Infected? I'm kinda clueless here.

**AlexaSD** · 2013-02-21, 02:28

List of symptoms: (Sry this is long, but I'm trying to be thorough)
1) When spybot attempts to delete temp files before scanning it always says "39 temp files are in use and cannot be deleted." Don't know if it's because those files are normal or not.
2) PC stopped going into standby/monitor off even though the power settings for the pc haven't changed. This has happened before, then stopped, now is happening again. Could it have to do with ZSNES emulator (its an emulater for SNES roms) settings? Cuz I feel like it happens around the time I play roms, but can't be sure.
3) Avast full system scan showed no current threats, but there are threats in the sandbox, some of which are timestamped for when no one was home to use the computer.
4) Stopped being able to log into EA's POGO website (games website)a couple of months ago. They just told me to download google chrome, which I shouldn't have to do.
5) Weird charge appeared on bank statement after making an online purchace from edible arrangements in december. (I've already called the bank about it, but am treating it as a possible symptom of bigger issues)
6) Startup programs listed by spybot as malware/virus in the startup programs tool. I turned them off, but I don't know how to check if they are actually bad or not. (they were turned off after the pc standby issue started, so I doubt one is causing the other.)
- one of the startup programs listed by spybot as maleware is called Spigot. I've noticed a program in my programs list called "dealio toolbar v6.2 by spigot" and I don't recognize it. I left it alone for now, until I get instructions.
7) i used to use p2p sharing programs and since reading this forums info on them have since deleted them. I didn't know that pdf's and mp3 files could be viruses, but can't they be scanned for such b4 infection?
8) I thought Avast had a firewall, but when I turn off windows firewall, it bugs me that my pc isn't protected so I turned it back on. Do I have 2 firewalls running?

If you need avast or spybot logs, please let me know how to do that.

this should be the attach.txt zip file if I did this right:
Attachment 10378

And here's DDS:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16464 BrowserJavaVersion: 10.4.1
Run by Alexa at 19:15:27 on 2013-02-20
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8191.6156 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\lxdncoms.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\msiexec.exe
C:\Windows\system32\UI0Detect.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\GhosteryIEplugin\GhosteryRegistryProxy.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\wermgr.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://duckduckgo.com/
uSearch Bar = Preserve
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit = userinit.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Ghostery Add-On: {237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - C:\Program Files (x86)\GhosteryIEplugin\GhosteryBrowserHelperObject.dll
BHO: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - <orphaned>
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Google Analytics Opt-out Browser Add-on: {75EF13CE-B59E-41ba-8A5A-A944031BD8B4} - C:\Program Files (x86)\Google\Google Analytics Opt-Out\gaoptout.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB: &RoboForm: {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [igndlm.exe] C:\Program Files (x86)\Download Manager\DLM.exe /windowsstart /startifwork
uRun: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - {237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - C:\Program Files (x86)\GhosteryIEplugin\GhosteryBrowserHelperObject.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://oas.support.microsoft.com/ActiveX/MSDcode.cab
DPF: {10000000-1000-1000-1000-100000000000} - hxxp://cdn.betteradvertising.com/ghostery/addons/ie/2.4.2.0/ghostery.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} - hxxp://download-games.pogo.com/online2/pogo/diner_dash_flo_on_the_go/ddfotg.1.0.0.33.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{26EB703D-BC82-47C4-B84A-1FE3FCCA9CEC} : DHCPNameServer = 209.18.47.61 209.18.47.62
Filter: text/html - {4459DC76-1FDE-4B16-BAD0-E4F8E7647555} - C:\Program Files (x86)\GhosteryIEplugin\GhosteryMimeFilter.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll
x64-Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
x64-Run: [IntelliType Pro] "c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe"
x64-Run: [IntelliPoint] "c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe"
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Filter: text/html - {4459DC76-1FDE-4B16-BAD0-E4F8E7647555} - <orphaned>
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Alexa\AppData\Roaming\Mozilla\Firefox\Profiles\3x41iquo.default\
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=992732&p=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll
FF - plugin: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll
FF - plugin: C:\Program Files (x86)\Download Manager\npfpdlm.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Users\Alexa\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: !HIDDEN! 2010-01-17 08:54; gtkgquxzus@gtkgquxzus.org; C:\Users\Alexa\Application Data\Mozilla\Firefox\Profiles\3x41iquo.default\extensions\gtkgquxzus@gtkgquxzus.org.xpi
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-7-6 984144]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2010-9-16 370288]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2010-9-16 25232]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2010-9-16 71600]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2012-11-24 44808]
R2 lxdn_device;lxdn_device;C:\Windows\System32\lxdncoms.exe -service --> C:\Windows\System32\lxdncoms.exe -service [?]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-9-16 1153368]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-11-30 382824]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-3-1 187392]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2010-10-29 1235968]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-7 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-9-11 1255736]
.
=============== Created Last 30 ================
.
2013-02-19 11:01:15 9161176 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6383836C-949E-4473-82E2-3BA8BD0F3474}\mpengine.dll
2013-02-14 08:02:57 996352 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-14 08:02:57 768000 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 21:18:54 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-02-13 21:18:53 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-02-13 21:18:50 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-02-13 21:18:43 3153408 ----a-w- C:\Windows\System32\win32k.sys
2013-02-13 21:18:40 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-02-13 21:18:39 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-02-13 21:18:39 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-02-13 21:18:39 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-02-13 21:18:39 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-02-13 21:18:38 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-02-13 21:18:35 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2013-02-13 21:18:35 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys
.
==================== Find3M ====================
.
2013-02-08 04:11:25 74096 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-08 04:11:25 697712 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-01-17 06:28:58 273840 ------w- C:\Windows\System32\MpSigStub.exe
2013-01-09 01:19:09 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2013-01-09 01:12:03 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-01-09 01:11:06 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-01-09 01:07:51 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-01-09 01:07:47 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-01-09 01:04:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-01-08 22:11:21 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-01-08 22:03:20 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-01-08 22:03:12 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-01-08 21:59:02 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-01-08 21:58:29 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-01-08 21:56:23 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll
2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll
2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll
2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll
2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs
2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs
2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs
2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs
2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs
2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs
2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs
2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs
2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs
2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs
2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs
2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs
2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs
2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs
2012-12-03 15:47:14 9271352 ----a-w- C:\Windows\System32\nvcuda.dll
2012-12-01 05:49:26 2557800 ----a-w- C:\Windows\System32\nvsvcr.dll
2012-12-01 05:49:25 63336 ----a-w- C:\Windows\System32\nvshext.dll
2012-12-01 05:49:25 118120 ----a-w- C:\Windows\System32\nvmctray.dll
2012-12-01 05:49:24 890216 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-12-01 05:48:41 6223208 ----a-w- C:\Windows\System32\nvcpl.dll
2012-12-01 05:48:37 3311464 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-12-01 03:43:52 438632 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-11-30 05:41:07 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-11-23 03:13:57 68608 ----a-w- C:\Windows\System32\taskhost.exe
.
============= FINISH: 19:15:42.73 ===============

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-02-20 20:00:16
-----------------------------
20:00:16.970 OS Version: Windows x64 6.1.7601 Service Pack 1
20:00:16.970 Number of processors: 4 586 0x170A
20:00:16.970 ComputerName: BADDASS UserName: Alexa
20:00:18.202 Initialize success
20:00:21.634 AVAST engine defs: 13022001
20:00:38.919 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
20:00:38.919 Disk 0 Vendor: ST31000520AS CC32 Size: 953869MB BusType: 3
20:00:38.935 Disk 0 MBR read successfully
20:00:38.935 Disk 0 MBR scan
20:00:38.935 Disk 0 Windows 7 default MBR code
20:00:38.950 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
20:00:38.950 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953767 MB offset 206848
20:00:38.966 Disk 0 scanning C:\Windows\system32\drivers
20:00:47.094 Service scanning
20:00:58.466 Modules scanning
20:00:58.466 Disk 0 trace - called modules:
20:00:58.497 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
20:00:58.497 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007ae7060]
20:00:58.513 3 CLASSPNP.SYS[fffff880018ba43f] -> nt!IofCallDriver -> [0xfffffa800744b520]
20:00:58.513 5 ACPI.sys[fffff88000d777a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa800744c680]
20:00:59.371 AVAST engine scan C:\Windows
20:01:01.212 AVAST engine scan C:\Windows\system32
20:02:59.475 AVAST engine scan C:\Windows\system32\drivers
20:03:09.693 AVAST engine scan C:\Users\Alexa
20:08:59.898 AVAST engine scan C:\ProgramData
20:09:49.257 Scan finished successfully
20:23:00.069 Disk 0 MBR has been saved successfully to "C:\Users\Alexa\Desktop\MBR.dat"
20:23:00.069 The log file has been saved successfully to "C:\Users\Alexa\Desktop\aswMBR.txt"

I hope I did all this right.

**torreattack** · 2013-03-02, 14:42

Please note that all instructions given are customised for this computer only.
Tthe tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the Safer-Networking forum and wait for help.

Failure to post replies within 3 days will result in this thread being closed.

Hi AlexaSD and welcome to Safer-Networking

My name is torreattack, and I will be helping you with your malware problems. Please be patient and I'm sure we'll be able to resolve your problems.

Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.
Read:
How to back up or transfer your data on a Windows-based computer
Backup your data - Vista
Backup your data - windows 7

Please observe these rules while we work:

Perform all actions in the order given.
If you don't know, stop and ask! Don't keep going on.
Please reply to this thread. Do not start a new topic.
Stick with it till you're given the all clear.
Remember, absence of symptoms does not mean the infection is all gone.
Don't attempt to install any new software (other than those I ask you to) until we've got your computer clean.
Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If your defensive programmes warn you about any of those tools, be assured that they are not infected, and are safe to use.

If you can do these things, everything should go smoothly.

If you're using XP, you'll need Administrator privileges to perform the fixes. (XP accounts are Administrator by default)
If you're using Vista or Windows7, it will be necessary to right click all tools we use and select ----> Run as Administrator

It may be helpful to you to print out or take a copy of any instructions given.
As sometimes it is necessary to go offline and you will lose access to them.

If you haven't done so already, please read this topic "BEFORE You POST"(Please read this Procedure Before Requesting Assistance) where the conditions for receiving help here are explained.

I am currently reviewing your log and will return, as soon as possible, with additional instructions.

Thank you for your patience.
torreattack

**torreattack** · 2013-03-02, 15:03

Hi AlexaSD :

1) When spybot attempts to delete temp files before scanning it always says "39 temp files are in use and cannot be deleted." Don't know if it's because those files are normal or not.

In my opinion, it is normal. Windows or opened application always will use some temp files, they will prevent those files from being delete. Otherwise, they will become unstable.

2) PC stopped going into standby/monitor off even though the power settings for the pc haven't changed. This has happened before, then stopped, now is happening again. Could it have to do with ZSNES emulator (its an emulater for SNES roms) settings? Cuz I feel like it happens around the time I play roms, but can't be sure.

Try to ask at the Emulator support forum.

3) Avast full system scan showed no current threats, but there are threats in the sandbox, some of which are timestamped for when no one was home to use the computer.

I will keep an eye on it.

4) Stopped being able to log into EA's POGO website (games website)a couple of months ago. They just told me to download google chrome, which I shouldn't have to do.

Does this happen to all browser? Have you update your JAVA and FLASH PLAYER?

5) Weird charge appeared on bank statement after making an online purchace from edible arrangements in december. (I've already called the bank about it, but am treating it as a possible symptom of bigger issues)

Sound like a victim of Trojan or Keylogger, however, I am not sure about it. If this is the computer that you are using for that online purchase, I prefer format/reset this computer.
However, you may postpone your decision until I ask you to decide.

6) Startup programs listed by spybot as malware/virus in the startup programs tool. I turned them off, but I don't know how to check if they are actually bad or not. (they were turned off after the pc standby issue started, so I doubt one is causing the other.)
- one of the startup programs listed by spybot as maleware is called Spigot. I've noticed a program in my programs list called "dealio toolbar v6.2 by spigot" and I don't recognize it. I left it alone for now, until I get instructions.

Remove it.

7) i used to use p2p sharing programs and since reading this forums info on them have since deleted them. I didn't know that pdf's and mp3 files could be viruses, but can't they be scanned for such b4 infection?

Please read: http://forums.spybot.info/showpost.p...09&postcount=1

8) I thought Avast had a firewall, but when I turn off windows firewall, it bugs me that my pc isn't protected so I turned it back on. Do I have 2 firewalls running?

You are running avast! Free Antivirus which did not have firewall installed, consider to purchase Avast Internet Security if you want to have firewall.
On the other hand, you might try some FREE firewall. However, please install firewall only after we have finish our malware problem.

Please give me more info.

1. TDSSKiller
Please download TDSSKiller.exe and save it to your Desktop.

Right click on TDSSKiller.exe and select "Run As Administrator" to run it. If prompted by UAC, please allow it.
When the TDSSKiller finish loading, click on Change parameters.
Tick the Detect TDLFS file system and click ok.
Click on Start Scan, the scan will run.
When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
Now click on Report to open the log file created by TDSSKiller in your root directory C:\
To find the log go to Start > Computer > C:
Post the contents of that log in your next reply please.
DO NOT TRY TO FIX ANYTHING AT THIS POINT

2. OTL
Please download OTL ... by Old Timer . Save it to your Desktop.

Right click on OTL.exe and select "Run As Administrator" to run it. If prompted by UAC, please allow it.
Under Output, ensure that Minimal Output is selected.
Click the Scan All Users checkbox.
Leave the remaining selections to the default settings.
Click on Run Scan at the top left hand corner.
When done, two Notepad files will open.
- OTL.txt <-- Will be opened, maximized
- Extras.txt <-- Will be minimized on task bar.
Please post the contents of both OTL.txt and Extras.txt files in your next reply.

Thank you for your patience.
torreattack

**AlexaSD** · 2013-03-03, 05:21

Thank you so much for getting back to me. I promise I will attempt no fixes or anything unless you say so. I'm not dumb enough to try to pretend like I have a clue what I'm doing.

Okay, FYI: I don't have an external harddrive to back up to, need to buy one. plan to do so within the next couple of days. I will backup b4 I attempt any fixes you advise.

Quote:
4) Stopped being able to log into EA's POGO website (games website)a couple of months ago. They just told me to download google chrome, which I shouldn't have to do.

Does this happen to all browser? Have you update your JAVA and FLASH PLAYER?

4) Java n flashplayer (adobe) updated, but adobe giving problems, increasingly more websites saying it's not installed, but it was updated a few days ago (this has been going on for like a year). Same issue with silverlight (though I'm not sure what silverlite is, if its a flash player or not). One of the websites you suggested with a video on how to update only said I need silverlight to run it, but I have silverlight.

Have you update your JAVA and FLASH PLAYER?

Have no other browsers. would u like me to install one to find out? I really prefer not chrome, i dislike the "big brother" aspect of google, n don't trust them. I could download mozilla if you want, I used to have it before, but got rid of it as its a little less "newbie friendly" than IE, if you know what I mean.

Quote:
6) Startup programs listed by spybot as malware/virus in the startup programs tool. I turned them off, but I don't know how to check if they are actually bad or not. (they were turned off after the pc standby issue started, so I doubt one is causing the other.)
- one of the startup programs listed by spybot as maleware is called Spigot. I've noticed a program in my programs list called "dealio toolbar v6.2 by spigot" and I don't recognize it. I left it alone for now, until I get instructions.

Remove it.

6) Removed Dealio toolbar via control panel remove programs. should i do the same in spybot system startup? Or will we handle that another way? startup program still has entry in spybot system startup tool.

I will have to send the reports in a separate reply, as together they exceed both the character limit and the kb limit allowed for a reply. (please forgive the computer name, I was very impressed with myself when I bought this PC, and didn't know there would ever be an occasion when someone else would see it!

).

**AlexaSD** · 2013-03-03, 05:22

22:48:12.0529 5112 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
22:48:12.0935 5112 ============================================================
22:48:12.0935 5112 Current date / time: 2013/03/02 22:48:12.0935
22:48:12.0935 5112 SystemInfo:
22:48:12.0935 5112
22:48:12.0935 5112 OS Version: 6.1.7601 ServicePack: 1.0
22:48:12.0935 5112 Product type: Workstation
22:48:12.0935 5112 ComputerName: BADDASS
22:48:12.0935 5112 UserName: Alexa
22:48:12.0935 5112 Windows directory: C:\Windows
22:48:12.0935 5112 System windows directory: C:\Windows
22:48:12.0935 5112 Running under WOW64
22:48:12.0935 5112 Processor architecture: Intel x64
22:48:12.0935 5112 Number of processors: 4
22:48:12.0935 5112 Page size: 0x1000
22:48:12.0935 5112 Boot type: Normal boot
22:48:12.0935 5112 ============================================================
22:48:14.0073 5112 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x19E0186, SectorsPerTrack: 0x4, TracksPerCylinder: 0x12, Type 'K0', Flags 0x00000040
22:48:14.0073 5112 ============================================================
22:48:14.0073 5112 \Device\Harddisk0\DR0:
22:48:14.0073 5112 MBR partitions:
22:48:14.0073 5112 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
22:48:14.0073 5112 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
22:48:14.0073 5112 ============================================================
22:48:14.0105 5112 C: <-> \Device\Harddisk0\DR0\Partition2
22:48:14.0105 5112 ============================================================
22:48:14.0105 5112 Initialize success
22:48:14.0105 5112 ============================================================
22:48:41.0093 3100 ============================================================
22:48:41.0093 3100 Scan started
22:48:41.0093 3100 Mode: Manual; TDLFS;
22:48:41.0093 3100 ============================================================
22:48:42.0091 3100 ================ Scan system memory ========================
22:48:42.0091 3100 System memory - ok
22:48:42.0091 3100 ================ Scan services =============================
22:48:42.0216 3100 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
22:48:42.0216 3100 1394ohci - ok
22:48:42.0263 3100 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
22:48:42.0278 3100 ACPI - ok
22:48:42.0309 3100 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
22:48:42.0309 3100 AcpiPmi - ok
22:48:42.0450 3100 [ 9942DC4CC265CDA00486504444EF521D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:48:42.0450 3100 AdobeFlashPlayerUpdateSvc - ok
22:48:42.0497 3100 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
22:48:42.0497 3100 adp94xx - ok
22:48:42.0512 3100 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
22:48:42.0512 3100 adpahci - ok
22:48:42.0528 3100 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
22:48:42.0543 3100 adpu320 - ok
22:48:42.0559 3100 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
22:48:42.0559 3100 AeLookupSvc - ok
22:48:42.0606 3100 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
22:48:42.0606 3100 AFD - ok
22:48:42.0653 3100 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
22:48:42.0653 3100 agp440 - ok
22:48:42.0684 3100 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
22:48:42.0684 3100 ALG - ok
22:48:42.0699 3100 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
22:48:42.0699 3100 aliide - ok
22:48:42.0715 3100 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
22:48:42.0715 3100 amdide - ok
22:48:42.0731 3100 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
22:48:42.0731 3100 AmdK8 - ok
22:48:42.0746 3100 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
22:48:42.0746 3100 AmdPPM - ok
22:48:42.0777 3100 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
22:48:42.0777 3100 amdsata - ok
22:48:42.0793 3100 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
22:48:42.0793 3100 amdsbs - ok
22:48:42.0809 3100 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
22:48:42.0809 3100 amdxata - ok
22:48:42.0824 3100 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
22:48:42.0824 3100 AppID - ok
22:48:42.0840 3100 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
22:48:42.0840 3100 AppIDSvc - ok
22:48:42.0887 3100 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
22:48:42.0887 3100 Appinfo - ok
22:48:42.0965 3100 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:48:42.0965 3100 Apple Mobile Device - ok
22:48:42.0980 3100 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
22:48:42.0980 3100 arc - ok
22:48:42.0980 3100 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
22:48:42.0996 3100 arcsas - ok
22:48:43.0074 3100 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
22:48:43.0074 3100 aspnet_state - ok
22:48:43.0121 3100 [ 4FCAEF0C5BE7629AEB878998E0FE959B ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
22:48:43.0121 3100 aswFsBlk - ok
22:48:43.0167 3100 [ B50CDD87772D6A11CB90924AAD399DF8 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
22:48:43.0167 3100 aswMonFlt - ok
22:48:43.0214 3100 [ 57768C7DB4681F2510F247F82EF31D4F ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys
22:48:43.0214 3100 aswRdr - ok
22:48:43.0261 3100 [ E71D826A1F3CE9C9DE3E77F2D02AFFBF ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
22:48:43.0277 3100 aswSnx - ok
22:48:43.0292 3100 [ 538A32E2C99BF073D4CA76C30BEDAA60 ] aswSP C:\Windows\system32\drivers\aswSP.sys
22:48:43.0292 3100 aswSP - ok
22:48:43.0308 3100 [ 6EDC79D73745FD44C41B55B2D13D0B70 ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
22:48:43.0308 3100 aswTdi - ok
22:48:43.0308 3100 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
22:48:43.0308 3100 AsyncMac - ok
22:48:43.0355 3100 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
22:48:43.0355 3100 atapi - ok
22:48:43.0401 3100 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:48:43.0401 3100 AudioEndpointBuilder - ok
22:48:43.0417 3100 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
22:48:43.0417 3100 AudioSrv - ok
22:48:43.0479 3100 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
22:48:43.0479 3100 avast! Antivirus - ok
22:48:43.0495 3100 avast! Firewall - ok
22:48:43.0542 3100 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
22:48:43.0542 3100 AxInstSV - ok
22:48:43.0589 3100 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
22:48:43.0589 3100 b06bdrv - ok
22:48:43.0620 3100 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
22:48:43.0620 3100 b57nd60a - ok
22:48:43.0651 3100 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
22:48:43.0651 3100 BDESVC - ok
22:48:43.0667 3100 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
22:48:43.0667 3100 Beep - ok
22:48:43.0698 3100 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
22:48:43.0713 3100 BFE - ok
22:48:43.0729 3100 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
22:48:43.0745 3100 BITS - ok
22:48:43.0760 3100 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
22:48:43.0760 3100 blbdrive - ok
22:48:43.0807 3100 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
22:48:43.0823 3100 Bonjour Service - ok
22:48:43.0854 3100 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
22:48:43.0854 3100 bowser - ok
22:48:43.0869 3100 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:48:43.0869 3100 BrFiltLo - ok
22:48:43.0885 3100 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:48:43.0885 3100 BrFiltUp - ok
22:48:43.0916 3100 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
22:48:43.0916 3100 Browser - ok
22:48:43.0932 3100 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
22:48:43.0932 3100 Brserid - ok
22:48:43.0963 3100 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
22:48:43.0963 3100 BrSerWdm - ok
22:48:43.0963 3100 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
22:48:43.0963 3100 BrUsbMdm - ok
22:48:43.0979 3100 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
22:48:43.0979 3100 BrUsbSer - ok
22:48:43.0994 3100 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
22:48:43.0994 3100 BTHMODEM - ok
22:48:44.0041 3100 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
22:48:44.0041 3100 bthserv - ok
22:48:44.0041 3100 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
22:48:44.0041 3100 cdfs - ok
22:48:44.0072 3100 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
22:48:44.0072 3100 cdrom - ok
22:48:44.0103 3100 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
22:48:44.0103 3100 CertPropSvc - ok
22:48:44.0119 3100 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
22:48:44.0119 3100 circlass - ok
22:48:44.0135 3100 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
22:48:44.0135 3100 CLFS - ok
22:48:44.0181 3100 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:48:44.0181 3100 clr_optimization_v2.0.50727_32 - ok
22:48:44.0213 3100 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:48:44.0213 3100 clr_optimization_v2.0.50727_64 - ok
22:48:44.0259 3100 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:48:44.0259 3100 clr_optimization_v4.0.30319_32 - ok
22:48:44.0275 3100 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:48:44.0275 3100 clr_optimization_v4.0.30319_64 - ok
22:48:44.0291 3100 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
22:48:44.0306 3100 CmBatt - ok
22:48:44.0322 3100 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
22:48:44.0322 3100 cmdide - ok
22:48:44.0384 3100 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
22:48:44.0384 3100 CNG - ok
22:48:44.0400 3100 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
22:48:44.0400 3100 Compbatt - ok
22:48:44.0431 3100 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
22:48:44.0431 3100 CompositeBus - ok
22:48:44.0431 3100 COMSysApp - ok
22:48:44.0462 3100 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
22:48:44.0462 3100 crcdisk - ok
22:48:44.0493 3100 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
22:48:44.0493 3100 CryptSvc - ok
22:48:44.0540 3100 [ E6CE7188CC47AE5DAFDAF552D370C52F ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
22:48:44.0540 3100 dc3d - ok
22:48:44.0587 3100 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
22:48:44.0587 3100 DcomLaunch - ok
22:48:44.0618 3100 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
22:48:44.0618 3100 defragsvc - ok
22:48:44.0665 3100 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
22:48:44.0665 3100 DfsC - ok
22:48:44.0696 3100 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
22:48:44.0696 3100 Dhcp - ok
22:48:44.0712 3100 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
22:48:44.0712 3100 discache - ok
22:48:44.0727 3100 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
22:48:44.0727 3100 Disk - ok
22:48:44.0759 3100 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
22:48:44.0759 3100 Dnscache - ok
22:48:44.0790 3100 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
22:48:44.0805 3100 dot3svc - ok
22:48:44.0837 3100 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
22:48:44.0837 3100 DPS - ok
22:48:44.0868 3100 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
22:48:44.0868 3100 drmkaud - ok
22:48:44.0899 3100 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
22:48:44.0899 3100 DXGKrnl - ok
22:48:44.0930 3100 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
22:48:44.0930 3100 EapHost - ok
22:48:44.0993 3100 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
22:48:45.0071 3100 ebdrv - ok
22:48:45.0102 3100 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
22:48:45.0102 3100 EFS - ok
22:48:45.0133 3100 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
22:48:45.0149 3100 ehRecvr - ok
22:48:45.0164 3100 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
22:48:45.0164 3100 ehSched - ok
22:48:45.0195 3100 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
22:48:45.0195 3100 elxstor - ok
22:48:45.0242 3100 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
22:48:45.0242 3100 ErrDev - ok
22:48:45.0273 3100 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
22:48:45.0273 3100 EventSystem - ok
22:48:45.0289 3100 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
22:48:45.0289 3100 exfat - ok
22:48:45.0305 3100 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
22:48:45.0305 3100 fastfat - ok
22:48:45.0336 3100 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
22:48:45.0351 3100 Fax - ok
22:48:45.0367 3100 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
22:48:45.0367 3100 fdc - ok
22:48:45.0367 3100 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
22:48:45.0367 3100 fdPHost - ok
22:48:45.0398 3100 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
22:48:45.0398 3100 FDResPub - ok
22:48:45.0414 3100 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
22:48:45.0414 3100 FileInfo - ok
22:48:45.0414 3100 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
22:48:45.0414 3100 Filetrace - ok
22:48:45.0429 3100 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
22:48:45.0429 3100 flpydisk - ok
22:48:45.0445 3100 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
22:48:45.0445 3100 FltMgr - ok
22:48:45.0492 3100 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
22:48:45.0523 3100 FontCache - ok
22:48:45.0554 3100 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:48:45.0554 3100 FontCache3.0.0.0 - ok
22:48:45.0570 3100 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
22:48:45.0570 3100 FsDepends - ok
22:48:45.0601 3100 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
22:48:45.0601 3100 Fs_Rec - ok
22:48:45.0648 3100 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
22:48:45.0648 3100 fvevol - ok
22:48:45.0663 3100 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
22:48:45.0663 3100 gagp30kx - ok
22:48:45.0695 3100 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:48:45.0695 3100 GEARAspiWDM - ok
22:48:45.0741 3100 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
22:48:45.0757 3100 gpsvc - ok
22:48:45.0804 3100 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:48:45.0819 3100 gupdate - ok
22:48:45.0835 3100 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:48:45.0851 3100 gupdatem - ok
22:48:45.0866 3100 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
22:48:45.0866 3100 hcw85cir - ok
22:48:45.0913 3100 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:48:45.0913 3100 HdAudAddService - ok
22:48:45.0944 3100 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
22:48:45.0944 3100 HDAudBus - ok
22:48:45.0960 3100 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
22:48:45.0960 3100 HidBatt - ok
22:48:45.0975 3100 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
22:48:45.0975 3100 HidBth - ok
22:48:45.0991 3100 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
22:48:45.0991 3100 HidIr - ok
22:48:46.0007 3100 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
22:48:46.0007 3100 hidserv - ok
22:48:46.0053 3100 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
22:48:46.0053 3100 HidUsb - ok
22:48:46.0100 3100 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
22:48:46.0100 3100 hkmsvc - ok
22:48:46.0147 3100 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:48:46.0147 3100 HomeGroupListener - ok
22:48:46.0163 3100 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:48:46.0163 3100 HomeGroupProvider - ok
22:48:46.0209 3100 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
22:48:46.0209 3100 HpSAMD - ok
22:48:46.0241 3100 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
22:48:46.0256 3100 HTTP - ok
22:48:46.0256 3100 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
22:48:46.0256 3100 hwpolicy - ok
22:48:46.0287 3100 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
22:48:46.0287 3100 i8042prt - ok
22:48:46.0334 3100 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
22:48:46.0350 3100 iaStorV - ok
22:48:46.0397 3100 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
22:48:46.0412 3100 IDriverT - ok
22:48:46.0443 3100 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:48:46.0459 3100 idsvc - ok
22:48:46.0490 3100 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
22:48:46.0490 3100 iirsp - ok
22:48:46.0521 3100 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
22:48:46.0537 3100 IKEEXT - ok
22:48:46.0553 3100 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
22:48:46.0553 3100 intelide - ok
22:48:46.0568 3100 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
22:48:46.0568 3100 intelppm - ok
22:48:46.0599 3100 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
22:48:46.0599 3100 IPBusEnum - ok
22:48:46.0631 3100 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:48:46.0631 3100 IpFilterDriver - ok
22:48:46.0677 3100 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
22:48:46.0677 3100 iphlpsvc - ok
22:48:46.0693 3100 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
22:48:46.0693 3100 IPMIDRV - ok
22:48:46.0709 3100 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
22:48:46.0709 3100 IPNAT - ok
22:48:46.0771 3100 [ 4EFFC8FF6D349E971E94B1C670C0C66A ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
22:48:46.0771 3100 iPod Service - ok
22:48:46.0787 3100 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
22:48:46.0787 3100 IRENUM - ok
22:48:46.0802 3100 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
22:48:46.0802 3100 isapnp - ok
22:48:46.0818 3100 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
22:48:46.0833 3100 iScsiPrt - ok
22:48:46.0849 3100 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
22:48:46.0849 3100 kbdclass - ok
22:48:46.0865 3100 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
22:48:46.0865 3100 kbdhid - ok
22:48:46.0880 3100 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
22:48:46.0880 3100 KeyIso - ok
22:48:46.0927 3100 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
22:48:46.0927 3100 KSecDD - ok
22:48:46.0958 3100 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
22:48:46.0958 3100 KSecPkg - ok
22:48:46.0974 3100 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
22:48:46.0974 3100 ksthunk - ok
22:48:47.0005 3100 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
22:48:47.0005 3100 KtmRm - ok
22:48:47.0052 3100 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
22:48:47.0052 3100 LanmanServer - ok
22:48:47.0099 3100 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:48:47.0099 3100 LanmanWorkstation - ok
22:48:47.0130 3100 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
22:48:47.0130 3100 lltdio - ok
22:48:47.0161 3100 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
22:48:47.0177 3100 lltdsvc - ok
22:48:47.0192 3100 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
22:48:47.0192 3100 lmhosts - ok
22:48:47.0223 3100 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
22:48:47.0223 3100 LSI_FC - ok
22:48:47.0223 3100 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
22:48:47.0239 3100 LSI_SAS - ok
22:48:47.0255 3100 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:48:47.0255 3100 LSI_SAS2 - ok
22:48:47.0270 3100 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:48:47.0270 3100 LSI_SCSI - ok
22:48:47.0301 3100 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
22:48:47.0301 3100 luafv - ok
22:48:47.0317 3100 lxdn_device - ok
22:48:47.0348 3100 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
22:48:47.0348 3100 Mcx2Svc - ok
22:48:47.0364 3100 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
22:48:47.0364 3100 megasas - ok
22:48:47.0379 3100 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
22:48:47.0395 3100 MegaSR - ok
22:48:47.0457 3100 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
22:48:47.0457 3100 Microsoft Office Groove Audit Service - ok
22:48:47.0489 3100 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
22:48:47.0489 3100 MMCSS - ok
22:48:47.0520 3100 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
22:48:47.0520 3100 Modem - ok
22:48:47.0535 3100 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
22:48:47.0535 3100 monitor - ok
22:48:47.0551 3100 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
22:48:47.0551 3100 mouclass - ok
22:48:47.0567 3100 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
22:48:47.0582 3100 mouhid - ok
22:48:47.0582 3100 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
22:48:47.0582 3100 mountmgr - ok
22:48:47.0598 3100 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
22:48:47.0598 3100 mpio - ok
22:48:47.0613 3100 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
22:48:47.0613 3100 mpsdrv - ok
22:48:47.0660 3100 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
22:48:47.0676 3100 MpsSvc - ok
22:48:47.0707 3100 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
22:48:47.0723 3100 MRxDAV - ok
22:48:47.0738 3100 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
22:48:47.0754 3100 mrxsmb - ok
22:48:47.0769 3100 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:48:47.0785 3100 mrxsmb10 - ok
22:48:47.0801 3100 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:48:47.0801 3100 mrxsmb20 - ok
22:48:47.0816 3100 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
22:48:47.0816 3100 msahci - ok
22:48:47.0847 3100 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
22:48:47.0847 3100 msdsm - ok
22:48:47.0863 3100 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
22:48:47.0879 3100 MSDTC - ok
22:48:47.0894 3100 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
22:48:47.0894 3100 Msfs - ok
22:48:47.0894 3100 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
22:48:47.0910 3100 mshidkmdf - ok
22:48:47.0925 3100 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
22:48:47.0925 3100 msisadrv - ok
22:48:47.0957 3100 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
22:48:47.0957 3100 MSiSCSI - ok
22:48:47.0957 3100 msiserver - ok
22:48:47.0988 3100 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
22:48:47.0988 3100 MSKSSRV - ok
22:48:48.0019 3100 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
22:48:48.0019 3100 MSPCLOCK - ok
22:48:48.0019 3100 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
22:48:48.0035 3100 MSPQM - ok
22:48:48.0050 3100 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
22:48:48.0066 3100 MsRPC - ok
22:48:48.0081 3100 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
22:48:48.0081 3100 mssmbios - ok
22:48:48.0081 3100 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
22:48:48.0097 3100 MSTEE - ok
22:48:48.0097 3100 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
22:48:48.0097 3100 MTConfig - ok
22:48:48.0128 3100 [ 03B7145C889603537E9FFEABB1AD1089 ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
22:48:48.0128 3100 MTsensor - ok
22:48:48.0144 3100 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
22:48:48.0144 3100 Mup - ok
22:48:48.0175 3100 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
22:48:48.0191 3100 napagent - ok
22:48:48.0222 3100 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
22:48:48.0222 3100 NativeWifiP - ok
22:48:48.0253 3100 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
22:48:48.0269 3100 NDIS - ok
22:48:48.0300 3100 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
22:48:48.0300 3100 NdisCap - ok
22:48:48.0300 3100 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
22:48:48.0300 3100 NdisTapi - ok
22:48:48.0347 3100 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
22:48:48.0347 3100 Ndisuio - ok
22:48:48.0378 3100 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
22:48:48.0393 3100 NdisWan - ok
22:48:48.0425 3100 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
22:48:48.0440 3100 NDProxy - ok
22:48:48.0440 3100 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
22:48:48.0440 3100 NetBIOS - ok
22:48:48.0471 3100 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
22:48:48.0471 3100 NetBT - ok
22:48:48.0487 3100 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
22:48:48.0487 3100 Netlogon - ok
22:48:48.0518 3100 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
22:48:48.0518 3100 Netman - ok
22:48:48.0581 3100 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:48:48.0581 3100 NetMsmqActivator - ok
22:48:48.0612 3100 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:48:48.0612 3100 NetPipeActivator - ok
22:48:48.0627 3100 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
22:48:48.0643 3100 netprofm - ok
22:48:48.0643 3100 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:48:48.0643 3100 NetTcpActivator - ok
22:48:48.0659 3100 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:48:48.0659 3100 NetTcpPortSharing - ok
22:48:48.0674 3100 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
22:48:48.0674 3100 nfrd960 - ok
22:48:48.0705 3100 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
22:48:48.0721 3100 NlaSvc - ok
22:48:48.0721 3100 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
22:48:48.0721 3100 Npfs - ok
22:48:48.0752 3100 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
22:48:48.0752 3100 nsi - ok
22:48:48.0768 3100 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
22:48:48.0768 3100 nsiproxy - ok
22:48:48.0830 3100 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
22:48:48.0861 3100 Ntfs - ok
22:48:48.0908 3100 [ 317020D31F1696334679B9D0416EB62E ] NuidFltr C:\Windows\system32\DRIVERS\NuidFltr.sys
22:48:48.0908 3100 NuidFltr - ok
22:48:48.0924 3100 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
22:48:48.0924 3100 Null - ok
22:48:49.0111 3100 [ FE2909F7DFB12B9A20AD207FE23B7E96 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:48:49.0189 3100 nvlddmkm - ok
22:48:49.0220 3100 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
22:48:49.0220 3100 nvraid - ok
22:48:49.0236 3100 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
22:48:49.0236 3100 nvstor - ok
22:48:49.0298 3100 [ 3341D2C91989BC87C3C0BAA97C27253B ] nvsvc C:\Windows\system32\nvvsvc.exe
22:48:49.0298 3100 nvsvc - ok
22:48:49.0392 3100 [ 551CE34DAD2DFF0A480781E68B286E4D ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
22:48:49.0407 3100 nvUpdatusService - ok
22:48:49.0423 3100 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
22:48:49.0423 3100 nv_agp - ok
22:48:49.0485 3100 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:48:49.0485 3100 odserv - ok
22:48:49.0501 3100 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
22:48:49.0501 3100 ohci1394 - ok
22:48:49.0517 3100 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:48:49.0517 3100 ose - ok
22:48:49.0548 3100 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
22:48:49.0548 3100 p2pimsvc - ok
22:48:49.0579 3100 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
22:48:49.0579 3100 p2psvc - ok
22:48:49.0595 3100 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
22:48:49.0610 3100 Parport - ok
22:48:49.0626 3100 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
22:48:49.0626 3100 partmgr - ok
22:48:49.0641 3100 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
22:48:49.0641 3100 PcaSvc - ok
22:48:49.0657 3100 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
22:48:49.0657 3100 pci - ok
22:48:49.0688 3100 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
22:48:49.0688 3100 pciide - ok
22:48:49.0719 3100 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
22:48:49.0719 3100 pcmcia - ok
22:48:49.0735 3100 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
22:48:49.0735 3100 pcw - ok
22:48:49.0751 3100 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
22:48:49.0766 3100 PEAUTH - ok
22:48:49.0813 3100 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
22:48:49.0829 3100 PerfHost - ok
22:48:49.0875 3100 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
22:48:49.0907 3100 pla - ok
22:48:49.0938 3100 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
22:48:49.0953 3100 PlugPlay - ok
22:48:49.0969 3100 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
22:48:49.0969 3100 PNRPAutoReg - ok
22:48:49.0985 3100 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
22:48:49.0985 3100 PNRPsvc - ok
22:48:50.0031 3100 [ 5BC4D480DD527EB0CF33A67A090A130E ] Point64 C:\Windows\system32\DRIVERS\point64.sys
22:48:50.0031 3100 Point64 - ok
22:48:50.0047 3100 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
22:48:50.0047 3100 PolicyAgent - ok
22:48:50.0078 3100 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
22:48:50.0078 3100 Power - ok
22:48:50.0109 3100 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
22:48:50.0125 3100 PptpMiniport - ok
22:48:50.0141 3100 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
22:48:50.0141 3100 Processor - ok
22:48:50.0187 3100 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
22:48:50.0187 3100 ProfSvc - ok
22:48:50.0203 3100 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:48:50.0203 3100 ProtectedStorage - ok
22:48:50.0234 3100 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
22:48:50.0234 3100 Psched - ok
22:48:50.0281 3100 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
22:48:50.0328 3100 ql2300 - ok
22:48:50.0343 3100 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
22:48:50.0343 3100 ql40xx - ok
22:48:50.0359 3100 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
22:48:50.0375 3100 QWAVE - ok
22:48:50.0390 3100 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
22:48:50.0390 3100 QWAVEdrv - ok
22:48:50.0390 3100 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
22:48:50.0390 3100 RasAcd - ok
22:48:50.0421 3100 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
22:48:50.0421 3100 RasAgileVpn - ok
22:48:50.0437 3100 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
22:48:50.0437 3100 RasAuto - ok
22:48:50.0453 3100 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
22:48:50.0453 3100 Rasl2tp - ok
22:48:50.0484 3100 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
22:48:50.0484 3100 RasMan - ok
22:48:50.0499 3100 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
22:48:50.0499 3100 RasPppoe - ok
22:48:50.0531 3100 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
22:48:50.0531 3100 RasSstp - ok
22:48:50.0546 3100 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
22:48:50.0546 3100 rdbss - ok
22:48:50.0562 3100 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
22:48:50.0577 3100 rdpbus - ok
22:48:50.0593 3100 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
22:48:50.0593 3100 RDPCDD - ok
22:48:50.0609 3100 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
22:48:50.0609 3100 RDPENCDD - ok
22:48:50.0609 3100 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
22:48:50.0609 3100 RDPREFMP - ok
22:48:50.0640 3100 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
22:48:50.0655 3100 RDPWD - ok
22:48:50.0687 3100 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
22:48:50.0687 3100 rdyboost - ok
22:48:50.0702 3100 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
22:48:50.0702 3100 RemoteAccess - ok
22:48:50.0718 3100 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
22:48:50.0733 3100 RemoteRegistry - ok
22:48:50.0765 3100 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
22:48:50.0765 3100 RpcEptMapper - ok
22:48:50.0796 3100 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
22:48:50.0796 3100 RpcLocator - ok
22:48:50.0827 3100 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
22:48:50.0843 3100 RpcSs - ok
22:48:50.0843 3100 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
22:48:50.0843 3100 rspndr - ok
22:48:50.0889 3100 [ ABCB5A38A0D85BDF69B7877E1AD1EED5 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
22:48:50.0889 3100 RTL8167 - ok
22:48:50.0905 3100 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
22:48:50.0905 3100 SamSs - ok
22:48:50.0936 3100 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
22:48:50.0936 3100 sbp2port - ok
22:48:51.0014 3100 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
22:48:51.0030 3100 SBSDWSCService - ok
22:48:51.0045 3100 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
22:48:51.0045 3100 SCardSvr - ok
22:48:51.0061 3100 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
22:48:51.0061 3100 scfilter - ok
22:48:51.0108 3100 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
22:48:51.0123 3100 Schedule - ok
22:48:51.0155 3100 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
22:48:51.0155 3100 SCPolicySvc - ok
22:48:51.0201 3100 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
22:48:51.0201 3100 SDRSVC - ok
22:48:51.0217 3100 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
22:48:51.0217 3100 secdrv - ok
22:48:51.0233 3100 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
22:48:51.0233 3100 seclogon - ok
22:48:51.0248 3100 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
22:48:51.0264 3100 SENS - ok
22:48:51.0264 3100 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
22:48:51.0279 3100 SensrSvc - ok
22:48:51.0279 3100 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
22:48:51.0279 3100 Serenum - ok
22:48:51.0295 3100 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
22:48:51.0295 3100 Serial - ok
22:48:51.0326 3100 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
22:48:51.0326 3100 sermouse - ok
22:48:51.0357 3100 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
22:48:51.0357 3100 SessionEnv - ok
22:48:51.0389 3100 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
22:48:51.0389 3100 sffdisk - ok
22:48:51.0404 3100 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
22:48:51.0404 3100 sffp_mmc - ok
22:48:51.0420 3100 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
22:48:51.0420 3100 sffp_sd - ok
22:48:51.0420 3100 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
22:48:51.0435 3100 sfloppy - ok
22:48:51.0467 3100 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
22:48:51.0467 3100 SharedAccess - ok
22:48:51.0482 3100 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:48:51.0498 3100 ShellHWDetection - ok
22:48:51.0513 3100 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:48:51.0513 3100 SiSRaid2 - ok
22:48:51.0545 3100 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
22:48:51.0545 3100 SiSRaid4 - ok
22:48:51.0576 3100 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
22:48:51.0576 3100 Smb - ok
22:48:51.0607 3100 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
22:48:51.0607 3100 SNMPTRAP - ok
22:48:51.0623 3100 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
22:48:51.0623 3100 spldr - ok
22:48:51.0654 3100 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
22:48:51.0669 3100 Spooler - ok
22:48:51.0732 3100 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
22:48:51.0794 3100 sppsvc - ok
22:48:51.0810 3100 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
22:48:51.0810 3100 sppuinotify - ok
22:48:51.0841 3100 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
22:48:51.0841 3100 srv - ok
22:48:51.0872 3100 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
22:48:51.0872 3100 srv2 - ok
22:48:51.0888 3100 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
22:48:51.0888 3100 srvnet - ok
22:48:51.0919 3100 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
22:48:51.0919 3100 SSDPSRV - ok
22:48:51.0935 3100 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
22:48:51.0935 3100 SstpSvc - ok
22:48:52.0013 3100 [ 0632004181860960CF6E10DE8DDEF78B ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
22:48:52.0028 3100 Stereo Service - ok
22:48:52.0044 3100 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
22:48:52.0044 3100 stexstor - ok
22:48:52.0091 3100 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
22:48:52.0106 3100 stisvc - ok
22:48:52.0169 3100 [ 42FEF84684D217870F3C8813B6F58276 ] SupportSoft RemoteAssist C:\Program Files (x86)\Common Files\supportsoft\bin\ssrc.exe
22:48:52.0169 3100 SupportSoft RemoteAssist - ok
22:48:52.0184 3100 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
22:48:52.0184 3100 swenum - ok
22:48:52.0215 3100 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
22:48:52.0215 3100 swprv - ok
22:48:52.0278 3100 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
22:48:52.0340 3100 SysMain - ok
22:48:52.0356 3100 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:48:52.0356 3100 TabletInputService - ok
22:48:52.0387 3100 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
22:48:52.0403 3100 TapiSrv - ok
22:48:52.0418 3100 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
22:48:52.0418 3100 TBS - ok
22:48:52.0481 3100 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
22:48:52.0512 3100 Tcpip - ok
22:48:52.0559 3100 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
22:48:52.0574 3100 TCPIP6 - ok
22:48:52.0605 3100 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
22:48:52.0605 3100 tcpipreg - ok
22:48:52.0605 3100 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
22:48:52.0621 3100 TDPIPE - ok
22:48:52.0652 3100 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
22:48:52.0652 3100 TDTCP - ok
22:48:52.0668 3100 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
22:48:52.0668 3100 tdx - ok
22:48:52.0683 3100 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
22:48:52.0683 3100 TermDD - ok
22:48:52.0699 3100 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
22:48:52.0715 3100 TermService - ok
22:48:52.0715 3100 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
22:48:52.0715 3100 Themes - ok
22:48:52.0730 3100 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
22:48:52.0746 3100 THREADORDER - ok
22:48:52.0746 3100 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
22:48:52.0761 3100 TrkWks - ok
22:48:52.0808 3100 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:48:52.0824 3100 TrustedInstaller - ok
22:48:52.0855 3100 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
22:48:52.0855 3100 tssecsrv - ok
22:48:52.0871 3100 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
22:48:52.0871 3100 TsUsbFlt - ok
22:48:52.0933 3100 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
22:48:52.0933 3100 tunnel - ok
22:48:52.0949 3100 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
22:48:52.0949 3100 uagp35 - ok
22:48:52.0980 3100 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
22:48:52.0980 3100 udfs - ok
22:48:52.0995 3100 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
22:48:52.0995 3100 UI0Detect - ok
22:48:53.0011 3100 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
22:48:53.0027 3100 uliagpkx - ok
22:48:53.0058 3100 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
22:48:53.0058 3100 umbus - ok
22:48:53.0073 3100 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
22:48:53.0073 3100 UmPass - ok
22:48:53.0089 3100 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
22:48:53.0105 3100 upnphost - ok
22:48:53.0136 3100 [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
22:48:53.0136 3100 USBAAPL64 - ok
22:48:53.0151 3100 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
22:48:53.0151 3100 usbccgp - ok
22:48:53.0183 3100 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
22:48:53.0183 3100 usbcir - ok
22:48:53.0198 3100 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
22:48:53.0198 3100 usbehci - ok
22:48:53.0214 3100 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
22:48:53.0214 3100 usbhub - ok
22:48:53.0245 3100 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
22:48:53.0245 3100 usbohci - ok
22:48:53.0261 3100 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
22:48:53.0261 3100 usbprint - ok
22:48:53.0292 3100 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
22:48:53.0307 3100 usbscan - ok
22:48:53.0307 3100 [ 080D3820DA6C046BE82FC8B45A893E83 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:48:53.0307 3100 USBSTOR - ok
22:48:53.0323 3100 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
22:48:53.0323 3100 usbuhci - ok
22:48:53.0339 3100 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
22:48:53.0339 3100 UxSms - ok
22:48:53.0339 3100 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
22:48:53.0339 3100 VaultSvc - ok
22:48:53.0370 3100 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
22:48:53.0370 3100 vdrvroot - ok
22:48:53.0401 3100 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
22:48:53.0417 3100 vds - ok
22:48:53.0432 3100 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
22:48:53.0432 3100 vga - ok
22:48:53.0448 3100 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
22:48:53.0448 3100 VgaSave - ok
22:48:53.0479 3100 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
22:48:53.0479 3100 vhdmp - ok
22:48:53.0557 3100 [ 574B29F436C4C63D37020C6E570A7528 ] VIAHdAudAddService C:\Windows\system32\drivers\viahduaa.sys
22:48:53.0573 3100 VIAHdAudAddService - ok
22:48:53.0588 3100 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
22:48:53.0588 3100 viaide - ok
22:48:53.0619 3100 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
22:48:53.0619 3100 volmgr - ok
22:48:53.0635 3100 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
22:48:53.0651 3100 volmgrx - ok
22:48:53.0651 3100 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
22:48:53.0666 3100 volsnap - ok
22:48:53.0682 3100 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
22:48:53.0682 3100 vsmraid - ok
22:48:53.0729 3100 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
22:48:53.0760 3100 VSS - ok
22:48:53.0775 3100 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
22:48:53.0775 3100 vwifibus - ok
22:48:53.0807 3100 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
22:48:53.0807 3100 W32Time - ok
22:48:53.0822 3100 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
22:48:53.0838 3100 WacomPen - ok
22:48:53.0853 3100 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
22:48:53.0853 3100 WANARP - ok
22:48:53.0869 3100 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
22:48:53.0869 3100 Wanarpv6 - ok
22:48:53.0916 3100 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
22:48:53.0931 3100 WatAdminSvc - ok
22:48:53.0963 3100 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
22:48:53.0994 3100 wbengine - ok
22:48:54.0025 3100 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
22:48:54.0025 3100 WbioSrvc - ok
22:48:54.0056 3100 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
22:48:54.0056 3100 wcncsvc - ok
22:48:54.0072 3100 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:48:54.0087 3100 WcsPlugInService - ok
22:48:54.0087 3100 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
22:48:54.0087 3100 Wd - ok
22:48:54.0134 3100 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
22:48:54.0150 3100 Wdf01000 - ok
22:48:54.0165 3100 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
22:48:54.0165 3100 WdiServiceHost - ok
22:48:54.0165 3100 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
22:48:54.0165 3100 WdiSystemHost - ok
22:48:54.0181 3100 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
22:48:54.0197 3100 WebClient - ok
22:48:54.0212 3100 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
22:48:54.0212 3100 Wecsvc - ok
22:48:54.0228 3100 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
22:48:54.0228 3100 wercplsupport - ok
22:48:54.0259 3100 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
22:48:54.0259 3100 WerSvc - ok
22:48:54.0275 3100 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
22:48:54.0275 3100 WfpLwf - ok
22:48:54.0306 3100 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
22:48:54.0306 3100 WIMMount - ok
22:48:54.0306 3100 WinDefend - ok
22:48:54.0321 3100 WinHttpAutoProxySvc - ok
22:48:54.0353 3100 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
22:48:54.0368 3100 Winmgmt - ok
22:48:54.0415 3100 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
22:48:54.0446 3100 WinRM - ok
22:48:54.0493 3100 [ FE88B288356E7B47B74B13372ADD906D ] winusb C:\Windows\system32\drivers\WinUSB.SYS
22:48:54.0509 3100 winusb - ok
22:48:54.0540 3100 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
22:48:54.0555 3100 Wlansvc - ok
22:48:54.0587 3100 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
22:48:54.0587 3100 WmiAcpi - ok
22:48:54.0602 3100 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
22:48:54.0602 3100 wmiApSrv - ok
22:48:54.0618 3100 WMPNetworkSvc - ok
22:48:54.0633 3100 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
22:48:54.0649 3100 WPCSvc - ok
22:48:54.0680 3100 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
22:48:54.0680 3100 WPDBusEnum - ok
22:48:54.0696 3100 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
22:48:54.0696 3100 ws2ifsl - ok
22:48:54.0711 3100 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
22:48:54.0711 3100 wscsvc - ok
22:48:54.0711 3100 WSearch - ok
22:48:54.0789 3100 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
22:48:54.0836 3100 wuauserv - ok
22:48:54.0852 3100 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
22:48:54.0867 3100 WudfPf - ok
22:48:54.0883 3100 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
22:48:54.0883 3100 WUDFRd - ok
22:48:54.0930 3100 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
22:48:54.0930 3100 wudfsvc - ok
22:48:54.0945 3100 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
22:48:54.0945 3100 WwanSvc - ok
22:48:54.0977 3100 [ 2C6BC21B2D5B58D8B1D638C1704CB494 ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys
22:48:54.0977 3100 xusb21 - ok
22:48:54.0992 3100 ================ Scan global ===============================
22:48:55.0008 3100 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
22:48:55.0023 3100 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
22:48:55.0039 3100 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
22:48:55.0055 3100 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
22:48:55.0070 3100 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
22:48:55.0070 3100 [Global] - ok
22:48:55.0070 3100 ================ Scan MBR ==================================
22:48:55.0086 3100 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
22:48:55.0273 3100 \Device\Harddisk0\DR0 - ok
22:48:55.0273 3100 ================ Scan VBR ==================================
22:48:55.0273 3100 [ 816BE88948E56B507E4868A86DFC15F2 ] \Device\Harddisk0\DR0\Partition1
22:48:55.0273 3100 \Device\Harddisk0\DR0\Partition1 - ok
22:48:55.0304 3100 [ E50A364B65BAC3EFAA60FE2CC5796299 ] \Device\Harddisk0\DR0\Partition2
22:48:55.0304 3100 \Device\Harddisk0\DR0\Partition2 - ok
22:48:55.0304 3100 ============================================================
22:48:55.0304 3100 Scan finished
22:48:55.0304 3100 ============================================================
22:48:55.0320 4400 Detected object count: 0
22:48:55.0320 4400 Actual detected object count: 0

**AlexaSD** · 2013-03-03, 05:22

OTL logfile created on: 3/2/2013 10:51:34 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Alexa\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.67 Gb Available Physical Memory | 83.36% Memory free
16.00 Gb Paging File | 14.19 Gb Available in Paging File | 88.70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 778.74 Gb Free Space | 83.61% Space Free | Partition Type: NTFS
Drive D: | 5.30 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: BADDASS | User Name: Alexa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Alexa\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)

========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()

========== Services (SafeList) ==========

SRV:64bit: - (avast! Firewall) -- C:\Program Files\Alwil Software\Avast5\afwServ.exe File not found
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (lxdn_device) -- C:\Windows\SysNative\lxdncoms.exe ( )
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SupportSoft RemoteAssist) -- C:\Program Files (x86)\Common Files\supportsoft\bin\ssrc.exe (SupportSoft, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (NuidFltr) -- C:\Windows\SysNative\drivers\nuidfltr.sys (Microsoft Corporation)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (dc3d) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation )
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...rel&channel=us
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com/ig/dell?hl=en&...rel&channel=us
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2446423097-1070840455-1956962901-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-2446423097-1070840455-1956962901-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-2446423097-1070840455-1956962901-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-2446423097-1070840455-1956962901-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://duckduckgo.com/
IE - HKU\S-1-5-21-2446423097-1070840455-1956962901-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-2446423097-1070840455-1956962901-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-2446423097-1070840455-1956962901-1000\..\SearchScopes,DefaultScope = {0F923AD5-AF75-4CEC-BD1F-3168790A63CD}
IE - HKU\S-1-5-21-2446423097-1070840455-1956962901-1000\..\SearchScopes\{0F923AD5-AF75-4CEC-BD1F-3168790A63CD}: "URL" = http://duckduckgo.com/?q={searchTerms}
IE - HKU\S-1-5-21-2446423097-1070840455-1956962901-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2446423097-1070840455-1956962901-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=992732&ilc=12"
FF - prefs.js..extensions.enabledAddons: wrc@avast.com:7.0.1474
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=992732&p="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@fileplanet.com/fpdlm: C:\Program Files (x86)\Download Manager\npfpdlm.dll (IGN Entertainment)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll (Oberon-Media )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Alexa\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2012/11/24 17:21:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/11/09 21:57:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/01/05 17:48:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alexa\AppData\Roaming\Mozilla\Extensions
[2013/02/20 19:02:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alexa\AppData\Roaming\Mozilla\Firefox\Profiles\3x41iquo.default\extensions
[1637/07/27 01:35:21 | 000,004,815 | ---- | M] () (No name found) -- C:\Users\Alexa\AppData\Roaming\Mozilla\Firefox\Profiles\3x41iquo.default\extensions\gtkgquxzus@gtkgquxzus.org.xpi
[2012/03/31 03:21:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/03/31 03:21:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2011/12/21 02:24:52 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/12/20 23:30:41 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/12/20 23:30:41 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2013/02/16 19:25:20 | 000,445,763 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 15307 more lines...
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Ghostery Add-On) - {237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - C:\Program Files (x86)\GhosteryIEplugin\GhosteryBrowserHelperObject.dll ()
O2 - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Reg Error: Value error.) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Google Analytics Opt-out Browser Add-on) - {75EF13CE-B59E-41ba-8A5A-A944031BD8B4} - C:\Program Files (x86)\Google\Google Analytics Opt-Out\gaoptout.dll (Google, Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-2446423097-1070840455-1956962901-1000\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKU\S-1-5-21-2446423097-1070840455-1956962901-1000\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelliType Pro] c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKU\S-1-5-21-2446423097-1070840455-1956962901-1000..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent File not found
O4 - HKU\S-1-5-21-2446423097-1070840455-1956962901-1000..\Run: [igndlm.exe] C:\Program Files (x86)\Download Manager\DLM.exe (IGN Entertainment)
O4 - HKU\S-1-5-21-2446423097-1070840455-1956962901-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Ghostery - {237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - C:\Program Files (x86)\GhosteryIEplugin\GhosteryBrowserHelperObject.dll ()
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2446423097-1070840455-1956962901-1000\..Trusted Domains: microsoft.com ([oas.support] http in Trusted sites)
O15 - HKU\S-1-5-21-2446423097-1070840455-1956962901-1000\..Trusted Domains: microsoft.com ([oas.support] https in Trusted sites)
O15 - HKU\S-1-5-21-2446423097-1070840455-1956962901-1000\..Trusted Domains: microsoft.com ([support] https in Trusted sites)
O15 - HKU\S-1-5-21-2446423097-1070840455-1956962901-1000\..Trusted Domains: pogo.com ([games3] http in Trusted sites)
O15 - HKU\S-1-5-21-2446423097-1070840455-1956962901-1000\..Trusted Domains: pogo.com ([www] http in Trusted sites)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support.microsoft.com/ActiveX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {10000000-1000-1000-1000-100000000000} http://cdn.betteradvertising.com/gho...0/ghostery.cab (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/s...irector/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/s...irector/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 10.4.1)
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} http://download-games.pogo.com/onlin...g.1.0.0.33.cab (CPlayFirstddfotgControl Object)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 10.4.1)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{26EB703D-BC82-47C4-B84A-1FE3FCCA9CEC}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\gopher - No CLSID value found
O18:64bit: - Protocol\Filter\text/html - No CLSID value found
O18 - Protocol\Filter\text/html {4459DC76-1FDE-4B16-BAD0-E4F8E7647555} - C:\Program Files (x86)\GhosteryIEplugin\GhosteryMimeFilter.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop Components:1 (MyUB - Your personal portal to the UB Web) - http://myub.buffalo.edu/
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/09/16 02:07:13 | 000,054,544 | R--- | M] (Electronic Arts) - D:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2011/09/15 23:58:13 | 000,000,049 | R--- | M] () - D:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{f9160a88-bd95-11df-b335-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{f9160a88-bd95-11df-b335-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe -- [2011/09/16 02:07:13 | 000,054,544 | R--- | M] (Electronic Arts)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/03/02 22:46:28 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Alexa\Desktop\OTL.exe
[2013/03/02 22:46:11 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Alexa\Desktop\tdsskiller.exe
[2013/03/01 23:31:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/03/01 23:31:03 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/03/01 23:31:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013/03/01 23:31:03 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/03/01 23:31:03 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/02/26 14:23:42 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
[2013/02/26 14:23:41 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2013/02/26 14:23:41 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
[2013/02/26 14:23:41 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
[2013/02/26 14:23:35 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2013/02/26 14:23:34 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013/02/26 14:23:29 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2013/02/26 14:23:29 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/02/26 14:23:29 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/02/26 14:23:29 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/02/26 14:23:29 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/02/26 14:23:29 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/02/26 14:23:29 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/02/26 14:23:29 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/02/26 14:23:29 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/02/26 14:23:28 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2013/02/26 14:23:28 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2013/02/26 14:23:27 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2013/02/26 14:23:27 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/02/26 14:23:27 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/02/26 14:23:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/02/26 14:23:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/02/26 14:23:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
[2013/02/26 14:23:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
[2013/02/26 14:23:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/02/26 14:23:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/02/26 14:23:26 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/02/26 14:23:26 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/02/26 14:23:25 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013/02/26 14:23:25 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013/02/26 14:23:25 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2013/02/26 14:23:25 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2013/02/26 14:23:25 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2013/02/26 14:23:25 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2013/02/26 14:23:24 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2013/02/26 14:23:24 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2013/02/26 14:23:24 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2013/02/26 14:23:23 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013/02/26 14:23:23 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2013/02/26 14:23:22 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2013/02/26 14:23:22 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013/02/22 23:01:27 | 000,000,000 | ---D | C] -- C:\Users\Alexa\Desktop\Documents\Acct Info
[2013/02/22 16:40:23 | 000,000,000 | ---D | C] -- C:\Users\Alexa\Desktop\Statements
[2013/02/20 18:45:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2013/02/20 18:45:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2013/02/20 18:38:05 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2013/02/14 03:00:53 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/02/14 03:00:53 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/02/14 03:00:52 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/02/14 03:00:51 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/02/14 03:00:51 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/02/14 03:00:51 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/02/14 03:00:50 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/02/14 03:00:50 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/02/14 03:00:50 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/02/14 03:00:49 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/02/14 03:00:49 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/02/14 03:00:49 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/02/14 03:00:46 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/02/14 03:00:45 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/02/14 03:00:45 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/02/13 16:18:54 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/02/13 16:18:53 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/02/13 16:18:50 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/02/13 16:18:40 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013/02/13 16:18:39 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/02/13 16:18:39 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/02/13 16:18:39 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/02/13 16:18:39 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/02/13 16:18:38 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/02/13 16:18:35 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/03/02 22:46:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Alexa\Desktop\OTL.exe
[2013/03/02 22:46:12 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Alexa\Desktop\tdsskiller.exe
[2013/03/02 22:25:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/02 22:23:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/02 22:23:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/03/02 11:31:33 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/02 00:10:57 | 000,015,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/02 00:10:57 | 000,015,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/02 00:07:47 | 000,783,310 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/03/02 00:07:47 | 000,663,200 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/03/02 00:07:47 | 000,122,068 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/03/02 00:03:25 | 2146,787,327 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/01 23:31:28 | 000,001,743 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/02/28 21:50:55 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/02/28 21:50:55 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/02/26 14:51:40 | 000,421,648 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/02/20 20:23:00 | 000,000,512 | ---- | M] () -- C:\Users\Alexa\Desktop\MBR.dat
[2013/02/20 19:52:00 | 000,003,238 | ---- | M] () -- C:\Users\Alexa\Desktop\attach.zip
[2013/02/16 19:25:20 | 000,445,763 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/02/14 12:15:34 | 000,001,272 | ---- | M] () -- C:\Users\Public\Desktop\The Weather Channel App.lnk
[2013/02/05 22:23:38 | 000,008,192 | ---- | M] () -- C:\Users\Alexa\Desktop\SHINING FORCE CD.brm
[2013/02/05 20:55:58 | 000,004,885 | ---- | M] () -- C:\Users\Alexa\Desktop\Documents\graph paper.pdf
[2013/02/04 23:37:17 | 000,008,192 | ---- | M] () -- C:\Users\Alexa\Desktop\Fusion_Unknown.brm
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/02/20 20:23:00 | 000,000,512 | ---- | C] () -- C:\Users\Alexa\Desktop\MBR.dat
[2013/02/20 19:52:00 | 000,003,238 | ---- | C] () -- C:\Users\Alexa\Desktop\attach.zip
[2013/02/05 20:55:58 | 000,004,885 | ---- | C] () -- C:\Users\Alexa\Desktop\Documents\graph paper.pdf
[2013/02/04 23:20:38 | 000,008,192 | ---- | C] () -- C:\Users\Alexa\Desktop\Fusion_Unknown.brm
[2013/02/04 23:18:38 | 000,008,192 | ---- | C] () -- C:\Users\Alexa\Desktop\SHINING FORCE CD.brm
[2012/08/14 21:02:43 | 000,004,109 | ---- | C] () -- C:\Windows\wininit.ini
[2012/01/19 22:59:13 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2012/01/19 22:59:13 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2012/01/19 22:59:13 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2012/01/19 22:45:48 | 000,039,869 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2011/05/16 09:02:57 | 000,000,144 | ---- | C] () -- C:\Windows\Sierra.ini
[2011/05/05 17:09:02 | 000,007,604 | ---- | C] () -- C:\Users\Alexa\AppData\Local\Resmon.ResmonCfg
[2011/03/24 10:06:22 | 000,000,857 | ---- | C] () -- C:\Windows\eReg.dat

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 193 bytes -> C:\ProgramData\TEMP:4BB26BE9
@Alternate Data Stream - 173 bytes -> C:\ProgramData\TEMP:CBEB737E
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:1901337E

< End of report >

**AlexaSD** · 2013-03-03, 05:23

OTL Extras logfile created on: 3/2/2013 10:51:34 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Alexa\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.67 Gb Available Physical Memory | 83.36% Memory free
16.00 Gb Paging File | 14.19 Gb Available in Paging File | 88.70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 778.74 Gb Free Space | 83.61% Space Free | Partition Type: NTFS
Drive D: | 5.30 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: BADDASS | User Name: Alexa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0117D324-5B0E-46C8-B34C-F00BE38B207C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{0BD4C50B-3E0E-4125-B6AA-8407B6F8D53B}" = rport=445 | protocol=6 | dir=out | app=system |
"{10A49818-4D4C-4F1B-B8B7-90D516EACEC8}" = rport=10243 | protocol=6 | dir=out | app=system |
"{185A5F16-3550-4E46-9BEB-7AFF8D37D572}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{20CA9E96-1E28-42B4-B117-AA1D20504C37}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{22B9E873-4149-4470-B81C-74F2909893BA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3167B6E6-A8DA-4AFF-B737-136375D2E733}" = lport=1624 | protocol=17 | dir=in | name=charbuilderfull |
"{328D8D1C-97B3-463E-B0A5-8A18D683F61D}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{3694BE54-C337-47ED-8BFF-7A0A4E5BE0CE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{53D9E519-7645-4BC0-959E-EFBF1EBD4CEA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{548F0F86-4C3C-4A43-9193-DB8DBF55126A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{60CF8623-125D-485A-B0C9-D7D78A6CD6B4}" = lport=1624 | protocol=6 | dir=in | name=charbuilderfull |
"{640415CE-4F6F-46B8-A0E0-4C28122454A5}" = lport=445 | protocol=6 | dir=in | app=system |
"{64C901EF-C561-4AFF-B45A-E0DEE46E1E31}" = rport=137 | protocol=17 | dir=out | app=system |
"{6C0B3A5E-20CC-4232-9F94-E1B7377025A3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{766BB29D-2555-4134-925E-F7DA06FC38A4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7AFFDDCD-5993-4B17-80B7-B9861484D807}" = rport=138 | protocol=17 | dir=out | app=system |
"{7F476454-6784-4E8C-98F8-EDB4D0A80CC8}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{812C60DF-B63E-497C-AFCF-47C77C59A749}" = rport=139 | protocol=6 | dir=out | app=system |
"{97A37EDF-F8B2-4051-9418-1A9690E1E467}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9D929D84-5408-47D0-BC76-8CCAA905B631}" = lport=139 | protocol=6 | dir=in | app=system |
"{AE792102-28BB-4927-8E92-2513DD2E84D5}" = lport=137 | protocol=17 | dir=in | app=system |
"{B3AA60F3-79AB-4F4A-8A3B-1CDEAE69F441}" = lport=138 | protocol=17 | dir=in | app=system |
"{BFA8DAC1-410E-4B16-A802-DDD106DCED72}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D3F6A820-0342-41FC-A054-DBC41602BFCB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FCE70DDC-6125-4A62-8341-F336FED06B69}" = lport=10243 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0EF6BB7A-2BF7-4259-A028-1B2A349A553C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1702179C-C085-4425-9B3E-8C66A3C9068B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{1E1C6747-2DEC-4618-91E7-FEDF9709C7E5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2278E0E1-2E82-4E8A-8700-B4A96262401D}" = protocol=6 | dir=in | app=c:\windows\system32\lxdncoms.exe |
"{269DC9FC-2A87-416F-81E0-F2B3FF656AD0}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{29AB0E76-8350-4B8F-B01D-05162A7B7639}" = protocol=17 | dir=in | app=c:\users\alexa\appdata\local\temp\character builder\tempelevator.exe |
"{306080F2-6559-44FD-9ACA-F7C1F94C3D85}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{35A5F9B0-544B-4E79-ACE2-64F70A1E79DE}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3834B1A4-F5CA-4C5C-9643-37005B34FBEB}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{3D154CC1-B75E-4AA5-A767-6AE09001F8AE}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{62AD3F77-EDAB-488B-9AD4-22FB907E45FB}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{64A0F70C-5964-4D4D-A585-86056AE898FF}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{6B47EDAE-8544-445C-B659-66223EAA3094}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{6CBE8CC5-3363-4B3F-A05A-9208FCA82D35}" = protocol=6 | dir=in | app=c:\program files (x86)\reality pump\two worlds\twoworlds.exe |
"{6EABD021-61F0-47BE-BE57-F85434E16CB6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7D6D99D8-03D5-4BD7-B126-8E474530CC7C}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{86743C91-2FCB-422B-9BBB-8D7052EAEE02}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8AE206BA-6E2B-4881-AFD6-BEADCC7B4EC0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8C8F1EF5-2C4D-4643-BBE9-2443FA516B17}" = protocol=6 | dir=out | app=system |
"{8E1B0893-EBE0-4463-BFFD-6C1AC07AF46F}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{8E266720-4B34-406B-993B-B41E8E11B0A6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{94B223BC-9A23-495B-8975-5174597A3760}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{96D5702D-4015-402C-9686-1DD087040FCF}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A94A40A5-C71A-4150-9FA9-8636B9DF8DA2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B17C18C9-CEC8-46AD-B3EE-66E72993D96E}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{B6DCA917-5CFC-41F3-BF72-B260E579855D}" = protocol=17 | dir=in | app=c:\program files (x86)\reality pump\two worlds\twoworlds_radeon.exe |
"{B83876DE-057D-4CC5-AE99-30801B76450D}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{B867D0AD-E9FC-4617-A31A-53A56E03C166}" = protocol=6 | dir=in | app=c:\program files (x86)\reality pump\two worlds\twoworlds_radeon.exe |
"{BB9E7EEC-5BF4-4799-8BFD-2AB948ECE143}" = protocol=17 | dir=in | app=c:\program files (x86)\firaxis games\sid meier's civilization 4\civilization4.exe |
"{BBA6CA69-7C3F-4742-B0C0-2B40FEE09C90}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{C4B7D41E-DFD8-4F55-B3E8-79E8B334B4E7}" = protocol=17 | dir=in | app=c:\program files (x86)\reality pump\two worlds\twoworlds.exe |
"{C8CE90EE-37CD-4C3D-9DCE-33CAAE5B36FA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{D65DB710-62F6-4167-8105-59B337905A24}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D736B097-3D3A-4F7B-A592-FB73C6C3EC87}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DC8CBEA8-098B-48E6-B26F-476EA991D92C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{E0669AA8-7392-4EE5-8206-D9E377E7EC51}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E9FB9D97-D6FE-4BC0-96E8-13D1CE0463B7}" = protocol=6 | dir=in | app=c:\program files (x86)\firaxis games\sid meier's civilization 4\civilization4.exe |
"{F0F5037E-A12D-4114-8938-B62378A7D02F}" = protocol=17 | dir=in | app=c:\windows\system32\lxdncoms.exe |
"{F4711698-C9DB-4961-9B7F-D3300AC27090}" = protocol=6 | dir=in | app=c:\users\alexa\appdata\local\temp\character builder\tempelevator.exe |
"{F6508446-A294-4BF0-96C7-5B8DEFB6A099}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FA4FE299-96E1-4784-8EEE-7C5F3CE933D9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{28989DAF-6683-47AC-9DEC-20BB1B5E735F}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{5A54875A-8A87-493E-9253-948C0E2D0A04}C:\windows\system32\spool\drivers\x64\3\lxdnpswx.exe" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdnpswx.exe |
"TCP Query User{805BEB75-1E9E-44E5-9436-2971F6209296}C:\users\alexa\downloads\ddi_cb.exe" = protocol=6 | dir=in | app=c:\users\alexa\downloads\ddi_cb.exe |
"TCP Query User{C2FAD7B4-41A2-4A3E-924F-E0F6736181AB}C:\users\alexa\downloads\adventuretoolsdownloader.exe" = protocol=6 | dir=in | app=c:\users\alexa\downloads\adventuretoolsdownloader.exe |
"TCP Query User{D27BF3E7-351E-4835-8D5D-D4E634EBCB9F}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"TCP Query User{EDB40D32-911A-4EF8-8846-F989822E0D2C}C:\program files (x86)\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ares\ares.exe |
"TCP Query User{F9A693A9-AAFD-474A-A141-2C43A3E4B7E0}C:\program files (x86)\dosbox-0.61\dosbox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dosbox-0.61\dosbox.exe |
"UDP Query User{1819206A-924E-4D34-AB07-EDD2851BB3B6}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"UDP Query User{3F253D44-96D9-4839-AC99-854649936C82}C:\program files (x86)\dosbox-0.61\dosbox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dosbox-0.61\dosbox.exe |
"UDP Query User{8A0F48BF-AE28-4FBC-B563-ED87437761CE}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{C70E6425-3B6C-41FE-963F-33C7A93CCF2E}C:\users\alexa\downloads\adventuretoolsdownloader.exe" = protocol=17 | dir=in | app=c:\users\alexa\downloads\adventuretoolsdownloader.exe |
"UDP Query User{D4BA7719-BF6B-4DB3-ACC0-300E3E87FA7B}C:\users\alexa\downloads\ddi_cb.exe" = protocol=17 | dir=in | app=c:\users\alexa\downloads\ddi_cb.exe |
"UDP Query User{E557AACB-26BF-4AAD-A8A7-9CAE2296B031}C:\program files (x86)\ares\ares.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ares\ares.exe |
"UDP Query User{E72B8F8C-D606-41DF-A86B-92F61584C9A8}C:\windows\system32\spool\drivers\x64\3\lxdnpswx.exe" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdnpswx.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7AB6F8D7-7804-4662-BE8C-1AFCCD602D9F}" = Microsoft Mouse and Keyboard Center
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 310.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 310.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 310.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 310.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{D9C50188-12D5-4D3E-8F00-682346C2AA5F}" = Microsoft Xbox 360 Accessories 1.2
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 4
"{26FDF89A-FA65-4FA2-8522-37CC84DFDCEE}" = Mercenaries 2: World in Flames(tm)
"{3D374523-CFDE-461A-827E-2A102E2AB365}" = Star Wars Battlefront II
"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = The Sims™ 3 Late Night
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63CEA2E4-4FE7-4F2C-B388-C1313D24157C}" = SPORE™ Galactic Adventures
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{821DABD6-26F2-49E5-AE55-40A589ADBE6D}" = Emperor: Rise of the Middle Kingdom
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}" = Chuzzle
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117601840}" = Farm Frenzy 3
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = The Sims™ 3 Ambitions
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{A2E5F2AA-2996-41EA-BCCD-9FD0476A5326}" = TWC Customer Controls
"{A8589680-35C1-4732-ACCA-09B78921ECE3}" = Sid Meier's Civilization 4
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.4
"{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = The Sims™ 3 World Adventures
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C07F8D75-7A8D-400E-A8F9-A3F396B49BB1}" = SPORE™ Creepy & Cute Parts Pack
"{C12631C6-804D-4B32-B0DD-8A496462F106}" = The Sims™ 3 Pets
"{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters
"{CE6F9778-35DE-42D1-8C61-C5C69DCF8927}" = Google Analytics Opt-out Browser Add-on
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AI RoboForm" = AI RoboForm (All Users)
"avast" = avast! Free Antivirus
"CameraUserGuide-PSSX210IS" = Canon PowerShot SX210 IS Camera User Guide
"CameraWindowDC8" = Canon Utilities CameraWindow DC 8
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"D-Fend Reloaded" = D-Fend Reloaded 1.2.1 (deinstall)
"Diablo II" = Diablo II
"Diablo III" = Diablo III
"Download Manager" = Download Manager 2.3.10
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"Galactic Civilizations II - Gold Edition" = Galactic Civilizations II - Gold Edition
"Ghostery IE Plugin_is1" = Ghostery IE Plugin
"house" = house Screen Saver
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InstallShield_{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MovieUploaderForYouTube" = Canon Utilities Movie Uploader for YouTube
"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
"MS Access 97 SP2" = MS Access 97 SP2
"MyCamera" = Canon Utilities MyCamera
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Origin" = Origin
"Personal Printing Guide" = Canon Personal Printing Guide
"PhotoStitch" = Canon Utilities PhotoStitch
"Shockwave" = Shockwave
"SimCity 3000 Unlimited" = SimCity 3000 Unlimited
"Software Guide" = Canon DIGITAL CAMERA Solution Disk Software Guide
"Stardock Central" = Stardock Central
"The Weather Channel App" = The Weather Channel App
"Two Worlds" = Two Worlds
"Vampire: The Masquerade - Bloodlines" = Vampire: The Masquerade - Bloodlines
"ZMBV" = Zip Motion Block Video codec (Remove Only)
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2446423097-1070840455-1956962901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 12/12/2012 2:19:12 AM | Computer Name = Baddass | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6022

Error - 12/12/2012 2:19:12 AM | Computer Name = Baddass | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6022

Error - 12/12/2012 2:19:13 AM | Computer Name = Baddass | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 12/12/2012 2:19:13 AM | Computer Name = Baddass | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7020

Error - 12/12/2012 2:19:13 AM | Computer Name = Baddass | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7020

Error - 12/12/2012 2:19:14 AM | Computer Name = Baddass | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 12/12/2012 2:19:14 AM | Computer Name = Baddass | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8019

Error - 12/12/2012 2:19:14 AM | Computer Name = Baddass | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8019

Error - 12/12/2012 2:19:15 AM | Computer Name = Baddass | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 12/12/2012 2:19:15 AM | Computer Name = Baddass | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9017

Error - 12/12/2012 2:19:15 AM | Computer Name = Baddass | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9017

Error - 12/12/2012 2:19:16 AM | Computer Name = Baddass | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 12/12/2012 2:19:16 AM | Computer Name = Baddass | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 10015

Error - 12/12/2012 2:19:16 AM | Computer Name = Baddass | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 10015

[ System Events ]
Error - 2/28/2013 11:02:39 PM | Computer Name = Baddass | Source = Service Control Manager | ID = 7038
Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
with the currently configured password due to the following error: %%1330 To ensure
that the service is configured properly, use the Services snap-in in Microsoft
Management Console (MMC).

Error - 2/28/2013 11:02:39 PM | Computer Name = Baddass | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Update Service Daemon service failed to start due to the
following error: %%1069

Error - 3/2/2013 12:27:34 AM | Computer Name = Baddass | Source = Service Control Manager | ID = 7034
Description = The Google Update Service (gupdate) service terminated unexpectedly.
It has done this 1 time(s).

Error - 3/2/2013 12:28:04 AM | Computer Name = Baddass | Source = DCOM | ID = 10010
Description =

Error - 3/2/2013 12:29:18 AM | Computer Name = Baddass | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 3/2/2013 12:29:32 AM | Computer Name = Baddass | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 2 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 3/2/2013 12:30:32 AM | Computer Name = Baddass | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Apple Mobile Device service,
but this action failed with the following error: %%1056

Error - 3/2/2013 1:05:50 AM | Computer Name = Baddass | Source = Service Control Manager | ID = 7038
Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
with the currently configured password due to the following error: %%1330 To ensure
that the service is configured properly, use the Services snap-in in Microsoft
Management Console (MMC).

Error - 3/2/2013 1:05:50 AM | Computer Name = Baddass | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Update Service Daemon service failed to start due to the
following error: %%1069

Error - 3/2/2013 11:23:32 PM | Computer Name = Baddass | Source = DCOM | ID = 10010
Description =

< End of report >

**AlexaSD** · 2013-03-03, 05:36

*sigh. I found Mozilla Firefox, turns out I do still have it (man I feel like a dummy!

) Okay, I can log into pogo via firefox, AND IE now too! But most games still won't work, in either browser. I'm not sure if my Java is currently updated, but I know I did so when I first started having problems with Pogo, because that is what they suggested I do.

Also, my computer went to stand by on its own a few days ago, but has refused to do so since.

Why do these things come and go?

In many of the reports I sent you, I saw a program I uninstalled a while ago called "character builder." why am I still seeing it there?

Sorry if I'm overloading you with questions. I appreciate your patience.

**torreattack** · 2013-03-03, 11:50

Hi AlexaSD :

Sorry if I'm overloading you with questions. I appreciate your patience.

It's okay. I will try to answer each, but just those I know the answer.

Also, my computer went to stand by on its own a few days ago, but has refused to do so since.

You may check your hardware setting in the Control Panel ==> Power Options.

Why do these things come and go?

Really no idea about it, might cause by Windows Update, User Interaction, malware, improper coding software and many other reason.

In many of the reports I sent you, I saw a program I uninstalled a while ago called "character builder." why am I still seeing it there?

Might be leftover in the registry or improper uninstaller.

Removed Dealio toolbar via control panel remove programs. should i do the same in spybot system startup? Or will we handle that another way? startup program still has entry in spybot system startup tool.

Yes, you may. However, I will remove the leftover if I see it in your logs.

We will leave the POGO problem aside for a while, we will check whether any malware in your computer first.

Weird charge appeared on bank statement after making an online purchace from edible arrangements in december.

1. Is this the computer that you used for the online payment before the suspected payment happened?

2. Does the weird charges are from the company that you have purchase something or a different company?

3. Did you scan your computer after the incident? Any malware found? Can you recall the name of the malware?

While waiting for me to research your logs, let's run another test.

4. Security Check
Please download Security Check ... by screen317. Save it to your desktop.
Alternate download site: Link 2

Right click the SecurityCheck.exe icon and select "run as administrator" to begin.
Press the Space Bar when you see the "press any key to continue..." message.
A Notepad results file will open automatically called checkup.txt
Save "checkup.txt" to your desktop. (This output file is NOT automatically saved!)
Please copy/paste the entire contents of the checkup.txt file into your next reply.

5. Search with AdwCleaner
Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.
Right click on adwcleaner.exe and select " Run as administrator " to run it.
Click on Search.
A logfile will automatically open after the scan has finished.
Close the adwCleaner window, click ok to the prompt.
Please post the content of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[R1].txt as well.

Thank you for your patience.
torreattack

**AlexaSD** · 2013-03-05, 05:23

Bear with me, life happened and I still don't have that external harddrive for pc backup. Working on it, sorry for being a pain.

Results of screen317's Security Check version 0.99.60
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
Spybot - Search & Destroy
JavaFX 2.1.0
Java(TM) 6 Update 31
Java(TM) 7 Update 4
Java version out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (9.0.1)
````````Process Check: objlist.exe by Laurent````````
Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

# AdwCleaner v2.114 - Logfile created 03/04/2013 at 23:20:04
# Updated 05/03/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Alexa - BADDASS
# Boot Mode : Normal
# Running from : C:\Users\Alexa\Desktop\adwcleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****

Folder Found : C:\ProgramData\Trymedia
Folder Found : C:\Users\Alexa\AppData\Local\Temp\AskSearch
Folder Found : C:\Users\Brandon\AppData\LocalLow\AskToolbar
Folder Found : C:\Users\Brandon\AppData\LocalLow\Search Settings

***** [Registry] *****

Key Found : HKLM\Software\GamesBarSetup
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16464

[OK] Registry is clean.

-\\ Mozilla Firefox v9.0.1 (en-US)

File : C:\Users\Alexa\AppData\Roaming\Mozilla\Firefox\Profiles\3x41iquo.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1193 octets] - [04/03/2013 23:20:04]

########## EOF - C:\AdwCleaner[R1].txt - [1253 octets] ##########

Thread: Infected? I'm kinda clueless here.

Thread Tools

Display

Infected? I'm kinda clueless here.

Tdss

Otl

Extras

I have to amend previous posts

Posting Permissions