F45FEEAE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rush-demo\rush.exe |
"{20249100-0E84-48AF-8EF9-C5C1407132B5}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{221422DA-06FA-4492-B1B8-5CD85EF86592}" = dir=in | app=c:\users\matt\appdata\roaming\harmon\harmon.exe |
"{230F7385-2D08-46BC-96A3-AF870F48E782}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\world basketball manager 2010\wbm.exe |
"{23218DE4-976D-408F-9B66-3BB8E9D4931C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{23785870-F9D0-4BFD-90C5-5D3E6B32D867}" = protocol=6 | dir=in | app=c:\users\matt\appdata\local\temp\33509.exe |
"{244F491C-DBFA-4D8A-B293-0B7C8144FBEC}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{24B31A95-A4E3-435F-9F8E-458144D88D4C}" = protocol=17 | dir=in | app=c:\programdata\wscntfy.exe |
"{2586F113-134F-4BBF-BB2F-47F260FE9A53}" = protocol=17 | dir=in | app=c:\users\matt\appdata\roaming\leopold\leopold.exe |
"{25AFB8D4-6D7B-4D7F-A6C5-82AC4C5C2E37}" = protocol=6 | dir=in | app=c:\users\matt\appdata\local\temp\57172.exe |
"{25BC87D7-F611-4023-A78F-72653916E0E2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2713584E-7C22-44A0-AE22-BC175C9FE153}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{272D98F8-B524-4C34-86B1-393734396391}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\world basketball manager 2010\wbm.exe |
"{27426078-CA9B-4021-9D4A-744D81C0F236}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{275616D3-EEBD-469C-B616-2F743D649D9D}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{275732D8-F64B-411D-855D-D1214D258880}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\matamaticus\counter-strike source\hl2.exe |
"{284D5B50-34DE-4AA7-99CA-C00506F26682}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{28F6BF7A-D229-42E4-BEF1-DB991ED5479A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{290A43FB-D5CE-45B2-8FA9-861521587B2D}" = dir=in | app=c:\users\matt\appdata\local\temp\8857.exe |
"{2979DF3D-FAE6-40BA-9167-B64C1B4705DA}" = dir=in | app=c:\windows\aube.exe |
"{298DD819-6C92-4E5F-A294-0AD4DEAE20EE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2A8BFE33-9879-4300-BA69-78B18824798A}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{2CF8D8F4-983C-4B5F-808E-9853C1F0E265}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{2D478696-A991-49F7-86AC-5111875A8B0E}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{2D5717A6-CC13-4785-85AD-D5508268487D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\plants vs zombies\plantsvszombies.exe |
"{2D59FA69-BDAD-42B2-BFED-E4784B605510}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{2D998D27-58B9-4D11-A5F5-96DF2094DDA2}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{2DDF38A0-3DC0-45DF-AF68-817547918506}" = protocol=6 | dir=in | app=c:\users\matt\appdata\local\temp\48180.exe |
"{2E7CAD86-4019-4707-8F29-374D614594D5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\quake\qwcl.exe |
"{2E8A0E48-1649-422A-A3F8-F3FB4B92FA2F}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{2EA7472E-60DA-4DF6-BC2C-4900C32E9D45}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{2EFF0514-3726-4939-B93C-7A4F5FC1EF6D}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{2F7C9612-C11D-4023-901F-D81A3371CCF2}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{2FF7C500-B698-49A4-8208-EFDEB254BA24}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{308AEC02-FF9D-46B4-9E97-1FF4CFCC67A2}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{31C10EB8-556F-4F51-B8D7-A291B99FAB1C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{31CFD362-E443-4BB0-8A54-6160E8B18349}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\lsass.exe |
"{3201C28E-3121-4F74-98EF-D243FA19B212}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{322489E5-C460-4D08-98BD-DEDCCF726C67}" = protocol=6 | dir=in | app=c:\users\matt\appdata\local\temp\59972.exe |
"{3254640E-FA4D-434F-BC50-F660717600E9}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{32F5DA8E-2BC3-4ACA-8F51-638210EDFCDC}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{333B9516-5E47-4460-8E39-AB13AB78F741}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{33D57291-6261-496B-901B-2EB156AE9F36}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{34498D42-234D-4B70-80C5-EB7656864F2D}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{345137CA-6FDF-46CE-AED0-609553AD70DD}" = dir=in | app=c:\users\matt\appdata\local\temp\33509.exe |
"{3456AA86-DBDD-4C6D-8D73-E6533039A7D3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\quake 3 arena\quake3.exe |
"{346B48DA-0EC0-4ABC-A886-80E6B2709570}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{34C9C89C-0C22-4D54-AF87-485C34D5A3CF}" = protocol=17 | dir=in | app=c:\program files (x86)\remote mouse\server\server.exe |
"{36AB9833-5F64-44DF-9096-28B4E8C7D3E9}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{36EDEF89-F5C1-4593-9CED-A93549ACD252}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe |
"{37A84A68-B048-4B40-8159-D3B9D4C75218}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{38B53DB7-FA0A-4D2A-9B23-29C547A52AED}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{38E691EB-665E-4CB1-B75B-2A720196BE5D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{39C6AEB3-F970-422A-B148-F38F39AC4AA0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rush-demo\rush.exe |
"{39E380BA-FF42-43A1-8B24-1D7499C7B2A6}" = dir=in | app=c:\users\matt\appdata\local\temp\48180.exe |
"{39EA6B94-064E-4107-A43A-2DF2363D0EE5}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{39FF6C24-0430-4B23-A22A-8CDA8D895685}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\lsass.exe |
"{3A38B632-2029-47ED-AA94-FB04492487EC}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{3A5DCD2D-4A51-4675-9738-F98D5F8217F1}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\lsass.exe |
"{3ACE8485-F4AE-406D-A3D9-F94C652FE2E1}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{3B5DFF75-90EA-44F6-89E0-784CC8A96037}" = protocol=6 | dir=in | app=c:\users\matt\appdata\local\temp\18790.exe |
"{3B62AD4A-9EDC-488D-9284-828F08DFC256}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3BC7AFC7-9FE0-498D-9E26-AA60F18798E0}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{3C3FF67B-DBF9-4427-892E-679BFA6761D5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3D62B5CF-4A4A-42EA-BE6D-8CF19BC837FC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe |
"{3F115D58-7B83-44D1-9AAB-93B6BBA457CF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\outrun2006 coast 2 coast\config.exe |
"{3FA6C30E-1A4B-4EEE-9237-2C6120BB720B}" = protocol=17 | dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\alair andre thorvald.scr |
"{403199A4-8785-4EB6-82A9-4B0AF838C954}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\empire total war\empire.exe |
"{406EDC91-78CE-4E2E-AE88-B12FB3CEDF06}" = protocol=6 | dir=in | app=c:\windows\aube.exe |
"{40DDBCC3-7C61-44C6-9B2E-189D98C597C3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{417C2647-AC98-4E8C-999F-DA5A70BDBDC5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{41FC044C-F73D-40D4-B3C2-AD32202DE33D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\quake\glquake.exe |
"{4231BEEF-20DC-4FD3-96A2-F1313411084B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rome total war gold\rometw.exe |
"{43041C49-0961-48E4-8B5A-0C365958D8A9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4321563D-3866-4E88-95DC-33E2BDBBC063}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{4538F746-5789-4F6D-A932-2C01903F0531}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{45D39E66-EBA2-42DB-94A3-E1A948F660E3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{4740804E-5AC0-47E2-9A28-1D568BA3C72E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war gold\w40kwa.exe |
"{47808C8C-B44C-47BA-AFE1-FC019F51A6A5}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{482FC2CE-FEE4-494E-9FEA-B1ADD88B400C}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\lsass.exe |
"{484C26E6-6D35-4DDC-94B5-0D6216D4E4DD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4973CD9D-7E7D-48AE-9DC5-F942B6ECBBC1}" = protocol=6 | dir=out | app=c:\program files (x86)\rosetta stone\rosetta stone version 3\rosettastoneversion3.exe |
"{4AC04D54-B341-4752-8FD2-34B632326044}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4C127CA3-7F44-4587-AA0E-E2E103829C5E}" = dir=in | app=c:\users\matt\appdata\local\temp\17952.exe |
"{4D3A4D09-FF5B-4914-8706-2A259D7588E4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\matamaticus\counter-strike source\hl2.exe |
"{4E8DA4FA-A4F0-4BEB-8A8E-751A24D36D25}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{4ECEE3E4-0D87-4589-81A8-03C1F18B2555}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{50078192-E44F-4397-AB8C-80F1EBCD1A89}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |
"{501D4946-6B1D-434F-B86C-05C373EFCB99}" = dir=in | app=c:\users\matt\appdata\local\temp\29170.exe |
"{50872DBA-A743-4EBB-8FA1-C52D5CF5092E}" = protocol=6 | dir=out | app=c:\program files (x86)\rosetta stone\rosetta stone version 3\support\bin\win\rosettastoneltdservices.exe |
"{50B64D0B-F16C-42FB-B06F-D96577471778}" = protocol=6 | dir=in | app=c:\windows\ignacio maximo herbert.exe |
"{52CF0F59-3C37-4F9D-9C70-A5AF2AC52539}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dc universe online\launchpad.exe |
"{53F65271-90D6-4855-B349-1BF4A3FF4F5B}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{5496D294-72CF-4B4C-8004-FB9ECA881071}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{549933AF-FBFC-4E88-BFB0-6F520166B36B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star trek online\star trek online.exe |
"{55B7F937-8166-430C-B16C-30A02451C67F}" = dir=in | app=c:\windows\aube.exe |
"{5628A7F1-B7CE-4E69-9DFA-692F235AEF4E}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{5647EF18-1299-4308-A14F-DA93203BA86D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\empire total war\empire.exe |
"{569E781B-CA14-40F0-9CE7-EA4D77D6D565}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rome total war gold\rometw-bi.exe |
"{57F55885-3CF9-42E8-9C76-B0E572D7CE74}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{58171E8E-6BF5-4B3F-BDD8-4A8ABB791E03}" = protocol=17 | dir=in | app=c:\users\matt\appdata\local\temp\18790.exe |
"{584B1552-87D8-4672-B6EE-DD9AC2ECD9A8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\medieval ii total war\launcher.exe |
"{58E65A2E-8129-43F8-8CD0-64980B3DAF7E}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{58FFD84F-CBA0-494A-9373-A06169682DDD}" = dir=in | app=c:\windows\ignacio maximo herbert.exe |
"{591537B0-2277-4061-A78F-428467086F83}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{592F262D-8DB6-488E-B5AF-90273BDB4098}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\supportsoft\bin\ssrc.exe |
"{5989C02C-F113-4374-AC21-A265D086BD33}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{59E701C5-4907-4876-B33F-B568E5EB4C13}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{59FBFDB0-4099-4304-BA9F-FA6173D8A7AB}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\lsass.exe |
"{5B8A90AB-09E1-479E-B89A-19DA593E6F77}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{5BF7E531-783B-4468-BC6B-371329F91BFC}" = protocol=17 | dir=in | app=c:\users\matt\appdata\local\temp\57172.exe |
"{5C4A0646-0785-4CCF-9C48-299BA31C41F9}" = protocol=17 | dir=in | app=c:\users\matt\appdata\local\temp\48180.exe |
"{5C7285AD-D17C-4330-99AB-5EEBA58F151B}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{5D833AC2-5A80-401E-B80B-E9F0521B8C73}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{5DBFCB70-20C1-4FA5-94DF-19CF0E3C798B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5E57B568-540D-4E87-BB21-2F54AAC343EB}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{5E695D54-8D2C-43F0-9F12-A7F70153EECD}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{5EA65BB7-6C24-47D6-866F-FF61A0CA5F15}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5FB8C2A8-8560-43C1-8FA2-63D7C187C03A}" = dir=in | app=c:\windows\aube.exe |
"{5FDDCA17-EAF7-4E53-BF24-658F3C4E42B3}" = dir=in | app=c:\windows\aube.exe |
"{6018E1A5-D2B1-4766-8300-1E4BFD530BFF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6039C372-0D85-4995-B4AC-64035FF5D945}" = protocol=17 | dir=in | app=c:\users\matt\appdata\local\temp\29170.exe |
"{60F61E9C-D6FB-4F0E-A898-49A4DD026975}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{61EC164C-7DEC-4076-AF93-7C1FB6E6E86D}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{62248BC2-A211-496E-9E92-20CA19FF28DB}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe |
"{625D6CC7-FA26-4FA9-B836-84DF44CD24AA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{634BF232-B596-4AAA-B756-37E453A8654B}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{65857BB7-C76F-4C0F-953D-C021E2C5532A}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{65E48307-CCE0-4C33-8AED-5BE02AF7D1DF}" = dir=in | app=c:\users\matt\appdata\roaming\harmon\harmon.exe |
"{661A6A80-1E29-41C4-B97D-ADF743BD4AD5}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{66D00566-AF11-48C5-8F58-F79E981D04AD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{672372E0-D51B-4423-9C93-04EB932FAB7C}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{6724D1D6-12BC-454F-871E-E49022A5654A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{688D3770-8DCF-4A1A-B5F4-F8BCCCC2BE00}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{689F7A8E-B96A-4B06-A34C-E178EEC343EC}" = protocol=17 | dir=in | app=c:\windows\ignacio maximo herbert.exe |
"{6969C86E-9A4A-4E2A-845F-5E721D148EF3}" = protocol=17 | dir=in | app=c:\users\matt\appdata\local\temp\59972.exe |
"{697D8B87-C925-44F4-823E-26B644AD00DC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{69BF8024-080F-4236-996F-0BAA62628FC8}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{69FEBB87-07C3-43F1-BE14-FDA6F8D04F7D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6A6829DE-B0CD-49C0-9A0E-39FF831F37E3}" = protocol=6 | dir=in | app=c:\program files (x86)\o2\agent\bin\bcont.exe |
"{6B70B350-C7E9-4493-B939-E6B197716F30}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{6C4A736D-7786-4B2B-ACDD-67B24613ED90}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{6E82527B-28BC-4AE9-A4D2-86B451B6B21C}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{702B83D6-3421-43E4-86B5-F283F2B025AD}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{7064FDF9-01D9-4B42-ABA1-07F51455AD05}" = dir=in | app=c:\windows\aube.exe |
"{70F8B5D8-76B7-4A35-A47A-08353D9C9919}" = protocol=17 | dir=in | app=c:\program files (x86)\2k sports\nba 2k12\nba2k12.exe |
"{71229893-E8A4-4F34-8899-010ECDE89154}" = protocol=6 | dir=in | app=c:\program files (x86)\remote mouse\server\server.exe |
"{71581251-B14C-4475-ABD4-9A12BD074C49}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{715CBFE4-691A-47D8-8E6D-01BA1DFCCEB6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star trek online\star trek online.exe |
"{71939E44-311D-4DC0-B09F-05D5056F193B}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{72F48D6F-4381-4236-BE31-5E883184412B}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{74284AE5-C46C-4DCE-AB18-49AFDEE637DA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{748D2290-89E9-4CA6-8C74-4EEFCC8E4851}" = dir=in | app=c:\windows\aube.exe |
"{75FDD68C-3A10-4E67-89FE-588D9D8EC591}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\global agenda live\binaries\launcherbin\hirezlauncherui.exe |
"{76BC69C6-5F08-45D0-A142-5281AC07B8D9}" = protocol=17 | dir=in | app=c:\windows\aube.exe |
"{785BF003-1047-4893-9E96-5CCFF61D8AF7}" = protocol=6 | dir=in | app=c:\programdata\wscntfy.exe |
"{78A9C7B7-1242-4976-91A9-8B242249F194}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{7947C83D-14A2-42CD-B9BD-8B02C4BFB316}" = protocol=17 | dir=in | app=c:\program files (x86)\o2\agent\bin\bcont_nm.exe |
"{79932103-BD19-4C00-B155-18838DBEB7FE}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{7ADB3C70-CBEE-47E4-89B2-26646F6E0217}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hacker evolution duality demo\hacker evolution duality.exe |
"{7CE451AB-B3BE-4AD2-88EF-805C54F6BAAE}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{7DB04377-B31E-470C-B943-4942AB80132C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{7EBEDDC6-302B-48C7-AD9B-709F526E5BC4}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{7EC469B3-5353-4321-9924-EBAA868B77B6}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{7F266DB1-2664-4566-8CEB-C893B484649F}" = dir=in | app=c:\users\matt\appdata\roaming\leopold\leopold.exe |
"{80D0DE9C-AAE4-4FF9-864B-F845C35827D8}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{80F04ED9-0E92-4547-BA6B-BE5C1519E114}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{81030CBD-953C-4F8D-9092-AFD21DA59307}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\matamaticus\counter-strike source\hl2.exe |
"{822FE9E6-15CA-417E-AE2B-0D6723CACC1D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{823F54B2-ECC2-4FD8-BDA7-531C84198E33}" = dir=in | app=c:\windows\aube.exe |
"{826238B2-CDCE-4702-A557-0AACB60D272F}" = protocol=6 | dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{8283737E-7AA4-4BA0-BC0A-852FDAA4B795}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{82D11591-540A-4096-A9E5-81D51AAD3D38}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{83DDEA19-D9D3-4DAB-B5A4-2BC31022FFC7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{83E7B616-B5C4-4DB6-AC8F-FA99AFE76AB7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{844AC972-553D-40C9-BF23-C759110315D1}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{84507CAA-0965-4271-9C30-3048615C3900}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{84B6EEC4-3DC7-447A-B3D3-E1D18A3E179D}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{84FCAADB-3306-405D-9A99-57548FD15CEE}" = dir=in | app=c:\windows\ignacio maximo herbert.exe |
"{8551AA85-525C-46B6-B7B6-5683A81E7FA0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{855AF8DC-EB86-47EA-B436-303A31F57882}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{8581FCF5-1F9D-49C1-BA6F-30F17FCFA59E}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{85D315C5-7EAB-43DE-964B-008E3A91745C}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{8676A47B-6322-438C-9D06-4BDE6F90914B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{86CAB1E8-596F-4CF2-9921-F1D92CE1B406}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rome total war gold\rometw-bi.exe |
"{86F31D2D-F828-4231-B2BB-2A0B5248AD2F}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{87015CD8-111A-4D84-B198-B477D1FA9A2F}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{87729FF3-5D44-4AF3-BE85-9C1D704435E8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{87DBF4D2-4696-4146-B212-4C77EF3A9EE5}" = dir=in | app=c:\program files (x86)\rosetta stone\rosetta stone version 3\rosettastoneversion3.exe |
"{88002160-71EE-4016-A2FC-1D1228F215BB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\quake\glqwcl.exe |
"{888474C9-ACD3-48F7-8379-F93D4C40A225}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\quake\glqwcl.exe |
"{88955BC2-A8A3-45D2-9FDE-B0F5F69F88B9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{88AF0197-2F6C-4D0E-AA59-259AD52BBD74}" = dir=in | app=c:\users\matt\appdata\roaming\harmon\harmon.exe |
"{89A19C60-30DA-47B8-A4B0-AECD26BC9DC2}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{89C9B77A-BCB5-45C7-A62D-DC0C35DDB271}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{89D66A55-A939-4BF3-AFAC-6B6A2EEECB16}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{89EDE271-E9A9-43E0-87C7-23CB61C7DEC5}" = dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{8A635232-086B-445C-B0D1-0551BBB9DBBB}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{8AC9F002-89D8-491C-8A73-341338598C8F}" = dir=in | app=c:\users\matt\appdata\roaming\harmon\harmon.exe |
"{8AEE3E5F-2158-4E98-8133-CBFFBAD6B013}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\empire total war\empire.exe |
"{8BE06550-AB35-41BC-B7CD-E15D1C000479}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{8C99329F-3D78-4263-A14C-143A4F0FB22A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8D18455A-F7E2-4039-9ECE-3B712F111859}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{8D32A7B5-F4E8-4CB6-AD14-8478499A44C5}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\supportsoft\bin\ssrc.exe |
"{8D665FA1-529C-485F-A1F8-1D6D3401DD05}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{8E1F13E0-7F64-4791-A8A4-166E6B80107A}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{8E6EC926-993B-4480-A7E8-11F3F5CDB0CF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8F322B16-CBB0-47AC-96F8-B02956EF59CC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |
"{8F42B509-9985-419F-8108-3E63353E8385}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8FEB4A15-BA29-4152-A7B2-12F518A2ECE3}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{90483B1A-164E-4FEB-A1B1-9013F0DF25C7}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{930ED248-18E0-4A8E-98BB-1DC1C3382066}" = protocol=17 | dir=in | app=c:\users\matt\appdata\local\temp\8857.exe |
"{93225A00-6052-45BA-B38F-0D518FBC4300}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{934DB8D1-B2BC-4414-9510-48807C8A4D04}" = dir=in | app=c:\windows\aube.exe |
"{9431326F-717F-4EA6-B495-A3E1375205DC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{945681C8-B46B-412C-9624-E94262A4DD32}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{945B8170-5030-48F8-BBC3-56CA0248F25F}" = protocol=17 | dir=in | app=c:\users\matt\appdata\roaming\harmon\harmon.exe |
"{9542D78C-27D3-40D7-9B11-F897E557519D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{95D0E178-C7EF-407E-B6DD-6AFEDC38BDDE}" = dir=in | app=c:\users\matt\appdata\local\temp\18790.exe |
"{96FA37B1-4917-411B-A840-65AED4889080}" = dir=in | app=c:\windows\ignacio maximo herbert.exe |
"{973E81B3-AD37-4E73-A001-F4FB09C53E23}" = protocol=6 | dir=in | app=c:\users\matt\appdata\local\temp\17952.exe |
"{9779608D-5A22-49E7-9D67-2C4AF972F5DC}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{97FBD2C1-E5CE-4A45-B533-FD619245D910}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{98962A75-4D56-42C4-9431-040F64F78C68}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{99BAFC8B-0A0C-4A27-B2DA-59BFAC49642E}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{9A827596-E725-484A-9917-EE16242891E4}" = dir=in | app=c:\users\matt\appdata\roaming\harmon\harmon.exe |
"{9ABC58C5-AEEC-4842-B010-51D08D51FDED}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{9B1163F2-4E93-4CCE-BAD1-F01835F06032}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9B615A81-3331-4908-8295-FD54EC8BE534}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\the battle for middle-earth (tm) ii\game.dat |
"{9BFFDE0C-CCF1-46A6-8334-CE279CF6DEB7}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{9C3BA613-F357-457C-9644-13C7A59F47BB}" = dir=in | app=c:\windows\aube.exe |
"{9DABF422-6C56-4F6E-B46A-6E2BA0E23227}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto 3\gta3.exe |
"{9DC1FCAC-E6B5-4C5A-A6D4-A28A5FB2CCA9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9DCD842C-EEB2-483D-8AE7-76B68993A9F0}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\lsass.exe |
"{9EF60045-5C24-44A6-9385-09CA8B2B39A1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A041B09C-0246-437D-B57A-C82CAF1BE47B}" = dir=in | app=c:\program files (x86)\rosetta stone\rosetta stone version 3\support\bin\win\rosettastoneltdservices.exe |
"{A0AB0A71-5C03-4317-86D6-F24A3837EC2F}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{A1B67969-8EF1-44F6-95A2-4BDBACA3F14E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A1D2EE64-53EB-40AA-B8E7-E3160B8B465B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A31D9C9E-0700-43EF-B640-724D2799179F}" = dir=in | app=c:\users\matt\appdata\local\temp\11407.exe |
"{A3B1DF47-A270-428A-AE2E-212640CD076F}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{A41FC2E0-C011-41BB-8E61-C790266DE6B2}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\alair andre thorvald.scr |
"{A56A7F40-68E0-4C5B-B82B-E470CF7BC786}" = protocol=6 | dir=in | app=c:\programdata\wscntfy.exe |
"{A65E7040-A65F-4954-8EF1-8874DC7EF8CB}" = dir=in | app=c:\users\matt\appdata\roaming\harmon\harmon.exe |
"{A6A4BF6A-7325-4630-B149-5DFA72775B5C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A6AADC02-F49D-4D3C-A1A9-6F54678A6E7B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A6EA27DF-DAA1-4784-B9D8-672B193854C5}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{A7205C5D-8D67-4C60-BD68-9B21394A251D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A75FF1AC-2F5E-4588-A95E-442679EBBD78}" = dir=in | app=c:\users\matt\appdata\roaming\leopold\leopold.exe |
"{A806C649-7D4D-4B1A-807A-04F909651A3F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A8DCECE5-2402-40E7-8EF7-BBAEB174F828}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{A8FFD589-CF58-4E6E-9D33-13EC115A7831}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A92B5270-6959-43C0-BC12-28919A7F6BDC}" = protocol=6 | dir=in | app=c:\users\matt\appdata\roaming\harmon\harmon.exe |
"{A99BC4CB-5F29-455B-83F4-2B51E838BBCC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{AA2F8607-63D5-4D22-9709-CA400F990F65}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{AA48F0B8-83F1-4787-9D66-98F42D8D3261}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{ABB31B02-6942-488D-B09B-169E0B5293F8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{ABF6B628-C1EF-4663-94FF-9BFAACA32D3E}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{ACBA42DC-50D2-4940-8C17-7E112A75AA20}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{AD9CADC3-9D16-40BC-B5FA-B4FB0BEEE79C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{ADDD4DAA-CF03-4152-965F-BBE194104331}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{AE2BC424-AB6C-423B-8519-2A9CDA4A85A1}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\lsass.exe |
"{AEE73D7B-A418-4F0A-9BC4-7FAEC9EC2795}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{AF33C428-2DBC-49B0-A127-47B43E2CA4ED}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{AFC7FCF3-9FFC-4B62-9000-2F40D46C55D9}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{B14B80BF-5487-4FA1-98FB-ACC0281F62EA}" = dir=in | app=c:\windows\aube.exe |
"{B29D47EE-7FB2-4759-AFAE-47C9320320C7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B2A79868-45C7-471C-AB86-08B1DDF8429F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\quake\winquake.exe |
"{B2DE9176-2A2C-4FB4-B0C6-C4896ADF8C18}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{B34BBBA5-4B75-44D7-8E34-FA22AD08E6EF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B4E6207D-6E42-467F-8BB5-C2E9D7AB8C35}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B541B7E7-D8AF-41BD-87F1-4845E8F8F6E1}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{B5C1A41F-9EE2-4CE4-A219-1CA07265C86A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{B5FCAE2C-C996-4BDE-843A-2224615E8F1F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B6C2CAE5-D8A3-4C66-8E07-C619897687E2}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{B74E878C-3774-4105-BD5A-0E257E619547}" = dir=in | app=c:\users\matt\appdata\roaming\harmon\harmon.exe |
"{B84724E7-5638-40F4-B093-C35A6757F3F0}" = protocol=6 | dir=in | app=c:\program files (x86)\sports interactive\football manager 2011\fm.exe |
"{B84BEF44-36A5-47F7-A93A-4BDD0CAADDF0}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\lsass.exe |
"{B8BAD7E6-A691-4279-8CEC-B48FACD81DE1}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{B9632D5F-1B6D-40D9-BD4E-070A64C0D707}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{B9D1EEC0-2E13-4900-B105-9C228FC15FB0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{BA7FE671-92CD-4BBF-849D-4B6DB3F84943}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{BAA193A5-3549-4A0D-A477-CCC4EFF31612}" = protocol=6 | dir=in | app=c:\users\matt\appdata\local\temp\29170.exe |
"{BAEF85EC-B3E2-4580-8ADA-D7DD495C46C5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\outrun2006 coast 2 coast\or2006c2c.exe |
"{BAF94F7C-F137-4D3B-9A58-98ED652CA0D1}" = protocol=17 | dir=in | app=c:\users\matt\appdata\local\temp\33509.exe |
"{BC2B7313-BADD-478D-B83C-E84402FB84C3}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{BC3FE19F-6C00-43FA-88D6-2893125F825E}" = dir=in | app=c:\windows\aube.exe |
"{BC9FFBF2-7C0D-4F3B-AE86-30E46F4C8BED}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{BCE990F0-2D0B-41EC-B573-AC809FC4DAC2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{BDB5A8B6-85BA-4E82-9703-C597EC9A531E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{BDDB2A09-FA14-4712-86B0-24D8F7AAD56B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{BDE97E29-D4F3-47C9-985A-4C3A86D41F69}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{BEE2EB7D-1BBD-45F1-88D7-828B4564C8CF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{BF81900F-C914-4A32-8C2C-B0F4A0B0B7EA}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{BF9159FC-2C9A-4249-9501-B6CB6EC24A6A}" = protocol=17 | dir=in | app=c:\users\matt\appdata\local\temp\11407.exe |
"{C07B29C7-45B6-4385-BE98-A504F2502239}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe |
"{C0C8B118-10B6-44B5-9F7B-A899165CABAD}" = dir=in | app=c:\windows\aube.exe |
"{C119BE64-D4B9-4997-8B03-5170DC21BB44}" = dir=in | app=c:\users\matt\appdata\local\temp\53630.exe |
"{C17D32AC-7A1F-48E1-B297-6A218B0FABCD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2 demo\shogun2.exe |
"{C31FFDAE-91CA-4F44-93B0-0805CDE88D1E}" = dir=in | app=c:\users\matt\appdata\local\temp\57172.exe |
"{C33C57FC-CEB6-49EB-B372-E5459AB31EC9}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{C36574AF-F405-4333-A776-14C55F9B8B35}" = protocol=6 | dir=in | app=c:\users\matt\appdata\local\temp\11407.exe |
"{C42EACD0-B0C2-4285-ABA1-34909FB7BB3E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rome total war gold\rometw-bi.exe |
"{C5165A21-D4E7-469E-90EB-3FF7807398B9}" = protocol=17 | dir=in | app=c:\program files (x86)\spotify\spotify.exe |
"{C5DC33DF-AD28-4D81-8B47-C6B8872D09C8}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{C650A5AA-866D-4644-A02C-8EB87A1DD848}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{C68989CB-1A90-415B-84D3-8C09F40C18AE}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{C68F8831-C110-43F1-AE08-047F48B4A77F}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{C7A71006-B7B2-4C97-8896-8236F99A5F6F}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{C7BECB5C-7790-46F3-AADA-4B6715F79321}" = dir=in | app=c:\windows\aube.exe |
"{C7E6F3A7-23A5-4373-BA89-581C5D8FD0AF}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{C87CBA8E-DA7E-4658-9C86-A68F08843605}" = protocol=6 | dir=in | app=c:\program files (x86)\2k sports\nba 2k12\nba2k12.exe |
"{C88C5DDE-8309-4781-88C5-E040AD06B2BA}" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{C88E55E9-0811-4A73-8F26-46A6D760E0F7}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{C8B8C966-BE79-4CAE-9759-D5324FF0EAF4}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{C96A7C96-08A5-4A10-8CCA-EE61E21486B3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto 3\gta3.exe |
"{C9F4BCBC-CA4E-4529-B995-1536611EBC67}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{CA41F411-5537-441B-9213-3FEBECE94925}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war gold\w40k.exe |
"{CA9937DA-3A4B-42A3-BE26-D29EAC7E65DC}" = protocol=58 | dir=in | app=system |
"{CAC9D920-40C6-47FD-91FD-A5526790B468}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{CB71409E-775C-47F3-9C26-F4F4C2C39DE9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{CCA8405F-6B08-4C42-B8C8-A5F9B06F9C46}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{CD634119-150B-4D00-808F-3528DB20EF44}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{CD877894-3CA2-466A-B735-B62DF84266C5}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{CDF41C6D-FD0D-43AF-B37A-C0F324E7A915}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\the battle for middle-earth (tm) ii\game.dat |
"{CE459E6A-E53B-4B5F-B782-6ABF869D1FB5}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{CEC77472-2D37-4909-A0C7-173E02D5FF2C}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{CF31D5D6-8FD6-46E3-B8D3-3E0B2F480E0E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{CF617BEC-98A4-4C55-B27D-3C852E398622}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{CFE53B49-29A9-41F7-A7FA-BE58C814D917}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{D065FCE0-6304-42D0-B0A6-3FDD006266EC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D08D2BF1-8E45-46BB-BC07-21C4D2CCECC8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D097D7EF-59EF-4730-AD9B-0C633DFC2B6A}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{D12336A7-A824-438E-9E8A-51806B7391D5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rome total war gold\rometw-bi.exe |
"{D1247A45-2349-4B92-8468-7C1B322FC118}" = dir=in | app=c:\users\matt\appdata\roaming\harmon\harmon.exe |
"{D15272B3-3FF8-4C2A-B486-27E2B246ADA7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D19F9120-7FDE-4FA7-B168-DB4AB9677BDC}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{D1AC0AEE-106C-42A7-BBCA-4C9D004D7293}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\alair andre thorvald.scr |
"{D1B0903B-9793-420F-8B9A-5DD182C9DF81}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D2B326B4-EEBD-42F9-B049-C7D0BFD1AF46}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D312B59E-8076-41FD-BB11-7E8B279C4F0A}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{D3FBCF5B-8316-495C-8357-E9CDB3733303}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D43B6481-CFBC-438D-9428-B453A9C6BF47}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{D68D4544-9E8E-45CC-A78F-573B9A179628}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{D6AF93B6-FA6C-4E87-B07C-A80F3301565E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D7542E4F-35BB-4FDC-8934-E10C26AF3250}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{D7659A32-161B-4396-BDE5-02B4AE878866}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{D772BB1A-6530-4273-8841-A4F581DF0FA7}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{D7E76BC8-E609-4C6E-927E-3D3FB40B7E7A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D8354BE6-9F34-41FB-8B4C-93FB023BF1F0}" = protocol=17 | dir=in | app=c:\program files (x86)\sports interactive\football manager 2011\fm.exe |
"{D94C99A6-9301-4B1C-AD8B-5D1A56145195}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{DB6DE033-D2C6-4B38-8101-71AE8941A7B9}" = protocol=6 | dir=in | app=c:\users\matt\appdata\local\temp\8857.exe |
"{DB6FACE4-04F6-4E49-968D-409F3EA6C77F}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{DC9804C4-F57C-4BCD-BF9D-6D236AEDDAFD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{DCB6C4AA-9B28-49D1-9286-6026A01523CC}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{DD762C62-168B-4866-96C4-C431F09E95B8}" = dir=in | app=c:\users\matt\appdata\roaming\harmon\harmon.exe |
"{DE5D9072-2B0F-4892-A3C1-1C5350070235}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{DE600631-CB78-40F1-BF18-E16E9D8AE7D6}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{DEF7C31F-F40F-41F8-A548-A986E7497ACA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{DF05AF9D-3B1C-47A5-A455-3185BE48DFFE}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{DF18066D-E09D-4579-8A8D-DB64D19A7B55}" = protocol=17 | dir=in | app=c:\program files (x86)\o2\agent\bin\bcont.exe |
"{DF430B61-0528-4851-B564-0AAB2622F2B8}" = dir=in | app=c:\users\matt\appdata\roaming\harmon\harmon.exe |
"{E01B7B8A-3DFF-49A6-84A4-5376EDBC5DE3}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{E01C561A-4A11-4D2E-BEEE-0FF694FD62CF}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{E177A91F-7303-4F22-9A3C-E7D31025FDE3}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{E17B3248-E7F9-4601-8FC4-2576817E929B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\quake\winquake.exe |
"{E198F230-BA5F-43E2-BDC0-60514A3C18D3}" = dir=in | app=c:\windows\aube.exe |
"{E3303B15-ABBA-417D-87D7-2B458B0C95E6}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{E3B4F947-33F5-477B-B198-584CCEE82FA9}" = dir=in | app=c:\windows\aube.exe |
"{E3C0378D-E33A-42A9-BA71-642B7645CEFB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\quake\glquake.exe |
"{E41BE81E-88FE-4BA2-8DE3-C79DDFD2A455}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\quake\qwcl.exe |
"{E4CFA948-525C-4D62-9D4C-4DC06BB5004F}" = dir=in | app=c:\users\matt\appdata\roaming\leopold\leopold.exe |
"{E5AB1A63-538E-4DB5-B12F-ED9A3B00EE92}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war gold\w40k.exe |
"{E6474711-87DF-4521-84C0-4CBAB19108DF}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{E672592C-31FF-4ED5-8140-FB06F3AE8B5F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war gold\w40kwa.exe |
"{E6C77152-930D-4F0E-8F87-6B18A70E2EFA}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{E81904F5-A44F-49DF-98CE-B8FBF92010A0}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{E85071FC-A19B-4619-A09F-2AA1543F2F6C}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{E8A512DC-51ED-413D-8979-803C3407A400}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E8D48578-18CD-42BB-875B-036E667B23C0}" = dir=in | app=c:\users\matt\appdata\roaming\harmon\harmon.exe |
"{E97A9370-7188-4289-AADF-0CF7405CD745}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{E9B9FECF-3293-486E-B785-2EE8B1354FB4}" = protocol=6 | dir=in | app=c:\users\matt\appdata\local\temp\53630.exe |
"{E9CC81E6-5E11-4DCC-8586-53B64FA7DCDE}" = protocol=6 | dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\alair andre thorvald.scr |
"{EA6C8134-1609-430E-8988-90D180145FF3}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{EAB19036-6B53-4690-BA17-4EFE57AD428D}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{EB629367-877C-43E4-B981-B9DE438018E5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{ED4C47D9-F6C9-418A-BE43-190BC48AE116}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{EDACA2DB-E300-45FA-8B16-B300EA0E5B17}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe |
"{EDE67A5B-5608-46A6-8C70-D30E8764A6FD}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{EE4D5958-6494-4799-ABF4-FC910A73BD44}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{EE6D6446-2A88-4237-9246-4EE6E0A1FC38}" = dir=in | app=c:\users\matt\appdata\roaming\harmon\harmon.exe |
"{EF300E1D-B5CC-48F1-9F8D-39BF297FF377}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{EFFF1CA0-48E2-403D-AB18-3EBE25628D43}" = dir=in | app=c:\users\matt\appdata\local\temp\59972.exe |
"{F0E6082C-BC11-4A51-B832-016E48B10D3E}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{F1423040-78E5-485C-9361-AD5C985D54A3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F1477DBB-01AF-4531-9131-8E8FE6CC0997}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\lsass.exe |
"{F15F4524-1900-4846-8F71-2DC03185EE87}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rome total war gold\rometw.exe |
"{F2800DFB-F547-496B-B5B9-865A45E6976C}" = protocol=17 | dir=in | app=c:\program files (x86)\o2\bin\wificfg.exe |
"{F2E14536-7982-4F42-B4EC-F08F39B3266E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F2EDE664-4B69-4935-87EF-2FA347A3E87A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\plants vs zombies\plantsvszombies.exe |
"{F3367D96-7603-4D9A-AB58-8434F9BB8CFA}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{F3FEE8D8-4DA8-426D-903B-3E47E5AA3898}" = protocol=17 | dir=in | app=c:\users\matt\appdata\local\temp\53630.exe |
"{F4CAAF16-109F-497A-A208-F5832DD0B3E4}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{F523A1C7-EBE0-480D-9842-DCAEF22CE849}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F640BAD3-87E8-4888-BD7E-DDCAA72A8354}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{F79E0A20-6C7D-4BFF-B702-F6CFC2F19004}" = protocol=17 | dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{F7A0681B-A143-44B9-9573-7AAF298AEDAA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F7ACB085-F01E-49C8-931E-7C965AD819BD}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{F7B21A9A-B0B5-4E9A-9F7F-63AACFC16808}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\lsass.exe |
"{F82403AD-B01F-40EC-98DD-3DDFF87D797F}" = protocol=6 | dir=in | app=c:\program files (x86)\o2\bin\wificfg.exe |
"{F863EC81-A762-477C-8FCE-80A6A2486ABD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\medieval ii total war\launcher.exe |
"{F8FDC085-6988-4AEE-8322-5B3D8B950EA9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\quake 2\quake2.exe |
"{F9663084-8A96-4A3E-98F7-F57138C0516E}" = dir=in | app=c:\windows\aube.exe |
"{F9852AF0-A8E4-4346-93B7-025CDBE430A8}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{F9890777-E474-450C-A964-4B2CAAA9826E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F99CFE49-A093-42E5-B748-E36AF1402221}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\matamaticus\counter-strike source\hl2.exe |
"{FA1837B4-03B9-4E37-BDFE-CF4C1D353604}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FC4D81AF-FFC5-4F65-B5C6-F29E9A099716}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{FC4FF4F3-5438-44FD-9E22-DD8E1396E89E}" = dir=in | app=c:\users\matt\appdata\roaming\harmon\harmon.exe |
"{FC620EB7-3E01-4468-B5D4-D8584A7B4EE0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FC64905D-B29F-4E49-8E8B-E0E366ED65C1}" = protocol=17 | dir=in | app=c:\programdata\wscntfy.exe |
"{FDAF29B4-0113-4627-8A8F-D513F2212644}" = dir=in | app=c:\users\matt\appdata\roaming\microsoft\windows\emory homer eldin.scr |
"{FDDA0013-2842-40C3-88E3-4AA0934AE0AB}" = dir=in | app=c:\users\matt\appdata\roaming\harmon\harmon.exe |
"{FE8BD5B2-85DB-4282-B64A-B61C841127D8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FF05AEE9-6448-4780-9303-BD911CAA3215}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"TCP Query User{28C33B7F-9E4E-4C08-9B19-F6E3BE9EDEC4}C:\program files (x86)\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tvuplayer\tvuplayer.exe |
"TCP Query User{7A08530A-48A5-4DA6-8C3B-B8E1BD7BE202}C:\program files (x86)\remote mouse\server\server.exe" = protocol=6 | dir=in | app=c:\program files (x86)\remote mouse\server\server.exe |
"TCP Query User{7B98D3C3-F50C-4118-B3F8-08B9B0397A06}C:\program files (x86)\steam\steamapps\common\dc universe online\unreal3\binaries\win32\dcgame.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dc universe online\unreal3\binaries\win32\dcgame.exe |
"TCP Query User{874162CF-B745-47FB-AB75-257FCE74DBFC}C:\users\matt\downloads\sto_demo_installer.exe" = protocol=6 | dir=in | app=c:\users\matt\downloads\sto_demo_installer.exe |
"TCP Query User{BCCD14EF-1243-4A49-B9D7-3493D71FFFF3}C:\program files (x86)\steam\steam.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"TCP Query User{D215429C-AC16-4EA3-8A11-2193CCD9F697}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{D83FBBD7-CC54-4604-A120-60AAD815E574}C:\users\matt\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\matt\appdata\local\google\chrome\application\chrome.exe |
"UDP Query User{3F0E7342-0F29-4075-BA23-9F517B1D7CD1}C:\program files (x86)\steam\steam.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"UDP Query User{67F8CA5D-AE24-4714-A8D6-D5AEC245D1A0}C:\users\matt\downloads\sto_demo_installer.exe" = protocol=17 | dir=in | app=c:\users\matt\downloads\sto_demo_installer.exe |
"UDP Query User{6D31AFCD-384A-440B-9713-43EBA767B1AF}C:\program files (x86)\remote mouse\server\server.exe" = protocol=17 | dir=in | app=c:\program files (x86)\remote mouse\server\server.exe |
"UDP Query User{7B560DE4-5CAB-41CD-95CF-D0CCDA3CB6C1}C:\users\matt\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\matt\appdata\local\google\chrome\application\chrome.exe |
"UDP Query User{A317EF10-BEE0-4418-B1DC-AF724EE6BD5B}C:\program files (x86)\steam\steamapps\common\dc universe online\unreal3\binaries\win32\dcgame.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dc universe online\unreal3\binaries\win32\dcgame.exe |
"UDP Query User{BF261A6D-D352-4AEC-A81E-BD4925F0600D}C:\program files (x86)\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tvuplayer\tvuplayer.exe |
"UDP Query User{C92C43B2-FBBE-4E12-92A1-D6B09546F5D2}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
stararc
Active Member
 
Posts: 14
Joined: June 25th, 2012, 12:51 am

Re: Infestation

Unread postby stararc » June 27th, 2012, 12:11 pm

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy ds3 driver version 0.6.0001
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{55B44B84-A758-EAF7-0906-E397B384FCDF}" = ATI AVIVO64 Codecs
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{987FE247-4E69-4A2E-A961-D14F901FDBF6}" = Logitech Webcam Software
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{9FC24CE0-2B41-C751-C642-ADF33D7F2C3A}" = AMD Catalyst Install Manager
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{C6C08B1E-8A45-7571-727E-E28DD15AD556}" = AMD Drag and Drop Transcoding
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F61833FE-70D2-06F8-6A53-58BC8DCD0D6C}" = WMV9/VC-1 Video Playback
"{FA16AE79-DEFE-CEC4-9213-0CE361C8D627}" = ccc-utility64
"72A50F48CC5601190B9C4E74D81161693133E7F7" = Windows Driver Package - Nokia Modem (02/25/2011 7.01.0.9)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"A-WIN-Extras 8.0.1 2077975_is1" = Mathematica Extras 8.0 (2077975)
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.55
"E0AC723A3DE3A04256288CADBBB011B112AED454" = Windows Driver Package - Nokia Modem (02/25/2011 4.7)
"EPSON SX430 Series" = EPSON SX430 Series Printer Uninstall
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"lvdrivers_12.10" = Logitech Webcam Software Driver Package
"MatlabR2011a" = MATLAB R2011a
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"R for Windows x64 2.11.0_is1" = R for Windows x64 2.11.0
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0215A652-E081-4B09-9333-DC85AAB67FFA}" = Adobe Dreamweaver CS5.5
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{0420F95C-11FF-4E02-B967-6CC22B188F9F}" = Nero BackItUp
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04E9B02B-4F85-4B73-B865-27B9B8B35877}" = NBA 2K12
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{117B6BF6-82C3-420C-B284-9247C8568E53}" = The Sims™ 3 Outdoor Living Stuff
"{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool
"{148E08FF-D7C4-46ED-8D4D-601C67FE0AFD}" = Rosetta Stone Version 3
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{25F61E72-AAA4-4607-95D2-1E5139C98FFB}" = Nokia_Multimedia_Common_Components_2_5
"{26A24AE4-039D-4CA4-87B4-2F83216020F0}" = Java(TM) 6 Update 20
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 30
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{2F173C40-563E-11D4-89C5-0010ADDAAC33}" = EA.com Matchup
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{38E45772-7CD6-8400-693C-1D268E6D1850}" = ccc-core-static
"{397516AE-7DFE-4F90-84E0-BD616D559434}" = Nero BurnRights
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{402ED4A1-8F5B-387A-8688-997ABF58B8F2}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{42DE940E-8037-4266-9FBF-5A3AEDA39E96}" = Holdem Manager
"{44715246-18E9-4EDF-AA03-94E4B4F80EA8}" = Download Navigator
"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = The Sims™ 3 Late Night
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B360FD5-D497-46E2-9488-C6B649871662}" = Epson E-Web Print
"{4FCB1267-7380-4EBA-9A6C-69809C6E8227}" = Nokia Music Player
"{513148E7-B7A1-48B2-B518-668701E546F5}" = LightScribe System Software 1.14.19.1
"{51E2F9B3-A972-4F58-B4EF-4D9676D9F5D1}" = Nero RescueAgent
"{55EB7967-5BB1-4EA2-8AFF-B2F9E487E553}" = PC Connectivity Solution
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5B035501-3F57-4772-B0CA-3D5E613A5D86}" = My O2
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{653A52D8-127C-476D-BAD9-27117A3A4959}" = Nokia PC Internet Access
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AB57823-3580-4CE0-9CF0-072E2A39460C}" = Catalyst Control Center - Branding
"{6C3CF7AC-5AB0-42D9-93C0-68166A57AFB6}" = Nero Express
"{6D0C6BE4-F674-43D2-96BC-3509345108C9}_is1" = PokerStove version 1.23
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71828142-5A24-4BD0-97E7-976DA08CE6CF}" = The Sims™ 3 High-End Loft Stuff
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74B1CEB6-B4BF-46FD-8080-CE3C1809B010}" = O2InstV3Win7UpdateV2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87788F6B-90DC-3702-E4E2-BAAC54F6DC06}" = Catalyst Control Center Graphics Previews Common
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}" = Epson Event Manager
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = The Sims™ 3 Ambitions
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
"{95140000-0080-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AB97F52-512B-43EF-AAEC-4825C17B32ED}" = EA.com Update
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A02D7029-C4EF-44C1-9FD4-C0D3CA518113}" = Epson Easy Photo Print 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A4D77A09-10EA-4574-8C09-9B6E1A21C95F}" = Virus Guard - powered by BitDefender
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF88496B-4BBA-4922-97E9-2582D3A28358}" = Nokia Connectivity Cable Driver
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B823632F-3B72-4514-8861-B961CE263224}" = PostgreSQL 8.3
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = The Sims™ 3 World Adventures
"{BDE646E8-86E0-50E1-37BC-0AEBB2185D76}" = Adobe Widget Browser
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D07643A3-CE41-4286-8C78-EB9C83E76DDB}" = PunkBuster for Battlefield Vietnam
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D0D14551-3A2D-433B-861F-F4DCE5422759}" = Nokia PC Suite
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D22002ED-EE2A-4CB1-A63D-430E62A2E8D8}" = Google SketchUp 8
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.3.26 Game
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D95CD7BE-A894-4F6C-B9DF-578C3CB411D4}" = VLC
"{DB24A9E5-A068-43DD-88D0-B51BED3C0B99}" = Nokia Suite
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E08CC458-41FB-4BB5-9B08-2C83DB55A5B9}" = Nero BackItUp and Burn
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E35B3C63-E958-4E31-A178-95D22024109A}" = Battlefield Vietnam(TM)
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}" = The Sims™ 3 Generations
"{E937F8DA-8C7F-ADFE-7EA5-7C1CAAB23C05}" = HydraVision
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ED436EA8-4145-4703-AE5D-4D09DD24AF5A}" = The Sims™ 3 Fast Lane Stuff
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F34EE6D2-9356-4294-B3B3-AE04428C8C43}_is1" = Remote Mouse version 1.09
"{F78E43E9-79D6-4E53-A06E-C0DEB417FF89}" = FMRTE
"{F7E64234-BF11-2AAF-D41F-BC78B050E663}" = CCC Help English
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"{F92064F6-BDE8-46FC-A19F-4E12D311BE3A}" = Windows 7 USB/DVD Download Tool
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"AC3Filter_is1" = AC3Filter 2.4a
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AIM_7" = AIM 7
"AviSynth" = AviSynth 2.5
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Widget Browser
"DAEMON Tools Lite" = DAEMON Tools Lite
"Democracy 2 Demo_is1" = Democracy 2 Demo
"DivX Setup" = DivX Setup
"EPSON Scanner" = EPSON Scan
"EPSON SX430 Series Bog" = Basic Operation Guide EPSON SX430 Series
"EPSON SX430 Series Netg" = Network Guide EPSON SX430 Series
"EPSON SX430 Series Useg" = User's Guide EPSON SX430 Series
"Football Manager 2011 Russian" = Football Manager 2011 Russian
"GameSpy Arcade" = GameSpy Arcade
"Graph_is1" = Graph 4.3
"GTK 2.0" = GTK+ Runtime 2.14.7 rev a (remove only)
"Halo" = Microsoft Halo
"LibUSB-Win32_is1" = LibUSB-Win32-0.1.10.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"Nokia PC Internet Access" = Nokia PC Internet Access
"Nokia PC Suite" = Nokia PC Suite
"Nokia Suite" = Nokia Suite
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OpenAL" = OpenAL
"Opera 11.64.1403" = Opera 11.64
"Pidgin" = Pidgin
"PokerStars" = PokerStars
"PowerISO" = PowerISO
"PunkBusterSvc" = PunkBuster Services
"Shockwave" = Shockwave
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Spotify" = Spotify
"Steam App 10500" = Empire: Total War
"Steam App 12100" = Grand Theft Auto III
"Steam App 201720" = Hacker Evolution Duality Demo
"Steam App 2200" = Quake III Arena
"Steam App 2310" = Quake
"Steam App 2320" = Quake II
"Steam App 240" = Counter-Strike: Source
"Steam App 24200" = DC Universe Online
"Steam App 3590" = Plants vs. Zombies: Game of the Year
"Steam App 410" = Portal: The First Slice
"Steam App 46740" = World Basketball Manager 2010
"Steam App 4700" = Medieval II: Total War
"Steam App 4760" = Rome: Total War Gold Edition
"Steam App 4780" = Medieval II: Total War Kingdoms
"Steam App 550" = Left 4 Dead 2
"Steam App 620" = Portal 2
"Steam App 9310" = Warhammer 40,000: Dawn of War – Winter Assault
"Steam App 9900" = Star Trek Online
"Trusted Software Assistant_is1" = File Type Assistant
"TVUPlayer" = TVUPlayer 2.5.3.1
"uTorrent" = µTorrent
"Veetle TV" = Veetle TV 0.9.18
"Verbatim GREEN BUTTON_is1" = Verbatim GREEN BUTTON 1.54
"Videora iPod Converter" = Videora iPod Converter 5.04
"VLC media player" = VLC media player 1.0.3
"vShare.tv plugin" = vShare.tv plugin 1.3
"WinLiveSuite" = Windows Live Essentials
"YouTube Downloader App" = YouTube Downloader App 2.03

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3110688605-1108793113-2133267777-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Game Organizer" = EasyBits GO
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 26/06/2012 17:48:56 | Computer Name = Matt-PC | Source = Application Error | ID = 1000
Description = Faulting application name: explorer.exe, version: 6.1.7601.17567,
time stamp: 0x4d6727a7 Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x000001e1 Faulting process id:
0x17b8 Faulting application start time: 0x01cd53e574b486e1 Faulting application path:
C:\Windows\SysWOW64\explorer.exe Faulting module path: unknown Report Id: ba1c73aa-bfd8-11e1-8205-002618dd09f1

Error - 26/06/2012 17:49:21 | Computer Name = Matt-PC | Source = Application Error | ID = 1000
Description = Faulting application name: explorer.exe, version: 6.1.7601.17567,
time stamp: 0x4d6727a7 Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x000001e1 Faulting process id:
0x334 Faulting application start time: 0x01cd53e583ad954d Faulting application path:
C:\Windows\SysWOW64\explorer.exe Faulting module path: unknown Report Id: c91cd510-bfd8-11e1-8205-002618dd09f1

Error - 26/06/2012 17:49:46 | Computer Name = Matt-PC | Source = Application Error | ID = 1000
Description = Faulting application name: explorer.exe, version: 6.1.7601.17567,
time stamp: 0x4d6727a7 Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x000001e1 Faulting process id:
0x19c0 Faulting application start time: 0x01cd53e592a40b3a Faulting application path:
C:\Windows\SysWOW64\explorer.exe Faulting module path: unknown Report Id: d80519e7-bfd8-11e1-8205-002618dd09f1

Error - 26/06/2012 18:07:38 | Computer Name = Matt-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc100 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x00031802 Faulting process id: 0x1170 Faulting application
start time: 0x01cd53e8168879e6 Faulting application path: C:\Windows\SysWOW64\svchost.exe
Faulting
module path: unknown Report Id: 5703e459-bfdb-11e1-820b-002618dd09f1

Error - 26/06/2012 18:07:58 | Computer Name = Matt-PC | Source = Application Error | ID = 1000
Description = Faulting application name: explorer.exe, version: 6.1.7601.17567,
time stamp: 0x4d6727a7 Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x000001e1 Faulting process id:
0x1404 Faulting application start time: 0x01cd53e81b3b0abd Faulting application path:
C:\Windows\SysWOW64\explorer.exe Faulting module path: unknown Report Id: 62db10ce-bfdb-11e1-820b-002618dd09f1

Error - 26/06/2012 19:30:56 | Computer Name = Matt-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc100 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x00031802 Faulting process id: 0x4a0 Faulting application
start time: 0x01cd53f3ad388842 Faulting application path: C:\Windows\SysWOW64\svchost.exe
Faulting
module path: unknown Report Id: f9ca8f41-bfe6-11e1-822d-002618dd09f1

Error - 27/06/2012 05:06:29 | Computer Name = Matt-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\R\r-2.11.0-x64\Tcl\bin\tk85.dll".Error
in manifest or policy file "c:\program files\R\r-2.11.0-x64\Tcl\bin\tk85.dll" on
line 9. The value "x64" of attribute "processorArchitecture" in element "assemblyIdentity"
is invalid.

Error - 27/06/2012 05:06:29 | Computer Name = Matt-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\R\r-2.11.0-x64\Tcl\bin64\tk85.dll".Error
in manifest or policy file "c:\program files\R\r-2.11.0-x64\Tcl\bin64\tk85.dll"
on line 9. The value "x64" of attribute "processorArchitecture" in element "assemblyIdentity"
is invalid.

Error - 27/06/2012 05:07:10 | Computer Name = Matt-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\Nokia\Nokia
PC Suite 7\TIS_Windows7PIM.dll". Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 27/06/2012 05:13:25 | Computer Name = Matt-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 27/06/2012 05:15:03 | Computer Name = Matt-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

[ System Events ]
Error - 27/06/2012 11:44:32 | Computer Name = Matt-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 27/06/2012 11:44:52 | Computer Name = Matt-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 27/06/2012 11:44:54 | Computer Name = Matt-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 27/06/2012 11:44:56 | Computer Name = Matt-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 27/06/2012 11:48:47 | Computer Name = Matt-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 27/06/2012 11:48:49 | Computer Name = Matt-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 27/06/2012 11:48:51 | Computer Name = Matt-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 27/06/2012 11:52:17 | Computer Name = Matt-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 27/06/2012 11:52:19 | Computer Name = Matt-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 27/06/2012 11:52:21 | Computer Name = Matt-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.


< End of report >
stararc
Active Member
 
Posts: 14
Joined: June 25th, 2012, 12:51 am

Re: Infestation

Unread postby stararc » June 27th, 2012, 12:12 pm

17:06:34.0996 5540 TDSS rootkit removing tool 2.7.42.0 Jun 25 2012 21:18:44
17:06:35.0086 5540 ============================================================
17:06:35.0086 5540 Current date / time: 2012/06/27 17:06:35.0086
17:06:35.0086 5540 SystemInfo:
17:06:35.0086 5540
17:06:35.0086 5540 OS Version: 6.1.7601 ServicePack: 1.0
17:06:35.0086 5540 Product type: Workstation
17:06:35.0086 5540 ComputerName: MATT-PC
17:06:35.0086 5540 UserName: Matt
17:06:35.0087 5540 Windows directory: C:\Windows
17:06:35.0087 5540 System windows directory: C:\Windows
17:06:35.0087 5540 Running under WOW64
17:06:35.0087 5540 Processor architecture: Intel x64
17:06:35.0087 5540 Number of processors: 4
17:06:35.0087 5540 Page size: 0x1000
17:06:35.0087 5540 Boot type: Normal boot
17:06:35.0087 5540 ============================================================
17:06:36.0047 5540 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0x38080, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000040
17:06:36.0110 5540 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
17:06:36.0113 5540 ============================================================
17:06:36.0113 5540 \Device\Harddisk0\DR0:
17:06:36.0113 5540 MBR partitions:
17:06:36.0113 5540 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
17:06:36.0113 5540 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
17:06:36.0113 5540 \Device\Harddisk1\DR1:
17:06:36.0114 5540 MBR partitions:
17:06:36.0114 5540 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xC, StartLBA 0x800, BlocksNum 0x747045AF
17:06:36.0114 5540 ============================================================
17:06:36.0133 5540 C: <-> \Device\Harddisk0\DR0\Partition1
17:06:36.0133 5540 F: <-> \Device\Harddisk1\DR1\Partition0
17:06:36.0133 5540 ============================================================
17:06:36.0133 5540 Initialize success
17:06:36.0133 5540 ============================================================





Sorry this is all very long!!

Hope you can help
stararc
Active Member
 
Posts: 14
Joined: June 25th, 2012, 12:51 am

Re: Infestation

Unread postby Gary R » June 27th, 2012, 12:44 pm

The TDSSKiller log looks short, is that all there is ?

Please try running the scan again, the log should be longer than that.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Infestation

Unread postby stararc » June 28th, 2012, 8:35 am

13:32:44.0717 3980 TDSS rootkit removing tool 2.7.42.0 Jun 25 2012 21:18:44
13:32:44.0810 3980 ============================================================
13:32:44.0810 3980 Current date / time: 2012/06/28 13:32:44.0810
13:32:44.0810 3980 SystemInfo:
13:32:44.0810 3980
13:32:44.0810 3980 OS Version: 6.1.7601 ServicePack: 1.0
13:32:44.0810 3980 Product type: Workstation
13:32:44.0810 3980 ComputerName: MATT-PC
13:32:44.0810 3980 UserName: Matt
13:32:44.0810 3980 Windows directory: C:\Windows
13:32:44.0810 3980 System windows directory: C:\Windows
13:32:44.0810 3980 Running under WOW64
13:32:44.0810 3980 Processor architecture: Intel x64
13:32:44.0810 3980 Number of processors: 4
13:32:44.0810 3980 Page size: 0x1000
13:32:44.0810 3980 Boot type: Normal boot
13:32:44.0810 3980 ============================================================
13:32:45.0762 3980 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0x38080, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000040
13:32:45.0793 3980 Drive \Device\Harddisk1\DR2 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
13:32:45.0809 3980 ============================================================
13:32:45.0809 3980 \Device\Harddisk0\DR0:
13:32:45.0809 3980 MBR partitions:
13:32:45.0809 3980 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
13:32:45.0809 3980 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
13:32:45.0809 3980 \Device\Harddisk1\DR2:
13:32:45.0809 3980 MBR partitions:
13:32:45.0809 3980 \Device\Harddisk1\DR2\Partition0: MBR, Type 0xC, StartLBA 0x800, BlocksNum 0x747045AF
13:32:45.0809 3980 ============================================================
13:32:45.0824 3980 C: <-> \Device\Harddisk0\DR0\Partition1
13:32:45.0840 3980 F: <-> \Device\Harddisk1\DR2\Partition0
13:32:45.0840 3980 ============================================================
13:32:45.0840 3980 Initialize success
13:32:45.0840 3980 ============================================================
13:32:51.0752 5780 ============================================================
13:32:51.0752 5780 Scan started
13:32:51.0752 5780 Mode: Manual;
13:32:51.0752 5780 ============================================================
13:32:52.0283 5780 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
13:32:52.0283 5780 1394ohci - ok
13:32:52.0392 5780 ABBYY.Licensing.FineReader.Sprint.9.0 (b33cf4de909a5b30f526d82053a63c8e) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
13:32:52.0392 5780 ABBYY.Licensing.FineReader.Sprint.9.0 - ok
13:32:52.0439 5780 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
13:32:52.0439 5780 ACPI - ok
13:32:52.0486 5780 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
13:32:52.0486 5780 AcpiPmi - ok
13:32:52.0610 5780 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
13:32:52.0610 5780 AdobeARMservice - ok
13:32:52.0657 5780 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
13:32:52.0657 5780 adp94xx - ok
13:32:52.0688 5780 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
13:32:52.0688 5780 adpahci - ok
13:32:52.0704 5780 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
13:32:52.0704 5780 adpu320 - ok
13:32:52.0720 5780 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
13:32:52.0720 5780 AeLookupSvc - ok
13:32:52.0782 5780 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
13:32:52.0782 5780 AFD - ok
13:32:52.0813 5780 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
13:32:52.0813 5780 agp440 - ok
13:32:52.0829 5780 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
13:32:52.0829 5780 ALG - ok
13:32:52.0876 5780 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
13:32:52.0876 5780 aliide - ok
13:32:52.0922 5780 AMD External Events Utility (a359974eaac83a435497c52f62a2e590) C:\Windows\system32\atiesrxx.exe
13:32:52.0922 5780 AMD External Events Utility - ok
13:32:52.0938 5780 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
13:32:52.0938 5780 amdide - ok
13:32:52.0969 5780 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
13:32:52.0969 5780 AmdK8 - ok
13:32:53.0312 5780 amdkmdag (60216b0e704584de6d5a9f59e9c34c47) C:\Windows\system32\DRIVERS\atikmdag.sys
13:32:53.0453 5780 amdkmdag - ok
13:32:53.0562 5780 amdkmdap (6b4e9261b613b047a9a145f328889968) C:\Windows\system32\DRIVERS\atikmpag.sys
13:32:53.0562 5780 amdkmdap - ok
13:32:53.0593 5780 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
13:32:53.0593 5780 AmdPPM - ok
13:32:53.0656 5780 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
13:32:53.0656 5780 amdsata - ok
13:32:53.0687 5780 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
13:32:53.0687 5780 amdsbs - ok
13:32:53.0702 5780 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
13:32:53.0702 5780 amdxata - ok
13:32:53.0749 5780 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
13:32:53.0749 5780 AppID - ok
13:32:53.0765 5780 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
13:32:53.0765 5780 AppIDSvc - ok
13:32:53.0827 5780 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
13:32:53.0843 5780 Appinfo - ok
13:32:54.0077 5780 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:32:54.0077 5780 Apple Mobile Device - ok
13:32:54.0264 5780 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
13:32:54.0264 5780 AppMgmt - ok
13:32:54.0389 5780 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
13:32:54.0389 5780 arc - ok
13:32:54.0420 5780 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
13:32:54.0420 5780 arcsas - ok
13:32:54.0841 5780 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
13:32:54.0872 5780 aspnet_state - ok
13:32:54.0919 5780 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
13:32:54.0919 5780 AsyncMac - ok
13:32:54.0966 5780 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
13:32:54.0966 5780 atapi - ok
13:32:55.0013 5780 athr (0acc06fcf46f64ed4f11e57ee461c1f4) C:\Windows\system32\DRIVERS\athrx.sys
13:32:55.0044 5780 athr - ok
13:32:55.0294 5780 AtiHDAudioService (e02b26650acc2f4901342d4a66774ad7) C:\Windows\system32\drivers\AtihdW76.sys
13:32:55.0294 5780 AtiHDAudioService - ok
13:32:55.0294 5780 AtiHdmiService (2d648572ba9a610952fcafba1e119c2d) C:\Windows\system32\drivers\AtiHdmi.sys
13:32:55.0309 5780 AtiHdmiService - ok
13:32:55.0762 5780 atikmdag (60216b0e704584de6d5a9f59e9c34c47) C:\Windows\system32\DRIVERS\atikmdag.sys
13:32:55.0808 5780 atikmdag - ok
13:32:55.0980 5780 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
13:32:55.0996 5780 AudioEndpointBuilder - ok
13:32:55.0996 5780 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
13:32:56.0011 5780 AudioSrv - ok
13:32:56.0074 5780 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
13:32:56.0074 5780 AxInstSV - ok
13:32:56.0120 5780 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
13:32:56.0120 5780 b06bdrv - ok
13:32:56.0152 5780 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
13:32:56.0152 5780 b57nd60a - ok
13:32:56.0167 5780 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
13:32:56.0167 5780 BDESVC - ok
13:32:56.0183 5780 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
13:32:56.0183 5780 Beep - ok
13:32:56.0245 5780 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
13:32:56.0245 5780 BFE - ok
13:32:56.0308 5780 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
13:32:56.0308 5780 BITS - ok
13:32:56.0354 5780 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
13:32:56.0370 5780 blbdrive - ok
13:32:56.0448 5780 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
13:32:56.0448 5780 Bonjour Service - ok
13:32:56.0495 5780 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
13:32:56.0495 5780 bowser - ok
13:32:56.0510 5780 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:32:56.0510 5780 BrFiltLo - ok
13:32:56.0510 5780 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:32:56.0510 5780 BrFiltUp - ok
13:32:56.0557 5780 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
13:32:56.0557 5780 Browser - ok
13:32:56.0588 5780 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
13:32:56.0588 5780 Brserid - ok
13:32:56.0604 5780 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
13:32:56.0604 5780 BrSerWdm - ok
13:32:56.0604 5780 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
13:32:56.0604 5780 BrUsbMdm - ok
13:32:56.0620 5780 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
13:32:56.0620 5780 BrUsbSer - ok
13:32:56.0635 5780 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
13:32:56.0635 5780 BTHMODEM - ok
13:32:56.0651 5780 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
13:32:56.0651 5780 bthserv - ok
13:32:56.0666 5780 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
13:32:56.0666 5780 cdfs - ok
13:32:56.0713 5780 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
13:32:56.0713 5780 cdrom - ok
13:32:56.0760 5780 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
13:32:56.0760 5780 CertPropSvc - ok
13:32:56.0776 5780 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
13:32:56.0776 5780 circlass - ok
13:32:56.0807 5780 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
13:32:56.0807 5780 CLFS - ok
13:32:56.0854 5780 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:32:56.0854 5780 clr_optimization_v2.0.50727_32 - ok
13:32:56.0978 5780 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:32:56.0978 5780 clr_optimization_v2.0.50727_64 - ok
13:32:57.0478 5780 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:32:57.0540 5780 clr_optimization_v4.0.30319_32 - ok
13:32:57.0961 5780 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:32:58.0086 5780 clr_optimization_v4.0.30319_64 - ok
13:32:58.0117 5780 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
13:32:58.0117 5780 CmBatt - ok
13:32:58.0164 5780 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
13:32:58.0164 5780 cmdide - ok
13:32:58.0414 5780 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
13:32:58.0414 5780 CNG - ok
13:32:58.0476 5780 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
13:32:58.0476 5780 Compbatt - ok
13:32:58.0523 5780 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
13:32:58.0523 5780 CompositeBus - ok
13:32:58.0523 5780 COMSysApp - ok
13:32:58.0585 5780 cpuz134 (17719a7f571d4cd08223f0b30f71b8b8) C:\Windows\system32\drivers\cpuz134_x64.sys
13:32:58.0585 5780 cpuz134 - ok
13:32:58.0585 5780 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
13:32:58.0601 5780 crcdisk - ok
13:32:58.0632 5780 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
13:32:58.0632 5780 CryptSvc - ok
13:32:58.0694 5780 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
13:32:58.0694 5780 CSC - ok
13:32:58.0726 5780 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
13:32:58.0726 5780 CscService - ok
13:32:58.0772 5780 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
13:32:58.0772 5780 DcomLaunch - ok
13:32:58.0788 5780 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
13:32:58.0804 5780 defragsvc - ok
13:32:58.0850 5780 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
13:32:58.0866 5780 DfsC - ok
13:32:58.0913 5780 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
13:32:58.0913 5780 Dhcp - ok
13:32:58.0928 5780 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
13:32:58.0928 5780 discache - ok
13:32:58.0944 5780 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
13:32:58.0944 5780 Disk - ok
13:32:58.0991 5780 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
13:32:59.0006 5780 Dnscache - ok
13:32:59.0053 5780 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
13:32:59.0053 5780 dot3svc - ok
13:32:59.0084 5780 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
13:32:59.0084 5780 DPS - ok
13:32:59.0116 5780 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
13:32:59.0116 5780 drmkaud - ok
13:32:59.0162 5780 dtsoftbus01 (400582b09e0bb557d0ec28a945150eeb) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
13:32:59.0162 5780 dtsoftbus01 - ok
13:32:59.0240 5780 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
13:32:59.0240 5780 DXGKrnl - ok
13:32:59.0272 5780 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
13:32:59.0272 5780 EapHost - ok
13:32:59.0365 5780 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
13:32:59.0428 5780 ebdrv - ok
13:32:59.0506 5780 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
13:32:59.0506 5780 EFS - ok
13:32:59.0568 5780 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
13:32:59.0568 5780 ehRecvr - ok
13:32:59.0584 5780 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
13:32:59.0599 5780 ehSched - ok
13:32:59.0974 5780 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
13:33:00.0005 5780 elxstor - ok
13:33:00.0114 5780 EpsonBidirectionalService (abdd5ad016affd34ad40e944ce94bf59) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
13:33:00.0130 5780 EpsonBidirectionalService - ok
13:33:00.0208 5780 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
13:33:00.0223 5780 ErrDev - ok
13:33:00.0457 5780 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
13:33:00.0457 5780 EventSystem - ok
13:33:00.0488 5780 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
13:33:00.0488 5780 exfat - ok
13:33:00.0629 5780 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
13:33:00.0629 5780 fastfat - ok
13:33:00.0691 5780 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
13:33:00.0707 5780 Fax - ok
13:33:00.0722 5780 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
13:33:00.0722 5780 fdc - ok
13:33:00.0754 5780 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
13:33:00.0754 5780 fdPHost - ok
13:33:00.0769 5780 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
13:33:00.0769 5780 FDResPub - ok
13:33:00.0785 5780 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
13:33:00.0785 5780 FileInfo - ok
13:33:00.0800 5780 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
13:33:00.0800 5780 Filetrace - ok
13:33:00.0925 5780 FLEXnet Licensing Service (bb0667b0171b632b97ea759515476f07) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
13:33:00.0941 5780 FLEXnet Licensing Service - ok
13:33:00.0956 5780 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
13:33:00.0956 5780 flpydisk - ok
13:33:01.0019 5780 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
13:33:01.0019 5780 FltMgr - ok
13:33:01.0081 5780 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
13:33:01.0097 5780 FontCache - ok
13:33:01.0190 5780 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:33:01.0190 5780 FontCache3.0.0.0 - ok
13:33:01.0237 5780 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
13:33:01.0237 5780 FsDepends - ok
13:33:01.0253 5780 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
13:33:01.0253 5780 Fs_Rec - ok
13:33:01.0331 5780 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
13:33:01.0331 5780 fvevol - ok
13:33:01.0346 5780 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
13:33:01.0346 5780 gagp30kx - ok
13:33:01.0378 5780 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:33:01.0378 5780 GEARAspiWDM - ok
13:33:01.0424 5780 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
13:33:01.0440 5780 gpsvc - ok
13:33:01.0456 5780 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
13:33:01.0456 5780 hcw85cir - ok
13:33:01.0518 5780 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
13:33:01.0518 5780 HdAudAddService - ok
13:33:01.0580 5780 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
13:33:01.0580 5780 HDAudBus - ok
13:33:01.0596 5780 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
13:33:01.0596 5780 HidBatt - ok
13:33:01.0612 5780 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
13:33:01.0612 5780 HidBth - ok
13:33:01.0627 5780 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
13:33:01.0627 5780 HidIr - ok
13:33:01.0643 5780 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
13:33:01.0658 5780 hidserv - ok
13:33:01.0705 5780 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
13:33:01.0705 5780 HidUsb - ok
13:33:01.0736 5780 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
13:33:01.0736 5780 hkmsvc - ok
13:33:01.0783 5780 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
13:33:01.0783 5780 HomeGroupListener - ok
13:33:01.0830 5780 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
13:33:01.0830 5780 HomeGroupProvider - ok
13:33:01.0861 5780 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
13:33:01.0861 5780 HpSAMD - ok
13:33:01.0939 5780 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
13:33:01.0939 5780 HTTP - ok
13:33:01.0955 5780 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
13:33:01.0955 5780 hwpolicy - ok
13:33:02.0002 5780 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
13:33:02.0002 5780 i8042prt - ok
13:33:02.0064 5780 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
13:33:02.0064 5780 iaStorV - ok
13:33:02.0173 5780 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:33:02.0189 5780 idsvc - ok
13:33:02.0548 5780 igfx (24cc43ecdeefd4c19fbbee4951b647f1) C:\Windows\system32\DRIVERS\igdkmd64.sys
13:33:02.0641 5780 igfx - ok
13:33:02.0719 5780 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
13:33:02.0719 5780 iirsp - ok
13:33:02.0766 5780 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
13:33:02.0782 5780 IKEEXT - ok
13:33:02.0813 5780 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
13:33:02.0813 5780 intelide - ok
13:33:02.0828 5780 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
13:33:02.0828 5780 intelppm - ok
13:33:02.0844 5780 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
13:33:02.0844 5780 IPBusEnum - ok
13:33:02.0891 5780 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:33:02.0891 5780 IpFilterDriver - ok
13:33:02.0938 5780 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
13:33:02.0938 5780 iphlpsvc - ok
13:33:02.0984 5780 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
13:33:03.0000 5780 IPMIDRV - ok
13:33:03.0016 5780 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
13:33:03.0016 5780 IPNAT - ok
13:33:03.0094 5780 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
13:33:03.0109 5780 iPod Service - ok
13:33:03.0140 5780 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
13:33:03.0140 5780 IRENUM - ok
13:33:03.0172 5780 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
13:33:03.0172 5780 isapnp - ok
13:33:03.0218 5780 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
13:33:03.0250 5780 iScsiPrt - ok
13:33:03.0281 5780 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
13:33:03.0281 5780 kbdclass - ok
13:33:03.0328 5780 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
13:33:03.0328 5780 kbdhid - ok
13:33:03.0359 5780 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:33:03.0359 5780 KeyIso - ok
13:33:03.0390 5780 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
13:33:03.0390 5780 KSecDD - ok
13:33:03.0437 5780 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
13:33:03.0452 5780 KSecPkg - ok
13:33:03.0468 5780 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
13:33:03.0468 5780 ksthunk - ok
13:33:03.0515 5780 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
13:33:03.0515 5780 KtmRm - ok
13:33:03.0562 5780 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
13:33:03.0562 5780 LanmanServer - ok
13:33:03.0608 5780 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
13:33:03.0608 5780 LanmanWorkstation - ok
13:33:03.0640 5780 libusbd - ok
13:33:03.0686 5780 LightScribeService (4af65f3a2253df7d0b8d80812eae7a7c) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
13:33:03.0686 5780 LightScribeService - ok
13:33:03.0702 5780 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
13:33:03.0702 5780 lltdio - ok
13:33:03.0733 5780 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
13:33:03.0733 5780 lltdsvc - ok
13:33:03.0749 5780 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
13:33:03.0749 5780 lmhosts - ok
13:33:03.0780 5780 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
13:33:03.0796 5780 LSI_FC - ok
13:33:03.0827 5780 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
13:33:03.0827 5780 LSI_SAS - ok
13:33:03.0842 5780 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:33:03.0842 5780 LSI_SAS2 - ok
13:33:03.0874 5780 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:33:03.0874 5780 LSI_SCSI - ok
13:33:03.0889 5780 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
13:33:03.0889 5780 luafv - ok
13:33:03.0905 5780 lvpepf64 (4a503882318bb2f59218d401614e6af6) C:\Windows\system32\DRIVERS\lv302a64.sys
13:33:03.0905 5780 lvpepf64 - ok
13:33:03.0920 5780 LVPr2M64 (ded333dbdbbcc3555a6e6244522e2f1a) C:\Windows\system32\DRIVERS\LVPr2M64.sys
13:33:03.0920 5780 LVPr2M64 - ok
13:33:03.0920 5780 LVPr2Mon (ded333dbdbbcc3555a6e6244522e2f1a) C:\Windows\system32\DRIVERS\LVPr2M64.sys
13:33:03.0920 5780 LVPr2Mon - ok
13:33:03.0967 5780 LVPrcS64 (a35679e56e78091e1042a2d7adbf2958) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
13:33:03.0967 5780 LVPrcS64 - ok
13:33:03.0983 5780 LVRS64 (125ae13c293889001b8456cf3eb04a40) C:\Windows\system32\DRIVERS\lvrs64.sys
13:33:03.0998 5780 LVRS64 - ok
13:33:03.0998 5780 LVUSBS64 (5c3ff68267a5d242ee79ee01b993d6ce) C:\Windows\system32\DRIVERS\LVUSBS64.sys
13:33:03.0998 5780 LVUSBS64 - ok
13:33:04.0045 5780 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
13:33:04.0045 5780 Mcx2Svc - ok
13:33:04.0076 5780 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
13:33:04.0076 5780 megasas - ok
13:33:04.0092 5780 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
13:33:04.0092 5780 MegaSR - ok
13:33:04.0170 5780 Microsoft SharePoint Workspace Audit Service - ok
13:33:04.0217 5780 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
13:33:04.0217 5780 MMCSS - ok
13:33:04.0232 5780 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
13:33:04.0232 5780 Modem - ok
13:33:04.0279 5780 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
13:33:04.0279 5780 monitor - ok
13:33:04.0326 5780 MotioninJoyXFilter (fc44ad48746ffa5fd640ef1260ab5ec2) C:\Windows\system32\DRIVERS\MijXfilt.sys
13:33:04.0342 5780 MotioninJoyXFilter - ok
13:33:04.0373 5780 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
13:33:04.0373 5780 mouclass - ok
13:33:04.0388 5780 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
13:33:04.0388 5780 mouhid - ok
13:33:04.0435 5780 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
13:33:04.0435 5780 mountmgr - ok
13:33:04.0466 5780 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
13:33:04.0466 5780 MpFilter - ok
13:33:04.0498 5780 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
13:33:04.0513 5780 mpio - ok
13:33:04.0513 5780 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
13:33:04.0529 5780 mpsdrv - ok
13:33:04.0591 5780 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
13:33:04.0591 5780 MpsSvc - ok
13:33:04.0669 5780 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
13:33:04.0669 5780 MRxDAV - ok
13:33:04.0716 5780 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:33:04.0716 5780 mrxsmb - ok
13:33:04.0856 5780 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:33:04.0856 5780 mrxsmb10 - ok
13:33:04.0950 5780 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:33:04.0950 5780 mrxsmb20 - ok
13:33:04.0981 5780 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
13:33:04.0997 5780 msahci - ok
13:33:05.0028 5780 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
13:33:05.0028 5780 msdsm - ok
13:33:05.0059 5780 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
13:33:05.0059 5780 MSDTC - ok
13:33:05.0075 5780 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
13:33:05.0075 5780 Msfs - ok
13:33:05.0090 5780 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
13:33:05.0090 5780 mshidkmdf - ok
13:33:05.0137 5780 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
13:33:05.0137 5780 msisadrv - ok
13:33:05.0168 5780 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
13:33:05.0168 5780 MSiSCSI - ok
13:33:05.0168 5780 msiserver - ok
13:33:05.0184 5780 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
13:33:05.0200 5780 MSKSSRV - ok
13:33:05.0246 5780 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) C:\Program Files\Microsoft Security Client\MsMpEng.exe
13:33:05.0246 5780 MsMpSvc - ok
13:33:05.0278 5780 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
13:33:05.0278 5780 MSPCLOCK - ok
13:33:05.0278 5780 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
13:33:05.0293 5780 MSPQM - ok
13:33:05.0356 5780 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
13:33:05.0371 5780 MsRPC - ok
13:33:05.0418 5780 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
13:33:05.0418 5780 mssmbios - ok
13:33:05.0449 5780 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
13:33:05.0465 5780 MSTEE - ok
13:33:05.0465 5780 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
13:33:05.0465 5780 MTConfig - ok
13:33:05.0496 5780 MTsensor (03b7145c889603537e9ffeabb1ad1089) C:\Windows\system32\DRIVERS\ASACPI.sys
13:33:05.0496 5780 MTsensor - ok
13:33:05.0527 5780 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
13:33:05.0527 5780 Mup - ok
13:33:05.0574 5780 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
13:33:05.0574 5780 napagent - ok
13:33:05.0605 5780 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
13:33:05.0605 5780 NativeWifiP - ok
13:33:05.0808 5780 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
13:33:05.0808 5780 NDIS - ok
13:33:05.0839 5780 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
13:33:05.0839 5780 NdisCap - ok
13:33:05.0839 5780 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
13:33:05.0839 5780 NdisTapi - ok
13:33:05.0886 5780 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
13:33:05.0886 5780 Ndisuio - ok
13:33:05.0917 5780 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
13:33:05.0917 5780 NdisWan - ok
13:33:05.0964 5780 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
13:33:05.0964 5780 NDProxy - ok
13:33:06.0026 5780 Netaapl (6f4607e2333fe21e9e3ff8133a88b35b) C:\Windows\system32\DRIVERS\netaapl64.sys
13:33:06.0026 5780 Netaapl - ok
13:33:06.0058 5780 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
13:33:06.0058 5780 NetBIOS - ok
13:33:06.0104 5780 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
13:33:06.0104 5780 NetBT - ok
13:33:06.0151 5780 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:33:06.0151 5780 Netlogon - ok
13:33:06.0182 5780 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
13:33:06.0198 5780 Netman - ok
13:33:06.0307 5780 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:33:06.0323 5780 NetMsmqActivator - ok
13:33:06.0338 5780 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:33:06.0338 5780 NetPipeActivator - ok
13:33:06.0463 5780 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
13:33:06.0463 5780 netprofm - ok
13:33:06.0479 5780 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:33:06.0479 5780 NetTcpActivator - ok
13:33:06.0479 5780 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:33:06.0479 5780 NetTcpPortSharing - ok
13:33:06.0526 5780 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
13:33:06.0526 5780 nfrd960 - ok
13:33:06.0541 5780 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
13:33:06.0557 5780 NisDrv - ok
13:33:06.0619 5780 NisSrv (10a43829a9e606af3eef25a1c1665923) C:\Program Files\Microsoft Security Client\NisSrv.exe
13:33:06.0619 5780 NisSrv - ok
13:33:06.0682 5780 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
13:33:06.0682 5780 NlaSvc - ok
13:33:06.0728 5780 nmwcd (907b5e1e4a592e5edc5e4ccbde4863c2) C:\Windows\system32\drivers\ccdcmbx64.sys
13:33:06.0728 5780 nmwcd - ok
13:33:06.0806 5780 nmwcdc (41c1ac1f3613435eb32d67bcb80a5fa5) C:\Windows\system32\drivers\ccdcmbox64.sys
13:33:06.0806 5780 nmwcdc - ok
13:33:06.0838 5780 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
13:33:06.0838 5780 Npfs - ok
13:33:06.0853 5780 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
13:33:06.0853 5780 nsi - ok
13:33:06.0869 5780 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
13:33:06.0869 5780 nsiproxy - ok
13:33:06.0994 5780 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
13:33:07.0025 5780 Ntfs - ok
13:33:07.0103 5780 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
13:33:07.0103 5780 Null - ok
13:33:07.0165 5780 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
13:33:07.0165 5780 nvraid - ok
13:33:07.0181 5780 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
13:33:07.0181 5780 nvstor - ok
13:33:07.0228 5780 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
13:33:07.0228 5780 nv_agp - ok
13:33:07.0274 5780 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
13:33:07.0274 5780 ohci1394 - ok
13:33:07.0368 5780 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:33:07.0384 5780 ose - ok
13:33:07.0680 5780 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
13:33:07.0742 5780 osppsvc - ok
13:33:07.0867 5780 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
13:33:07.0867 5780 p2pimsvc - ok
13:33:07.0883 5780 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
13:33:07.0898 5780 p2psvc - ok
13:33:07.0930 5780 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
13:33:07.0930 5780 Parport - ok
13:33:07.0976 5780 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
13:33:07.0976 5780 partmgr - ok
13:33:07.0992 5780 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
13:33:07.0992 5780 PcaSvc - ok
13:33:08.0023 5780 pccsmcfd (bc0018c2d29f655188a0ed3fa94fdb24) C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
13:33:08.0039 5780 pccsmcfd - ok
13:33:08.0070 5780 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
13:33:08.0070 5780 pci - ok
13:33:08.0117 5780 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
13:33:08.0117 5780 pciide - ok
13:33:08.0226 5780 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
13:33:08.0226 5780 pcmcia - ok
13:33:08.0242 5780 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
13:33:08.0242 5780 pcw - ok
13:33:08.0273 5780 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
13:33:08.0273 5780 PEAUTH - ok
13:33:08.0320 5780 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
13:33:08.0351 5780 PeerDistSvc - ok
13:33:08.0398 5780 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
13:33:08.0398 5780 PerfHost - ok
13:33:08.0476 5780 pgsql-8.3 (7c620e950bf1fe96e0fc81985b0b0b4a) C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe
13:33:08.0476 5780 pgsql-8.3 - ok
13:33:08.0647 5780 PID_PEPI (ae0b94363da0f60d42b9d05b352f61ed) C:\Windows\system32\DRIVERS\LV302V64.SYS
13:33:08.0694 5780 PID_PEPI - ok
13:33:08.0694 5780 Scan interrupted by user!
13:33:08.0694 5780 Scan interrupted by user!
13:33:08.0694 5780 Scan interrupted by user!
13:33:08.0694 5780 ============================================================
13:33:08.0694 5780 Scan finished
13:33:08.0694 5780 ============================================================
13:33:08.0710 5784 Detected object count: 0
13:33:08.0710 5784 Actual detected object count: 0
13:33:13.0374 5696 ============================================================
13:33:13.0374 5696 Scan started
13:33:13.0374 5696 Mode: Manual; TDLFS;
13:33:13.0374 5696 ============================================================
13:33:27.0882 5696 Scan interrupted by user!
13:33:27.0882 5696 Scan interrupted by user!
13:33:27.0882 5696 Scan interrupted by user!
13:33:27.0882 5696 ============================================================
13:33:27.0882 5696 Scan finished
13:33:27.0882 5696 ============================================================
13:33:27.0898 5724 Detected object count: 0
13:33:27.0898 5724 Actual detected object count: 0
13:33:29.0068 1124 ============================================================
13:33:29.0068 1124 Scan started
13:33:29.0068 1124 Mode: Manual; TDLFS;
13:33:29.0068 1124 ============================================================
13:33:29.0411 1124 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
13:33:29.0411 1124 1394ohci - ok
13:33:29.0520 1124 ABBYY.Licensing.FineReader.Sprint.9.0 (b33cf4de909a5b30f526d82053a63c8e) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
13:33:29.0520 1124 ABBYY.Licensing.FineReader.Sprint.9.0 - ok
13:33:29.0614 1124 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
13:33:29.0614 1124 ACPI - ok
13:33:29.0645 1124 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
13:33:29.0645 1124 AcpiPmi - ok
13:33:29.0723 1124 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
13:33:29.0723 1124 AdobeARMservice - ok
13:33:29.0785 1124 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
13:33:29.0785 1124 adp94xx - ok
13:33:29.0801 1124 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
13:33:29.0801 1124 adpahci - ok
13:33:29.0816 1124 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
13:33:29.0816 1124 adpu320 - ok
13:33:29.0848 1124 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
13:33:29.0848 1124 AeLookupSvc - ok
13:33:29.0941 1124 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
13:33:29.0941 1124 AFD - ok
13:33:29.0972 1124 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
13:33:29.0972 1124 agp440 - ok
13:33:29.0988 1124 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
13:33:29.0988 1124 ALG - ok
13:33:30.0035 1124 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
13:33:30.0035 1124 aliide - ok
13:33:30.0082 1124 AMD External Events Utility (a359974eaac83a435497c52f62a2e590) C:\Windows\system32\atiesrxx.exe
13:33:30.0082 1124 AMD External Events Utility - ok
13:33:30.0082 1124 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
13:33:30.0097 1124 amdide - ok
13:33:30.0113 1124 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
13:33:30.0113 1124 AmdK8 - ok
13:33:30.0331 1124 amdkmdag (60216b0e704584de6d5a9f59e9c34c47) C:\Windows\system32\DRIVERS\atikmdag.sys
13:33:30.0378 1124 amdkmdag - ok
13:33:30.0440 1124 amdkmdap (6b4e9261b613b047a9a145f328889968) C:\Windows\system32\DRIVERS\atikmpag.sys
13:33:30.0440 1124 amdkmdap - ok
13:33:30.0456 1124 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
13:33:30.0456 1124 AmdPPM - ok
13:33:30.0534 1124 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
13:33:30.0534 1124 amdsata - ok
13:33:30.0550 1124 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
13:33:30.0550 1124 amdsbs - ok
13:33:30.0565 1124 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
13:33:30.0565 1124 amdxata - ok
13:33:30.0596 1124 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
13:33:30.0612 1124 AppID - ok
13:33:30.0659 1124 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
13:33:30.0659 1124 AppIDSvc - ok
13:33:30.0706 1124 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
13:33:30.0706 1124 Appinfo - ok
13:33:30.0768 1124 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:33:30.0768 1124 Apple Mobile Device - ok
13:33:30.0799 1124 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
13:33:30.0799 1124 AppMgmt - ok
13:33:30.0815 1124 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
13:33:30.0815 1124 arc - ok
13:33:30.0846 1124 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
13:33:30.0846 1124 arcsas - ok
13:33:30.0971 1124 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
13:33:30.0971 1124 aspnet_state - ok
13:33:30.0986 1124 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
13:33:30.0986 1124 AsyncMac - ok
13:33:31.0018 1124 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
13:33:31.0018 1124 atapi - ok
13:33:31.0080 1124 athr (0acc06fcf46f64ed4f11e57ee461c1f4) C:\Windows\system32\DRIVERS\athrx.sys
13:33:31.0080 1124 athr - ok
13:33:31.0158 1124 AtiHDAudioService (e02b26650acc2f4901342d4a66774ad7) C:\Windows\system32\drivers\AtihdW76.sys
13:33:31.0158 1124 AtiHDAudioService - ok
13:33:31.0174 1124 AtiHdmiService (2d648572ba9a610952fcafba1e119c2d) C:\Windows\system32\drivers\AtiHdmi.sys
13:33:31.0174 1124 AtiHdmiService - ok
13:33:31.0423 1124 atikmdag (60216b0e704584de6d5a9f59e9c34c47) C:\Windows\system32\DRIVERS\atikmdag.sys
13:33:31.0470 1124 atikmdag - ok
13:33:31.0595 1124 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
13:33:31.0595 1124 AudioEndpointBuilder - ok
13:33:31.0595 1124 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
13:33:31.0610 1124 AudioSrv - ok
13:33:31.0642 1124 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
13:33:31.0642 1124 AxInstSV - ok
13:33:31.0688 1124 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
13:33:31.0688 1124 b06bdrv - ok
13:33:31.0720 1124 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
13:33:31.0720 1124 b57nd60a - ok
13:33:31.0735 1124 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
13:33:31.0735 1124 BDESVC - ok
13:33:31.0751 1124 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
13:33:31.0751 1124 Beep - ok
13:33:31.0798 1124 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
13:33:31.0798 1124 BFE - ok
13:33:31.0860 1124 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
13:33:31.0860 1124 BITS - ok
13:33:31.0891 1124 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
13:33:31.0907 1124 blbdrive - ok
13:33:31.0969 1124 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
13:33:31.0969 1124 Bonjour Service - ok
13:33:32.0000 1124 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
13:33:32.0000 1124 bowser - ok
13:33:32.0016 1124 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:33:32.0016 1124 BrFiltLo - ok
13:33:32.0016 1124 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:33:32.0016 1124 BrFiltUp - ok
13:33:32.0063 1124 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
13:33:32.0063 1124 Browser - ok
13:33:32.0078 1124 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
13:33:32.0078 1124 Brserid - ok
13:33:32.0094 1124 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
13:33:32.0094 1124 BrSerWdm - ok
13:33:32.0110 1124 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
13:33:32.0110 1124 BrUsbMdm - ok
13:33:32.0125 1124 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
13:33:32.0125 1124 BrUsbSer - ok
13:33:32.0125 1124 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
13:33:32.0125 1124 BTHMODEM - ok
13:33:32.0156 1124 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
13:33:32.0156 1124 bthserv - ok
13:33:32.0156 1124 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
13:33:32.0172 1124 cdfs - ok
13:33:32.0203 1124 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
13:33:32.0203 1124 cdrom - ok
13:33:32.0250 1124 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
13:33:32.0250 1124 CertPropSvc - ok
13:33:32.0266 1124 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
13:33:32.0266 1124 circlass - ok
13:33:32.0281 1124 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
13:33:32.0281 1124 CLFS - ok
13:33:32.0328 1124 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:33:32.0328 1124 clr_optimization_v2.0.50727_32 - ok
13:33:32.0375 1124 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:33:32.0375 1124 clr_optimization_v2.0.50727_64 - ok
13:33:32.0437 1124 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:33:32.0437 1124 clr_optimization_v4.0.30319_32 - ok
13:33:32.0468 1124 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:33:32.0468 1124 clr_optimization_v4.0.30319_64 - ok
13:33:32.0484 1124 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
13:33:32.0484 1124 CmBatt - ok
13:33:32.0515 1124 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
13:33:32.0515 1124 cmdide - ok
13:33:32.0562 1124 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
13:33:32.0562 1124 CNG - ok
13:33:32.0578 1124 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
13:33:32.0578 1124 Compbatt - ok
13:33:32.0656 1124 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
13:33:32.0656 1124 CompositeBus - ok
13:33:32.0656 1124 COMSysApp - ok
13:33:32.0702 1124 cpuz134 (17719a7f571d4cd08223f0b30f71b8b8) C:\Windows\system32\drivers\cpuz134_x64.sys
13:33:32.0702 1124 cpuz134 - ok
13:33:32.0702 1124 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
13:33:32.0702 1124 crcdisk - ok
13:33:32.0812 1124 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
13:33:32.0812 1124 CryptSvc - ok
13:33:32.0858 1124 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
13:33:32.0858 1124 CSC - ok
13:33:32.0890 1124 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
13:33:32.0890 1124 CscService - ok
13:33:32.0921 1124 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
13:33:32.0921 1124 DcomLaunch - ok
13:33:32.0952 1124 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
13:33:32.0952 1124 defragsvc - ok
13:33:32.0999 1124 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
13:33:32.0999 1124 DfsC - ok
13:33:33.0155 1124 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
13:33:33.0155 1124 Dhcp - ok
13:33:33.0170 1124 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
13:33:33.0170 1124 discache - ok
13:33:33.0186 1124 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
13:33:33.0186 1124 Disk - ok
13:33:33.0233 1124 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
13:33:33.0233 1124 Dnscache - ok
13:33:33.0264 1124 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
13:33:33.0264 1124 dot3svc - ok
13:33:33.0311 1124 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
13:33:33.0311 1124 DPS - ok
13:33:33.0326 1124 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
13:33:33.0326 1124 drmkaud - ok
13:33:33.0373 1124 dtsoftbus01 (400582b09e0bb557d0ec28a945150eeb) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
13:33:33.0373 1124 dtsoftbus01 - ok
13:33:33.0404 1124 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
13:33:33.0404 1124 DXGKrnl - ok
13:33:33.0420 1124 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
13:33:33.0420 1124 EapHost - ok
13:33:33.0529 1124 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
13:33:33.0545 1124 ebdrv - ok
13:33:33.0638 1124 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
13:33:33.0638 1124 EFS - ok
13:33:33.0701 1124 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
13:33:33.0701 1124 ehRecvr - ok
13:33:33.0716 1124 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
13:33:33.0716 1124 ehSched - ok
13:33:33.0763 1124 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
13:33:33.0763 1124 elxstor - ok
13:33:33.0857 1124 EpsonBidirectionalService (abdd5ad016affd34ad40e944ce94bf59) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
13:33:33.0857 1124 EpsonBidirectionalService - ok
13:33:33.0857 1124 Scan interrupted by user!
13:33:33.0857 1124 Scan interrupted by user!
13:33:33.0857 1124 Scan interrupted by user!
13:33:33.0857 1124 ============================================================
13:33:33.0857 1124 Scan finished
13:33:33.0857 1124 ============================================================
13:33:33.0857 2536 Detected object count: 0
13:33:33.0857 2536 Actual detected object count: 0
13:33:36.0103 5220 ============================================================
13:33:36.0103 5220 Scan started
13:33:36.0103 5220 Mode: Manual; TDLFS;
13:33:36.0103 5220 ============================================================
13:33:36.0431 5220 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
13:33:36.0431 5220 1394ohci - ok
13:33:36.0493 5220 ABBYY.Licensing.FineReader.Sprint.9.0 (b33cf4de909a5b30f526d82053a63c8e) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
13:33:36.0493 5220 ABBYY.Licensing.FineReader.Sprint.9.0 - ok
13:33:36.0540 5220 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
13:33:36.0540 5220 ACPI - ok
13:33:36.0587 5220 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
13:33:36.0587 5220 AcpiPmi - ok
13:33:36.0665 5220 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
13:33:36.0665 5220 AdobeARMservice - ok
13:33:36.0696 5220 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
13:33:36.0696 5220 adp94xx - ok
13:33:36.0712 5220 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
13:33:36.0712 5220 adpahci - ok
13:33:36.0727 5220 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
13:33:36.0727 5220 adpu320 - ok
13:33:36.0743 5220 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
13:33:36.0743 5220 AeLookupSvc - ok
13:33:36.0790 5220 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
13:33:36.0790 5220 AFD - ok
13:33:36.0836 5220 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
13:33:36.0836 5220 agp440 - ok
13:33:36.0852 5220 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
13:33:36.0852 5220 ALG - ok
13:33:36.0883 5220 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
13:33:36.0883 5220 aliide - ok
13:33:36.0946 5220 AMD External Events Utility (a359974eaac83a435497c52f62a2e590) C:\Windows\system32\atiesrxx.exe
13:33:36.0946 5220 AMD External Events Utility - ok
13:33:36.0961 5220 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
13:33:36.0961 5220 amdide - ok
13:33:36.0977 5220 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
13:33:36.0977 5220 AmdK8 - ok
13:33:37.0211 5220 amdkmdag (60216b0e704584de6d5a9f59e9c34c47) C:\Windows\system32\DRIVERS\atikmdag.sys
13:33:37.0258 5220 amdkmdag - ok
13:33:37.0320 5220 amdkmdap (6b4e9261b613b047a9a145f328889968) C:\Windows\system32\DRIVERS\atikmpag.sys
13:33:37.0320 5220 amdkmdap - ok
13:33:37.0336 5220 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
13:33:37.0336 5220 AmdPPM - ok
13:33:37.0367 5220 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
13:33:37.0367 5220 amdsata - ok
13:33:37.0398 5220 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
13:33:37.0398 5220 amdsbs - ok
13:33:37.0414 5220 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
13:33:37.0414 5220 amdxata - ok
13:33:37.0445 5220 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
13:33:37.0445 5220 AppID - ok
13:33:37.0476 5220 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
13:33:37.0476 5220 AppIDSvc - ok
13:33:37.0507 5220 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
13:33:37.0507 5220 Appinfo - ok
13:33:37.0585 5220 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:33:37.0585 5220 Apple Mobile Device - ok
13:33:37.0601 5220 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
13:33:37.0601 5220 AppMgmt - ok
13:33:37.0616 5220 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
13:33:37.0616 5220 arc - ok
13:33:37.0648 5220 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
13:33:37.0648 5220 arcsas - ok
13:33:37.0772 5220 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
13:33:37.0772 5220 aspnet_state - ok
13:33:37.0788 5220 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
13:33:37.0788 5220 AsyncMac - ok
13:33:37.0819 5220 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
13:33:37.0819 5220 atapi - ok
13:33:37.0882 5220 athr (0acc06fcf46f64ed4f11e57ee461c1f4) C:\Windows\system32\DRIVERS\athrx.sys
13:33:37.0882 5220 athr - ok
13:33:37.0960 5220 AtiHDAudioService (e02b26650acc2f4901342d4a66774ad7) C:\Windows\system32\drivers\AtihdW76.sys
13:33:37.0960 5220 AtiHDAudioService - ok
13:33:37.0975 5220 AtiHdmiService (2d648572ba9a610952fcafba1e119c2d) C:\Windows\system32\drivers\AtiHdmi.sys
13:33:37.0975 5220 AtiHdmiService - ok
13:33:38.0256 5220 atikmdag (60216b0e704584de6d5a9f59e9c34c47) C:\Windows\system32\DRIVERS\atikmdag.sys
13:33:38.0303 5220 atikmdag - ok
13:33:38.0412 5220 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
13:33:38.0412 5220 AudioEndpointBuilder - ok
13:33:38.0412 5220 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
13:33:38.0428 5220 AudioSrv - ok
13:33:38.0459 5220 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
13:33:38.0474 5220 AxInstSV - ok
13:33:38.0506 5220 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
13:33:38.0521 5220 b06bdrv - ok
13:33:38.0537 5220 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
13:33:38.0537 5220 b57nd60a - ok
13:33:38.0552 5220 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
13:33:38.0552 5220 BDESVC - ok
13:33:38.0568 5220 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
13:33:38.0568 5220 Beep - ok
13:33:38.0615 5220 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
13:33:38.0630 5220 BFE - ok
13:33:38.0677 5220 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
13:33:38.0677 5220 BITS - ok
13:33:38.0724 5220 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
13:33:38.0724 5220 blbdrive - ok
13:33:38.0786 5220 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
13:33:38.0786 5220 Bonjour Service - ok
13:33:38.0818 5220 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
13:33:38.0818 5220 bowser - ok
13:33:38.0833 5220 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:33:38.0833 5220 BrFiltLo - ok
13:33:38.0849 5220 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:33:38.0849 5220 BrFiltUp - ok
13:33:38.0896 5220 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
13:33:38.0896 5220 Browser - ok
13:33:38.0911 5220 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
13:33:38.0911 5220 Brserid - ok
13:33:38.0927 5220 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
13:33:38.0927 5220 BrSerWdm - ok
13:33:38.0942 5220 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
13:33:38.0942 5220 BrUsbMdm - ok
13:33:38.0942 5220 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
13:33:38.0942 5220 BrUsbSer - ok
13:33:38.0958 5220 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
13:33:38.0958 5220 BTHMODEM - ok
13:33:38.0989 5220 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
13:33:38.0989 5220 bthserv - ok
13:33:39.0005 5220 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
13:33:39.0005 5220 cdfs - ok
13:33:39.0052 5220 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
13:33:39.0052 5220 cdrom - ok
13:33:39.0098 5220 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
13:33:39.0098 5220 CertPropSvc - ok
13:33:39.0114 5220 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
13:33:39.0114 5220 circlass - ok
13:33:39.0130 5220 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
13:33:39.0130 5220 CLFS - ok
13:33:39.0176 5220 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:33:39.0176 5220 clr_optimization_v2.0.50727_32 - ok
13:33:39.0223 5220 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:33:39.0223 5220 clr_optimization_v2.0.50727_64 - ok
13:33:39.0301 5220 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:33:39.0301 5220 clr_optimization_v4.0.30319_32 - ok
13:33:39.0317 5220 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:33:39.0317 5220 clr_optimization_v4.0.30319_64 - ok
13:33:39.0332 5220 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
13:33:39.0332 5220 CmBatt - ok
13:33:39.0364 5220 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
13:33:39.0364 5220 cmdide - ok
13:33:39.0410 5220 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
13:33:39.0410 5220 CNG - ok
13:33:39.0426 5220 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
13:33:39.0426 5220 Compbatt - ok
13:33:39.0488 5220 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
13:33:39.0488 5220 CompositeBus - ok
13:33:39.0488 5220 COMSysApp - ok
13:33:39.0535 5220 cpuz134 (17719a7f571d4cd08223f0b30f71b8b8) C:\Windows\system32\drivers\cpuz134_x64.sys
13:33:39.0535 5220 cpuz134 - ok
13:33:39.0551 5220 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
13:33:39.0551 5220 crcdisk - ok
13:33:39.0582 5220 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
13:33:39.0582 5220 CryptSvc - ok
13:33:39.0676 5220 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
13:33:39.0676 5220 CSC - ok
13:33:39.0707 5220 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
13:33:39.0707 5220 CscService - ok
13:33:39.0754 5220 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
13:33:39.0754 5220 DcomLaunch - ok
13:33:39.0785 5220 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
13:33:39.0800 5220 defragsvc - ok
13:33:39.0894 5220 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
13:33:39.0894 5220 DfsC - ok
13:33:39.0910 5220 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
13:33:39.0910 5220 Dhcp - ok
13:33:39.0925 5220 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
13:33:39.0925 5220 discache - ok
13:33:39.0925 5220 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
13:33:39.0925 5220 Disk - ok
13:33:39.0972 5220 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
13:33:39.0972 5220 Dnscache - ok
13:33:40.0019 5220 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
13:33:40.0019 5220 dot3svc - ok
13:33:40.0081 5220 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
13:33:40.0081 5220 DPS - ok
13:33:40.0097 5220 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
13:33:40.0097 5220 drmkaud - ok
13:33:40.0144 5220 dtsoftbus01 (400582b09e0bb557d0ec28a945150eeb) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
13:33:40.0144 5220 dtsoftbus01 - ok
13:33:40.0206 5220 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
13:33:40.0206 5220 DXGKrnl - ok
13:33:40.0222 5220 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
13:33:40.0222 5220 EapHost - ok
13:33:40.0378 5220 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
13:33:40.0393 5220 ebdrv - ok
13:33:40.0502 5220 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
13:33:40.0502 5220 EFS - ok
13:33:40.0565 5220 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
13:33:40.0565 5220 ehRecvr - ok
13:33:40.0627 5220 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
13:33:40.0627 5220 ehSched - ok
13:33:40.0674 5220 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
13:33:40.0674 5220 elxstor - ok
13:33:40.0768 5220 EpsonBidirectionalService (abdd5ad016affd34ad40e944ce94bf59) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
13:33:40.0768 5220 EpsonBidirectionalService - ok
13:33:40.0799 5220 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
13:33:40.0799 5220 ErrDev - ok
13:33:40.0830 5220 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
13:33:40.0846 5220 EventSystem - ok
13:33:40.0861 5220 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
13:33:40.0861 5220 exfat - ok
13:33:40.0892 5220 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
13:33:40.0892 5220 fastfat - ok
13:33:40.0939 5220 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
13:33:40.0939 5220 Fax - ok
13:33:40.0955 5220 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
13:33:40.0970 5220 fdc - ok
13:33:40.0970 5220 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
13:33:40.0970 5220 fdPHost - ok
13:33:40.0986 5220 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
13:33:40.0986 5220 FDResPub - ok
13:33:41.0002 5220 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
13:33:41.0002 5220 FileInfo - ok
13:33:41.0017 5220 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
13:33:41.0017 5220 Filetrace - ok
13:33:41.0080 5220 FLEXnet Licensing Service (bb0667b0171b632b97ea759515476f07) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
13:33:41.0095 5220 FLEXnet Licensing Service - ok
13:33:41.0095 5220 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
13:33:41.0095 5220 flpydisk - ok
13:33:41.0173 5220 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
13:33:41.0173 5220 FltMgr - ok
13:33:41.0236 5220 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
13:33:41.0251 5220 FontCache - ok
13:33:41.0329 5220 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:33:41.0329 5220 FontCache3.0.0.0 - ok
13:33:41.0360 5220 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
13:33:41.0360 5220 FsDepends - ok
13:33:41.0392 5220 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
13:33:41.0392 5220 Fs_Rec - ok
13:33:41.0438 5220 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
13:33:41.0438 5220 fvevol - ok
13:33:41.0454 5220 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
13:33:41.0454 5220 gagp30kx - ok
13:33:41.0470 5220 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:33:41.0470 5220 GEARAspiWDM - ok
13:33:41.0516 5220 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
13:33:41.0532 5220 gpsvc - ok
13:33:41.0532 5220 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
13:33:41.0532 5220 hcw85cir - ok
13:33:41.0579 5220 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
13:33:41.0579 5220 HdAudAddService - ok
13:33:41.0610 5220 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
13:33:41.0626 5220 HDAudBus - ok
13:33:41.0626 5220 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
13:33:41.0626 5220 HidBatt - ok
13:33:41.0641 5220 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
13:33:41.0641 5220 HidBth - ok
13:33:41.0657 5220 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
13:33:41.0657 5220 HidIr - ok
13:33:41.0688 5220 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
13:33:41.0688 5220 hidserv - ok
13:33:41.0688 5220 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
13:33:41.0688 5220 HidUsb - ok
13:33:41.0735 5220 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
13:33:41.0735 5220 hkmsvc - ok
13:33:41.0782 5220 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
13:33:41.0782 5220 HomeGroupListener - ok
13:33:41.0829 5220 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
13:33:41.0829 5220 HomeGroupProvider - ok
13:33:41.0875 5220 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
13:33:41.0875 5220 HpSAMD - ok
13:33:41.0938 5220 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
13:33:41.0938 5220 HTTP - ok
13:33:41.0953 5220 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
13:33:41.0953 5220 hwpolicy - ok
13:33:41.0985 5220 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
13:33:41.0985 5220 i8042prt - ok
13:33:42.0031 5220 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
13:33:42.0047 5220 iaStorV - ok
13:33:42.0141 5220 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:33:42.0141 5220 idsvc - ok
13:33:42.0312 5220 igfx (24cc43ecdeefd4c19fbbee4951b647f1) C:\Windows\system32\DRIVERS\igdkmd64.sys
13:33:42.0343 5220 igfx - ok
13:33:42.0421 5220 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
13:33:42.0437 5220 iirsp - ok
13:33:42.0484 5220 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
13:33:42.0484 5220 IKEEXT - ok
13:33:42.0531 5220 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
13:33:42.0531 5220 intelide - ok
13:33:42.0531 5220 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
13:33:42.0546 5220 intelppm - ok
13:33:42.0577 5220 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
13:33:42.0577 5220 IPBusEnum - ok
13:33:42.0624 5220 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:33:42.0624 5220 IpFilterDriver - ok
13:33:42.0687 5220 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
13:33:42.0687 5220 iphlpsvc - ok
13:33:42.0718 5220 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
13:33:42.0718 5220 IPMIDRV - ok
13:33:42.0749 5220 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
13:33:42.0749 5220 IPNAT - ok
13:33:42.0796 5220 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
13:33:42.0796 5220 iPod Service - ok
13:33:42.0811 5220 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
13:33:42.0811 5220 IRENUM - ok
13:33:42.0843 5220 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
13:33:42.0843 5220 isapnp - ok
13:33:42.0858 5220 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
13:33:42.0874 5220 iScsiPrt - ok
13:33:42.0905 5220 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
13:33:42.0905 5220 kbdclass - ok
13:33:42.0952 5220 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
13:33:42.0952 5220 kbdhid - ok
13:33:42.0983 5220 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:33:42.0983 5220 KeyIso - ok
13:33:43.0014 5220 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
13:33:43.0014 5220 KSecDD - ok
13:33:43.0061 5220 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
13:33:43.0061 5220 KSecPkg - ok
13:33:43.0077 5220 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
13:33:43.0077 5220 ksthunk - ok
13:33:43.0108 5220 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
13:33:43.0123 5220 KtmRm - ok
13:33:43.0170 5220 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
13:33:43.0170 5220 LanmanServer - ok
13:33:43.0201 5220 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
13:33:43.0201 5220 LanmanWorkstation - ok
13:33:43.0217 5220 libusbd - ok
13:33:43.0248 5220 LightScribeService (4af65f3a2253df7d0b8d80812eae7a7c) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
13:33:43.0248 5220 LightScribeService - ok
13:33:43.0264 5220 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
13:33:43.0264 5220 lltdio - ok
13:33:43.0295 5220 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
13:33:43.0295 5220 lltdsvc - ok
13:33:43.0295 5220 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
13:33:43.0295 5220 lmhosts - ok
13:33:43.0326 5220 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
13:33:43.0326 5220 LSI_FC - ok
13:33:43.0342 5220 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
13:33:43.0342 5220 LSI_SAS - ok
13:33:43.0357 5220 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:33:43.0357 5220 LSI_SAS2 - ok
13:33:43.0357 5220 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:33:43.0357 5220 LSI_SCSI - ok
13:33:43.0389 5220 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
13:33:43.0389 5220 luafv - ok
13:33:43.0404 5220 lvpepf64 (4a503882318bb2f59218d401614e6af6) C:\Windows\system32\DRIVERS\lv302a64.sys
13:33:43.0404 5220 lvpepf64 - ok
13:33:43.0404 5220 LVPr2M64 (ded333dbdbbcc3555a6e6244522e2f1a) C:\Windows\system32\DRIVERS\LVPr2M64.sys
13:33:43.0420 5220 LVPr2M64 - ok
13:33:43.0420 5220 LVPr2Mon (ded333dbdbbcc3555a6e6244522e2f1a) C:\Windows\system32\DRIVERS\LVPr2M64.sys
13:33:43.0420 5220 LVPr2Mon - ok
13:33:43.0467 5220 LVPrcS64 (a35679e56e78091e1042a2d7adbf2958) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
13:33:43.0467 5220 LVPrcS64 - ok
13:33:43.0482 5220 LVRS64 (125ae13c293889001b8456cf3eb04a40) C:\Windows\system32\DRIVERS\lvrs64.sys
13:33:43.0482 5220 LVRS64 - ok
13:33:43.0498 5220 LVUSBS64 (5c3ff68267a5d242ee79ee01b993d6ce) C:\Windows\system32\DRIVERS\LVUSBS64.sys
13:33:43.0498 5220 LVUSBS64 - ok
13:33:43.0545 5220 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
13:33:43.0545 5220 Mcx2Svc - ok
13:33:43.0576 5220 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
13:33:43.0576 5220 megasas - ok
13:33:43.0591 5220 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
13:33:43.0591 5220 MegaSR - ok
13:33:43.0685 5220 Microsoft SharePoint Workspace Audit Service - ok
13:33:43.0716 5220 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
13:33:43.0716 5220 MMCSS - ok
13:33:43.0732 5220 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
13:33:43.0732 5220 Modem - ok
13:33:43.0779 5220 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
13:33:43.0779 5220 monitor - ok
13:33:43.0810 5220 MotioninJoyXFilter (fc44ad48746ffa5fd640ef1260ab5ec2) C:\Windows\system32\DRIVERS\MijXfilt.sys
13:33:43.0810 5220 MotioninJoyXFilter - ok
13:33:43.0857 5220 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
13:33:43.0857 5220 mouclass - ok
13:33:43.0857 5220 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
13:33:43.0857 5220 mouhid - ok
13:33:43.0888 5220 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
13:33:43.0903 5220 mountmgr - ok
13:33:43.0935 5220 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
13:33:43.0935 5220 MpFilter - ok
13:33:43.0966 5220 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
13:33:43.0966 5220 mpio - ok
13:33:43.0981 5220 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
13:33:43.0981 5220 mpsdrv - ok
13:33:44.0044 5220 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
13:33:44.0059 5220 MpsSvc - ok
13:33:44.0091 5220 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
13:33:44.0091 5220 MRxDAV - ok
13:33:44.0137 5220 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:33:44.0137 5220 mrxsmb - ok
13:33:44.0184 5220 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:33:44.0184 5220 mrxsmb10 - ok
13:33:44.0184 5220 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:33:44.0184 5220 mrxsmb20 - ok
13:33:44.0231 5220 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
13:33:44.0231 5220 msahci - ok
13:33:44.0278 5220 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
13:33:44.0278 5220 msdsm - ok
13:33:44.0293 5220 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
13:33:44.0293 5220 MSDTC - ok
13:33:44.0325 5220 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
13:33:44.0325 5220 Msfs - ok
13:33:44.0340 5220 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
13:33:44.0340 5220 mshidkmdf - ok
13:33:44.0387 5220 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
13:33:44.0387 5220 msisadrv - ok
13:33:44.0403 5220 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
13:33:44.0403 5220 MSiSCSI - ok
13:33:44.0418 5220 msiserver - ok
13:33:44.0418 5220 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
13:33:44.0418 5220 MSKSSRV - ok
13:33:44.0481 5220 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) C:\Program Files\Microsoft Security Client\MsMpEng.exe
13:33:44.0481 5220 MsMpSvc - ok
13:33:44.0496 5220 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
13:33:44.0496 5220 MSPCLOCK - ok
13:33:44.0496 5220 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
13:33:44.0496 5220 MSPQM - ok
13:33:44.0543 5220 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
13:33:44.0543 5220 MsRPC - ok
13:33:44.0590 5220 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
13:33:44.0590 5220 mssmbios - ok
13:33:44.0605 5220 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
13:33:44.0605 5220 MSTEE - ok
13:33:44.0605 5220 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
13:33:44.0605 5220 MTConfig - ok
13:33:44.0637 5220 MTsensor (03b7145c889603537e9ffeabb1ad1089) C:\Windows\system32\DRIVERS\ASACPI.sys
13:33:44.0637 5220 MTsensor - ok
13:33:44.0652 5220 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
13:33:44.0652 5220 Mup - ok
13:33:44.0699 5220 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
13:33:44.0715 5220 napagent - ok
13:33:44.0715 5220 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
13:33:44.0730 5220 NativeWifiP - ok
13:33:44.0793 5220 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
13:33:44.0793 5220 NDIS - ok
13:33:44.0824 5220 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
13:33:44.0824 5220 NdisCap - ok
13:33:44.0824 5220 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
13:33:44.0824 5220 NdisTapi - ok
13:33:44.0871 5220 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
13:33:44.0871 5220 Ndisuio - ok
13:33:44.0917 5220 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
13:33:44.0917 5220 NdisWan - ok
stararc
Active Member
 
Posts: 14
Joined: June 25th, 2012, 12:51 am

Re: Infestation

Unread postby stararc » June 28th, 2012, 8:36 am

13:33:44.0917 5220 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
13:33:44.0933 5220 NDProxy - ok
13:33:44.0964 5220 Netaapl (6f4607e2333fe21e9e3ff8133a88b35b) C:\Windows\system32\DRIVERS\netaapl64.sys
13:33:44.0964 5220 Netaapl - ok
13:33:44.0980 5220 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
13:33:44.0980 5220 NetBIOS - ok
13:33:45.0027 5220 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
13:33:45.0027 5220 NetBT - ok
13:33:45.0058 5220 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:33:45.0058 5220 Netlogon - ok
13:33:45.0089 5220 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
13:33:45.0089 5220 Netman - ok
13:33:45.0198 5220 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:33:45.0198 5220 NetMsmqActivator - ok
13:33:45.0198 5220 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:33:45.0198 5220 NetPipeActivator - ok
13:33:45.0229 5220 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
13:33:45.0229 5220 netprofm - ok
13:33:45.0229 5220 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:33:45.0229 5220 NetTcpActivator - ok
13:33:45.0229 5220 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:33:45.0229 5220 NetTcpPortSharing - ok
13:33:45.0276 5220 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
13:33:45.0276 5220 nfrd960 - ok
13:33:45.0292 5220 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
13:33:45.0307 5220 NisDrv - ok
13:33:45.0354 5220 NisSrv (10a43829a9e606af3eef25a1c1665923) C:\Program Files\Microsoft Security Client\NisSrv.exe
13:33:45.0354 5220 NisSrv - ok
13:33:45.0401 5220 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
13:33:45.0401 5220 NlaSvc - ok
13:33:45.0448 5220 nmwcd (907b5e1e4a592e5edc5e4ccbde4863c2) C:\Windows\system32\drivers\ccdcmbx64.sys
13:33:45.0448 5220 nmwcd - ok
13:33:45.0479 5220 nmwcdc (41c1ac1f3613435eb32d67bcb80a5fa5) C:\Windows\system32\drivers\ccdcmbox64.sys
13:33:45.0479 5220 nmwcdc - ok
13:33:45.0510 5220 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
13:33:45.0510 5220 Npfs - ok
13:33:45.0526 5220 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
13:33:45.0526 5220 nsi - ok
13:33:45.0541 5220 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
13:33:45.0541 5220 nsiproxy - ok
13:33:45.0619 5220 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
13:33:45.0619 5220 Ntfs - ok
13:33:45.0697 5220 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
13:33:45.0697 5220 Null - ok
13:33:45.0744 5220 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
13:33:45.0744 5220 nvraid - ok
13:33:45.0760 5220 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
13:33:45.0760 5220 nvstor - ok
13:33:45.0807 5220 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
13:33:45.0807 5220 nv_agp - ok
13:33:45.0853 5220 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
13:33:45.0853 5220 ohci1394 - ok
13:33:45.0931 5220 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:33:45.0931 5220 ose - ok
13:33:46.0119 5220 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
13:33:46.0134 5220 osppsvc - ok
13:33:46.0212 5220 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
13:33:46.0212 5220 p2pimsvc - ok
13:33:46.0243 5220 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
13:33:46.0243 5220 p2psvc - ok
13:33:46.0275 5220 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
13:33:46.0275 5220 Parport - ok
13:33:46.0321 5220 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
13:33:46.0321 5220 partmgr - ok
13:33:46.0337 5220 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
13:33:46.0337 5220 PcaSvc - ok
13:33:46.0384 5220 pccsmcfd (bc0018c2d29f655188a0ed3fa94fdb24) C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
13:33:46.0384 5220 pccsmcfd - ok
13:33:46.0431 5220 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
13:33:46.0431 5220 pci - ok
13:33:46.0431 5220 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
13:33:46.0431 5220 pciide - ok
13:33:46.0462 5220 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
13:33:46.0462 5220 pcmcia - ok
13:33:46.0477 5220 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
13:33:46.0477 5220 pcw - ok
13:33:46.0509 5220 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
13:33:46.0509 5220 PEAUTH - ok
13:33:46.0555 5220 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
13:33:46.0571 5220 PeerDistSvc - ok
13:33:46.0618 5220 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
13:33:46.0618 5220 PerfHost - ok
13:33:46.0680 5220 pgsql-8.3 (7c620e950bf1fe96e0fc81985b0b0b4a) C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe
13:33:46.0680 5220 pgsql-8.3 - ok
13:33:46.0805 5220 PID_PEPI (ae0b94363da0f60d42b9d05b352f61ed) C:\Windows\system32\DRIVERS\LV302V64.SYS
13:33:46.0821 5220 PID_PEPI - ok
13:33:46.0945 5220 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
13:33:46.0977 5220 pla - ok
13:33:47.0023 5220 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
13:33:47.0023 5220 PlugPlay - ok
13:33:47.0039 5220 PnkBstrA - ok
13:33:47.0055 5220 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
13:33:47.0070 5220 PNRPAutoReg - ok
13:33:47.0086 5220 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
13:33:47.0086 5220 PNRPsvc - ok
13:33:47.0101 5220 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
13:33:47.0117 5220 PolicyAgent - ok
13:33:47.0133 5220 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
13:33:47.0133 5220 Power - ok
13:33:47.0195 5220 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
13:33:47.0211 5220 PptpMiniport - ok
13:33:47.0226 5220 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
13:33:47.0226 5220 Processor - ok
13:33:47.0273 5220 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
13:33:47.0273 5220 ProfSvc - ok
13:33:47.0320 5220 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:33:47.0320 5220 ProtectedStorage - ok
13:33:47.0351 5220 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
13:33:47.0367 5220 Psched - ok
13:33:47.0413 5220 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
13:33:47.0429 5220 ql2300 - ok
13:33:47.0507 5220 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
13:33:47.0507 5220 ql40xx - ok
13:33:47.0523 5220 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
13:33:47.0538 5220 QWAVE - ok
13:33:47.0538 5220 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
13:33:47.0554 5220 QWAVEdrv - ok
13:33:47.0554 5220 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
13:33:47.0554 5220 RasAcd - ok
13:33:47.0585 5220 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
13:33:47.0585 5220 RasAgileVpn - ok
13:33:47.0585 5220 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
13:33:47.0585 5220 RasAuto - ok
13:33:47.0632 5220 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:33:47.0632 5220 Rasl2tp - ok
13:33:47.0679 5220 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
13:33:47.0679 5220 RasMan - ok
13:33:47.0694 5220 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
13:33:47.0694 5220 RasPppoe - ok
13:33:47.0710 5220 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
13:33:47.0710 5220 RasSstp - ok
13:33:47.0725 5220 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
13:33:47.0741 5220 rdbss - ok
13:33:47.0741 5220 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
13:33:47.0741 5220 rdpbus - ok
13:33:47.0757 5220 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:33:47.0757 5220 RDPCDD - ok
13:33:47.0819 5220 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
13:33:47.0819 5220 RDPDR - ok
13:33:47.0835 5220 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
13:33:47.0835 5220 RDPENCDD - ok
13:33:47.0850 5220 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
13:33:47.0850 5220 RDPREFMP - ok
13:33:47.0897 5220 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
13:33:47.0897 5220 RDPWD - ok
13:33:47.0913 5220 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
13:33:47.0913 5220 rdyboost - ok
13:33:47.0928 5220 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
13:33:47.0928 5220 RemoteAccess - ok
13:33:47.0959 5220 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
13:33:47.0959 5220 RemoteRegistry - ok
13:33:47.0975 5220 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
13:33:47.0975 5220 RpcEptMapper - ok
13:33:47.0991 5220 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
13:33:47.0991 5220 RpcLocator - ok
13:33:48.0037 5220 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
13:33:48.0037 5220 RpcSs - ok
13:33:48.0069 5220 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
13:33:48.0069 5220 rspndr - ok
13:33:48.0100 5220 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
13:33:48.0115 5220 RTL8167 - ok
13:33:48.0162 5220 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
13:33:48.0162 5220 s3cap - ok
13:33:48.0193 5220 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:33:48.0193 5220 SamSs - ok
13:33:48.0240 5220 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS
13:33:48.0240 5220 SASDIFSV - ok
13:33:48.0256 5220 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS
13:33:48.0256 5220 SASENUM - ok
13:33:48.0271 5220 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys
13:33:48.0271 5220 SASKUTIL - ok
13:33:48.0303 5220 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
13:33:48.0318 5220 sbp2port - ok
13:33:48.0349 5220 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
13:33:48.0365 5220 SCardSvr - ok
13:33:48.0381 5220 SCDEmu (07237c66e05da6778e9f3cb67fa00736) C:\Windows\system32\drivers\SCDEmu.sys
13:33:48.0396 5220 SCDEmu - ok
13:33:48.0427 5220 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
13:33:48.0427 5220 scfilter - ok
13:33:48.0505 5220 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
13:33:48.0537 5220 Schedule - ok
13:33:48.0583 5220 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
13:33:48.0583 5220 SCPolicySvc - ok
13:33:48.0583 5220 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
13:33:48.0599 5220 SDRSVC - ok
13:33:48.0646 5220 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
13:33:48.0646 5220 secdrv - ok
13:33:48.0646 5220 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
13:33:48.0661 5220 seclogon - ok
13:33:48.0677 5220 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
13:33:48.0677 5220 SENS - ok
13:33:48.0677 5220 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
13:33:48.0693 5220 SensrSvc - ok
13:33:48.0693 5220 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
13:33:48.0693 5220 Serenum - ok
13:33:48.0708 5220 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
13:33:48.0724 5220 Serial - ok
13:33:48.0755 5220 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
13:33:48.0755 5220 sermouse - ok
13:33:48.0833 5220 ServiceLayer (668043f192ab9659761a349a4703600d) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
13:33:48.0849 5220 ServiceLayer - ok
13:33:48.0895 5220 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
13:33:48.0895 5220 SessionEnv - ok
13:33:48.0942 5220 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
13:33:48.0942 5220 sffdisk - ok
13:33:48.0958 5220 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
13:33:48.0958 5220 sffp_mmc - ok
13:33:48.0958 5220 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
13:33:48.0958 5220 sffp_sd - ok
13:33:48.0973 5220 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
13:33:48.0973 5220 sfloppy - ok
13:33:49.0020 5220 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
13:33:49.0020 5220 SharedAccess - ok
13:33:49.0036 5220 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
13:33:49.0051 5220 ShellHWDetection - ok
13:33:49.0067 5220 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:33:49.0067 5220 SiSRaid2 - ok
13:33:49.0067 5220 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
13:33:49.0067 5220 SiSRaid4 - ok
13:33:49.0114 5220 SkypeUpdate (db0405d9aad62f0762e0876ac142b7e1) C:\Program Files (x86)\Skype\Updater\Updater.exe
13:33:49.0129 5220 SkypeUpdate - ok
13:33:49.0145 5220 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
13:33:49.0145 5220 Smb - ok
13:33:49.0176 5220 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
13:33:49.0176 5220 SNMPTRAP - ok
13:33:49.0176 5220 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
13:33:49.0192 5220 spldr - ok
13:33:49.0239 5220 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
13:33:49.0239 5220 Spooler - ok
13:33:49.0363 5220 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
13:33:49.0410 5220 sppsvc - ok
13:33:49.0457 5220 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
13:33:49.0457 5220 sppuinotify - ok
13:33:49.0535 5220 sprtsvc_O2DA (9be42e99bbd5461f1f94fe39fee2e6f5) C:\Program Files (x86)\O2 Assistant\bin\sprtsvc.exe
13:33:49.0535 5220 sprtsvc_O2DA - ok
13:33:49.0597 5220 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
13:33:49.0597 5220 srv - ok
13:33:49.0644 5220 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
13:33:49.0644 5220 srv2 - ok
13:33:49.0660 5220 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
13:33:49.0660 5220 srvnet - ok
13:33:49.0675 5220 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
13:33:49.0691 5220 SSDPSRV - ok
13:33:49.0691 5220 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
13:33:49.0691 5220 SstpSvc - ok
13:33:49.0738 5220 Steam Client Service - ok
13:33:49.0769 5220 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
13:33:49.0769 5220 stexstor - ok
13:33:49.0831 5220 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
13:33:49.0831 5220 stisvc - ok
13:33:49.0878 5220 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
13:33:49.0878 5220 storflt - ok
13:33:49.0894 5220 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
13:33:49.0909 5220 StorSvc - ok
13:33:49.0909 5220 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
13:33:49.0909 5220 storvsc - ok
13:33:49.0987 5220 SupportSoft RemoteAssist (518eeb2043b66e733489a715852bf839) C:\Program Files (x86)\Common Files\supportsoft\bin\ssrc.exe
13:33:49.0987 5220 SupportSoft RemoteAssist - ok
13:33:50.0019 5220 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
13:33:50.0019 5220 swenum - ok
13:33:50.0065 5220 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
13:33:50.0065 5220 swprv - ok
13:33:50.0143 5220 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
13:33:50.0175 5220 SysMain - ok
13:33:50.0253 5220 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
13:33:50.0253 5220 TabletInputService - ok
13:33:50.0268 5220 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
13:33:50.0268 5220 TapiSrv - ok
13:33:50.0284 5220 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
13:33:50.0284 5220 TBS - ok
13:33:50.0362 5220 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
13:33:50.0393 5220 Tcpip - ok
13:33:50.0487 5220 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
13:33:50.0502 5220 TCPIP6 - ok
13:33:50.0580 5220 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
13:33:50.0580 5220 tcpipreg - ok
13:33:50.0596 5220 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
13:33:50.0596 5220 TDPIPE - ok
13:33:50.0627 5220 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
13:33:50.0627 5220 TDTCP - ok
13:33:50.0705 5220 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
13:33:50.0721 5220 tdx - ok
13:33:50.0752 5220 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
13:33:50.0752 5220 TermDD - ok
13:33:50.0783 5220 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
13:33:50.0783 5220 TermService - ok
13:33:50.0830 5220 tgsrvc_O2DA (c4e3bbcba4e10a34e31c26a0cf933e32) C:\Program Files (x86)\O2 Assistant\bin\tgsrvc.exe
13:33:50.0830 5220 tgsrvc_O2DA - ok
13:33:50.0845 5220 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
13:33:50.0845 5220 Themes - ok
13:33:50.0877 5220 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
13:33:50.0877 5220 THREADORDER - ok
13:33:50.0892 5220 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
13:33:50.0892 5220 TrkWks - ok
13:33:50.0939 5220 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
13:33:50.0955 5220 TrustedInstaller - ok
13:33:51.0001 5220 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:33:51.0001 5220 tssecsrv - ok
13:33:51.0033 5220 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
13:33:51.0033 5220 TsUsbFlt - ok
13:33:51.0095 5220 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
13:33:51.0095 5220 tunnel - ok
13:33:51.0111 5220 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
13:33:51.0126 5220 uagp35 - ok
13:33:51.0157 5220 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
13:33:51.0173 5220 udfs - ok
13:33:51.0189 5220 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
13:33:51.0189 5220 UI0Detect - ok
13:33:51.0235 5220 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
13:33:51.0235 5220 uliagpkx - ok
13:33:51.0267 5220 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
13:33:51.0267 5220 umbus - ok
13:33:51.0282 5220 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
13:33:51.0282 5220 UmPass - ok
13:33:51.0313 5220 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
13:33:51.0329 5220 UmRdpService - ok
13:33:51.0345 5220 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
13:33:51.0345 5220 upnphost - ok
13:33:51.0391 5220 upperdev (4e93c8496359e97830c75ac36393654d) C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
13:33:51.0391 5220 upperdev - ok
13:33:51.0423 5220 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
13:33:51.0423 5220 USBAAPL64 - ok
13:33:51.0469 5220 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
13:33:51.0469 5220 usbaudio - ok
13:33:51.0501 5220 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
13:33:51.0516 5220 usbccgp - ok
13:33:51.0547 5220 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
13:33:51.0563 5220 usbcir - ok
13:33:51.0579 5220 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
13:33:51.0579 5220 usbehci - ok
13:33:51.0625 5220 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
13:33:51.0641 5220 usbhub - ok
13:33:51.0657 5220 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
13:33:51.0657 5220 usbohci - ok
13:33:51.0657 5220 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
13:33:51.0657 5220 usbprint - ok
13:33:51.0703 5220 usbser (4acee387fa8fd39f83564fcd2fc234f2) C:\Windows\system32\drivers\usbser.sys
13:33:51.0703 5220 usbser - ok
13:33:51.0750 5220 UsbserFilt (8844cb19a37b65e27049d4a7786726a9) C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys
13:33:51.0750 5220 UsbserFilt - ok
13:33:51.0797 5220 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:33:51.0797 5220 USBSTOR - ok
13:33:51.0813 5220 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
13:33:51.0813 5220 usbuhci - ok
13:33:51.0828 5220 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
13:33:51.0828 5220 UxSms - ok
13:33:51.0859 5220 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:33:51.0859 5220 VaultSvc - ok
13:33:51.0906 5220 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
13:33:51.0906 5220 vdrvroot - ok
13:33:51.0953 5220 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
13:33:51.0969 5220 vds - ok
13:33:51.0984 5220 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
13:33:51.0984 5220 vga - ok
13:33:52.0000 5220 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
13:33:52.0000 5220 VgaSave - ok
13:33:52.0031 5220 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
13:33:52.0047 5220 vhdmp - ok
13:33:52.0078 5220 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
13:33:52.0078 5220 viaide - ok
13:33:52.0125 5220 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
13:33:52.0125 5220 vmbus - ok
13:33:52.0125 5220 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
13:33:52.0140 5220 VMBusHID - ok
13:33:52.0171 5220 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
13:33:52.0171 5220 volmgr - ok
13:33:52.0218 5220 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
13:33:52.0218 5220 volmgrx - ok
13:33:52.0265 5220 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
13:33:52.0281 5220 volsnap - ok
13:33:52.0296 5220 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
13:33:52.0296 5220 vsmraid - ok
13:33:52.0374 5220 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
13:33:52.0405 5220 VSS - ok
13:33:52.0468 5220 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
13:33:52.0468 5220 vwifibus - ok
13:33:52.0483 5220 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
13:33:52.0483 5220 vwififlt - ok
13:33:52.0499 5220 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
13:33:52.0499 5220 vwifimp - ok
13:33:52.0530 5220 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
13:33:52.0546 5220 W32Time - ok
13:33:52.0561 5220 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
13:33:52.0561 5220 WacomPen - ok
13:33:52.0608 5220 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:33:52.0624 5220 WANARP - ok
13:33:52.0624 5220 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:33:52.0624 5220 Wanarpv6 - ok
13:33:52.0702 5220 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
13:33:52.0733 5220 WatAdminSvc - ok
13:33:52.0795 5220 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
13:33:52.0827 5220 wbengine - ok
13:33:52.0920 5220 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
13:33:52.0920 5220 WbioSrvc - ok
13:33:52.0967 5220 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
13:33:52.0967 5220 wcncsvc - ok
13:33:52.0983 5220 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
13:33:52.0983 5220 WcsPlugInService - ok
13:33:52.0998 5220 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
13:33:52.0998 5220 Wd - ok
13:33:53.0029 5220 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
13:33:53.0045 5220 Wdf01000 - ok
13:33:53.0061 5220 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
13:33:53.0061 5220 WdiServiceHost - ok
13:33:53.0061 5220 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
13:33:53.0061 5220 WdiSystemHost - ok
13:33:53.0076 5220 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
13:33:53.0092 5220 WebClient - ok
13:33:53.0107 5220 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
13:33:53.0107 5220 Wecsvc - ok
13:33:53.0123 5220 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
13:33:53.0123 5220 wercplsupport - ok
13:33:53.0139 5220 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
13:33:53.0139 5220 WerSvc - ok
13:33:53.0170 5220 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
13:33:53.0170 5220 WfpLwf - ok
13:33:53.0185 5220 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
13:33:53.0185 5220 WIMMount - ok
13:33:53.0201 5220 WinDefend - ok
13:33:53.0217 5220 WinHttpAutoProxySvc - ok
13:33:53.0248 5220 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
13:33:53.0248 5220 Winmgmt - ok
13:33:53.0326 5220 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
13:33:53.0373 5220 WinRM - ok
13:33:53.0513 5220 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
13:33:53.0513 5220 WinUsb - ok
13:33:53.0560 5220 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
13:33:53.0575 5220 Wlansvc - ok
13:33:53.0716 5220 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:33:53.0763 5220 wlidsvc - ok
13:33:53.0872 5220 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
13:33:53.0872 5220 WmiAcpi - ok
13:33:53.0903 5220 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
13:33:53.0903 5220 wmiApSrv - ok
13:33:53.0919 5220 WMPNetworkSvc - ok
13:33:53.0934 5220 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
13:33:53.0950 5220 WPCSvc - ok
13:33:53.0981 5220 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
13:33:53.0981 5220 WPDBusEnum - ok
13:33:53.0997 5220 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
13:33:53.0997 5220 ws2ifsl - ok
13:33:54.0012 5220 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
13:33:54.0012 5220 wscsvc - ok
13:33:54.0012 5220 WSearch - ok
13:33:54.0090 5220 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
13:33:54.0121 5220 wuauserv - ok
13:33:54.0246 5220 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
13:33:54.0246 5220 WudfPf - ok
13:33:54.0262 5220 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:33:54.0262 5220 WUDFRd - ok
13:33:54.0309 5220 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
13:33:54.0309 5220 wudfsvc - ok
13:33:54.0355 5220 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
13:33:54.0355 5220 WwanSvc - ok
13:33:54.0402 5220 xusb21 (9176c0822faa649e45121875be32f5d2) C:\Windows\system32\DRIVERS\xusb21.sys
13:33:54.0418 5220 xusb21 - ok
13:33:54.0465 5220 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
13:33:54.0745 5220 \Device\Harddisk0\DR0 - ok
13:33:55.0120 5220 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR2
13:33:55.0213 5220 \Device\Harddisk1\DR2 - ok
13:33:55.0229 5220 Boot (0x1200) (2cd7c05ffce8f5f4a5bdac0e810a09a4) \Device\Harddisk0\DR0\Partition0
13:33:55.0229 5220 \Device\Harddisk0\DR0\Partition0 - ok
13:33:55.0229 5220 Boot (0x1200) (3e8532e0b904f89708dec7b42b1581d9) \Device\Harddisk0\DR0\Partition1
13:33:55.0229 5220 \Device\Harddisk0\DR0\Partition1 - ok
13:33:55.0260 5220 Boot (0x1200) (e6e8267cc2f8c8f68abd21d1fd7b74ff) \Device\Harddisk1\DR2\Partition0
13:33:55.0260 5220 \Device\Harddisk1\DR2\Partition0 - ok
13:33:55.0260 5220 ============================================================
13:33:55.0260 5220 Scan finished
13:33:55.0260 5220 ============================================================
13:33:55.0276 2920 Detected object count: 0
13:33:55.0276 2920 Actual detected object count: 0
stararc
Active Member
 
Posts: 14
Joined: June 25th, 2012, 12:51 am

Re: Infestation

Unread postby Gary R » June 28th, 2012, 9:14 am

Please go to Control Panel > Programs > Uninstall a program and Uninstall the following:

HiJackThis
Java(TM) 6 Update 20
Java(TM) 6 Update 22
Java(TM) 6 Update 30
PokerStars
Spybot - Search & Destroy
SUPERAntiSpyware Free Edition
µTorrent


HJT is not compatible with 64 bit windows.
Old versions of java can be exploited
Poker Stars is a known spreader of infection
Spybot and SAS will interfere with any removals we make (you can re-install them when we've finished if you wish)
uTorrent is a P2P, use of P2P programs is the quickest way to an infection that I know, in exchange for our help this forum insists on the removal of all P2P programs.

Once all those programs are uninstalled ... reboot your computer.

Next

  • Double click OTL.exe to launch the programme.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.
Code: Select all
:OTL
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}:6.0.30
[2010/05/26 16:55:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/27 13:39:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/05/16 15:17:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/31 21:28:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/02/22 03:04:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/09/07 01:38:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2012/01/09 10:10:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
O4 - HKLM..\Run: [HKLM] C:\Windows\InstallDir\Server.exe ()
O4 - HKLM..\Run: [RemoteTool] C:\Users\Matt\AppData\Roaming\System\Client.exe File not found
O4 - HKU\S-1-5-21-3110688605-1108793113-2133267777-1001..\Run: [] File not found
O4 - HKU\S-1-5-21-3110688605-1108793113-2133267777-1001..\Run: [HKCU] C:\Windows\InstallDir\Server.exe ()
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-21-3110688605-1108793113-2133267777-1001\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3110688605-1108793113-2133267777-1006\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-21-3110688605-1108793113-2133267777-1006\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-21-3110688605-1108793113-2133267777-1006\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-21-3110688605-1108793113-2133267777-1006\..Trusted Domains: sony.com ([]* in )
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_30)
O33 - MountPoints2\{d1279fd7-cd77-11e0-8520-002618dd09f1}\Shell - "" = AutoRun
O33 - MountPoints2\{d1279fd7-cd77-11e0-8520-002618dd09f1}\Shell\AutoRun\command - "" = I:\NokiaPCIA_Autorun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\SETUP.EXE
O33 - MountPoints2\E\Shell\configure\command - "" = E:\SETUP.EXE
O33 - MountPoints2\E\Shell\install\command - "" = E:\SETUP.EXE
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\RunGame.exe
[2012/06/26 18:55:42 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{6645674A-503E-4905-8F43-877A98366F09}
[2012/06/26 18:55:32 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{B67FFA0A-4C44-4CE9-A7C7-25844BE38953}
[2012/06/25 14:30:01 | 000,240,128 | ---- | C] (mqqpk tiuffyo ltws fgbno) -- C:\Users\Matt\Documents\Facebook.exe
[2012/06/25 12:34:55 | 000,233,472 | ---- | C] (gdefsv fcwc rmpt pvsvdot) -- C:\Users\Matt\Documents\Services.zgy
[2012/06/25 12:18:55 | 000,387,584 | RHS- | C] (sxuakcqb tmtd pxym ksv) -- C:\Users\Matt\vidKBD.exe
[2012/06/25 06:58:31 | 000,387,584 | RHS- | C] (sxuakcqb tmtd pxym ksv) -- C:\Users\Matt\odeKB.exe
[2012/06/25 05:43:59 | 000,233,472 | ---- | C] (gdefsv fcwc rmpt pvsvdot) -- C:\Users\Matt\Documents\Services.exe
[2012/06/24 23:06:59 | 000,397,312 | RHS- | C] (hudnwjxc bujjle wljg qkpft) -- C:\Users\Matt\kankey.exe
[2012/06/24 21:07:38 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Users\Matt\Desktop\spybotsd162.exe
[2012/06/24 20:59:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/06/24 20:58:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/06/24 20:58:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/06/24 20:50:31 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012/06/22 22:08:46 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{F66FA6D2-5F62-40C8-A0BD-DC65CE194FB7}
[2012/06/22 22:08:34 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{0A7A0EE5-2424-4AD1-81EF-7D1738140029}
[2012/06/20 07:27:38 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{4861C3BD-061F-4358-B0C6-7856CAEDC038}
[2012/06/20 07:27:27 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{F1BA0379-9CB6-479C-85F5-60404BDA224E}
[2012/06/19 03:24:50 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{5AFAA438-E8C4-41F5-B0F5-E7CAA4560275}
[2012/06/19 03:24:39 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{5BD95B5A-E3F4-4406-BE18-CA9BC11186C8}
[2012/06/15 06:53:22 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{676817FB-3AEB-495F-8CBF-824393AA75D6}
[2012/06/12 10:43:03 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{9F9C83D3-A4A8-4D14-8A02-F522258E20B3}
[2012/06/12 10:42:53 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{E0AEB663-5B71-4843-8CF8-CF06988E1334}
[2012/06/11 11:41:37 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{128F35C1-79F2-4881-9896-6BD8285D1AD5}
[2012/06/11 11:41:26 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{9523FD39-AD06-4E96-A38A-5C603A501275}
[2012/06/02 23:01:07 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{05A7E3AE-F466-4E03-9F94-990C398B011B}
[2012/06/02 23:00:54 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{8CBC383E-1180-4432-8BA9-A909F2D1B46B}
[2012/05/29 07:11:35 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{381BA3C0-9A03-4EFE-BF4F-A8E9F9806406}
[2012/05/29 07:11:20 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{372E8410-B9E4-4A75-B20E-80204A0D9E8D}
[2012/06/27 13:47:21 | 000,000,000 | -HS- | M] () -- C:\Users\Matt\AppData\Roaming\52491698bb5f9c7c96d65390f4e8b830
[2012/06/27 13:47:16 | 000,000,000 | -HS- | M] () -- C:\Users\Matt\AppData\Roaming\f73f04e8f7fccf7bbcc49e8902e6af25
[2012/06/27 13:47:16 | 000,000,000 | -HS- | M] () -- C:\Users\Matt\AppData\Roaming\26e4874716958807c537dff3f7346185iQXh5xYL
[2012/06/25 12:34:54 | 000,233,472 | ---- | M] (gdefsv fcwc rmpt pvsvdot) -- C:\Users\Matt\Documents\Services.zgy
[2012/06/25 12:19:02 | 000,387,584 | RHS- | M] (sxuakcqb tmtd pxym ksv) -- C:\Users\Matt\vidKBD.exe
[2012/06/25 06:58:33 | 000,387,584 | RHS- | M] (sxuakcqb tmtd pxym ksv) -- C:\Users\Matt\odeKB.exe
[2012/06/25 05:43:59 | 000,233,472 | ---- | M] (gdefsv fcwc rmpt pvsvdot) -- C:\Users\Matt\Documents\Services.exe
[2012/06/25 05:38:38 | 000,397,312 | RHS- | M] (hudnwjxc bujjle wljg qkpft) -- C:\Windows\SysWow64\siuocjq
[2012/06/25 00:18:26 | 000,397,312 | RHS- | M] (hudnwjxc bujjle wljg qkpft) -- C:\Users\Matt\kankey.exe
[2012/06/24 21:16:51 | 000,233,472 | ---- | M] (putuic hkppoit aqvb hiblc) -- C:\Users\Matt\Documents\Runnservices.zgy
[2012/06/24 21:16:51 | 000,233,472 | ---- | M] (putuic hkppoit aqvb hiblc) -- C:\Users\Matt\Documents\Runnservices.exe
[2012/06/24 20:43:08 | 000,397,312 | RHS- | M] (hudnwjxc bujjle wljg qkpft) -- C:\Users\Matt\sysapi-ms-win-core-.exe
[2012/06/24 20:43:08 | 000,397,312 | RHS- | M] (hudnwjxc bujjle wljg qkpft) -- C:\Users\Matt\Documents\runservice.zgy
[2012/06/24 20:43:08 | 000,397,312 | RHS- | M] (hudnwjxc bujjle wljg qkpft) -- C:\Users\Matt\cnvopen.exe
[2012/06/24 14:41:05 | 000,180,224 | -H-- | M] (0dg29VsSVTzIJS) -- C:\ProgramData\wscntfy.exe
[2012/06/24 14:41:05 | 000,180,224 | -H-- | M] (0dg29VsSVTzIJS) -- C:\Program Files\Common Files\lsmass.exe
[2012/06/27 13:47:21 | 000,000,000 | -HS- | C] () -- C:\Users\Matt\AppData\Roaming\52491698bb5f9c7c96d65390f4e8b830
[2012/06/27 13:47:16 | 000,000,000 | -HS- | C] () -- C:\Users\Matt\AppData\Roaming\f73f04e8f7fccf7bbcc49e8902e6af25
[2012/06/27 00:21:21 | 000,000,000 | -HS- | C] () -- C:\Users\Matt\AppData\Roaming\26e4874716958807c537dff3f7346185iQXh5xYL
[2012/06/24 20:50:31 | 000,002,971 | ---- | C] () -- C:\Users\Matt\Desktop\HiJackThis.lnk
[2012/06/25 17:34:29 | 001,012,910 | ---- | C] () -- C:\Users\Matt\Documents\tmp50AF.exe
[2012/06/25 17:34:28 | 001,012,910 | ---- | C] () -- C:\Users\Matt\Documents\tmp4E6E.exe
[2012/06/24 19:03:41 | 000,000,000 | ---- | C] () -- C:\gcqshw.exe
[2012/06/23 07:11:06 | 000,030,208 | -H-- | C] () -- C:\Users\Matt\Documents\cmd.exe
[2012/06/25 22:22:02 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\uTorrent

:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe" =-
"C:\Users\Matt\AppData\Roaming\jew2.exe" =-
"C:\Users\Matt\AppData\Local\Temp\svchost.exe" =-
"C:\Users\Matt\AppData\Local\Temp\ForceOP.exe" =-
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" =-
"C:\Users\Matt\AppData\Roaming\0XY79Z331C.exe" =-
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" =-
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe" =-
"C:\Users\Matt\AppData\Roaming\O0EOG6827U.exe" =-
"C:\Users\Matt\AppData\Roaming\taskgmr.exe" = -
"C:\Users\Matt\AppData\Local\Temp\69522.exe" =-
"C:\Users\Matt\AppData\Local\Temp\12er4.exe" =-
"C:\Users\Matt\AppData\Local\Temp\6375.exe" =-
"C:\Users\Matt\AppData\Roaming\windowsdefender.exe" =-
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe" =-
"C:\Users\Matt\AppData\Roaming\jew2.exe" = -
"C:\Users\Matt\AppData\Local\Temp\svchost.exe" =-
"C:\Users\Matt\AppData\Local\Temp\ForceOP.exe" =- 
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" =-
"C:\Users\Matt\AppData\Roaming\0XY79Z331C.exe" =-
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" =-
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe" =-
"C:\Users\Matt\AppData\Roaming\O0EOG6827U.exe" =-
"C:\Users\Matt\AppData\Roaming\taskgmr.exe" =-
"C:\Users\Matt\AppData\Local\Temp\69522.exe" =-
"C:\Users\Matt\AppData\Local\Temp\12er4.exe" =-
"C:\Users\Matt\AppData\Local\Temp\6375.exe" = -
"C:\Users\Matt\AppData\Roaming\windowsdefender.exe" =-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07C77D18-FF7F-4C11-A07F-EB7D980BB5DC}" =-
"{23785870-F9D0-4BFD-90C5-5D3E6B32D867}" = -
"{25AFB8D4-6D7B-4D7F-A6C5-82AC4C5C2E37}" = -
"{290A43FB-D5CE-45B2-8FA9-861521587B2D}" = -
"{322489E5-C460-4D08-98BD-DEDCCF726C67}" =-
"{345137CA-6FDF-46CE-AED0-609553AD70DD}" =-
"{39E380BA-FF42-43A1-8B24-1D7499C7B2A6}" =-
"{4C127CA3-7F44-4587-AA0E-E2E103829C5E}" =-
"{501D4946-6B1D-434F-B86C-05C373EFCB99}" =-
"{58171E8E-6BF5-4B3F-BDD8-4A8ABB791E03}" =-
"{5BF7E531-783B-4468-BC6B-371329F91BFC}" =-
"{5C4A0646-0785-4CCF-9C48-299BA31C41F9}" =-
"{6969C86E-9A4A-4E2A-845F-5E721D148EF3}" =-
"{95D0E178-C7EF-407E-B6DD-6AFEDC38BDDE}" =-
"{973E81B3-AD37-4E73-A001-F4FB09C53E23}" =-
"{A31D9C9E-0700-43EF-B640-724D2799179F}" =-
"{BAA193A5-3549-4A0D-A477-CCC4EFF31612}" =-
"{BAF94F7C-F137-4D3B-9A58-98ED652CA0D1}" =-
"{C119BE64-D4B9-4997-8B03-5170DC21BB44}" =-
"{C31FFDAE-91CA-4F44-93B0-0805CDE88D1E}" =-
"{C36574AF-F405-4333-A776-14C55F9B8B35}" =-
"{DB6DE033-D2C6-4B38-8101-71AE8941A7B9}" =- 
"{E9B9FECF-3293-486E-B785-2EE8B1354FB4}" =-
"{EFFF1CA0-48E2-403D-AB18-3EBE25628D43}" =-
"{F3FEE8D8-4DA8-426D-903B-3E47E5AA3898}" =-

:Commands
[emptytemp]
[resethosts]
[createrestorepoint]

  • Click the Run Fix button.
  • OTL will now process the instructions.
  • When finished a box will open asking you to open the fix log, click OK.
  • The fix log will open.
  • Copy/Paste the log in your next reply please.

Note: If necessary, OTL may re-boot your computer, or request that you do so, if it does, re-boot your computer. A log will be produced upon re-boot.

Next

Please run a scan with ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
  • Please go HERE then click on: Image
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Copy and paste that log in your next reply please.
  • Now click on: Image (Selecting Uninstall application on close if you so wish)

Summary of the logs I need from you in your next post:
  • OTL fix log
  • E-Set log


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Infestation

Unread postby stararc » June 30th, 2012, 8:36 am

All processes killed
========== OTL ==========
Prefs.js: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}:6.0.30 removed from extensions.enabledItems
Folder C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ not found.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} folder moved successfully.
Folder C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} folder moved successfully.
Folder C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HKLM deleted successfully.
C:\Windows\InstallDir\Server.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\RemoteTool deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3110688605-1108793113-2133267777-1001\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3110688605-1108793113-2133267777-1001\Software\Microsoft\Windows\CurrentVersion\Run\\HKCU deleted successfully.
File C:\Windows\InstallDir\Server.exe not found.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ not found.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ not found.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ not found.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ not found.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-3110688605-1108793113-2133267777-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-3110688605-1108793113-2133267777-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-3110688605-1108793113-2133267777-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-3110688605-1108793113-2133267777-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-3110688605-1108793113-2133267777-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_USERS\S-1-5-21-3110688605-1108793113-2133267777-1006\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\S-1-5-21-3110688605-1108793113-2133267777-1006\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\S-1-5-21-3110688605-1108793113-2133267777-1006\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\S-1-5-21-3110688605-1108793113-2133267777-1006\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d1279fd7-cd77-11e0-8520-002618dd09f1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d1279fd7-cd77-11e0-8520-002618dd09f1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d1279fd7-cd77-11e0-8520-002618dd09f1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d1279fd7-cd77-11e0-8520-002618dd09f1}\ not found.
File I:\NokiaPCIA_Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found.
File E:\SETUP.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found.
File E:\SETUP.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found.
File E:\SETUP.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File F:\RunGame.exe not found.
C:\Users\Matt\AppData\Local\{6645674A-503E-4905-8F43-877A98366F09} folder moved successfully.
C:\Users\Matt\AppData\Local\{B67FFA0A-4C44-4CE9-A7C7-25844BE38953} folder moved successfully.
C:\Users\Matt\My Documents\Facebook.exe moved successfully.
C:\Users\Matt\My Documents\Services.zgy moved successfully.
C:\Users\Matt\vidKBD.exe moved successfully.
C:\Users\Matt\odeKB.exe moved successfully.
C:\Users\Matt\My Documents\Services.exe moved successfully.
C:\Users\Matt\kankey.exe moved successfully.
File C:\Users\Matt\Desktop\spybotsd162.exe not found.
Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy\ not found.
C:\ProgramData\Spybot - Search & Destroy\Recovery folder moved successfully.
C:\ProgramData\Spybot - Search & Destroy\Logs folder moved successfully.
C:\ProgramData\Spybot - Search & Destroy folder moved successfully.
C:\Program Files (x86)\Spybot - Search & Destroy folder moved successfully.
Folder C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis\ not found.
C:\Users\Matt\AppData\Local\{F66FA6D2-5F62-40C8-A0BD-DC65CE194FB7} folder moved successfully.
C:\Users\Matt\AppData\Local\{0A7A0EE5-2424-4AD1-81EF-7D1738140029} folder moved successfully.
C:\Users\Matt\AppData\Local\{4861C3BD-061F-4358-B0C6-7856CAEDC038} folder moved successfully.
C:\Users\Matt\AppData\Local\{F1BA0379-9CB6-479C-85F5-60404BDA224E} folder moved successfully.
C:\Users\Matt\AppData\Local\{5AFAA438-E8C4-41F5-B0F5-E7CAA4560275} folder moved successfully.
C:\Users\Matt\AppData\Local\{5BD95B5A-E3F4-4406-BE18-CA9BC11186C8} folder moved successfully.
C:\Users\Matt\AppData\Local\{676817FB-3AEB-495F-8CBF-824393AA75D6} folder moved successfully.
C:\Users\Matt\AppData\Local\{9F9C83D3-A4A8-4D14-8A02-F522258E20B3} folder moved successfully.
C:\Users\Matt\AppData\Local\{E0AEB663-5B71-4843-8CF8-CF06988E1334} folder moved successfully.
C:\Users\Matt\AppData\Local\{128F35C1-79F2-4881-9896-6BD8285D1AD5} folder moved successfully.
C:\Users\Matt\AppData\Local\{9523FD39-AD06-4E96-A38A-5C603A501275} folder moved successfully.
C:\Users\Matt\AppData\Local\{05A7E3AE-F466-4E03-9F94-990C398B011B} folder moved successfully.
C:\Users\Matt\AppData\Local\{8CBC383E-1180-4432-8BA9-A909F2D1B46B} folder moved successfully.
C:\Users\Matt\AppData\Local\{381BA3C0-9A03-4EFE-BF4F-A8E9F9806406} folder moved successfully.
C:\Users\Matt\AppData\Local\{372E8410-B9E4-4A75-B20E-80204A0D9E8D} folder moved successfully.
C:\Users\Matt\AppData\Roaming\52491698bb5f9c7c96d65390f4e8b830 moved successfully.
C:\Users\Matt\AppData\Roaming\f73f04e8f7fccf7bbcc49e8902e6af25 moved successfully.
C:\Users\Matt\AppData\Roaming\26e4874716958807c537dff3f7346185iQXh5xYL moved successfully.
File C:\Users\Matt\Documents\Services.zgy not found.
File C:\Users\Matt\vidKBD.exe not found.
File C:\Users\Matt\odeKB.exe not found.
File C:\Users\Matt\Documents\Services.exe not found.
File move failed. C:\Windows\SysWOW64\siuocjq scheduled to be moved on reboot.
File C:\Users\Matt\kankey.exe not found.
C:\Users\Matt\My Documents\Runnservices.zgy moved successfully.
C:\Users\Matt\My Documents\Runnservices.exe moved successfully.
C:\Users\Matt\sysapi-ms-win-core-.exe moved successfully.
C:\Users\Matt\My Documents\runservice.zgy moved successfully.
C:\Users\Matt\cnvopen.exe moved successfully.
C:\ProgramData\wscntfy.exe moved successfully.
C:\Program Files\Common Files\lsmass.exe moved successfully.
File C:\Users\Matt\AppData\Roaming\52491698bb5f9c7c96d65390f4e8b830 not found.
File C:\Users\Matt\AppData\Roaming\f73f04e8f7fccf7bbcc49e8902e6af25 not found.
File C:\Users\Matt\AppData\Roaming\26e4874716958807c537dff3f7346185iQXh5xYL not found.
File C:\Users\Matt\Desktop\HiJackThis.lnk not found.
C:\Users\Matt\My Documents\tmp50AF.exe moved successfully.
C:\Users\Matt\My Documents\tmp4E6E.exe moved successfully.
C:\gcqshw.exe moved successfully.
C:\Users\Matt\My Documents\cmd.exe moved successfully.
C:\Users\Matt\AppData\Roaming\uTorrent\ie folder moved successfully.
C:\Users\Matt\AppData\Roaming\uTorrent\dlimagecache folder moved successfully.
C:\Users\Matt\AppData\Roaming\uTorrent\apps\VirusGuard\Plugins folder moved successfully.
C:\Users\Matt\AppData\Roaming\uTorrent\apps\VirusGuard folder moved successfully.
C:\Users\Matt\AppData\Roaming\uTorrent\apps folder moved successfully.
C:\Users\Matt\AppData\Roaming\uTorrent folder moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\Matt\AppData\Roaming\jew2.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\Matt\AppData\Local\Temp\svchost.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\Matt\AppData\Local\Temp\ForceOP.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\Matt\AppData\Roaming\0XY79Z331C.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\Matt\AppData\Roaming\O0EOG6827U.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\Matt\AppData\Roaming\taskgmr.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\Matt\AppData\Local\Temp\69522.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\Matt\AppData\Local\Temp\12er4.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\Matt\AppData\Local\Temp\6375.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\Matt\AppData\Roaming\windowsdefender.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\Matt\AppData\Roaming\jew2.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\Matt\AppData\Local\Temp\svchost.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\Matt\AppData\Local\Temp\ForceOP.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\Matt\AppData\Roaming\0XY79Z331C.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\Matt\AppData\Roaming\O0EOG6827U.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\Matt\AppData\Roaming\taskgmr.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\Matt\AppData\Local\Temp\69522.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\Matt\AppData\Local\Temp\12er4.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\Matt\AppData\Local\Temp\6375.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\Matt\AppData\Roaming\windowsdefender.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{07C77D18-FF7F-4C11-A07F-EB7D980BB5DC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07C77D18-FF7F-4C11-A07F-EB7D980BB5DC}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{23785870-F9D0-4BFD-90C5-5D3E6B32D867} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{23785870-F9D0-4BFD-90C5-5D3E6B32D867}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{25AFB8D4-6D7B-4D7F-A6C5-82AC4C5C2E37} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25AFB8D4-6D7B-4D7F-A6C5-82AC4C5C2E37}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{290A43FB-D5CE-45B2-8FA9-861521587B2D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{290A43FB-D5CE-45B2-8FA9-861521587B2D}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{322489E5-C460-4D08-98BD-DEDCCF726C67} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{322489E5-C460-4D08-98BD-DEDCCF726C67}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{345137CA-6FDF-46CE-AED0-609553AD70DD} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{345137CA-6FDF-46CE-AED0-609553AD70DD}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{39E380BA-FF42-43A1-8B24-1D7499C7B2A6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{39E380BA-FF42-43A1-8B24-1D7499C7B2A6}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4C127CA3-7F44-4587-AA0E-E2E103829C5E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4C127CA3-7F44-4587-AA0E-E2E103829C5E}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{501D4946-6B1D-434F-B86C-05C373EFCB99} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{501D4946-6B1D-434F-B86C-05C373EFCB99}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{58171E8E-6BF5-4B3F-BDD8-4A8ABB791E03} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{58171E8E-6BF5-4B3F-BDD8-4A8ABB791E03}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5BF7E531-783B-4468-BC6B-371329F91BFC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5BF7E531-783B-4468-BC6B-371329F91BFC}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5C4A0646-0785-4CCF-9C48-299BA31C41F9} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C4A0646-0785-4CCF-9C48-299BA31C41F9}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6969C86E-9A4A-4E2A-845F-5E721D148EF3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6969C86E-9A4A-4E2A-845F-5E721D148EF3}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{95D0E178-C7EF-407E-B6DD-6AFEDC38BDDE} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95D0E178-C7EF-407E-B6DD-6AFEDC38BDDE}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{973E81B3-AD37-4E73-A001-F4FB09C53E23} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{973E81B3-AD37-4E73-A001-F4FB09C53E23}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A31D9C9E-0700-43EF-B640-724D2799179F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A31D9C9E-0700-43EF-B640-724D2799179F}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BAA193A5-3549-4A0D-A477-CCC4EFF31612} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BAA193A5-3549-4A0D-A477-CCC4EFF31612}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BAF94F7C-F137-4D3B-9A58-98ED652CA0D1} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BAF94F7C-F137-4D3B-9A58-98ED652CA0D1}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C119BE64-D4B9-4997-8B03-5170DC21BB44} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C119BE64-D4B9-4997-8B03-5170DC21BB44}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C31FFDAE-91CA-4F44-93B0-0805CDE88D1E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C31FFDAE-91CA-4F44-93B0-0805CDE88D1E}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C36574AF-F405-4333-A776-14C55F9B8B35} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C36574AF-F405-4333-A776-14C55F9B8B35}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DB6DE033-D2C6-4B38-8101-71AE8941A7B9} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DB6DE033-D2C6-4B38-8101-71AE8941A7B9}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E9B9FECF-3293-486E-B785-2EE8B1354FB4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E9B9FECF-3293-486E-B785-2EE8B1354FB4}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EFFF1CA0-48E2-403D-AB18-3EBE25628D43} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EFFF1CA0-48E2-403D-AB18-3EBE25628D43}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F3FEE8D8-4DA8-426D-903B-3E47E5AA3898} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3FEE8D8-4DA8-426D-903B-3E47E5AA3898}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56502 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Matt
->Temp folder emptied: 1631357866 bytes
->Temporary Internet Files folder emptied: 18585018 bytes
->Java cache emptied: 3057788 bytes
->FireFox cache emptied: 100622367 bytes
->Google Chrome cache emptied: 152691187 bytes
->Opera cache emptied: 22755484 bytes
->Flash cache emptied: 3344 bytes

User: post-gres
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: postgres
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3212608 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67697 bytes
RecycleBin emptied: 18131181 bytes

Total Files Cleaned = 1,860.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.53.0 log created on 06282012_152016

Files\Folders moved on Reboot...
C:\Windows\SysWOW64\siuocjq moved successfully.
C:\Users\Matt\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0 moved successfully.
C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1 moved successfully.
C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2 moved successfully.
C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3 moved successfully.
C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Cache\index moved successfully.
File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.
File move failed. C:\Windows\temp\logishrd\LVPrcInj02.dll scheduled to be moved on reboot.

PendingFileRenameOperations files...
File C:\Windows\SysWOW64\siuocjq not found!
File C:\Users\Matt\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
File C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0 not found!
File C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1 not found!
File C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2 not found!
File C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3 not found!
File C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Cache\index not found!
[2009/10/07 02:47:22 | 000,109,080 | ---- | M] (Logitech Inc.) C:\Windows\temp\logishrd\LVPrcInj01.dll : Unable to obtain MD5
[2009/10/07 02:46:36 | 000,131,608 | ---- | M] (Logitech Inc.) C:\Windows\temp\logishrd\LVPrcInj02.dll : Unable to obtain MD5

Registry entries deleted on Reboot...
stararc
Active Member
 
Posts: 14
Joined: June 25th, 2012, 12:51 am

Re: Infestation

Unread postby stararc » June 30th, 2012, 8:37 am

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-06-30 12:30:19
# local_time=2012-06-30 01:30:19 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 477332 477332 0 0
# compatibility_mode=768 16777215 100 0 77203011 77203011 0 0
# compatibility_mode=5893 16776574 100 94 42495635 93509811 0 0
# compatibility_mode=8192 67108863 100 0 78036 78036 0 0
# scanned=801742
# found=159
# cleaned=0
# scan_time=14658
C:\ntldr.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\Trend Micro\HiJackThis\backups\backup-20120624-232553-161-cmd.exe a variant of Win32/Injector.TAE trojan (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\Trend Micro\HiJackThis\backups\backup-20120625-060924-685-cmd.exe a variant of Win32/Injector.TAE trojan (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\Trend Micro\HiJackThis\backups\backup-20120625-165502-423-6364233374544.exe a variant of MSIL/Injector.AFZ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\Trend Micro\HiJackThis\backups\backup-20120625-165502-760-7213318599544.exe a variant of MSIL/Injector.AFZ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\Trend Micro\HiJackThis\backups\backup-20120625-165502-832-Applet.exe a variant of Win32/Injector.JRX trojan (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\Trend Micro\HiJackThis\backups\backup-20120625-165510-351-chrome.exe a variant of Win32/Injector.JRX trojan (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\Trend Micro\HiJackThis\backups\backup-20120625-165517-321-Applet.exe a variant of Win32/Injector.JRX trojan (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\Trend Micro\HiJackThis\backups\backup-20120625-165517-349-6364233374544.exe a variant of MSIL/Injector.AFZ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\Trend Micro\HiJackThis\backups\backup-20120625-165517-707-7213318599544.exe a variant of MSIL/Injector.AFZ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\Trend Micro\HiJackThis\backups\backup-20120625-165521-255-chrome.exe a variant of Win32/Injector.JRX trojan (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\Trend Micro\HiJackThis\backups\backup-20120625-223503-854-Akamai.exe a variant of Win32/Injector.JRX trojan (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\Trend Micro\HiJackThis\backups\backup-20120625-223512-758-Applet.exe a variant of Win32/Injector.JRX trojan (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\Trend Micro\HiJackThis\backups\backup-20120625-223517-667-chrome.exe Win32/TrojanDownloader.VB.PVA trojan (unable to clean) 00000000000000000000000000000000 I
C:\ProgramData\Local Settings\Temp\mseacq.exe a variant of Win32/Injector.JRX trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\All Users\Local Settings\Temp\mseacq.exe a variant of Win32/Injector.JRX trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\chrome.exe a variant of Win32/Injector.JRX trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\C_1bits.exe a variant of MSIL/Injector.AFZ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\C_1NO.exe a variant of Win32/Agent.TUO trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\libwin.exe a variant of MSIL/Injector.AFZ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\WINrich.exe a variant of Win32/Agent.TUO trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\AppData\Local\Microsoft\Messenger\imnais2@hotmail.co.uk\mypornpics.scr MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\AppData\Local\Microsoft\Messenger\matamat@hotmail.co.uk\mypornpics.scr MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\AppData\Local\Microsoft\Messenger\matamat@hotmail.com\mypornpics.scr MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\AppData\Local\Microsoft\Messenger\mturner14321@hotmail.com\mypornpics.scr MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\AppData\Local\Microsoft\Messenger\sketchcrazy_12@hotmail.com\mypornpics.scr MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\AppData\Roaming\8CDC6D.exe a variant of Win32/Injector.JRX trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\AppData\Roaming\Harmon\Harmon.exe a variant of Win32/Kryptik.AHPQ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\AppData\Roaming\Microsoft\jEgTRpkjbUXWscESNGXwCGhs.exe a variant of Win32/Injector.JRX trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\AppData\Roaming\Microsoft\lsass.exe a variant of Win32/Injector.JRX trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\AppData\Roaming\Microsoft\mlSUlQB.exe a variant of Win32/Injector.JRX trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\AppData\Roaming\Microsoft\Run.exe a variant of Win32/Injector.TBD trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Alair Andre Thorvald.scr a variant of Win32/Kryptik.AHPQ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Emory Homer Eldin.scr a variant of Win32/Kryptik.AHPQ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\chrome.exe a variant of Win32/Injector.JRX trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\2K Sports-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\ABBYY FineReader 9.0 Sprint-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\AC3Filter-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\AceGain-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\Adobe-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\AIM-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\AMD APP-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\Apple Software Update-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\ATI Technologies-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\ATI-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\AviSynth 2.5-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\BlackBeanGames-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\Bonjour-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\BRS-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\Common Files-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\Cryptic Studios-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\CyberLink-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\DAEMON Tools Lite-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\Democracy2 Demo-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\DivX-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\dumps-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\EA GAMES-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\EA SPORTS-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\EACOM-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\Electronic Arts-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\Epson Software-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\epson-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\Feedback Tool-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\File Type Assistant-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\Full Tilt Poker-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\GameSpy Arcade-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\Google-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\Graph-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\InstallShield Installation Information-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\Internet Explorer-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\iTunes-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\Java-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\Koei-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\LibUSB-Win32-0.1.10.1-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\Media Widget-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\MediaMonkey-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\Microsoft Analysis Services-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\Microsoft CAPICOM 2.1.0.2-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\Microsoft Games for Windows - LIVE-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\Microsoft Games-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\Microsoft Office-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\Microsoft Security Client-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\Microsoft Silverlight-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\Microsoft SQL Server Compact Edition-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\Microsoft Sync Framework-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\Microsoft Synchronization Services-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\Microsoft Visual Studio 8-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\Microsoft Windows 7 Upgrade Advisor-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\Microsoft WSE-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\Microsoft.NET-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\Mozilla Firefox-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\MSBuild-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\MSECache-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\MSXML 4.0-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\Nero-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\Nokia-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\NVIDIA Corporation-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\O2 Assistant-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\O2_Installer-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\OpenAL-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\OpenOffice.org 3-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\Opera-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\PC Connectivity Solution-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\Pidgin-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\PokerStars-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\PokerStove-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\PostgreSQL-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\PowerISO-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\QuickTime-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\Red Kawa-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\Reference Assemblies-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\Regensoft-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\Remote Mouse-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\Rosetta Stone-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\RVG Software-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\Skype-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\Sony-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\Sports Interactive-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\Spotify-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\Steam-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\SUPERAntiSpyware-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\TVUPlayer-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\Ubisoft-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\Uninstall Information-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\uTorrent-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\Veetle-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\Verbatim GREEN BUTTON-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\VideoLAN-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\vShare.tv plugin-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\Winamp-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\Windows Defender-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\Windows Live-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\Windows Mail-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\Windows Media Player-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\Windows NT-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\Windows Photo Viewer-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\Windows Portable Devices-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\Windows Sidebar-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\Wolfram Research-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\Zero G Registry-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Downloads\chrome.exe a variant of Win32/Injector.JRX trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Downloads\cnet_SetupGraph-4_3_exe.exe a variant of Win32/InstallCore.D application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Favorites\cmd.exe a variant of Win32/Injector.TAE trojan (unable to clean) 00000000000000000000000000000000 I
C:\Windows\Aube.exe a variant of Win32/Kryptik.AHPQ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Windows\Ignacio Maximo Herbert.exe a variant of Win32/Kryptik.AHPQ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Windows\KMSAct.exe Win32/HackKMS.A application (unable to clean) 00000000000000000000000000000000 I
C:\Windows\System32\Applet\Applet.exe a variant of Win32/Injector.JRX trojan (unable to clean) 00000000000000000000000000000000 I
C:\Windows\System32\MSDCSC\mopreL58F861\svchost.exe probably a variant of Win32/Injector.TBD trojan (unable to clean) 00000000000000000000000000000000 I
C:\Windows\SysWOW64\Applet\Applet.exe a variant of Win32/Injector.JRX trojan (unable to clean) 00000000000000000000000000000000 I
C:\Windows\SysWOW64\MSDCSC\mopreL58F861\svchost.exe probably a variant of Win32/Injector.TBD trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\06282012_152016\C_Program Files\Common Files\lsmass.exe probably a variant of MSIL/Kryptik.DN trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\06282012_152016\C_ProgramData\wscntfy.exe probably a variant of MSIL/Kryptik.DN trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\06282012_152016\C_ProgramData\Spybot - Search & Destroy\Recovery\CoolWWWSearchSvchost1.zip Win32/Bagle.gen.zip worm (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\06282012_152016\C_Users\Matt\odeKB.exe MSIL/Agent.NQU trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\06282012_152016\C_Users\Matt\vidKBD.exe MSIL/Agent.NQU trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\06282012_152016\C_Users\Matt\My Documents\cmd.exe a variant of Win32/Injector.TAE trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\06282012_152016\C_Users\Matt\My Documents\Facebook.exe probably a variant of MSIL/Autorun.EPCIBVM worm (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\06282012_152016\C_Users\Matt\My Documents\tmp4E6E.exe a variant of Win32/Injector.JRX trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\06282012_152016\C_Users\Matt\My Documents\tmp50AF.exe a variant of Win32/Injector.JRX trojan (unable to clean) 00000000000000000000000000000000 I
stararc
Active Member
 
Posts: 14
Joined: June 25th, 2012, 12:51 am

Re: Infestation

Unread postby stararc » June 30th, 2012, 8:37 am

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-06-30 12:30:19
# local_time=2012-06-30 01:30:19 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 477332 477332 0 0
# compatibility_mode=768 16777215 100 0 77203011 77203011 0 0
# compatibility_mode=5893 16776574 100 94 42495635 93509811 0 0
# compatibility_mode=8192 67108863 100 0 78036 78036 0 0
# scanned=801742
# found=159
# cleaned=0
# scan_time=14658
C:\ntldr.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\Trend Micro\HiJackThis\backups\backup-20120624-232553-161-cmd.exe a variant of Win32/Injector.TAE trojan (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\Trend Micro\HiJackThis\backups\backup-20120625-060924-685-cmd.exe a variant of Win32/Injector.TAE trojan (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\Trend Micro\HiJackThis\backups\backup-20120625-165502-423-6364233374544.exe a variant of MSIL/Injector.AFZ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\Trend Micro\HiJackThis\backups\backup-20120625-165502-760-7213318599544.exe a variant of MSIL/Injector.AFZ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\Trend Micro\HiJackThis\backups\backup-20120625-165502-832-Applet.exe a variant of Win32/Injector.JRX trojan (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\Trend Micro\HiJackThis\backups\backup-20120625-165510-351-chrome.exe a variant of Win32/Injector.JRX trojan (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\Trend Micro\HiJackThis\backups\backup-20120625-165517-321-Applet.exe a variant of Win32/Injector.JRX trojan (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\Trend Micro\HiJackThis\backups\backup-20120625-165517-349-6364233374544.exe a variant of MSIL/Injector.AFZ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\Trend Micro\HiJackThis\backups\backup-20120625-165517-707-7213318599544.exe a variant of MSIL/Injector.AFZ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\Trend Micro\HiJackThis\backups\backup-20120625-165521-255-chrome.exe a variant of Win32/Injector.JRX trojan (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\Trend Micro\HiJackThis\backups\backup-20120625-223503-854-Akamai.exe a variant of Win32/Injector.JRX trojan (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\Trend Micro\HiJackThis\backups\backup-20120625-223512-758-Applet.exe a variant of Win32/Injector.JRX trojan (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\Trend Micro\HiJackThis\backups\backup-20120625-223517-667-chrome.exe Win32/TrojanDownloader.VB.PVA trojan (unable to clean) 00000000000000000000000000000000 I
C:\ProgramData\Local Settings\Temp\mseacq.exe a variant of Win32/Injector.JRX trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\All Users\Local Settings\Temp\mseacq.exe a variant of Win32/Injector.JRX trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\chrome.exe a variant of Win32/Injector.JRX trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\C_1bits.exe a variant of MSIL/Injector.AFZ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\C_1NO.exe a variant of Win32/Agent.TUO trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\libwin.exe a variant of MSIL/Injector.AFZ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\WINrich.exe a variant of Win32/Agent.TUO trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\AppData\Local\Microsoft\Messenger\imnais2@hotmail.co.uk\mypornpics.scr MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\AppData\Local\Microsoft\Messenger\matamat@hotmail.co.uk\mypornpics.scr MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\AppData\Local\Microsoft\Messenger\matamat@hotmail.com\mypornpics.scr MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\AppData\Local\Microsoft\Messenger\mturner14321@hotmail.com\mypornpics.scr MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\AppData\Local\Microsoft\Messenger\sketchcrazy_12@hotmail.com\mypornpics.scr MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\AppData\Roaming\8CDC6D.exe a variant of Win32/Injector.JRX trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\AppData\Roaming\Harmon\Harmon.exe a variant of Win32/Kryptik.AHPQ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\AppData\Roaming\Microsoft\jEgTRpkjbUXWscESNGXwCGhs.exe a variant of Win32/Injector.JRX trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\AppData\Roaming\Microsoft\lsass.exe a variant of Win32/Injector.JRX trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\AppData\Roaming\Microsoft\mlSUlQB.exe a variant of Win32/Injector.JRX trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\AppData\Roaming\Microsoft\Run.exe a variant of Win32/Injector.TBD trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Alair Andre Thorvald.scr a variant of Win32/Kryptik.AHPQ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Emory Homer Eldin.scr a variant of Win32/Kryptik.AHPQ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\chrome.exe a variant of Win32/Injector.JRX trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\2K Sports-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\ABBYY FineReader 9.0 Sprint-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\AC3Filter-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\AceGain-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\Adobe-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\AIM-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\AMD APP-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\Apple Software Update-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\ATI Technologies-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\ATI-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\AviSynth 2.5-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\BlackBeanGames-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\Bonjour-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\BRS-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\Common Files-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\Cryptic Studios-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\CyberLink-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\DAEMON Tools Lite-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\Democracy2 Demo-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\DivX-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\dumps-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\EA GAMES-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\EA SPORTS-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\EACOM-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\Electronic Arts-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\Epson Software-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\epson-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\Feedback Tool-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\File Type Assistant-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\Full Tilt Poker-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\GameSpy Arcade-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\Google-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\Graph-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\InstallShield Installation Information-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\Internet Explorer-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\iTunes-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\Java-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\Koei-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\LibUSB-Win32-0.1.10.1-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\Media Widget-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\MediaMonkey-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\Microsoft Analysis Services-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\Microsoft CAPICOM 2.1.0.2-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\Microsoft Games for Windows - LIVE-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\Microsoft Games-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\Microsoft Office-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\Microsoft Security Client-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\Microsoft Silverlight-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\Microsoft SQL Server Compact Edition-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\Microsoft Sync Framework-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\Microsoft Synchronization Services-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\Microsoft Visual Studio 8-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\Microsoft Windows 7 Upgrade Advisor-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\Microsoft WSE-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\Microsoft.NET-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\Mozilla Firefox-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\MSBuild-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\MSECache-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\MSXML 4.0-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\Nero-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\Nokia-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\NVIDIA Corporation-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\O2 Assistant-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\O2_Installer-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\OpenAL-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\OpenOffice.org 3-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\Opera-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\PC Connectivity Solution-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\Pidgin-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\PokerStars-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\PokerStove-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\PostgreSQL-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\PowerISO-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\QuickTime-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\Red Kawa-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\Reference Assemblies-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\Regensoft-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\Remote Mouse-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\Rosetta Stone-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\RVG Software-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\Skype-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\Sony-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\Sports Interactive-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\Spotify-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\Steam-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\SUPERAntiSpyware-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\TVUPlayer-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\Ubisoft-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\Uninstall Information-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\uTorrent-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\Veetle-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\Verbatim GREEN BUTTON-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\VideoLAN-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\vShare.tv plugin-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\Winamp-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\Windows Defender-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\Windows Live-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\Windows Mail-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\Windows Media Player-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\Windows NT-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\Windows Photo Viewer-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\Windows Portable Devices-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\Windows Sidebar-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\Wolfram Research-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Documents\Downloads\Zero G Registry-crack.exe MSIL/Autorun.Agent.CA worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Downloads\chrome.exe a variant of Win32/Injector.JRX trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Downloads\cnet_SetupGraph-4_3_exe.exe a variant of Win32/InstallCore.D application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Favorites\cmd.exe a variant of Win32/Injector.TAE trojan (unable to clean) 00000000000000000000000000000000 I
C:\Windows\Aube.exe a variant of Win32/Kryptik.AHPQ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Windows\Ignacio Maximo Herbert.exe a variant of Win32/Kryptik.AHPQ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Windows\KMSAct.exe Win32/HackKMS.A application (unable to clean) 00000000000000000000000000000000 I
C:\Windows\System32\Applet\Applet.exe a variant of Win32/Injector.JRX trojan (unable to clean) 00000000000000000000000000000000 I
C:\Windows\System32\MSDCSC\mopreL58F861\svchost.exe probably a variant of Win32/Injector.TBD trojan (unable to clean) 00000000000000000000000000000000 I
C:\Windows\SysWOW64\Applet\Applet.exe a variant of Win32/Injector.JRX trojan (unable to clean) 00000000000000000000000000000000 I
C:\Windows\SysWOW64\MSDCSC\mopreL58F861\svchost.exe probably a variant of Win32/Injector.TBD trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\06282012_152016\C_Program Files\Common Files\lsmass.exe probably a variant of MSIL/Kryptik.DN trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\06282012_152016\C_ProgramData\wscntfy.exe probably a variant of MSIL/Kryptik.DN trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\06282012_152016\C_ProgramData\Spybot - Search & Destroy\Recovery\CoolWWWSearchSvchost1.zip Win32/Bagle.gen.zip worm (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\06282012_152016\C_Users\Matt\odeKB.exe MSIL/Agent.NQU trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\06282012_152016\C_Users\Matt\vidKBD.exe MSIL/Agent.NQU trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\06282012_152016\C_Users\Matt\My Documents\cmd.exe a variant of Win32/Injector.TAE trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\06282012_152016\C_Users\Matt\My Documents\Facebook.exe probably a variant of MSIL/Autorun.EPCIBVM worm (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\06282012_152016\C_Users\Matt\My Documents\tmp4E6E.exe a variant of Win32/Injector.JRX trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\06282012_152016\C_Users\Matt\My Documents\tmp50AF.exe a variant of Win32/Injector.JRX trojan (unable to clean) 00000000000000000000000000000000 I
stararc
Active Member
 
Posts: 14
Joined: June 25th, 2012, 12:51 am

Re: Infestation

Unread postby Gary R » June 30th, 2012, 10:29 am

  • Double click OTL.exe to launch the programme.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.
Code: Select all
:Files
C:\ntldr.exe 
C:\Program Files (x86)\Trend Micro\HiJackThis
C:\ProgramData\Local Settings\Temp\mseacq.exe
C:\Users\All Users\Local Settings\Temp\mseacq.exe
C:\Users\Matt\chrome.exe
C:\Users\Matt\C_1bits.exe
C:\Users\Matt\C_1NO.exe
C:\Users\Matt\libwin.exe
C:\Users\Matt\WINrich.exe
C:\Users\Matt\AppData\Local\Microsoft\Messenger\imnais2@hotmail.co.uk\mypornpics.scr 
C:\Users\Matt\AppData\Local\Microsoft\Messenger\matamat@hotmail.co.uk\mypornpics.scr 
C:\Users\Matt\AppData\Local\Microsoft\Messenger\matamat@hotmail.com\mypornpics.scr
C:\Users\Matt\AppData\Local\Microsoft\Messenger\mturner14321@hotmail.com\mypornpics.scr
C:\Users\Matt\AppData\Local\Microsoft\Messenger\sketchcrazy_12@hotmail.com\mypornpics.scr 
C:\Users\Matt\AppData\Roaming\8CDC6D.exe
C:\Users\Matt\AppData\Roaming\Harmon\Harmon.exe 
C:\Users\Matt\AppData\Roaming\Microsoft\jEgTRpkjbUXWscESNGXwCGhs.exe
C:\Users\Matt\AppData\Roaming\Microsoft\lsass.exe
C:\Users\Matt\AppData\Roaming\Microsoft\mlSUlQB.exe
C:\Users\Matt\AppData\Roaming\Microsoft\Run.exe
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Alair Andre Thorvald.scr 
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Emory Homer Eldin.scr
C:\Users\Matt\Documents\chrome.exe
C:\Users\Matt\Documents\Downloads\2K Sports-crack.exe
C:\Users\Matt\Documents\Downloads\ABBYY FineReader 9.0 Sprint-crack.exe
C:\Users\Matt\Documents\Downloads\AC3Filter-crack.exe
C:\Users\Matt\Documents\Downloads\AceGain-crack.exe
C:\Users\Matt\Documents\Downloads\Adobe-crack.exe
C:\Users\Matt\Documents\Downloads\AIM-crack.exe 
C:\Users\Matt\Documents\Downloads\AMD APP-crack.exe 
C:\Users\Matt\Documents\Downloads\Apple Software Update-crack.exe
C:\Users\Matt\Documents\Downloads\ATI Technologies-crack.exe 
C:\Users\Matt\Documents\Downloads\ATI-crack.exe 
C:\Users\Matt\Documents\Downloads\AviSynth 2.5-crack.exe
C:\Users\Matt\Documents\Downloads\BlackBeanGames-crack.exe
C:\Users\Matt\Documents\Downloads\Bonjour-crack.exe
C:\Users\Matt\Documents\Downloads\BRS-crack.exe
C:\Users\Matt\Documents\Downloads\Common Files-crack.exe
C:\Users\Matt\Documents\Downloads\Cryptic Studios-crack.exe
C:\Users\Matt\Documents\Downloads\CyberLink-crack.exe
C:\Users\Matt\Documents\Downloads\DAEMON Tools Lite-crack.exe
C:\Users\Matt\Documents\Downloads\Democracy2 Demo-crack.exe 
C:\Users\Matt\Documents\Downloads\DivX-crack.exe
C:\Users\Matt\Documents\Downloads\dumps-crack.exe
C:\Users\Matt\Documents\Downloads\EA GAMES-crack.exe 
C:\Users\Matt\Documents\Downloads\EA SPORTS-crack.exe
C:\Users\Matt\Documents\Downloads\EACOM-crack.exe 
C:\Users\Matt\Documents\Downloads\Electronic Arts-crack.exe
C:\Users\Matt\Documents\Downloads\Epson Software-crack.exe
C:\Users\Matt\Documents\Downloads\epson-crack.exe
C:\Users\Matt\Documents\Downloads\Feedback Tool-crack.exe
C:\Users\Matt\Documents\Downloads\File Type Assistant-crack.exe
C:\Users\Matt\Documents\Downloads\Full Tilt Poker-crack.exe
C:\Users\Matt\Documents\Downloads\GameSpy Arcade-crack.exe
C:\Users\Matt\Documents\Downloads\Google-crack.exe 
C:\Users\Matt\Documents\Downloads\Graph-crack.exe 
C:\Users\Matt\Documents\Downloads\InstallShield Installation Information-crack.exe 
C:\Users\Matt\Documents\Downloads\Internet Explorer-crack.exe 
C:\Users\Matt\Documents\Downloads\iTunes-crack.exe 
C:\Users\Matt\Documents\Downloads\Java-crack.exe 
C:\Users\Matt\Documents\Downloads\Koei-crack.exe
C:\Users\Matt\Documents\Downloads\LibUSB-Win32-0.1.10.1-crack.exe
C:\Users\Matt\Documents\Downloads\Media Widget-crack.exe 
C:\Users\Matt\Documents\Downloads\MediaMonkey-crack.exe
C:\Users\Matt\Documents\Downloads\Microsoft Analysis Services-crack.exe 
C:\Users\Matt\Documents\Downloads\Microsoft CAPICOM 2.1.0.2-crack.exe 
C:\Users\Matt\Documents\Downloads\Microsoft Games for Windows - LIVE-crack.exe
C:\Users\Matt\Documents\Downloads\Microsoft Games-crack.exe
C:\Users\Matt\Documents\Downloads\Microsoft Office-crack.exe
C:\Users\Matt\Documents\Downloads\Microsoft Security Client-crack.exe
C:\Users\Matt\Documents\Downloads\Microsoft Silverlight-crack.exe 
C:\Users\Matt\Documents\Downloads\Microsoft SQL Server Compact Edition-crack.exe
C:\Users\Matt\Documents\Downloads\Microsoft Sync Framework-crack.exe
C:\Users\Matt\Documents\Downloads\Microsoft Synchronization Services-crack.exe 
C:\Users\Matt\Documents\Downloads\Microsoft Visual Studio 8-crack.exe
C:\Users\Matt\Documents\Downloads\Microsoft Windows 7 Upgrade Advisor-crack.exe
C:\Users\Matt\Documents\Downloads\Microsoft WSE-crack.exe
C:\Users\Matt\Documents\Downloads\Microsoft.NET-crack.exe
C:\Users\Matt\Documents\Downloads\Mozilla Firefox-crack.exe
C:\Users\Matt\Documents\Downloads\MSBuild-crack.exe 
C:\Users\Matt\Documents\Downloads\MSECache-crack.exe
C:\Users\Matt\Documents\Downloads\MSXML 4.0-crack.exe
C:\Users\Matt\Documents\Downloads\Nero-crack.exe
C:\Users\Matt\Documents\Downloads\Nokia-crack.exe 
C:\Users\Matt\Documents\Downloads\NVIDIA Corporation-crack.exe 
C:\Users\Matt\Documents\Downloads\O2 Assistant-crack.exe
C:\Users\Matt\Documents\Downloads\O2_Installer-crack.exe
C:\Users\Matt\Documents\Downloads\OpenAL-crack.exe
C:\Users\Matt\Documents\Downloads\OpenOffice.org 3-crack.exe
C:\Users\Matt\Documents\Downloads\Opera-crack.exe
C:\Users\Matt\Documents\Downloads\PC Connectivity Solution-crack.exe
C:\Users\Matt\Documents\Downloads\Pidgin-crack.exe
C:\Users\Matt\Documents\Downloads\PokerStars-crack.exe 
C:\Users\Matt\Documents\Downloads\PokerStove-crack.exe 
C:\Users\Matt\Documents\Downloads\PostgreSQL-crack.exe
C:\Users\Matt\Documents\Downloads\PowerISO-crack.exe
C:\Users\Matt\Documents\Downloads\QuickTime-crack.exe
C:\Users\Matt\Documents\Downloads\Red Kawa-crack.exe
C:\Users\Matt\Documents\Downloads\Reference Assemblies-crack.exe
C:\Users\Matt\Documents\Downloads\Regensoft-crack.exe
C:\Users\Matt\Documents\Downloads\Remote Mouse-crack.exe 
C:\Users\Matt\Documents\Downloads\Rosetta Stone-crack.exe
C:\Users\Matt\Documents\Downloads\RVG Software-crack.exe 
C:\Users\Matt\Documents\Downloads\Skype-crack.exe 
C:\Users\Matt\Documents\Downloads\Sony-crack.exe
C:\Users\Matt\Documents\Downloads\Sports Interactive-crack.exe
C:\Users\Matt\Documents\Downloads\Spotify-crack.exe
C:\Users\Matt\Documents\Downloads\Steam-crack.exe 
C:\Users\Matt\Documents\Downloads\SUPERAntiSpyware-crack.exe
C:\Users\Matt\Documents\Downloads\TVUPlayer-crack.exe
C:\Users\Matt\Documents\Downloads\Ubisoft-crack.exe 
C:\Users\Matt\Documents\Downloads\Uninstall Information-crack.exe
C:\Users\Matt\Documents\Downloads\uTorrent-crack.exe 
C:\Users\Matt\Documents\Downloads\Veetle-crack.exe 
C:\Users\Matt\Documents\Downloads\Verbatim GREEN BUTTON-crack.exe 
C:\Users\Matt\Documents\Downloads\VideoLAN-crack.exe 
C:\Users\Matt\Documents\Downloads\vShare.tv plugin-crack.exe
C:\Users\Matt\Documents\Downloads\Winamp-crack.exe
C:\Users\Matt\Documents\Downloads\Windows Defender-crack.exe
C:\Users\Matt\Documents\Downloads\Windows Live-crack.exe
C:\Users\Matt\Documents\Downloads\Windows Mail-crack.exe
C:\Users\Matt\Documents\Downloads\Windows Media Player-crack.exe 
C:\Users\Matt\Documents\Downloads\Windows NT-crack.exe
C:\Users\Matt\Documents\Downloads\Windows Photo Viewer-crack.exe 
C:\Users\Matt\Documents\Downloads\Windows Portable Devices-crack.exe
C:\Users\Matt\Documents\Downloads\Windows Sidebar-crack.exe 
C:\Users\Matt\Documents\Downloads\Wolfram Research-crack.exe
C:\Users\Matt\Documents\Downloads\Zero G Registry-crack.exe 
C:\Users\Matt\Downloads\chrome.exe
C:\Users\Matt\Downloads\cnet_SetupGraph-4_3_exe.exe 
C:\Users\Matt\Favorites\cmd.exe
C:\Windows\Aube.exe
C:\Windows\Ignacio Maximo Herbert.exe
C:\Windows\KMSAct.exe
C:\Windows\System32\Applet\Applet.exe
C:\Windows\System32\MSDCSC\mopreL58F861\svchost.exe 
C:\Windows\SysWOW64\Applet\Applet.exe
C:\Windows\SysWOW64\MSDCSC\mopreL58F861\svchost.exe

  • Click the Run Fix button.
  • OTL will now process the instructions.
  • When finished a box will open asking you to open the fix log, click OK.
  • The fix log will open.
  • Copy/Paste the log in your next reply please.

Note: If necessary, OTL may re-boot your computer, or request that you do so, if it does, re-boot your computer. A log will be produced upon re-boot.

Next

Reboot your computer, then run a new scan with E-Set and post me the new log please.

Summary of the logs I need from you in your next post:
  • Latest OTL fix log
  • Latest E-Set log
  • Let me know how your computer is running now.


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove

Next

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 287 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware