Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Odd exe commands setting off firewall/registry tampered?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Odd exe commands setting off firewall/registry tampered?

Unread postby wannabeageek » March 30th, 2013, 2:27 pm

Hello boondoc,

Run the systemlook scan and post the results.

Step 2.
SystemLook
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield: Do not include the word Code
    Code: Select all
    :filefind
    *avg*
    *mcafee*
    
    :folderfind
    *avg*
    *mcafee*
    
    :Regfind
    avg
    mcafee 
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

wbg
wannabeageek
MRU Master
MRU Master
 
Posts: 1871
Joined: November 23rd, 2009, 10:21 pm
Location: California
Advertisement
Register to Remove

Re: Odd exe commands setting off firewall/registry tampered?

Unread postby boondoc » March 30th, 2013, 9:29 pm

SystemLook 30.07.11 by jpshortstuff
Log created at 20:41 on 30/03/2013 by Palmer
Administrator - Elevation successful

========== filefind ==========

Searching for "*avg*"
C:\Users\Palmer\Desktop\avg_remover_stf_x64_2013_2706.exe --a---- 3222280 bytes [02:59 28/03/2013] [02:59 28/03/2013] C116A638C1F59730DF8F097F8070AA99
C:\Users\Palmer\Desktop\Malware Removal Logs\avgremover.log --a---- 178200 bytes [03:04 28/03/2013] [03:05 28/03/2013] 68D24A997C18BBE73661BACEFE5071D0
C:\Windows\System32\avgrep.txt --a---- 6509 bytes [01:25 13/01/2012] [01:55 13/01/2012] C248854EA6B5806E07EFE126CC9EE254

Searching for "*mcafee*"
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\win-k3dk7u427ph$@mcafee[2].txt --a---- 171 bytes [00:12 11/11/2011] [00:12 11/11/2011] 2271E103ABE4D13E9466EC343D78D697
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\win-k3dk7u427ph$@mcafee[3].txt --a---- 240 bytes [00:13 11/11/2011] [00:13 11/11/2011] C6AB2302EB355EE8A734F9F358D974C0

========== folderfind ==========

Searching for "*avg*"
C:\Users\Palmer\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_avgui.exe_a5c56e8e1bc64deddc8a6678b573b6921157ef_288bde93 d----c- [11:36 25/10/2012]

Searching for "*mcafee*"
C:\ProgramData\McAfee d------ [17:21 28/07/2011]
C:\Users\All Users\McAfee d------ [17:21 28/07/2011]

========== Regfind ==========

Searching for "avg"
[HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\11.0\AVGeneral]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\AVG\AVG2012\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\AVG\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\AVG2012\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\AVG\AVG2012\awacs\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\AVG\AVG2013\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\AVG2013\log\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\AVG2013\IDS\config\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\AVG2013\IDS\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\AVG2013\avi\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\AVG2013\Cfg\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\AVG2013\DB\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\AVG\AVG2013\awacs\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\03417262F87C7FE4AAD0D2FBFC7CB9F3]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\scanlog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E9A06E17F2CBFC42908A7AD66EF5401]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\corelog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2F391EB72F3A0F44798692F96613B5A0]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\tdilog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\41ED20A6906033F43860CECF0824F36F]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\privlog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\47267D11CB256E640ADFDCA61B72D247]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\cfgexlog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5522F383C5285CC459238472161300DA]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\cfglog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\583CA4CF0AC7F8843A84E5D8130C367A]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\ldrlog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D70FD512AFFB5C459F4EB79441AB0CA]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\rslog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6692140C420A7034BB32511EEF6A4046]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\avgss.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B73052A1DF4DEC4F82474ABD9C86A1D]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\csllog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\84A020F387925634F9769E7BFE004F20]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\wdlog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9238717B266ADD643AD39013EA460A97]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\arklog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A1134359B7955984A9B6A1FC0EEB7EBE]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\nslog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A4DF15DF1AEF0BC4194959FAC3C8D515]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\chjwlog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AEA16B55A833DBE4784A89E373C82EF0]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\publog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B6240439242E4BC4E8F83A199AC2AEE2]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\vaultlog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C9416FA855A98BF4792271554BFDAABB]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\lnglog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CBBE5F8AE6A8DE247A8A775E67E44B3C]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\avguilog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CBD102EF66D93CB4A8C6AA14FD2335B3]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\updlog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CEA9A6D8B5FDFB34B875367D1065891A]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\schedlog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D55441B1479F59740AFBE9FDD2740122]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\srmlog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E44FA2B654640724596D61083C5FD4A4]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\wdsvclog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F1C570715109D3A4A99BE27ED26855D8]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\avgmail.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F2A8FCE0C74359D4093F67EC7D6E1500]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\emclog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F59EFE50136030B4E87919A92806215B]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\lscanlog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\06AEBDCF0F97EAF4BB8A552AC606A994\InstallProperties]
"Publisher"="AVG Technologies"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6D331B1297950F74EBC16F6A3B4096F3\InstallProperties]
"Publisher"="AVG Technologies"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{21B133D6-5979-47F0-BE1C-F6A6B304693F}]
"Publisher"="AVG Technologies"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009]
"Counter"="1 1847 2 System 4 Memory 6 % Processor Time 10 File Read Operations/sec 12 File Write Operations/sec 14 File Control Operations/sec 16 File Read Bytes/sec 18 File Write Bytes/sec 20 File Control Bytes/sec 24 Available Bytes 26 Committed Bytes 28 Page Faults/sec 30 Commit Limit 32 Write Copies/sec 34 Transition Faults/sec 36 Cache Faults/sec 38 Demand Zero Faults/sec 40 Pages/sec 42 Page Reads/sec 44 Processor Queue Length 46 Thread State 48 Pages Output/sec 50 Page Writes/sec 52 Browser 54 Announcements Server/sec 56 Pool Paged Bytes 58 Pool Nonpaged Bytes 60 Pool Paged Allocs 64 Pool Nonpaged Allocs 66 Pool Paged Resident Bytes 68 System Code Total Bytes 70 System Code Resident Bytes 72 System Driver Total Bytes 74 System Driver Resident Bytes 76 System Cache Resident Bytes 78 Announcements Domain/sec 80 Election Packets/sec 82 Mailslot Writes/sec 84 Server List Requests/sec 86 Cache 88 Data Maps/sec 90 Sync Data Maps/s
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009]
"Help"="3 The System performance object consists of counters that apply to more than one instance of a component processors on the computer. 5 The Memory performance object consists of counters that describe the behavior of physical and virtual memory on the computer. Physical memory is the amount of random access memory on the computer. Virtual memory consists of the space in physical memory and on disk. Many of the memory counters monitor paging, which is the movement of pages of code and data between disk and physical memory. Excessive paging, a symptom of a memory shortage, can cause delays which interfere with all system processes. 7 % Processor Time is the percentage of elapsed time that the processor spends to execute a non-Idle thread. It is calculated by measuring the percentage of time that the processor spends executing the idle thread and then subtracting that value from 100%. (Each processor has an idle thread tha
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\CurrentLanguage]
"Counter"="1 1847 2 System 4 Memory 6 % Processor Time 10 File Read Operations/sec 12 File Write Operations/sec 14 File Control Operations/sec 16 File Read Bytes/sec 18 File Write Bytes/sec 20 File Control Bytes/sec 24 Available Bytes 26 Committed Bytes 28 Page Faults/sec 30 Commit Limit 32 Write Copies/sec 34 Transition Faults/sec 36 Cache Faults/sec 38 Demand Zero Faults/sec 40 Pages/sec 42 Page Reads/sec 44 Processor Queue Length 46 Thread State 48 Pages Output/sec 50 Page Writes/sec 52 Browser 54 Announcements Server/sec 56 Pool Paged Bytes 58 Pool Nonpaged Bytes 60 Pool Paged Allocs 64 Pool Nonpaged Allocs 66 Pool Paged Resident Bytes 68 System Code Total Bytes 70 System Code Resident Bytes 72 System Driver Total Bytes 74 System Driver Resident Bytes 76 System Cache Resident Bytes 78 Announcements Domain/sec 80 Election Packets/sec 82 Mailslot Writes/sec 84 Server List Requests/sec 86 Cache 88 Data Maps/sec 90 Sync
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\CurrentLanguage]
"Help"="3 The System performance object consists of counters that apply to more than one instance of a component processors on the computer. 5 The Memory performance object consists of counters that describe the behavior of physical and virtual memory on the computer. Physical memory is the amount of random access memory on the computer. Virtual memory consists of the space in physical memory and on disk. Many of the memory counters monitor paging, which is the movement of pages of code and data between disk and physical memory. Excessive paging, a symptom of a memory shortage, can cause delays which interfere with all system processes. 7 % Processor Time is the percentage of elapsed time that the processor spends to execute a non-Idle thread. It is calculated by measuring the percentage of time that the processor spends executing the idle thread and then subtracting that value from 100%. (Each processor has an idl
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\avgtray_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\avgtray_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\avgui_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\avgui_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}]
"Publisher"="AVG Technologies"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Perflib\009]
"Counter"="1 1847 2 System 4 Memory 6 % Processor Time 10 File Read Operations/sec 12 File Write Operations/sec 14 File Control Operations/sec 16 File Read Bytes/sec 18 File Write Bytes/sec 20 File Control Bytes/sec 24 Available Bytes 26 Committed Bytes 28 Page Faults/sec 30 Commit Limit 32 Write Copies/sec 34 Transition Faults/sec 36 Cache Faults/sec 38 Demand Zero Faults/sec 40 Pages/sec 42 Page Reads/sec 44 Processor Queue Length 46 Thread State 48 Pages Output/sec 50 Page Writes/sec 52 Browser 54 Announcements Server/sec 56 Pool Paged Bytes 58 Pool Nonpaged Bytes 60 Pool Paged Allocs 64 Pool Nonpaged Allocs 66 Pool Paged Resident Bytes 68 System Code Total Bytes 70 System Code Resident Bytes 72 System Driver Total Bytes 74 System Driver Resident Bytes 76 System Cache Resident Bytes 78 Announcements Domain/sec 80 Election Packets/sec 82 Mailslot Writes/sec 84 Server List Requests/sec 86 Cache 88 Data Maps/sec 90 Sync
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Perflib\009]
"Help"="3 The System performance object consists of counters that apply to more than one instance of a component processors on the computer. 5 The Memory performance object consists of counters that describe the behavior of physical and virtual memory on the computer. Physical memory is the amount of random access memory on the computer. Virtual memory consists of the space in physical memory and on disk. Many of the memory counters monitor paging, which is the movement of pages of code and data between disk and physical memory. Excessive paging, a symptom of a memory shortage, can cause delays which interfere with all system processes. 7 % Processor Time is the percentage of elapsed time that the processor spends to execute a non-Idle thread. It is calculated by measuring the percentage of time that the processor spends executing the idle thread and then subtracting that value from 100%. (Each processor has an idl
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Perflib\CurrentLanguage]
"Counter"="1 1847 2 System 4 Memory 6 % Processor Time 10 File Read Operations/sec 12 File Write Operations/sec 14 File Control Operations/sec 16 File Read Bytes/sec 18 File Write Bytes/sec 20 File Control Bytes/sec 24 Available Bytes 26 Committed Bytes 28 Page Faults/sec 30 Commit Limit 32 Write Copies/sec 34 Transition Faults/sec 36 Cache Faults/sec 38 Demand Zero Faults/sec 40 Pages/sec 42 Page Reads/sec 44 Processor Queue Length 46 Thread State 48 Pages Output/sec 50 Page Writes/sec 52 Browser 54 Announcements Server/sec 56 Pool Paged Bytes 58 Pool Nonpaged Bytes 60 Pool Paged Allocs 64 Pool Nonpaged Allocs 66 Pool Paged Resident Bytes 68 System Code Total Bytes 70 System Code Resident Bytes 72 System Driver Total Bytes 74 System Driver Resident Bytes 76 System Cache Resident Bytes 78 Announcements Domain/sec 80 Election Packets/sec 82 Mailslot Writes/sec 84 Server List Requests/sec 86 Cache 88 Data Maps
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Perflib\CurrentLanguage]
"Help"="3 The System performance object consists of counters that apply to more than one instance of a component processors on the computer. 5 The Memory performance object consists of counters that describe the behavior of physical and virtual memory on the computer. Physical memory is the amount of random access memory on the computer. Virtual memory consists of the space in physical memory and on disk. Many of the memory counters monitor paging, which is the movement of pages of code and data between disk and physical memory. Excessive paging, a symptom of a memory shortage, can cause delays which interfere with all system processes. 7 % Processor Time is the percentage of elapsed time that the processor spends to execute a non-Idle thread. It is calculated by measuring the percentage of time that the processor spends executing the idle thread and then subtracting that value from 100%. (Each processo
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGIDSDRIVER]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGIDSDRIVER\0000]
"Service"="AVGIDSDriver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGIDSDRIVER\0000]
"DeviceDesc"="AVGIDSDriver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGIDSEH]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGIDSEH\0000]
"Service"="AVGIDSEH"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGIDSEH\0000]
"DeviceDesc"="AVGIDSEH"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGIDSHA]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGIDSHA\0000]
"Service"="AVGIDSHA"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGIDSHA\0000]
"DeviceDesc"="AVGIDSHA"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGRKX64]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGRKX64\0000]
"Service"="Avgrkx64"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGRKX64\0000]
"DeviceDesc"="AVG Anti-Rootkit Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGTDIA]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGTDIA\0000]
"Service"="Avgtdia"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGTDIA\0000]
"DeviceDesc"="AVG TDI Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGIDSDRIVER]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGIDSDRIVER\0000]
"Service"="AVGIDSDriver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGIDSDRIVER\0000]
"DeviceDesc"="AVGIDSDriver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGIDSEH]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGIDSEH\0000]
"Service"="AVGIDSEH"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGIDSEH\0000]
"DeviceDesc"="AVGIDSEH"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGIDSHA]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGIDSHA\0000]
"Service"="AVGIDSHA"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGIDSHA\0000]
"DeviceDesc"="AVGIDSHA"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGRKX64]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGRKX64\0000]
"Service"="Avgrkx64"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGRKX64\0000]
"DeviceDesc"="AVG Anti-Rootkit Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGTDIA]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGTDIA\0000]
"Service"="Avgtdia"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGTDIA\0000]
"DeviceDesc"="AVG TDI Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\HIPS\Policy\5]
"Filename"="C:\Users\Palmer\Desktop\avg_remover_stf_x64_2013_2706.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\HIPS\Policy\5]
"DeviceName"="C:\Users\Palmer\Desktop\avg_remover_stf_x64_2013_2706.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\HIPS\Policy\52]
"Filename"="C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\HIPS\Policy\52]
"DeviceName"="C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSDRIVER]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSDRIVER\0000]
"Service"="AVGIDSDriver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSDRIVER\0000]
"DeviceDesc"="AVGIDSDriver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSEH]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSEH\0000]
"Service"="AVGIDSEH"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSEH\0000]
"DeviceDesc"="AVGIDSEH"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSHA]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSHA\0000]
"Service"="AVGIDSHA"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSHA\0000]
"DeviceDesc"="AVGIDSHA"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGRKX64]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGRKX64\0000]
"Service"="Avgrkx64"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGRKX64\0000]
"DeviceDesc"="AVG Anti-Rootkit Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGTDIA]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGTDIA\0000]
"Service"="Avgtdia"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGTDIA\0000]
"DeviceDesc"="AVG TDI Driver"
[HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avguiRSAlert]
[HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avguiScanFinished]
[HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avguiScanFinishedThreatFound]
[HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avguiScanStarted]
[HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avguiUpdEnd]
[HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avguiUpdEndFail]
[HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avguiUpdStart]
[HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avguiWSAlert]
[HKEY_USERS\.DEFAULT\AppEvents\Schemes\Apps\avgui]
[HKEY_USERS\.DEFAULT\AppEvents\Schemes\Apps\avgui]
@="AVG"
[HKEY_USERS\.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-21-586848840-3213021952-4089556407-1000\02lvykhytnnv]
"DeviceId"="<Data><User username="02LVYKHYTNNV"><Pwd Det="false">AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAJiKV5QLKNkKYOg0tIkP9UQQAAAACAAAAAAAQZgAAAAEAACAAAABSlM942+Y9uX1mPLiSaVIcMQEt7UV/sd/LO6ZkoH5e3wAAAAAOgAAAAAIAACAAAAB1Ey3fIVv9TmlPo8qFvU1JkI5F30fBqwA1N9YYnsd/qjAAAAAyRHvdk10BXWToqma9nWApDy25swoez1JFL3rnKWto9XRD9veHrCT2UEXjYWPWVw1AAAAALexmv78DvOQ2qh+JoWYtj+8ZgaI7gL/9MVli63cSBbyFVeYoK/JQPjNtOFFZReV2dvGpaMZf0bEPU496Gpqn5A==</Pwd><Certificate targetname="WindowsLive:(cert):name=02lvykhytnnv;serviceuri=msn-messenger-didc" keyword="Microsoft_WindowsLive:certificate:" type="1">PABDAGUAcgB0AEkAbgBmAG8APgA8AEsAZQB5AHAAYQBpAHIAPgBBAFEAQQBBAEEATgBDAE0AbgBkADgAQgBGAGQARQBSAGoASABvAEEAdwBFAC8AQwBsACsAcwBCAEEAQQBBAEEAVQB3AGYAUQBJAFgAZQBTAGIARQArAFEAbwBsAEwAdABaAFYAegAyAHUAQQBRAEEAQQBBAEEAQwBBAEEAQQBBAEEAQQBBAFEAWgBnAEEAQQBBAEEARQBBAEEAQwBBAEEAQQBBAEMAaQBUAEYAagB0AHkAdABsAFAAMABMAG4AMgBLAG8Aa
[HKEY_USERS\S-1-5-21-586848840-3213021952-4089556407-1000\Software\Adobe\Acrobat Reader\11.0\AVGeneral]
[HKEY_USERS\S-1-5-18\AppEvents\EventLabels\avguiRSAlert]
[HKEY_USERS\S-1-5-18\AppEvents\EventLabels\avguiScanFinished]
[HKEY_USERS\S-1-5-18\AppEvents\EventLabels\avguiScanFinishedThreatFound]
[HKEY_USERS\S-1-5-18\AppEvents\EventLabels\avguiScanStarted]
[HKEY_USERS\S-1-5-18\AppEvents\EventLabels\avguiUpdEnd]
[HKEY_USERS\S-1-5-18\AppEvents\EventLabels\avguiUpdEndFail]
[HKEY_USERS\S-1-5-18\AppEvents\EventLabels\avguiUpdStart]
[HKEY_USERS\S-1-5-18\AppEvents\EventLabels\avguiWSAlert]
[HKEY_USERS\S-1-5-18\AppEvents\Schemes\Apps\avgui]
[HKEY_USERS\S-1-5-18\AppEvents\Schemes\Apps\avgui]
@="AVG"
[HKEY_USERS\S-1-5-18\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-21-586848840-3213021952-4089556407-1000\02lvykhytnnv]
"DeviceId"="<Data><User username="02LVYKHYTNNV"><Pwd Det="false">AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAJiKV5QLKNkKYOg0tIkP9UQQAAAACAAAAAAAQZgAAAAEAACAAAABSlM942+Y9uX1mPLiSaVIcMQEt7UV/sd/LO6ZkoH5e3wAAAAAOgAAAAAIAACAAAAB1Ey3fIVv9TmlPo8qFvU1JkI5F30fBqwA1N9YYnsd/qjAAAAAyRHvdk10BXWToqma9nWApDy25swoez1JFL3rnKWto9XRD9veHrCT2UEXjYWPWVw1AAAAALexmv78DvOQ2qh+JoWYtj+8ZgaI7gL/9MVli63cSBbyFVeYoK/JQPjNtOFFZReV2dvGpaMZf0bEPU496Gpqn5A==</Pwd><Certificate targetname="WindowsLive:(cert):name=02lvykhytnnv;serviceuri=msn-messenger-didc" keyword="Microsoft_WindowsLive:certificate:" type="1">PABDAGUAcgB0AEkAbgBmAG8APgA8AEsAZQB5AHAAYQBpAHIAPgBBAFEAQQBBAEEATgBDAE0AbgBkADgAQgBGAGQARQBSAGoASABvAEEAdwBFAC8AQwBsACsAcwBCAEEAQQBBAEEAVQB3AGYAUQBJAFgAZQBTAGIARQArAFEAbwBsAEwAdABaAFYAegAyAHUAQQBRAEEAQQBBAEEAQwBBAEEAQQBBAEEAQQBBAFEAWgBnAEEAQQBBAEEARQBBAEEAQwBBAEEAQQBBAEMAaQBUAEYAagB0AHkAdABsAFAAMABMAG4AMgBLAG8Aa

Searching for "mcafee "
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{B48A23C6-434F-43bc-B98E-AF5B21A92964}]
@="McAfee SiteAdvisor Service"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{B48A23C6-434F-43bc-B98E-AF5B21A92964}]
"LocalService"="McAfee SiteAdvisor Service"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CD009C4C-EAAC-4A03-9C44-4342D4CFABA9}]
@="McAfee Host SA Plugin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{B48A23C6-434F-43bc-B98E-AF5B21A92964}]
@="McAfee SiteAdvisor Service"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{B48A23C6-434F-43bc-B98E-AF5B21A92964}]
"LocalService"="McAfee SiteAdvisor Service"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{B48A23C6-434F-43bc-B98E-AF5B21A92964}]
@="McAfee SiteAdvisor Service"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{B48A23C6-434F-43bc-B98E-AF5B21A92964}]
"LocalService"="McAfee SiteAdvisor Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CFWIDS\0000]
"DeviceDesc"="McAfee Inc. cfwids"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CFWIDS\0000]
"DeviceDesc"="McAfee Inc. cfwids"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CFWIDS\0000]
"DeviceDesc"="McAfee Inc. cfwids"
[HKEY_USERS\.DEFAULT\Software\Microsoft\SystemCertificates\McAfee Trust]
[HKEY_USERS\S-1-5-18\Software\Microsoft\SystemCertificates\McAfee Trust]

-= EOF =-
boondoc
Regular Member
 
Posts: 40
Joined: November 15th, 2012, 9:02 pm

Re: Odd exe commands setting off firewall/registry tampered?

Unread postby wannabeageek » March 31st, 2013, 5:01 pm

edit
wannabeageek
MRU Master
MRU Master
 
Posts: 1871
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Odd exe commands setting off firewall/registry tampered?

Unread postby wannabeageek » April 2nd, 2013, 8:54 am

Hi boondoc,

Please boot into safemode and Run OTL

Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.



Run OTL Script
  • Right-click OTL.exe and select " Run as administrator " to run it.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :commands
    [createrestorepoint]
    
    :Reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\Program Files (x86)\AVG\AVG2012\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\Program Files (x86)\AVG\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\ProgramData\AVG2012\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\Program Files (x86)\AVG\AVG2012\awacs\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\Program Files (x86)\AVG\AVG2013\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\ProgramData\AVG2013\log\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\ProgramData\AVG2013\IDS\config\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\ProgramData\AVG2013\IDS\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\ProgramData\AVG2013\avi\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\ProgramData\AVG2013\Cfg\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\ProgramData\AVG2013\DB\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\Program Files (x86)\AVG\AVG2013\awacs\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\03417262F87C7FE4AAD0D2FBFC7CB9F3]
    "00000000000000000000000000000000"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E9A06E17F2CBFC42908A7AD66EF5401]
    "00000000000000000000000000000000"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2F391EB72F3A0F44798692F96613B5A0]
    "00000000000000000000000000000000"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\41ED20A6906033F43860CECF0824F36F]
    "00000000000000000000000000000000"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\47267D11CB256E640ADFDCA61B72D247]
    "00000000000000000000000000000000"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5522F383C5285CC459238472161300DA]
    "00000000000000000000000000000000"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\583CA4CF0AC7F8843A84E5D8130C367A]
    "00000000000000000000000000000000"=--
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D70FD512AFFB5C459F4EB79441AB0CA]
    "00000000000000000000000000000000"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6692140C420A7034BB32511EEF6A4046]
    "00000000000000000000000000000000"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B73052A1DF4DEC4F82474ABD9C86A1D]
    "00000000000000000000000000000000"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\84A020F387925634F9769E7BFE004F20]
    "00000000000000000000000000000000"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9238717B266ADD643AD39013EA460A97]
    "00000000000000000000000000000000"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A1134359B7955984A9B6A1FC0EEB7EBE]
    "00000000000000000000000000000000"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A4DF15DF1AEF0BC4194959FAC3C8D515]
    "00000000000000000000000000000000"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AEA16B55A833DBE4784A89E373C82EF0]
    "00000000000000000000000000000000"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B6240439242E4BC4E8F83A199AC2AEE2]
    "00000000000000000000000000000000"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C9416FA855A98BF4792271554BFDAABB]
    "00000000000000000000000000000000"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CBBE5F8AE6A8DE247A8A775E67E44B3C]
    "00000000000000000000000000000000"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CBD102EF66D93CB4A8C6AA14FD2335B3]
    "00000000000000000000000000000000"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CEA9A6D8B5FDFB34B875367D1065891A]
    "00000000000000000000000000000000"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D55441B1479F59740AFBE9FDD2740122]
    "00000000000000000000000000000000"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E44FA2B654640724596D61083C5FD4A4]
    "00000000000000000000000000000000"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F1C570715109D3A4A99BE27ED26855D8]
    "00000000000000000000000000000000"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F2A8FCE0C74359D4093F67EC7D6E1500]
    "00000000000000000000000000000000"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F59EFE50136030B4E87919A92806215B]
    "00000000000000000000000000000000"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\06AEBDCF0F97EAF4BB8A552AC606A994\InstallProperties]
    "Publisher"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6D331B1297950F74EBC16F6A3B4096F3\InstallProperties]
    "Publisher"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{21B133D6-5979-47F0-BE1C-F6A6B304693F}]
    "Publisher"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\avgtray_RASAPI32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\avgtray_RASMANCS]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\avgui_RASAPI32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\avgui_RASMANCS]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}]
    "Publisher"=-
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSDRIVER]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSEH]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSHA]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGRKX64]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGTDIA]
    [-HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avguiRSAlert]
    [-HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avguiScanFinished]
    [-HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avguiScanFinishedThreatFound]
    [-HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avguiScanStarted]
    [-HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avguiUpdEnd]
    [-HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avguiUpdEndFail]
    [-HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avguiUpdStart]
    [-HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avguiWSAlert]
    [-HKEY_USERS\.DEFAULT\AppEvents\Schemes\Apps\avgui]
    [-HKEY_USERS\S-1-5-18\AppEvents\EventLabels\avguiRSAlert]
    [-HKEY_USERS\S-1-5-18\AppEvents\EventLabels\avguiScanFinished]
    [-HKEY_USERS\S-1-5-18\AppEvents\EventLabels\avguiScanFinishedThreatFound]
    [-HKEY_USERS\S-1-5-18\AppEvents\EventLabels\avguiScanStarted]
    [-HKEY_USERS\S-1-5-18\AppEvents\EventLabels\avguiUpdEnd]
    [-HKEY_USERS\S-1-5-18\AppEvents\EventLabels\avguiUpdEndFail]
    [-HKEY_USERS\S-1-5-18\AppEvents\EventLabels\avguiUpdStart]
    [-HKEY_USERS\S-1-5-18\AppEvents\EventLabels\avguiWSAlert]
    [-HKEY_USERS\S-1-5-18\AppEvents\Schemes\Apps\avgui]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{B48A23C6-434F-43bc-B98E-AF5B21A92964}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CD009C4C-EAAC-4A03-9C44-4342D4CFABA9}]
    @=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{B48A23C6-434F-43bc-B98E-AF5B21A92964}]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CFWIDS\0000]
    "DeviceDesc"=-
    [-HKEY_USERS\.DEFAULT\Software\Microsoft\SystemCertificates\McAfee Trust]
    [-HKEY_USERS\S-1-5-18\Software\Microsoft\SystemCertificates\McAfee Trust]
    
    :Files
    C:\Users\Palmer\Desktop\Malware Removal Logs\avgremover.log
    C:\Users\Palmer\Desktop\avg_remover_stf_x64_2013_2706.exe
    C:\Windows\System32\avgrep.txt
    C:\ProgramData\McAfee
    C:\Users\All Users\McAfee
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\win-k3dk7u427ph$@mcafee[2].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\win-k3dk7u427ph$@mcafee[3].txt 
    
    :Commands
    [EMPTYTEMP]
    
  • Click under the Custom Scan/Fixes box and paste the copied text.
  • Click the Run Fix button. If prompted... click OK.
  • When the scan completes, Notepad will open with the scan results. The report is saved in this location: C:\_OTL\Moved Files\MMDDYYY_HHMMSS.log.
  • Please post the contents of report in your next reply.

C:\_OTL\Moved Files\MMDDYYY_HHMMSS.log.

wbg
wannabeageek
MRU Master
MRU Master
 
Posts: 1871
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Odd exe commands setting off firewall/registry tampered?

Unread postby boondoc » April 3rd, 2013, 11:27 pm

Hmmm....I may have done this wrong...here's the log.


All processes killed
Error: Unable to interpret <:commands
[createrestorepoint]

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\AVG\AVG2012\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\AVG\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\AVG2012\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\AVG\AVG2012\awacs\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\AVG\AVG2013\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\AVG2013\log\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\AVG2013\IDS\config\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\AVG2013\IDS\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Cur> in the current context!
Error: Unable to interpret <rentVersion\Installer\Folders]
"C:\ProgramData\AVG2013\avi\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\AVG2013\Cfg\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\AVG2013\DB\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\AVG\AVG2013\awacs\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\03417262F87C7FE4AAD0D2FBFC7CB9F3]
"00000000000000000000000000000000"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E9A06E17F2CBFC42908A7AD66EF5401]
"00000000000000000000000000000000"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2F391EB72F3A0F44798692F96613B5A0]
"00000000000000000000000000000000"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Com> in the current context!
Error: Unable to interpret <ponents\41ED20A6906033F43860CECF0824F36F]
"00000000000000000000000000000000"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\47267D11CB256E640ADFDCA61B72D247]
"00000000000000000000000000000000"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5522F383C5285CC459238472161300DA]
"00000000000000000000000000000000"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\583CA4CF0AC7F8843A84E5D8130C367A]
"00000000000000000000000000000000"=--
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D70FD512AFFB5C459F4EB79441AB0CA]
"00000000000000000000000000000000"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6692140C420A7034BB32511EEF6A4046]
"00000000000000000000000000000000"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1> in the current context!
Error: Unable to interpret <-5-18\Components\6B73052A1DF4DEC4F82474ABD9C86A1D]
"00000000000000000000000000000000"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\84A020F387925634F9769E7BFE004F20]
"00000000000000000000000000000000"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9238717B266ADD643AD39013EA460A97]
"00000000000000000000000000000000"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A1134359B7955984A9B6A1FC0EEB7EBE]
"00000000000000000000000000000000"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A4DF15DF1AEF0BC4194959FAC3C8D515]
"00000000000000000000000000000000"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AEA16B55A833DBE4784A89E373C82EF0]
"00000000000000000000000000000000"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User> in the current context!
Error: Unable to interpret <Data\S-1-5-18\Components\B6240439242E4BC4E8F83A199AC2AEE2]
"00000000000000000000000000000000"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C9416FA855A98BF4792271554BFDAABB]
"00000000000000000000000000000000"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CBBE5F8AE6A8DE247A8A775E67E44B3C]
"00000000000000000000000000000000"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CBD102EF66D93CB4A8C6AA14FD2335B3]
"00000000000000000000000000000000"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CEA9A6D8B5FDFB34B875367D1065891A]
"00000000000000000000000000000000"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D55441B1479F59740AFBE9FDD2740122]
"00000000000000000000000000000000"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Instal> in the current context!
Error: Unable to interpret <ler\UserData\S-1-5-18\Components\E44FA2B654640724596D61083C5FD4A4]
"00000000000000000000000000000000"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F1C570715109D3A4A99BE27ED26855D8]
"00000000000000000000000000000000"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F2A8FCE0C74359D4093F67EC7D6E1500]
"00000000000000000000000000000000"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F59EFE50136030B4E87919A92806215B]
"00000000000000000000000000000000"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\06AEBDCF0F97EAF4BB8A552AC606A994\InstallProperties]
"Publisher"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6D331B1297950F74EBC16F6A3B4096F3\InstallProperties]
"Publisher"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2> in the current context!
Error: Unable to interpret <1B133D6-5979-47F0-BE1C-F6A6B304693F}]
"Publisher"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\avgtray_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\avgtray_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\avgui_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\avgui_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}]
"Publisher"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSDRIVER]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSEH]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSHA]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGRKX64]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGTDIA]
[-HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avguiRSAlert]
[-HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avguiScanFinished]
[-HKEY_USERS\.DEFAULT\AppEvents\Even> in the current context!
Error: Unable to interpret <tLabels\avguiScanFinishedThreatFound]
[-HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avguiScanStarted]
[-HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avguiUpdEnd]
[-HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avguiUpdEndFail]
[-HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avguiUpdStart]
[-HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avguiWSAlert]
[-HKEY_USERS\.DEFAULT\AppEvents\Schemes\Apps\avgui]
[-HKEY_USERS\S-1-5-18\AppEvents\EventLabels\avguiRSAlert]
[-HKEY_USERS\S-1-5-18\AppEvents\EventLabels\avguiScanFinished]
[-HKEY_USERS\S-1-5-18\AppEvents\EventLabels\avguiScanFinishedThreatFound]
[-HKEY_USERS\S-1-5-18\AppEvents\EventLabels\avguiScanStarted]
[-HKEY_USERS\S-1-5-18\AppEvents\EventLabels\avguiUpdEnd]
[-HKEY_USERS\S-1-5-18\AppEvents\EventLabels\avguiUpdEndFail]
[-HKEY_USERS\S-1-5-18\AppEvents\EventLabels\avguiUpdStart]
[-HKEY_USERS\S-1-5-18\AppEvents\EventLabels\avguiWSAlert]
[-HKEY_USERS\S-1-5-18\AppEvents\Schemes\Apps\avgui]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{B48A23C6-434F-43bc-B98E-AF5B21A92964}]
[HKEY_LOC> in the current context!
Error: Unable to interpret <AL_MACHINE\SOFTWARE\Classes\CLSID\{CD009C4C-EAAC-4A03-9C44-4342D4CFABA9}]
@=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{B48A23C6-434F-43bc-B98E-AF5B21A92964}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CFWIDS\0000]
"DeviceDesc"=-
[-HKEY_USERS\.DEFAULT\Software\Microsoft\SystemCertificates\McAfee Trust]
[-HKEY_USERS\S-1-5-18\Software\Microsoft\SystemCertificates\McAfee Trust]

:Files
C:\Users\Palmer\Desktop\Malware Removal Logs\avgremover.log
C:\Users\Palmer\Desktop\avg_remover_stf_x64_2013_2706.exe
C:\Windows\System32\avgrep.txt
C:\ProgramData\McAfee
C:\Users\All Users\McAfee
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\win-k3dk7u427ph$@mcafee[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\win-k3dk7u427ph$@mcafee[3].txt 

:Commands
[EMPTYTEMP]> in the current context!

OTL by OldTimer - Version 3.2.69.0 log created on 04032013_231806

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
boondoc
Regular Member
 
Posts: 40
Joined: November 15th, 2012, 9:02 pm

Re: Odd exe commands setting off firewall/registry tampered?

Unread postby wannabeageek » April 4th, 2013, 5:29 pm

Hello boondoc,


How is the computer performing?

Are you still experiencing problems?


wbg
wannabeageek
MRU Master
MRU Master
 
Posts: 1871
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Odd exe commands setting off firewall/registry tampered?

Unread postby boondoc » April 4th, 2013, 7:48 pm

the computer seems to be running fine right now. the only thing that had been happening was that my cursor would freeze randomly. i haven't run the computer much today so I won't know fully until later. how's it looking from the logs?
boondoc
Regular Member
 
Posts: 40
Joined: November 15th, 2012, 9:02 pm

Re: Odd exe commands setting off firewall/registry tampered?

Unread postby wannabeageek » April 7th, 2013, 9:27 am

Greetings boondoc,

Your latest set of logs appear to be clean!

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Clean up with OTL
  • Right click on OTL.exe select "Run As Administrator" to run it. If prompted by UAC, please allow it.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CleanUp! button
  • Say Yes to the prompt and then allow the program to reboot your computer.


Create a new, clean System Restore point which you can use in case of future system problems:
  • Press Start >> All Programs >> Accessories >>System Tools >> System Restore
  • Select Create a restore point, then Next, type a name like All Clean then press the Create button and once it's done press Close
  • Now remove old, infected System Restore points:
  • Next click Start >> Run and type cleanmgr in the box and press OK
  • Ensure the boxes for Recycle Bin, Temporary Files and Temporary Internet Files are checked, you can choose to check other boxes if you wish but they are not required.
  • Select the More Options tab, under System Restore press Clean up... and say Yes to the prompt
  • Press OK and Yes to confirm

Update your AntiVirus Software and keep your other programs up-to-date
Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Security Updates for Windows, Internet Explorer & Microsoft Office
Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis.

Install Malwarebytes' Anti-Malware - Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
totally free but for real-time protection you will have to pay a small one-time fee. Tutorial on installing & using this product can be found below:

Malwarebytes' Anti-Malware Setup Guide

Malwarebytes' Anti-Malware Scanning Guide

Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.Follow this list and your potential for being infected again will reduce dramatically.

Here are some additional utilities that will enhance your safety


Also, please read this great article by Tony Klein So How Did I Get Infected In First Place

I would be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Happy surfing and stay clean!
wannabeageek
MRU Master
MRU Master
 
Posts: 1871
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Odd exe commands setting off firewall/registry tampered?

Unread postby boondoc » April 8th, 2013, 12:28 am

We aren't clean yet. My synaptics pointer has been getting hijacked and freezing. Comodo firewall catches the synTPhelper.exe trying to do something, then something else happens. I can't explain it. All i know is every day the cursor freezes for about 2 or 3 minutes, then unfreezes.
boondoc
Regular Member
 
Posts: 40
Joined: November 15th, 2012, 9:02 pm

Re: Odd exe commands setting off firewall/registry tampered?

Unread postby wannabeageek » April 10th, 2013, 9:22 am

Hello boondoc,

Please download and run TDSSKiller. Be sure to disable your Comdo suite prior to running the scan. Take note as to how the cursor responds during the time period that Comdo is disabled. Does your cursor/mouse pointer freeze with Comdo disabled?

TDSSKiller

Please download TDSSKiller.exe and save it to your Desktop.
  1. Right click on TDSSKiller.exe select "Run As Administrator" to run it. If prompted by UAC, please allow it.
  2. Click on Start Scan, the scan will run.
  3. When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  4. Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  5. To find the log go to Start > Computer > C:
  6. A log file should be created on your C: drive named something like TDSSKiller.2.4.0.0 24.07.2010.
  7. Post the contents of that log in your next reply please.
  8. DO NOT TRY TO FIX ANYTHING AT THIS POINT
wannabeageek
MRU Master
MRU Master
 
Posts: 1871
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Odd exe commands setting off firewall/registry tampered?

Unread postby boondoc » April 11th, 2013, 8:23 pm

20:17:01.0824 4016 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
20:17:02.0495 4016 ============================================================
20:17:02.0495 4016 Current date / time: 2013/04/11 20:17:02.0495
20:17:02.0495 4016 SystemInfo:
20:17:02.0495 4016
20:17:02.0495 4016 OS Version: 6.1.7601 ServicePack: 1.0
20:17:02.0495 4016 Product type: Workstation
20:17:02.0495 4016 ComputerName: PALMER-PC
20:17:02.0495 4016 UserName: Palmer
20:17:02.0495 4016 Windows directory: C:\windows
20:17:02.0495 4016 System windows directory: C:\windows
20:17:02.0495 4016 Running under WOW64
20:17:02.0495 4016 Processor architecture: Intel x64
20:17:02.0495 4016 Number of processors: 2
20:17:02.0495 4016 Page size: 0x1000
20:17:02.0495 4016 Boot type: Normal boot
20:17:02.0495 4016 ============================================================
20:17:05.0350 4016 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:17:05.0365 4016 ============================================================
20:17:05.0365 4016 \Device\Harddisk0\DR0:
20:17:05.0365 4016 MBR partitions:
20:17:05.0365 4016 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x64000
20:17:05.0365 4016 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64800, BlocksNum 0x179E0800
20:17:05.0396 4016 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x17A45800, BlocksNum 0x39FD800
20:17:05.0396 4016 ============================================================
20:17:05.0506 4016 C: <-> \Device\Harddisk0\DR0\Partition2
20:17:13.0664 4016 D: <-> \Device\Harddisk0\DR0\Partition3
20:17:13.0680 4016 ============================================================
20:17:13.0680 4016 Initialize success
20:17:13.0680 4016 ============================================================
20:17:32.0915 3592 ============================================================
20:17:32.0915 3592 Scan started
20:17:32.0915 3592 Mode: Manual;
20:17:32.0915 3592 ============================================================
20:17:36.0300 3592 ================ Scan system memory ========================
20:17:36.0300 3592 System memory - ok
20:17:36.0300 3592 ================ Scan services =============================
20:17:36.0784 3592 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
20:17:36.0799 3592 1394ohci - ok
20:17:36.0846 3592 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys
20:17:36.0877 3592 ACPI - ok
20:17:36.0893 3592 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
20:17:36.0909 3592 AcpiPmi - ok
20:17:36.0940 3592 [ 5BBFF8B826EC38D32C26334E079C7EFC ] ACPIVPC C:\windows\system32\DRIVERS\AcpiVpc.sys
20:17:36.0940 3592 ACPIVPC - ok
20:17:37.0065 3592 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:17:37.0080 3592 AdobeARMservice - ok
20:17:37.0345 3592 [ EC807244904FA170C299AB06D87FBDBE ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:17:37.0860 3592 AdobeFlashPlayerUpdateSvc - ok
20:17:37.0985 3592 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\drivers\adp94xx.sys
20:17:38.0016 3592 adp94xx - ok
20:17:38.0047 3592 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\drivers\adpahci.sys
20:17:38.0063 3592 adpahci - ok
20:17:38.0079 3592 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\drivers\adpu320.sys
20:17:38.0094 3592 adpu320 - ok
20:17:38.0125 3592 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
20:17:38.0125 3592 AeLookupSvc - ok
20:17:38.0188 3592 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys
20:17:38.0235 3592 AFD - ok
20:17:38.0266 3592 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys
20:17:38.0281 3592 agp440 - ok
20:17:38.0313 3592 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
20:17:38.0313 3592 ALG - ok
20:17:38.0344 3592 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys
20:17:38.0344 3592 aliide - ok
20:17:38.0391 3592 [ C907240FE95DE405E40342419B9D2AFE ] AMD External Events Utility C:\windows\system32\atiesrxx.exe
20:17:38.0391 3592 AMD External Events Utility - ok
20:17:38.0406 3592 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys
20:17:38.0422 3592 amdide - ok
20:17:38.0437 3592 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\drivers\amdk8.sys
20:17:38.0453 3592 AmdK8 - ok
20:17:38.0749 3592 [ 76310C6DC018CE6310E4520789B9E40A ] amdkmdag C:\windows\system32\DRIVERS\atikmdag.sys
20:17:39.0108 3592 amdkmdag - ok
20:17:39.0139 3592 [ 3CBD33B1903C0A10FB746388EED91370 ] amdkmdap C:\windows\system32\DRIVERS\atikmpag.sys
20:17:39.0155 3592 amdkmdap - ok
20:17:39.0186 3592 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys
20:17:39.0186 3592 AmdPPM - ok
20:17:39.0217 3592 [ CC3021D064EB6D3C2F949530E2B0BA47 ] amdsata C:\windows\system32\DRIVERS\amdsata.sys
20:17:39.0217 3592 amdsata - ok
20:17:39.0249 3592 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\drivers\amdsbs.sys
20:17:39.0280 3592 amdsbs - ok
20:17:39.0295 3592 [ FFC5A0F6263574EF0D5467496B721F77 ] amdxata C:\windows\system32\drivers\amdxata.sys
20:17:39.0295 3592 amdxata - ok
20:17:39.0327 3592 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys
20:17:39.0327 3592 AppID - ok
20:17:39.0358 3592 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
20:17:39.0358 3592 AppIDSvc - ok
20:17:39.0389 3592 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll
20:17:39.0405 3592 Appinfo - ok
20:17:39.0576 3592 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:17:39.0576 3592 Apple Mobile Device - ok
20:17:39.0623 3592 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\drivers\arc.sys
20:17:39.0623 3592 arc - ok
20:17:39.0654 3592 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\drivers\arcsas.sys
20:17:39.0670 3592 arcsas - ok
20:17:39.0982 3592 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
20:17:40.0107 3592 aspnet_state - ok
20:17:40.0153 3592 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
20:17:40.0153 3592 AsyncMac - ok
20:17:40.0185 3592 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys
20:17:40.0185 3592 atapi - ok
20:17:40.0247 3592 [ 4BF5BCA6E2608CD8A00BC4A6673A9F47 ] AtiHDAudioService C:\windows\system32\drivers\AtihdW76.sys
20:17:40.0247 3592 AtiHDAudioService - ok
20:17:40.0325 3592 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
20:17:40.0372 3592 AudioEndpointBuilder - ok
20:17:40.0403 3592 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll
20:17:40.0419 3592 AudioSrv - ok
20:17:40.0481 3592 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll
20:17:40.0497 3592 AxInstSV - ok
20:17:40.0528 3592 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\drivers\bxvbda.sys
20:17:40.0575 3592 b06bdrv - ok
20:17:40.0621 3592 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
20:17:40.0637 3592 b57nd60a - ok
20:17:40.0668 3592 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
20:17:40.0684 3592 BDESVC - ok
20:17:40.0684 3592 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
20:17:40.0699 3592 Beep - ok
20:17:40.0762 3592 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll
20:17:40.0793 3592 BFE - ok
20:17:40.0840 3592 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\System32\qmgr.dll
20:17:40.0887 3592 BITS - ok
20:17:40.0902 3592 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
20:17:40.0902 3592 blbdrive - ok
20:17:41.0011 3592 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:17:41.0043 3592 Bonjour Service - ok
20:17:41.0089 3592 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys
20:17:41.0089 3592 bowser - ok
20:17:41.0136 3592 [ AAA4F992F879977A000FE8B8C730CD2C ] BPntDrv C:\windows\system32\drivers\BPntDrv.sys
20:17:41.0152 3592 BPntDrv - ok
20:17:41.0167 3592 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\drivers\BrFiltLo.sys
20:17:41.0167 3592 BrFiltLo - ok
20:17:41.0183 3592 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\drivers\BrFiltUp.sys
20:17:41.0183 3592 BrFiltUp - ok
20:17:41.0230 3592 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll
20:17:41.0245 3592 Browser - ok
20:17:41.0277 3592 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys
20:17:41.0292 3592 Brserid - ok
20:17:41.0292 3592 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
20:17:41.0308 3592 BrSerWdm - ok
20:17:41.0308 3592 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
20:17:41.0323 3592 BrUsbMdm - ok
20:17:41.0323 3592 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
20:17:41.0339 3592 BrUsbSer - ok
20:17:41.0370 3592 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\windows\system32\drivers\BthEnum.sys
20:17:41.0386 3592 BthEnum - ok
20:17:41.0401 3592 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\drivers\bthmodem.sys
20:17:41.0401 3592 BTHMODEM - ok
20:17:41.0417 3592 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\windows\system32\DRIVERS\bthpan.sys
20:17:41.0433 3592 BthPan - ok
20:17:41.0464 3592 [ 64C198198501F7560EE41D8D1EFA7952 ] BTHPORT C:\windows\System32\Drivers\BTHport.sys
20:17:41.0495 3592 BTHPORT - ok
20:17:41.0526 3592 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
20:17:41.0542 3592 bthserv - ok
20:17:41.0573 3592 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\windows\System32\Drivers\BTHUSB.sys
20:17:41.0573 3592 BTHUSB - ok
20:17:41.0604 3592 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
20:17:41.0604 3592 cdfs - ok
20:17:41.0651 3592 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
20:17:41.0667 3592 cdrom - ok
20:17:41.0698 3592 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll
20:17:41.0713 3592 CertPropSvc - ok
20:17:41.0729 3592 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\drivers\circlass.sys
20:17:41.0745 3592 circlass - ok
20:17:41.0760 3592 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
20:17:41.0776 3592 CLFS - ok
20:17:41.0854 3592 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:17:41.0885 3592 clr_optimization_v2.0.50727_32 - ok
20:17:41.0916 3592 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:17:41.0932 3592 clr_optimization_v2.0.50727_64 - ok
20:17:42.0197 3592 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:17:42.0634 3592 clr_optimization_v4.0.30319_32 - ok
20:17:42.0649 3592 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:17:42.0883 3592 clr_optimization_v4.0.30319_64 - ok
20:17:42.0915 3592 clwvd - ok
20:17:42.0961 3592 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
20:17:42.0961 3592 CmBatt - ok
20:17:43.0133 3592 [ 65FB5097D9EE7E3A99E932CFA0E4B344 ] cmdAgent C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
20:17:43.0180 3592 cmdAgent - ok
20:17:43.0258 3592 [ 2D6DC31AA55BFF702519235DEF0DA68E ] cmderd C:\windows\system32\DRIVERS\cmderd.sys
20:17:43.0258 3592 cmderd - ok
20:17:43.0320 3592 [ 919ACCC22ABDC1C3CA68326C0E5DEAF9 ] cmdGuard C:\windows\system32\DRIVERS\cmdguard.sys
20:17:43.0336 3592 cmdGuard - ok
20:17:43.0367 3592 [ F8FECE0F1D44C4A58778083B00EEADAC ] cmdHlp C:\windows\system32\DRIVERS\cmdhlp.sys
20:17:43.0367 3592 cmdHlp - ok
20:17:43.0383 3592 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys
20:17:43.0398 3592 cmdide - ok
20:17:43.0445 3592 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\windows\system32\Drivers\cng.sys
20:17:43.0476 3592 CNG - ok
20:17:43.0585 3592 [ A260BE645DD096D90318C8CF98536720 ] CnxtHdAudService C:\windows\system32\drivers\CHDRT64.sys
20:17:43.0617 3592 CnxtHdAudService - ok
20:17:43.0663 3592 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\drivers\compbatt.sys
20:17:43.0663 3592 Compbatt - ok
20:17:43.0695 3592 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\DRIVERS\CompositeBus.sys
20:17:43.0710 3592 CompositeBus - ok
20:17:43.0726 3592 COMSysApp - ok
20:17:43.0726 3592 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\drivers\crcdisk.sys
20:17:43.0741 3592 crcdisk - ok
20:17:43.0788 3592 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\windows\system32\cryptsvc.dll
20:17:43.0788 3592 CryptSvc - ok
20:17:43.0913 3592 [ 61A86809B62769643892BC0812B204AA ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
20:17:44.0490 3592 cvhsvc - ok
20:17:44.0537 3592 [ F160B26B26BA4AFE8CECC12ED5AC231E ] CxAudMsg C:\windows\system32\CxAudMsg64.exe
20:17:44.0537 3592 CxAudMsg - ok
20:17:44.0599 3592 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll
20:17:44.0631 3592 DcomLaunch - ok
20:17:44.0677 3592 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
20:17:44.0693 3592 defragsvc - ok
20:17:44.0724 3592 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys
20:17:44.0740 3592 DfsC - ok
20:17:44.0787 3592 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll
20:17:44.0802 3592 Dhcp - ok
20:17:44.0818 3592 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
20:17:44.0818 3592 discache - ok
20:17:44.0865 3592 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\drivers\disk.sys
20:17:44.0865 3592 Disk - ok
20:17:44.0896 3592 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll
20:17:44.0896 3592 Dnscache - ok
20:17:44.0927 3592 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll
20:17:44.0943 3592 dot3svc - ok
20:17:44.0958 3592 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll
20:17:44.0974 3592 DPS - ok
20:17:45.0255 3592 [ 770AC17FBF274FB1773F5C49EE15B3DD ] DragonUpdater C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
20:17:45.0801 3592 DragonUpdater - ok
20:17:45.0910 3592 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
20:17:45.0910 3592 drmkaud - ok
20:17:45.0972 3592 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
20:17:46.0003 3592 DXGKrnl - ok
20:17:46.0050 3592 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
20:17:46.0050 3592 EapHost - ok
20:17:46.0175 3592 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\drivers\evbda.sys
20:17:46.0284 3592 ebdrv - ok
20:17:46.0331 3592 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe
20:17:46.0331 3592 EFS - ok
20:17:46.0409 3592 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe
20:17:46.0440 3592 ehRecvr - ok
20:17:46.0456 3592 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe
20:17:46.0456 3592 ehSched - ok
20:17:46.0503 3592 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\drivers\elxstor.sys
20:17:46.0534 3592 elxstor - ok
20:17:46.0549 3592 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys
20:17:46.0549 3592 ErrDev - ok
20:17:46.0627 3592 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
20:17:46.0659 3592 EventSystem - ok
20:17:46.0690 3592 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
20:17:46.0690 3592 exfat - ok
20:17:46.0721 3592 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
20:17:46.0737 3592 fastfat - ok
20:17:46.0783 3592 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe
20:17:46.0815 3592 Fax - ok
20:17:46.0846 3592 [ 0BDD7984DB7AAFF6DFEFD11D82D473DB ] fbfmon C:\windows\system32\drivers\fbfmon.sys
20:17:46.0846 3592 fbfmon - ok
20:17:46.0861 3592 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\drivers\fdc.sys
20:17:46.0877 3592 fdc - ok
20:17:46.0893 3592 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
20:17:46.0908 3592 fdPHost - ok
20:17:46.0955 3592 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll
20:17:46.0955 3592 FDResPub - ok
20:17:47.0002 3592 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
20:17:47.0002 3592 FileInfo - ok
20:17:47.0017 3592 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
20:17:47.0017 3592 Filetrace - ok
20:17:47.0033 3592 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\drivers\flpydisk.sys
20:17:47.0033 3592 flpydisk - ok
20:17:47.0064 3592 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
20:17:47.0080 3592 FltMgr - ok
20:17:47.0173 3592 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\windows\system32\FntCache.dll
20:17:47.0220 3592 FontCache - ok
20:17:47.0267 3592 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:17:47.0595 3592 FontCache3.0.0.0 - ok
20:17:47.0641 3592 [ 721A1C957BD23829C6D2BE5C7CDC1012 ] FPSensor C:\windows\system32\Drivers\FPSensor.sys
20:17:47.0641 3592 FPSensor - ok
20:17:47.0688 3592 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
20:17:47.0688 3592 FsDepends - ok
20:17:47.0719 3592 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
20:17:47.0719 3592 Fs_Rec - ok
20:17:47.0766 3592 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
20:17:47.0782 3592 fvevol - ok
20:17:47.0797 3592 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\drivers\gagp30kx.sys
20:17:47.0813 3592 gagp30kx - ok
20:17:47.0860 3592 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\windows\system32\DRIVERS\GEARAspiWDM.sys
20:17:47.0860 3592 GEARAspiWDM - ok
20:17:47.0922 3592 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll
20:17:47.0953 3592 gpsvc - ok
20:17:47.0985 3592 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
20:17:48.0000 3592 hcw85cir - ok
20:17:48.0047 3592 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
20:17:48.0078 3592 HdAudAddService - ok
20:17:48.0125 3592 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys
20:17:48.0141 3592 HDAudBus - ok
20:17:48.0156 3592 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\drivers\HidBatt.sys
20:17:48.0156 3592 HidBatt - ok
20:17:48.0172 3592 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\drivers\hidbth.sys
20:17:48.0172 3592 HidBth - ok
20:17:48.0187 3592 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\drivers\hidir.sys
20:17:48.0187 3592 HidIr - ok
20:17:48.0219 3592 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\system32\hidserv.dll
20:17:48.0234 3592 hidserv - ok
20:17:48.0265 3592 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\drivers\hidusb.sys
20:17:48.0281 3592 HidUsb - ok
20:17:48.0312 3592 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll
20:17:48.0328 3592 hkmsvc - ok
20:17:48.0343 3592 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
20:17:48.0359 3592 HomeGroupListener - ok
20:17:48.0390 3592 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
20:17:48.0406 3592 HomeGroupProvider - ok
20:17:48.0437 3592 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
20:17:48.0453 3592 HpSAMD - ok
20:17:48.0531 3592 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys
20:17:48.0577 3592 HTTP - ok
20:17:48.0593 3592 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
20:17:48.0593 3592 hwpolicy - ok
20:17:48.0609 3592 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys
20:17:48.0624 3592 i8042prt - ok
20:17:48.0671 3592 [ 3DF4395A7CF8B7A72A5F4606366B8C2D ] iaStorV C:\windows\system32\drivers\iaStorV.sys
20:17:48.0687 3592 iaStorV - ok
20:17:48.0780 3592 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:17:48.0811 3592 idsvc - ok
20:17:48.0874 3592 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\drivers\iirsp.sys
20:17:48.0874 3592 iirsp - ok
20:17:48.0952 3592 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll
20:17:48.0999 3592 IKEEXT - ok
20:17:49.0045 3592 [ C4E67D3037DC79E39D7136581A947F50 ] inspect C:\windows\system32\DRIVERS\inspect.sys
20:17:49.0061 3592 inspect - ok
20:17:49.0061 3592 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys
20:17:49.0061 3592 intelide - ok
20:17:49.0092 3592 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\drivers\intelppm.sys
20:17:49.0108 3592 intelppm - ok
20:17:49.0123 3592 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll
20:17:49.0139 3592 IPBusEnum - ok
20:17:49.0155 3592 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
20:17:49.0155 3592 IpFilterDriver - ok
20:17:49.0217 3592 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
20:17:49.0248 3592 iphlpsvc - ok
20:17:49.0279 3592 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
20:17:49.0279 3592 IPMIDRV - ok
20:17:49.0311 3592 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
20:17:49.0311 3592 IPNAT - ok
20:17:49.0389 3592 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
20:17:49.0420 3592 iPod Service - ok
20:17:49.0435 3592 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys
20:17:49.0435 3592 IRENUM - ok
20:17:49.0467 3592 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys
20:17:49.0482 3592 isapnp - ok
20:17:49.0513 3592 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
20:17:49.0529 3592 iScsiPrt - ok
20:17:49.0576 3592 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
20:17:49.0576 3592 kbdclass - ok
20:17:49.0607 3592 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\drivers\kbdhid.sys
20:17:49.0607 3592 kbdhid - ok
20:17:49.0638 3592 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe
20:17:49.0654 3592 KeyIso - ok
20:17:49.0685 3592 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
20:17:49.0701 3592 KSecDD - ok
20:17:49.0716 3592 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
20:17:49.0732 3592 KSecPkg - ok
20:17:49.0747 3592 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
20:17:49.0763 3592 ksthunk - ok
20:17:49.0810 3592 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll
20:17:49.0841 3592 KtmRm - ok
20:17:49.0888 3592 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\system32\srvsvc.dll
20:17:49.0903 3592 LanmanServer - ok
20:17:49.0919 3592 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
20:17:49.0935 3592 LanmanWorkstation - ok
20:17:49.0950 3592 [ BE166935083F9C38EDFDC21B9A7A679B ] LHDmgr C:\windows\system32\DRIVERS\LhdX64.sys
20:17:49.0950 3592 LHDmgr - ok
20:17:49.0981 3592 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
20:17:49.0997 3592 lltdio - ok
20:17:50.0028 3592 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll
20:17:50.0059 3592 lltdsvc - ok
20:17:50.0091 3592 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll
20:17:50.0091 3592 lmhosts - ok
20:17:50.0137 3592 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\drivers\lsi_fc.sys
20:17:50.0137 3592 LSI_FC - ok
20:17:50.0153 3592 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\drivers\lsi_sas.sys
20:17:50.0169 3592 LSI_SAS - ok
20:17:50.0169 3592 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\drivers\lsi_sas2.sys
20:17:50.0184 3592 LSI_SAS2 - ok
20:17:50.0200 3592 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\drivers\lsi_scsi.sys
20:17:50.0215 3592 LSI_SCSI - ok
20:17:50.0231 3592 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys
20:17:50.0231 3592 luafv - ok
20:17:50.0278 3592 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
20:17:50.0293 3592 Mcx2Svc - ok
20:17:50.0293 3592 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\drivers\megasas.sys
20:17:50.0309 3592 megasas - ok
20:17:50.0340 3592 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\drivers\MegaSR.sys
20:17:50.0356 3592 MegaSR - ok
20:17:50.0403 3592 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll
20:17:50.0403 3592 MMCSS - ok
20:17:50.0418 3592 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys
20:17:50.0418 3592 Modem - ok
20:17:50.0434 3592 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys
20:17:50.0449 3592 monitor - ok
20:17:50.0465 3592 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
20:17:50.0465 3592 mouclass - ok
20:17:50.0481 3592 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\drivers\mouhid.sys
20:17:50.0496 3592 mouhid - ok
20:17:50.0496 3592 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys
20:17:50.0512 3592 mountmgr - ok
20:17:50.0543 3592 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys
20:17:50.0559 3592 mpio - ok
20:17:50.0574 3592 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
20:17:50.0574 3592 mpsdrv - ok
20:17:50.0637 3592 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll
20:17:50.0668 3592 MpsSvc - ok
20:17:50.0683 3592 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
20:17:50.0699 3592 MRxDAV - ok
20:17:50.0730 3592 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
20:17:50.0746 3592 mrxsmb - ok
20:17:50.0777 3592 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
20:17:50.0793 3592 mrxsmb10 - ok
20:17:50.0839 3592 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
20:17:50.0855 3592 mrxsmb20 - ok
20:17:50.0902 3592 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\drivers\msahci.sys
20:17:50.0902 3592 msahci - ok
20:17:50.0949 3592 [ B7A248E6BCAE3B17791A51A836DAE264 ] MsDepSvc C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe
20:17:51.0276 3592 MsDepSvc - ok
20:17:51.0292 3592 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys
20:17:51.0307 3592 msdsm - ok
20:17:51.0354 3592 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe
20:17:51.0354 3592 MSDTC - ok
20:17:51.0385 3592 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys
20:17:51.0385 3592 Msfs - ok
20:17:51.0401 3592 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
20:17:51.0417 3592 mshidkmdf - ok
20:17:51.0417 3592 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys
20:17:51.0432 3592 msisadrv - ok
20:17:51.0463 3592 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
20:17:51.0479 3592 MSiSCSI - ok
20:17:51.0495 3592 msiserver - ok
20:17:51.0510 3592 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
20:17:51.0510 3592 MSKSSRV - ok
20:17:51.0526 3592 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
20:17:51.0526 3592 MSPCLOCK - ok
20:17:51.0557 3592 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
20:17:51.0557 3592 MSPQM - ok
20:17:51.0588 3592 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys
20:17:51.0604 3592 MsRPC - ok
20:17:51.0619 3592 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys
20:17:51.0619 3592 mssmbios - ok
20:17:51.0635 3592 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
20:17:51.0635 3592 MSTEE - ok
20:17:51.0651 3592 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\drivers\MTConfig.sys
20:17:51.0651 3592 MTConfig - ok
20:17:51.0666 3592 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys
20:17:51.0666 3592 Mup - ok
20:17:51.0729 3592 MySQL - ok
20:17:51.0791 3592 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll
20:17:51.0822 3592 napagent - ok
20:17:51.0900 3592 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
20:17:51.0916 3592 NativeWifiP - ok
20:17:51.0963 3592 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\windows\system32\drivers\ndis.sys
20:17:52.0025 3592 NDIS - ok
20:17:52.0056 3592 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
20:17:52.0056 3592 NdisCap - ok
20:17:52.0072 3592 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
20:17:52.0072 3592 NdisTapi - ok
20:17:52.0103 3592 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
20:17:52.0103 3592 Ndisuio - ok
20:17:52.0119 3592 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
20:17:52.0134 3592 NdisWan - ok
20:17:52.0134 3592 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
20:17:52.0150 3592 NDProxy - ok
20:17:52.0165 3592 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
20:17:52.0165 3592 NetBIOS - ok
20:17:52.0212 3592 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
20:17:52.0243 3592 NetBT - ok
20:17:52.0275 3592 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe
20:17:52.0275 3592 Netlogon - ok
20:17:52.0337 3592 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll
20:17:52.0368 3592 Netman - ok
20:17:52.0415 3592 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:17:52.0509 3592 NetMsmqActivator - ok
20:17:52.0524 3592 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:17:52.0524 3592 NetPipeActivator - ok
20:17:52.0618 3592 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll
20:17:52.0649 3592 netprofm - ok
20:17:52.0727 3592 [ 813B7C722BA97E703D375ABA170E16CC ] netr28x C:\windows\system32\DRIVERS\netr28x.sys
20:17:52.0758 3592 netr28x - ok
20:17:52.0821 3592 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:17:52.0821 3592 NetTcpActivator - ok
20:17:52.0836 3592 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:17:52.0836 3592 NetTcpPortSharing - ok
20:17:52.0883 3592 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\drivers\nfrd960.sys
20:17:52.0899 3592 nfrd960 - ok
20:17:52.0930 3592 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\windows\System32\nlasvc.dll
20:17:52.0945 3592 NlaSvc - ok
20:17:52.0961 3592 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys
20:17:52.0977 3592 Npfs - ok
20:17:53.0008 3592 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll
20:17:53.0008 3592 nsi - ok
20:17:53.0023 3592 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
20:17:53.0023 3592 nsiproxy - ok
20:17:53.0086 3592 [ 05D78AA5CB5F3F5C31160BDB955D0B7C ] Ntfs C:\windows\system32\drivers\Ntfs.sys
20:17:53.0148 3592 Ntfs - ok
20:17:53.0164 3592 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys
20:17:53.0164 3592 Null - ok
20:17:53.0179 3592 [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48 ] nvraid C:\windows\system32\drivers\nvraid.sys
20:17:53.0195 3592 nvraid - ok
20:17:53.0226 3592 [ F7CD50FE7139F07E77DA8AC8033D1832 ] nvstor C:\windows\system32\drivers\nvstor.sys
20:17:53.0226 3592 nvstor - ok
20:17:53.0257 3592 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
20:17:53.0257 3592 nv_agp - ok
20:17:53.0289 3592 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
20:17:53.0304 3592 ohci1394 - ok
20:17:53.0351 3592 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:17:53.0710 3592 ose - ok
20:17:53.0944 3592 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
20:17:54.0240 3592 osppsvc - ok
20:17:54.0303 3592 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll
20:17:54.0334 3592 p2pimsvc - ok
20:17:54.0365 3592 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll
20:17:54.0381 3592 p2psvc - ok
20:17:54.0427 3592 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\drivers\parport.sys
20:17:54.0427 3592 Parport - ok
20:17:54.0474 3592 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys
20:17:54.0474 3592 partmgr - ok
20:17:54.0490 3592 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
20:17:54.0505 3592 PcaSvc - ok
20:17:54.0537 3592 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys
20:17:54.0537 3592 pci - ok
20:17:54.0552 3592 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\drivers\pciide.sys
20:17:54.0552 3592 pciide - ok
20:17:54.0568 3592 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\drivers\pcmcia.sys
20:17:54.0583 3592 pcmcia - ok
20:17:54.0599 3592 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys
20:17:54.0599 3592 pcw - ok
20:17:54.0630 3592 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys
20:17:54.0677 3592 PEAUTH - ok
20:17:54.0802 3592 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe
20:17:55.0192 3592 PerfHost - ok
20:17:55.0270 3592 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll
20:17:55.0332 3592 pla - ok
20:17:55.0395 3592 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll
20:17:55.0426 3592 PlugPlay - ok
20:17:55.0457 3592 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
20:17:55.0473 3592 PNRPAutoReg - ok
20:17:55.0488 3592 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll
20:17:55.0504 3592 PNRPsvc - ok
20:17:55.0551 3592 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
20:17:55.0582 3592 PolicyAgent - ok
20:17:55.0629 3592 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll
20:17:55.0644 3592 Power - ok
20:17:55.0691 3592 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
20:17:55.0707 3592 PptpMiniport - ok
20:17:55.0722 3592 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\drivers\processr.sys
20:17:55.0738 3592 Processor - ok
20:17:55.0769 3592 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc C:\windows\system32\profsvc.dll
20:17:55.0785 3592 ProfSvc - ok
20:17:55.0800 3592 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
20:17:55.0816 3592 ProtectedStorage - ok
20:17:55.0847 3592 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys
20:17:55.0847 3592 Psched - ok
20:17:55.0941 3592 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\drivers\ql2300.sys
20:17:56.0003 3592 ql2300 - ok
20:17:56.0019 3592 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\drivers\ql40xx.sys
20:17:56.0034 3592 ql40xx - ok
20:17:56.0081 3592 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll
20:17:56.0081 3592 QWAVE - ok
20:17:56.0097 3592 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
20:17:56.0112 3592 QWAVEdrv - ok
20:17:56.0112 3592 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
20:17:56.0128 3592 RasAcd - ok
20:17:56.0175 3592 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
20:17:56.0175 3592 RasAgileVpn - ok
20:17:56.0221 3592 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll
20:17:56.0237 3592 RasAuto - ok
20:17:56.0253 3592 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
20:17:56.0268 3592 Rasl2tp - ok
20:17:56.0284 3592 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll
20:17:56.0315 3592 RasMan - ok
20:17:56.0315 3592 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
20:17:56.0331 3592 RasPppoe - ok
20:17:56.0362 3592 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
20:17:56.0377 3592 RasSstp - ok
20:17:56.0409 3592 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
20:17:56.0440 3592 rdbss - ok
20:17:56.0440 3592 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\drivers\rdpbus.sys
20:17:56.0455 3592 rdpbus - ok
20:17:56.0471 3592 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
20:17:56.0471 3592 RDPCDD - ok
20:17:56.0487 3592 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
20:17:56.0502 3592 RDPENCDD - ok
20:17:56.0518 3592 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
20:17:56.0533 3592 RDPREFMP - ok
20:17:56.0565 3592 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys
20:17:56.0580 3592 RDPWD - ok
20:17:56.0611 3592 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
20:17:56.0627 3592 rdyboost - ok
20:17:56.0658 3592 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
20:17:56.0674 3592 RemoteAccess - ok
20:17:56.0721 3592 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
20:17:56.0736 3592 RemoteRegistry - ok
20:17:56.0752 3592 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys
20:17:56.0767 3592 RFCOMM - ok
20:17:56.0799 3592 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
20:17:56.0814 3592 RpcEptMapper - ok
20:17:56.0845 3592 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
20:17:56.0861 3592 RpcLocator - ok
20:17:56.0892 3592 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll
20:17:56.0892 3592 RpcSs - ok
20:17:56.0939 3592 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
20:17:56.0955 3592 rspndr - ok
20:17:57.0001 3592 [ E54A5586A28D0630A79A68BBAB84BFCF ] RSUSBVSTOR C:\windows\system32\Drivers\RtsUVStor.sys
20:17:57.0017 3592 RSUSBVSTOR - ok
20:17:57.0064 3592 [ 3372196F61AF48503656EF6AA3E92D1B ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys
20:17:57.0064 3592 RTL8167 - ok
20:17:57.0095 3592 S6000KNT - ok
20:17:57.0126 3592 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe
20:17:57.0126 3592 SamSs - ok
20:17:57.0157 3592 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys
20:17:57.0157 3592 sbp2port - ok
20:17:57.0204 3592 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
20:17:57.0220 3592 SCardSvr - ok
20:17:57.0251 3592 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
20:17:57.0251 3592 scfilter - ok
20:17:57.0298 3592 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll
20:17:57.0345 3592 Schedule - ok
20:17:57.0376 3592 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll
20:17:57.0376 3592 SCPolicySvc - ok
20:17:57.0407 3592 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll
20:17:57.0438 3592 SDRSVC - ok
20:17:57.0485 3592 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
20:17:57.0501 3592 secdrv - ok
20:17:57.0516 3592 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll
20:17:57.0516 3592 seclogon - ok
20:17:57.0547 3592 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\System32\sens.dll
20:17:57.0547 3592 SENS - ok
20:17:57.0579 3592 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
20:17:57.0594 3592 SensrSvc - ok
20:17:57.0610 3592 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\drivers\serenum.sys
20:17:57.0610 3592 Serenum - ok
20:17:57.0641 3592 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\drivers\serial.sys
20:17:57.0657 3592 Serial - ok
20:17:57.0672 3592 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\drivers\sermouse.sys
20:17:57.0688 3592 sermouse - ok
20:17:57.0735 3592 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll
20:17:57.0750 3592 SessionEnv - ok
20:17:57.0750 3592 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys
20:17:57.0766 3592 sffdisk - ok
20:17:57.0766 3592 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
20:17:57.0781 3592 sffp_mmc - ok
20:17:57.0781 3592 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
20:17:57.0797 3592 sffp_sd - ok
20:17:57.0813 3592 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\drivers\sfloppy.sys
20:17:57.0828 3592 sfloppy - ok
20:17:57.0891 3592 [ D5183ED285D2795491DC15BDDCBEE5AD ] Sftfs C:\windows\system32\DRIVERS\Sftfslh.sys
20:17:57.0906 3592 Sftfs - ok
20:17:57.0969 3592 [ BFDB58616FF5EA540A5F58301D50641E ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
20:17:58.0421 3592 sftlist - ok
20:17:58.0577 3592 [ 00F118B68C50D2206DD51634F9142B83 ] Sftplay C:\windows\system32\DRIVERS\Sftplaylh.sys
20:17:58.0577 3592 Sftplay - ok
20:17:58.0608 3592 [ 76A827DF5640BFE16A0CDBB4108ADECA ] Sftredir C:\windows\system32\DRIVERS\Sftredirlh.sys
20:17:58.0608 3592 Sftredir - ok
20:17:58.0624 3592 [ 1B4C9701645086BAB8CAFFFCE30ED284 ] Sftvol C:\windows\system32\DRIVERS\Sftvollh.sys
20:17:58.0639 3592 Sftvol - ok
20:17:58.0671 3592 [ B94C3C4DCA2093243C76CA218EDE2A97 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
20:17:59.0061 3592 sftvsa - ok
20:17:59.0092 3592 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll
20:17:59.0123 3592 SharedAccess - ok
20:17:59.0154 3592 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
20:17:59.0185 3592 ShellHWDetection - ok
20:17:59.0217 3592 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\drivers\SiSRaid2.sys
20:17:59.0232 3592 SiSRaid2 - ok
20:17:59.0248 3592 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\drivers\sisraid4.sys
20:17:59.0248 3592 SiSRaid4 - ok
20:17:59.0263 3592 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys
20:17:59.0279 3592 Smb - ok
20:17:59.0310 3592 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe
20:17:59.0326 3592 SNMPTRAP - ok
20:17:59.0341 3592 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys
20:17:59.0357 3592 spldr - ok
20:17:59.0388 3592 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\windows\System32\spoolsv.exe
20:17:59.0404 3592 Spooler - ok
20:17:59.0529 3592 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe
20:17:59.0653 3592 sppsvc - ok
20:17:59.0669 3592 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll
20:17:59.0669 3592 sppuinotify - ok
20:17:59.0731 3592 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys
20:17:59.0763 3592 srv - ok
20:17:59.0794 3592 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
20:17:59.0825 3592 srv2 - ok
20:17:59.0856 3592 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
20:17:59.0872 3592 srvnet - ok
20:17:59.0919 3592 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
20:17:59.0934 3592 SSDPSRV - ok
20:17:59.0950 3592 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll
20:17:59.0965 3592 SstpSvc - ok
20:17:59.0997 3592 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\drivers\stexstor.sys
20:17:59.0997 3592 stexstor - ok
20:18:00.0043 3592 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\windows\system32\DRIVERS\serscan.sys
20:18:00.0043 3592 StillCam - ok
20:18:00.0121 3592 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll
20:18:00.0153 3592 stisvc - ok
20:18:00.0184 3592 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\DRIVERS\swenum.sys
20:18:00.0199 3592 swenum - ok
20:18:00.0246 3592 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll
20:18:00.0277 3592 swprv - ok
20:18:00.0355 3592 [ 09E811486038F1C06F9E00DFFAAB7A4E ] SynTP C:\windows\system32\DRIVERS\SynTP.sys
20:18:00.0387 3592 SynTP - ok
20:18:00.0465 3592 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll
20:18:00.0527 3592 SysMain - ok
20:18:00.0543 3592 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
20:18:00.0558 3592 TabletInputService - ok
20:18:00.0589 3592 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll
20:18:00.0605 3592 TapiSrv - ok
20:18:00.0636 3592 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll
20:18:00.0652 3592 TBS - ok
20:18:00.0730 3592 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\windows\system32\drivers\tcpip.sys
20:18:00.0839 3592 Tcpip - ok
20:18:00.0933 3592 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
20:18:00.0964 3592 TCPIP6 - ok
20:18:00.0995 3592 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
20:18:00.0995 3592 tcpipreg - ok
20:18:01.0011 3592 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
20:18:01.0026 3592 TDPIPE - ok
20:18:01.0057 3592 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
20:18:01.0057 3592 TDTCP - ok
20:18:01.0104 3592 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys
20:18:01.0104 3592 tdx - ok
20:18:01.0120 3592 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\DRIVERS\termdd.sys
20:18:01.0135 3592 TermDD - ok
20:18:01.0198 3592 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll
20:18:01.0229 3592 TermService - ok
20:18:01.0245 3592 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll
20:18:01.0260 3592 Themes - ok
20:18:01.0276 3592 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll
20:18:01.0291 3592 THREADORDER - ok
20:18:01.0307 3592 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll
20:18:01.0323 3592 TrkWks - ok
20:18:01.0369 3592 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
20:18:01.0385 3592 TrustedInstaller - ok
20:18:01.0401 3592 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
20:18:01.0416 3592 tssecsrv - ok
20:18:01.0447 3592 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
20:18:01.0447 3592 TsUsbFlt - ok
20:18:01.0463 3592 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\windows\system32\drivers\TsUsbGD.sys
20:18:01.0479 3592 TsUsbGD - ok
20:18:01.0525 3592 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
20:18:01.0541 3592 tunnel - ok
20:18:01.0541 3592 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\drivers\uagp35.sys
20:18:01.0557 3592 uagp35 - ok
20:18:01.0572 3592 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys
20:18:01.0619 3592 udfs - ok
20:18:01.0650 3592 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe
20:18:01.0666 3592 UI0Detect - ok
20:18:01.0681 3592 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
20:18:01.0697 3592 uliagpkx - ok
20:18:01.0713 3592 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\DRIVERS\umbus.sys
20:18:01.0713 3592 umbus - ok
20:18:01.0728 3592 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\drivers\umpass.sys
20:18:01.0744 3592 UmPass - ok
20:18:01.0775 3592 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll
20:18:01.0806 3592 upnphost - ok
20:18:01.0853 3592 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\windows\system32\Drivers\usbaapl64.sys
20:18:01.0853 3592 USBAAPL64 - ok
20:18:01.0900 3592 [ 481DFF26B4DCA8F4CBAC1F7DCE1D6829 ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
20:18:01.0915 3592 usbccgp - ok
20:18:01.0931 3592 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys
20:18:01.0947 3592 usbcir - ok
20:18:01.0962 3592 [ 74EE782B1D9C241EFE425565854C661C ] usbehci C:\windows\system32\DRIVERS\usbehci.sys
20:18:01.0962 3592 usbehci - ok
20:18:02.0009 3592 [ 76E2FFAD301490BA27B947C6507752FB ] usbfilter C:\windows\system32\DRIVERS\usbfilter.sys
20:18:02.0009 3592 usbfilter - ok
20:18:02.0025 3592 [ DC96BD9CCB8403251BCF25047573558E ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
20:18:02.0056 3592 usbhub - ok
20:18:02.0071 3592 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\windows\system32\DRIVERS\usbohci.sys
20:18:02.0071 3592 usbohci - ok
20:18:02.0087 3592 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\drivers\usbprint.sys
20:18:02.0087 3592 usbprint - ok
20:18:02.0103 3592 [ D76510CFA0FC09023077F22C2F979D86 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
20:18:02.0103 3592 USBSTOR - ok
20:18:02.0134 3592 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\windows\system32\drivers\usbuhci.sys
20:18:02.0134 3592 usbuhci - ok
20:18:02.0165 3592 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\system32\Drivers\usbvideo.sys
20:18:02.0181 3592 usbvideo - ok
20:18:02.0212 3592 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll
20:18:02.0227 3592 UxSms - ok
20:18:02.0259 3592 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe
20:18:02.0259 3592 VaultSvc - ok
20:18:02.0290 3592 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
20:18:02.0290 3592 vdrvroot - ok
20:18:02.0321 3592 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe
20:18:02.0352 3592 vds - ok
20:18:02.0383 3592 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
20:18:02.0383 3592 vga - ok
20:18:02.0399 3592 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
20:18:02.0399 3592 VgaSave - ok
20:18:02.0430 3592 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys
20:18:02.0461 3592 vhdmp - ok
20:18:02.0461 3592 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys
20:18:02.0477 3592 viaide - ok
20:18:02.0508 3592 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys
20:18:02.0508 3592 volmgr - ok
20:18:02.0539 3592 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys
20:18:02.0571 3592 volmgrx - ok
20:18:02.0586 3592 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\windows\system32\drivers\volsnap.sys
20:18:02.0617 3592 volsnap - ok
20:18:02.0633 3592 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\drivers\vsmraid.sys
20:18:02.0633 3592 vsmraid - ok
20:18:02.0727 3592 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe
20:18:02.0773 3592 VSS - ok
20:18:02.0789 3592 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
20:18:02.0789 3592 vwifibus - ok
20:18:02.0805 3592 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
20:18:02.0820 3592 vwififlt - ok
20:18:02.0851 3592 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll
20:18:02.0867 3592 W32Time - ok
20:18:02.0883 3592 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\drivers\wacompen.sys
20:18:02.0883 3592 WacomPen - ok
20:18:02.0929 3592 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
20:18:02.0945 3592 WANARP - ok
20:18:02.0961 3592 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
20:18:02.0961 3592 Wanarpv6 - ok
20:18:03.0039 3592 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
20:18:03.0085 3592 WatAdminSvc - ok
20:18:03.0163 3592 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe
20:18:03.0226 3592 wbengine - ok
20:18:03.0257 3592 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
20:18:03.0273 3592 WbioSrvc - ok
20:18:03.0288 3592 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll
20:18:03.0304 3592 wcncsvc - ok
20:18:03.0319 3592 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
20:18:03.0335 3592 WcsPlugInService - ok
20:18:03.0397 3592 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\drivers\wd.sys
20:18:03.0397 3592 Wd - ok
20:18:03.0444 3592 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
20:18:03.0475 3592 Wdf01000 - ok
20:18:03.0507 3592 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll
20:18:03.0507 3592 WdiServiceHost - ok
20:18:03.0522 3592 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll
20:18:03.0538 3592 WdiSystemHost - ok
20:18:03.0553 3592 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll
20:18:03.0585 3592 WebClient - ok
20:18:03.0600 3592 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll
20:18:03.0631 3592 Wecsvc - ok
20:18:03.0647 3592 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll
20:18:03.0663 3592 wercplsupport - ok
20:18:03.0694 3592 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll
20:18:03.0709 3592 WerSvc - ok
20:18:03.0741 3592 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
20:18:03.0741 3592 WfpLwf - ok
20:18:03.0772 3592 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys
20:18:03.0772 3592 WIMMount - ok
20:18:03.0819 3592 WinDefend - ok
20:18:03.0834 3592 WinHttpAutoProxySvc - ok
20:18:03.0912 3592 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
20:18:03.0928 3592 Winmgmt - ok
20:18:04.0037 3592 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll
20:18:04.0099 3592 WinRM - ok
20:18:04.0177 3592 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys
20:18:04.0193 3592 WinUsb - ok
20:18:04.0240 3592 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll
20:18:04.0287 3592 Wlansvc - ok
20:18:04.0411 3592 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:18:04.0489 3592 wlidsvc - ok
20:18:04.0505 3592 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\DRIVERS\wmiacpi.sys
20:18:04.0521 3592 WmiAcpi - ok
20:18:04.0567 3592 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
20:18:04.0583 3592 wmiApSrv - ok
20:18:04.0599 3592 WMPNetworkSvc - ok
20:18:04.0645 3592 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll
20:18:04.0645 3592 WPCSvc - ok
20:18:04.0661 3592 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
20:18:04.0677 3592 WPDBusEnum - ok
20:18:04.0692 3592 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
20:18:04.0708 3592 ws2ifsl - ok
20:18:04.0723 3592 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\System32\wscsvc.dll
20:18:04.0739 3592 wscsvc - ok
20:18:04.0801 3592 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\windows\system32\DRIVERS\WSDPrint.sys
20:18:04.0817 3592 WSDPrintDevice - ok
20:18:04.0817 3592 WSearch - ok
20:18:04.0879 3592 [ 83575C43B2BFE9AB0661A7F957E843C0 ] wsvd C:\windows\system32\DRIVERS\wsvd.sys
20:18:04.0879 3592 wsvd - ok
20:18:05.0004 3592 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll
20:18:05.0129 3592 wuauserv - ok
20:18:05.0160 3592 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\windows\system32\drivers\WudfPf.sys
20:18:05.0176 3592 WudfPf - ok
20:18:05.0207 3592 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
20:18:05.0223 3592 WUDFRd - ok
20:18:05.0254 3592 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\windows\System32\WUDFSvc.dll
20:18:05.0254 3592 wudfsvc - ok
20:18:05.0285 3592 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll
20:18:05.0301 3592 WwanSvc - ok
20:18:05.0347 3592 ================ Scan global ===============================
20:18:05.0379 3592 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
20:18:05.0425 3592 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\windows\system32\winsrv.dll
20:18:05.0457 3592 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\windows\system32\winsrv.dll
20:18:05.0503 3592 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
20:18:05.0550 3592 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
20:18:05.0566 3592 [Global] - ok
20:18:05.0566 3592 ================ Scan MBR ==================================
20:18:05.0581 3592 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:18:06.0018 3592 \Device\Harddisk0\DR0 - ok
20:18:06.0034 3592 ================ Scan VBR ==================================
20:18:06.0034 3592 [ ABDF01E989A4018DCF01E5C97C77ED5E ] \Device\Harddisk0\DR0\Partition1
20:18:06.0034 3592 \Device\Harddisk0\DR0\Partition1 - ok
20:18:06.0049 3592 [ F9FDD9730816F54BDF7CF118E622DF05 ] \Device\Harddisk0\DR0\Partition2
20:18:06.0049 3592 \Device\Harddisk0\DR0\Partition2 - ok
20:18:06.0081 3592 [ 68FE325C6DDF9D006937451B346BF611 ] \Device\Harddisk0\DR0\Partition3
20:18:06.0081 3592 \Device\Harddisk0\DR0\Partition3 - ok
20:18:06.0081 3592 ============================================================
20:18:06.0081 3592 Scan finished
20:18:06.0081 3592 ============================================================
20:18:06.0096 3496 Detected object count: 0
20:18:06.0096 3496 Actual detected object count: 0
boondoc
Regular Member
 
Posts: 40
Joined: November 15th, 2012, 9:02 pm

Re: Odd exe commands setting off firewall/registry tampered?

Unread postby wannabeageek » April 14th, 2013, 1:53 am

Hello boondoc,

Since it appears that your issue is not malware related, I suggest you visit one of our member sites that offers hardware/software support. It appears that you have a conflict between your Comodo suite and your synaptic pointer device.
You can refer the responding helper to this thread to show that the issue is not malware related. http://www.malwareremoval.com/forum/viewtopic.php?f=11&t=61659

wbg

Tech Support Guy (TSG)
WhatTheTech (WTT)
wannabeageek
MRU Master
MRU Master
 
Posts: 1871
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Odd exe commands setting off firewall/registry tampered?

Unread postby Cypher » April 14th, 2013, 11:53 am

As your malware problems appear to have been resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 304 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware