# I simply cant get rid of imminent search as my default firefox search



## PEP (Mar 1, 2006)

ok guys i can really use some help here.
As title says, ive been trying to get rid of imminent search for a while now and it just wont frickin go away!!!
its not in add/remove programs, i tried spybot, kaspersky scan, firefox addon removals. its like the search is hardcoded into firefox or something... also my booting takes extremely long as of late, the desktop freezes on startup for a good minute+ before the antivirus loads up and everything works...
Please help me out here, i dont know what else to do...
actually now that ive ran the programs needed here, i do see that i missed some stuff, but ill leave it to the professionals to give the final word 

System specs: 
CPU: core2quad 2.4ghz
GPU: ati 4870 512mb
RAM: 4 gig(2 2gig sticks)
gigabyte motherboard
windows 7 ultimate
500gb HD

HIJACK LOG:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:39:10 AM, on 5/23/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\a folder\Files\DOWNLOADS\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://toolbar.inbox.com/help/sa_customize.aspx?tbid=80115
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\a folder\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: IMinent WebBooster - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Microsoft Web Test Recorder 10.0 Helper - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\a folder\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"
O4 - HKLM\..\Run: [Aimersoft Helper Compact.exe] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
O4 - HKLM\..\Run: [Iminent] C:\Program Files (x86)\Iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C"
O4 - HKLM\..\Run: [IminentMessenger] C:\Program Files (x86)\Iminent\Iminent.Messengers.exe /startup
O4 - HKLM\..\Run: [NI Background Service] C:\a folder\Program Files (x86)\National Instruments\Shared\Update Service\BackgroundService.exe
O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Adflybot] C:\Eliteclicks\Adflybot
O4 - HKCU\..\Run: [ghost] C:\temp\ghost
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Default user')
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\AFOLDE~1\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\AFOLDE~1\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\AFOLDE~1\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\a folder\Program Files (x86)\AIM\aim.exe
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://www.facebook.com
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\a folder\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\Windows\SysWOW64\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments Corporation - C:\Windows\SysWOW64\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments Corporation - C:\Windows\SysWOW64\lktsrv.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments Corporation - C:\a folder\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corporation - C:\Windows\SysWOW64\nisvcloc.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\a folder\Program Files\OO Software\Defrag\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11134 bytes

DDS LOG
.
DDS (Ver_2011-08-26.01) - NTFSAMD64 
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
Run by PEP at 5:40:00 on 2012-05-23
Microsoft Windows 7 Ultimate 6.1.7601.1.1251.7.1033.18.4094.2443 [GMT -4:00]
.
AV: Kaspersky Internet Security *Enabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
SP: Kaspersky Internet Security *Enabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security *Enabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\lkads.exe
C:\Windows\SysWOW64\lktsrv.exe
C:\a folder\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
C:\Windows\SysWOW64\nisvcloc.exe
C:\a folder\Program Files\OO Software\Defrag\oodag.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtblfs.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\DeviceDisplayObjectProvider.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\DXPServer.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\splwow64.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = 
uSearch Page = 
uStart Page = hxxp://www.google.com/
mSearchAssistant = 
mCustomizeSearch = hxxp://toolbar.inbox.com/help/sa_customize.aspx?tbid=80115
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\a folder\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: IMinent WebBooster (BHO): {a09ab6eb-31b5-454c-97ec-9b294d92ee2a} - C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Microsoft Web Test Recorder 10.0 Helper: {dda57003-0068-4ed2-9d32-4d1ec707d94d} - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
TB: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
TB: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File
EB: Web Test Recorder 10.0: {5802d092-1784-4908-8cdb-99b6842d353d} - mscoree.dll
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Adflybot] C:\Eliteclicks\Adflybot
uRun: [ghost] C:\temp\ghost
mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun: [Adobe Reader Speed Launcher] "C:\a folder\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"
mRun: [Aimersoft Helper Compact.exe] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
mRun: [Iminent] C:\Program Files (x86)\Iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C"
mRun: [IminentMessenger] C:\Program Files (x86)\Iminent\Iminent.Messengers.exe /startup
mRun: [NI Background Service] C:\a folder\Program Files (x86)\National Instruments\Shared\Update Service\BackgroundService.exe
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
dRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\a folder\Program Files (x86)\AIM\aim.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\AFOLDE~1\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\AFOLDE~1\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
Trusted Zone: facebook.com\www
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{659D3C6A-9AF6-47A6-8D43-C5166F4A3B63} : DhcpNameServer = 192.168.1.1 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\a folder\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\a folder\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
BHO-X64: IEVkbdBHO - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\a folder\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: IMinent WebBooster (BHO): {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll
BHO-X64: IMinent WebBooster - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Microsoft Web Test Recorder 10.0 Helper: {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
BHO-X64: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
BHO-X64: link filter bho - No File
TB-X64: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
TB-X64: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File
EB-X64: {5802D092-1784-4908-8CDB-99B6842D353D} - No File
mRun-x64: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\a folder\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"
mRun-x64: [Aimersoft Helper Compact.exe] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
mRun-x64: [Iminent] C:\Program Files (x86)\Iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C"
mRun-x64: [IminentMessenger] C:\Program Files (x86)\Iminent\Iminent.Messengers.exe /startup
mRun-x64: [NI Background Service] C:\a folder\Program Files (x86)\National Instruments\Shared\Update Service\BackgroundService.exe
mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
IE-X64: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\a folder\Program Files (x86)\AIM\aim.exe
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\a folder\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
Hosts: 127.0.0.1	www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\PEP\AppData\Roaming\Mozilla\Firefox\Profiles\pv2z0nyu.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\components\abhelperxpcom.dll
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\components\kavlinkfilter.dll
FF - plugin: C:\a folder\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\a folder\Program Files (x86)\Adobe\Reader 9.0\Reader\browser\nppdf32.dll
FF - plugin: C:\a folder\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\a folder\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll
FF - plugin: C:\a folder\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: C:\a folder\Program Files (x86)\QuickTime\Plugins\npqtplugin.dll
FF - plugin: C:\a folder\Program Files (x86)\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: C:\a folder\Program Files (x86)\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: C:\a folder\Program Files (x86)\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: C:\a folder\Program Files (x86)\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: C:\a folder\Program Files (x86)\QuickTime\Plugins\npqtplugin6.dll
FF - plugin: C:\a folder\Program Files (x86)\QuickTime\Plugins\npqtplugin7.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npArtistScope42.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npArtistScopeDRM11.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nplv86win32.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nplv90win32.dll
FF - plugin: C:\Program Files (x86)\NOS\bin\np_gp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\PEP\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R1 kl2;kl2;C:\Windows\system32\DRIVERS\kl2.sys --> C:\Windows\system32\DRIVERS\kl2.sys [?]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys --> C:\Windows\system32\DRIVERS\klim6.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [2011-4-25 202296]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\Windows\system32\drivers\LMIRfsDriver.sys --> C:\Windows\system32\drivers\LMIRfsDriver.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\system32\DRIVERS\klmouflt.sys --> C:\Windows\system32\DRIVERS\klmouflt.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-4-15 136176]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-4-15 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-15 129976]
S3 RDID1053;PC-50;C:\Windows\system32\Drivers\rdwm1053.sys --> C:\Windows\system32\Drivers\rdwm1053.sys [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 VSPerfDrv100;Performance Tools Driver 10.0;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2010-3-17 68440]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 CSHelper;CopySafe Helper Service;C:\Windows\SysWOW64\CSHelper.exe [2010-1-30 266240]
.
=============== Created Last 30 ================
.
2012-05-21 05:44:18	--------	d-----w-	C:\BigFishGamesCache
2012-05-15 05:27:36	--------	d-----w-	C:\ProgramData\Spybot - Search & Destroy
2012-05-10 03:37:35	--------	d-----w-	C:\Users\PEP\.dia
2012-05-09 04:48:31	--------	d-----w-	C:\Program Files (x86)\AMD APP
2012-05-06 04:11:14	--------	d-----w-	C:\Users\PEP\AppData\Local\{E14F677C-8118-476A-92C8-338A2CFA9E76}
2012-05-06 04:11:02	--------	d-----w-	C:\Users\PEP\AppData\Local\{73EAE1C6-6666-4AC8-9C64-F162D8CF6850}
2012-05-04 00:49:36	--------	d-----w-	C:\Program Files (x86)\Mozilla Maintenance Service
2012-04-24 19:35:18	--------	d-----w-	C:\Users\PEP\AppData\Local\{9C0B4AB5-88DB-4C60-92E1-4D5E7490AA7B}
2012-04-24 19:35:07	--------	d-----w-	C:\Users\PEP\AppData\Local\{0103CB08-2810-457D-B515-B1B6AD26AFEB}
.
==================== Find3M ====================
.
2012-04-22 00:22:42	202448	----a-w-	C:\Windows\SysWow64\PnkBstrB.exe
2012-04-06 05:22:40	11174400	----a-w-	C:\Windows\System32\drivers\atikmdag.sys
2012-04-06 02:34:26	187392	----a-w-	C:\Windows\System32\clinfo.exe
2012-04-06 02:34:10	74752	----a-w-	C:\Windows\System32\OpenVideo64.dll
2012-04-06 02:34:04	64512	----a-w-	C:\Windows\SysWow64\OpenVideo.dll
2012-04-06 02:33:56	63488	----a-w-	C:\Windows\System32\OVDecode64.dll
2012-04-06 02:33:52	56320	----a-w-	C:\Windows\SysWow64\OVDecode.dll
2012-04-06 02:33:44	16457216	----a-w-	C:\Windows\System32\amdocl64.dll
2012-04-06 02:32:56	13007872	----a-w-	C:\Windows\SysWow64\amdocl.dll
2012-04-06 02:22:00	159744	----a-w-	C:\Windows\System32\atiapfxx.exe
2012-04-06 02:21:52	909312	----a-w-	C:\Windows\SysWow64\aticfx32.dll
2012-04-06 02:20:04	1067520	----a-w-	C:\Windows\System32\aticfx64.dll
2012-04-06 02:16:52	442368	----a-w-	C:\Windows\System32\ATIDEMGX.dll
2012-04-06 02:16:46	503808	----a-w-	C:\Windows\System32\atieclxx.exe
2012-04-06 02:16:02	236544	----a-w-	C:\Windows\System32\atiesrxx.exe
2012-04-06 02:14:44	120320	----a-w-	C:\Windows\System32\atitmm64.dll
2012-04-06 02:14:30	21504	----a-w-	C:\Windows\System32\atimuixx.dll
2012-04-06 02:14:26	59392	----a-w-	C:\Windows\System32\atiedu64.dll
2012-04-06 02:14:20	43520	----a-w-	C:\Windows\SysWow64\ati2edxx.dll
2012-04-06 02:13:42	6800896	----a-w-	C:\Windows\SysWow64\atidxx32.dll
2012-04-06 02:10:50	26181632	----a-w-	C:\Windows\System32\atio6axx.dll
2012-04-06 02:00:10	64000	----a-w-	C:\Windows\System32\coinst.dll
2012-04-06 01:54:46	7479296	----a-w-	C:\Windows\System32\atidxx64.dll
2012-04-06 01:50:56	19753984	----a-w-	C:\Windows\SysWow64\atioglxx.dll
2012-04-06 01:35:24	1120768	----a-w-	C:\Windows\System32\atiumd6v.dll
2012-04-06 01:34:50	1831424	----a-w-	C:\Windows\SysWow64\atiumdmv.dll
2012-04-06 01:34:34	4731904	----a-w-	C:\Windows\System32\atiumd6a.dll
2012-04-06 01:34:04	6203392	----a-w-	C:\Windows\SysWow64\atiumdag.dll
2012-04-06 01:30:16	51200	----a-w-	C:\Windows\System32\aticalrt64.dll
2012-04-06 01:30:14	46080	----a-w-	C:\Windows\SysWow64\aticalrt.dll
2012-04-06 01:30:08	44544	----a-w-	C:\Windows\System32\aticalcl64.dll
2012-04-06 01:30:06	44032	----a-w-	C:\Windows\SysWow64\aticalcl.dll
2012-04-06 01:29:54	16090624	----a-w-	C:\Windows\System32\aticaldd64.dll
2012-04-06 01:25:30	13764096	----a-w-	C:\Windows\SysWow64\aticaldd.dll
2012-04-06 01:23:24	7431680	----a-w-	C:\Windows\System32\atiumd64.dll
2012-04-06 01:22:54	4795904	----a-w-	C:\Windows\SysWow64\atiumdva.dll
2012-04-06 01:11:28	514560	----a-w-	C:\Windows\System32\atiadlxx.dll
2012-04-06 01:11:20	360448	----a-w-	C:\Windows\SysWow64\atiadlxy.dll
2012-04-06 01:11:06	17408	----a-w-	C:\Windows\System32\atig6pxx.dll
2012-04-06 01:11:04	14848	----a-w-	C:\Windows\SysWow64\atiglpxx.dll
2012-04-06 01:11:04	14848	----a-w-	C:\Windows\System32\atiglpxx.dll
2012-04-06 01:11:00	41984	----a-w-	C:\Windows\System32\atig6txx.dll
2012-04-06 01:10:52	33280	----a-w-	C:\Windows\SysWow64\atigktxx.dll
2012-04-06 01:10:44	343040	----a-w-	C:\Windows\System32\drivers\atikmpag.sys
2012-04-06 01:09:56	54784	----a-w-	C:\Windows\System32\atiuxp64.dll
2012-04-06 01:09:48	41984	----a-w-	C:\Windows\SysWow64\atiuxpag.dll
2012-04-06 01:09:42	44544	----a-w-	C:\Windows\System32\atiu9p64.dll
2012-04-06 01:09:34	32256	----a-w-	C:\Windows\SysWow64\atiu9pag.dll
2012-04-06 01:09:02	53248	----a-w-	C:\Windows\System32\drivers\ati2erec.dll
2012-04-06 01:06:08	54784	----a-w-	C:\Windows\System32\atimpc64.dll
2012-04-06 01:06:08	54784	----a-w-	C:\Windows\System32\amdpcom64.dll
2012-04-06 01:06:04	53760	----a-w-	C:\Windows\SysWow64\atimpc32.dll
2012-04-06 01:06:04	53760	----a-w-	C:\Windows\SysWow64\amdpcom32.dll
2012-03-25 18:25:48	414368	----a-w-	C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-09 05:24:22	54272	----a-w-	C:\Windows\System32\OpenCL.dll
2012-03-09 05:24:14	48128	----a-w-	C:\Windows\SysWow64\OpenCL.dll
2012-03-08 22:37:20	302448	----a-w-	C:\Windows\WLXPGSS.SCR
2012-02-23 12:32:04	95760	----a-w-	C:\Windows\System32\drivers\AtihdW76.sys
.
============= FINISH: 5:41:54.89 ===============


----------



## eddie5659 (Mar 19, 2001)

Hiya

Please download Malwarebytes' Anti-Malware from *Here*

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to *Update Malwarebytes' Anti-Malware* and *Launch Malwarebytes' Anti-Malware*, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "*Perform Full Scan*", then click *Scan*.
The scan may take some time to finish, so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that *everything is checked*, and click *Remove Selected*.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.
Extra Note:
*If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediatly.*

*Download and scan with* *SUPERAntiSpyware* Free Edition for Home Users
Double-click *SUPERAntiSpyware.exe* and use the default settings for installation.
An icon will be created on your desktop. Double-click that icon to launch the program.
If asked to update the program definitions, click "*Yes*". If not, update the definitions before scanning by selecting "*Check for Updates*". (_If you encounter any problems while downloading the updates, manually download and unzip them from here._)
Under "*Configuration and Preferences*", click the *Preferences* button.
Click the *Scanning Control* tab.
Under *Scanner Options* make sure the following are checked _(leave all others unchecked)_:
_Close browsers before scanning._
_Scan for tracking cookies._
_Terminate memory threats before quarantining._

Click the "*Home*" button to leave the control center screen.
On the right, under "*Complete Scan*", choose *Perform Complete Scan*.
Click *Scan your computer*.
On the left, select all *fixed drives*.
Click "*Start Complete Scan*" to start the scan. Please be patient while it scans your computer.
After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "*Continue*".
Make sure everything has a checkmark next to it and click "*Next*".
A notification will appear that "_Quarantine and Removal is Complete_". Click "*Remove Threats*" and then click the "*Finish*" button to return to the main menu.
If asked if you want to reboot, click "*Yes*".
To retrieve the removal information after reboot, launch SUPERAntispyware again.
_Click *View Scan Logs*.
[*]Under Scanner Logs, double-click *SUPERAntiSpyware Scan Log*.
[*]If there are several logs, click the current dated log and press *View log*. A text file will open in your default text editor.
[*]Please copy and paste the Scan Log results in your next reply._
_[*]Click *Close* to exit the program._
_

Please include the *MBAM log and, SUPERAntiSpyware Scan Log and a fresh HijackThis log *in your next reply

eddie_


----------



## PEP (Mar 1, 2006)

Ok here they are. Thanks for the help 

MALWARE BYTES LOG
Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.25.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
PEP :: PEPBOBA [administrator]

Protection: Enabled

5/26/2012 3:48:23 PM
mbam-log-2012-05-26 (15-48-23).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 982613
Time elapsed: 3 hour(s), 54 minute(s), 26 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 7
C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\microsoft.visual.studio.2010.patch.exe (PUP.Hacktool.Patcher) -> No action taken.
C:\Users\PEP\AppData\Local\TempDIR\BetterInstaller.exe (PUP.BundleInstaller.Somoto) -> No action taken.
C:\Users\PEP\Downloads\aimersoft.dvd.creator.2.6.3.19_2b\Reg\patch\aimersoft.dvd.creator.2.6.3.19-patch.exe (PUP.Hacktool.Patcher) -> No action taken.
C:\Users\PEP\Local Settings\TempDIR\BetterInstaller.exe (PUP.BundleInstaller.Somoto) -> No action taken.
C:\Users\PEP\AppData\Roaming\Thinstall\WORD 2007\300000005700002h\WINWORD.EXE (Trojan.Agent.H) -> Quarantined and deleted successfully.
C:\Windows\System32\mrvcl32.exe (Trojan.Clicker.CT) -> Quarantined and deleted successfully.
P:\Program Files (x86)\Space Pirates and Zombies\TDU.exe (Packer.ModifiedUPX) -> Quarantined and deleted successfully.

(end)

SUPERANTISPYWARE LOG
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/27/2012 at 07:59 AM

Application Version : 5.0.1150

Core Rules Database Version : 8650
Trace Rules Database Version: 6462

Scan type : Complete Scan
Total Scan Time : 04:15:57

Operating System Information
Windows 7 Ultimate 64-bit, Service Pack 1 (Build 6.01.7601)
UAC Off - Administrator

Memory items scanned : 745
Memory threats detected : 0
Registry items scanned : 69025
Registry threats detected : 1
File items scanned : 808499
File threats detected : 231

Adware.Tracking Cookie
C:\Users\PEP\AppData\Roaming\Microsoft\Windows\Cookies\IN432KVA.txt [ /invitemedia.com ]
C:\Users\PEP\AppData\Roaming\Microsoft\Windows\Cookies\OCNIKOO4.txt [ /ru4.com ]
C:\Users\PEP\AppData\Roaming\Microsoft\Windows\Cookies\Z18NLUH4.txt [ /care2.112.2o7.net ]
C:\Users\PEP\AppData\Roaming\Microsoft\Windows\Cookies\Z5U51OGY.txt [ /msnbc.112.2o7.net ]
C:\Users\PEP\AppData\Roaming\Microsoft\Windows\Cookies\HU4HGPGV.txt [ /dmtracker.com ]
C:\Users\PEP\AppData\Roaming\Microsoft\Windows\Cookies\9PTGOCAW.txt [ /server.iad.liveperson.net ]
C:\Users\PEP\AppData\Roaming\Microsoft\Windows\Cookies\WT7ZAF30.txt [ /2o7.net ]
C:\Users\PEP\AppData\Roaming\Microsoft\Windows\Cookies\CZ7OEN7N.txt [ /hotlog.ru ]
C:\Users\PEP\AppData\Roaming\Microsoft\Windows\Cookies\BMCBZY0K.txt [ /liveperson.net ]
C:\Users\PEP\AppData\Roaming\Microsoft\Windows\Cookies\JU62P3FC.txt [ /indieclicktv.com ]
C:\Users\PEP\AppData\Roaming\Microsoft\Windows\Cookies\NS5P4T5C.txt [ /nextag.com ]
C:\Users\PEP\AppData\Roaming\Microsoft\Windows\Cookies\KP9WDDSE.txt [ /liveperson.net ]
C:\Users\PEP\AppData\Roaming\Microsoft\Windows\Cookies\VSIDNYWZ.txt [ /openstat.net ]
C:\Users\PEP\AppData\Roaming\Microsoft\Windows\Cookies\OC63C9FK.txt [ /rambler.ru ]
C:\Users\PEP\AppData\Roaming\Microsoft\Windows\Cookies\V1P2XYXZ.txt [ /usatoday1.112.2o7.net ]
C:\Users\PEP\AppData\Roaming\Microsoft\Windows\Cookies\B0E2CCLI.txt [ /media-mgmt.armorgames.com ]
C:\Users\PEP\AppData\Roaming\Microsoft\Windows\Cookies\5LCKWSCR.txt [ /cracked.com ]
C:\Users\PEP\AppData\Roaming\Microsoft\Windows\Cookies\MZP01QYR.txt [ /media2.legacy.com ]
C:\Users\PEP\AppData\Roaming\Microsoft\Windows\Cookies\RU39F71V.txt [ /rambler.ru ]
C:\Users\PEP\AppData\Roaming\Microsoft\Windows\Cookies\GZU3ML3G.txt [ /media6degrees.com ]
C:\Users\PEP\AppData\Roaming\Microsoft\Windows\Cookies\2LWUEYD5.txt [ /trafficmp.com ]
C:\Users\PEP\AppData\Roaming\Microsoft\Windows\Cookies\9040A4IC.txt [ /yadro.ru ]
C:\Users\PEP\AppData\Roaming\Microsoft\Windows\Cookies\TVM4JXKG.txt [ /www.googleadservices.com ]
C:\Users\PEP\AppData\Roaming\Microsoft\Windows\Cookies\2T5W3SWZ.txt [ /www.cracked.com ]
C:\Users\PEP\AppData\Roaming\Microsoft\Windows\Cookies\TB3CS485.txt [ /lucidmedia.com ]
C:\Users\PEP\AppData\Roaming\Microsoft\Windows\Cookies\P8XLWNDS.txt [ /accounts.google.com ]
C:\Users\PEP\AppData\Roaming\Microsoft\Windows\Cookies\4Q4YBQQK.txt [ /ad.yieldmanager.com ]
C:\Users\PEP\AppData\Roaming\Microsoft\Windows\Cookies\15C11BCC.txt [ /trinitymirror.112.2o7.net ]
C:\Users\PEP\AppData\Roaming\Microsoft\Windows\Cookies\LN7MVD49.txt [ /imrworldwide.com ]
C:\Users\PEP\AppData\Roaming\Microsoft\Windows\Cookies\F4YNIZCX.txt [ /revsci.net ]
C:\Users\PEP\AppData\Roaming\Microsoft\Windows\Cookies\HNAMVWYQ.txt [ /stats.paypal.com ]
C:\Users\PEP\AppData\Roaming\Microsoft\Windows\Cookies\HCIX4ZRS.txt [ /www.googleadservices.com ]
C:\Users\PEP\AppData\Roaming\Microsoft\Windows\Cookies\UGD1XFVV.txt [ /interclick.com ]
C:\Users\PEP\AppData\Roaming\Microsoft\Windows\Cookies\IXRMB8DZ.txt [ /clickfuse.com ]
C:\Users\PEP\AppData\Roaming\Microsoft\Windows\Cookies\RMAXXZ88.txt [ /serving-sys.com ]
C:\Users\PEP\AppData\Roaming\Microsoft\Windows\Cookies\4BVSVZ73.txt [ /marinetraffic.com ]
C:\Users\PEP\AppData\Roaming\Microsoft\Windows\Cookies\9025VHM9.txt [ /ads.undertone.com ]
C:\Users\PEP\AppData\Roaming\Microsoft\Windows\Cookies\Z0RZ29S8.txt [ /amazon-adsystem.com ]
C:\Users\PEP\AppData\Roaming\Microsoft\Windows\Cookies\93FT2TID.txt [ /ping.indieclicktv.com ]
C:\Users\PEP\AppData\Roaming\Microsoft\Windows\Cookies\FVXEZUPK.txt [ /at.atwola.com ]
C:\USERS\PEP\Cookies\IN432KVA.txt [ Cookie[email protected]/ ]
C:\USERS\PEP\Cookies\OCNIKOO4.txt [ Cookie[email protected]/ ]
C:\USERS\PEP\Cookies\Z18NLUH4.txt [ Cookie[email protected]/ ]
C:\USERS\PEP\Cookies\Z5U51OGY.txt [ Cookie[email protected]/ ]
C:\USERS\PEP\Cookies\HU4HGPGV.txt [ Cookie[email protected]/ ]
C:\USERS\PEP\Cookies\9PTGOCAW.txt [ Cookie[email protected]/ ]
C:\USERS\PEP\Cookies\WT7ZAF30.txt [ Cookie[email protected]/ ]
C:\USERS\PEP\Cookies\CZ7OEN7N.txt [ Cookie[email protected]/ ]
C:\USERS\PEP\Cookies\BMCBZY0K.txt [ Cookie[email protected]/ ]
C:\USERS\PEP\Cookies\JU62P3FC.txt [ Cookie[email protected]/ ]
C:\USERS\PEP\Cookies\NS5P4T5C.txt [ Cookie[email protected]/ ]
C:\USERS\PEP\Cookies\KP9WDDSE.txt [ Cookie[email protected]/hc/24327209 ]
C:\USERS\PEP\Cookies\VSIDNYWZ.txt [ Cookie[email protected]/ ]
C:\USERS\PEP\Cookies\OC63C9FK.txt [ Cookie[email protected]/ ]
C:\USERS\PEP\Cookies\5LCKWSCR.txt [ Cookie[email protected]/ ]
C:\USERS\PEP\Cookies\MZP01QYR.txt [ Cookie[email protected]/ ]
C:\USERS\PEP\Cookies\RU39F71V.txt [ Cookie[email protected]/ ]
C:\USERS\PEP\Cookies\9040A4IC.txt [ Cookie[email protected]/ ]
C:\USERS\PEP\Cookies\TVM4JXKG.txt [ Cookie[email protected]/pagead/conversion/959842016/ ]
C:\USERS\PEP\Cookies\TB3CS485.txt [ Cookie[email protected]/ ]
C:\USERS\PEP\Cookies\4Q4YBQQK.txt [ Cookie[email protected]/ ]
C:\USERS\PEP\Cookies\15C11BCC.txt [ Cookie[email protected]/ ]
C:\USERS\PEP\Cookies\LN7MVD49.txt [ Cookie[email protected]/cgi-bin ]
C:\USERS\PEP\Cookies\F4YNIZCX.txt [ Cookie[email protected]/ ]
C:\USERS\PEP\Cookies\HNAMVWYQ.txt [ Cookie[email protected]/ ]
C:\USERS\PEP\Cookies\IXRMB8DZ.txt [ Cookie[email protected]/ ]
C:\USERS\PEP\Cookies\4BVSVZ73.txt [ Cookie[email protected]/ ]
C:\USERS\PEP\Cookies\Z0RZ29S8.txt [ Cookie[email protected]/ ]
C:\USERS\PEP\Cookies\93FT2TID.txt [ Cookie[email protected]/ ]
C:\USERS\PEP\Cookies\FVXEZUPK.txt [ Cookie[email protected]/ ]
cdn1.static.pornhub.phncdn.com [ C:\USERS\PEP\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\SP5WJ356 ]
convoad.technoratimedia.net [ C:\USERS\PEP\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\SP5WJ356 ]
ia.media-imdb.com [ C:\USERS\PEP\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\SP5WJ356 ]
ictv-5sec-ec.indieclicktv.com [ C:\USERS\PEP\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\SP5WJ356 ]
media.mtvnservices.com [ C:\USERS\PEP\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\SP5WJ356 ]
msnbcmedia.msn.com [ C:\USERS\PEP\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\SP5WJ356 ]
secure-us.imrworldwide.com [ C:\USERS\PEP\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\SP5WJ356 ]
staticedge.hardsextube.com [ C:\USERS\PEP\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\SP5WJ356 ]
.trafficexchangelist.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
.cdn.trafficexchangelist.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
c3576.rsadvert.ru [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
c3576.rsadvert.ru [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
statse.webtrendslive.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
accounts.youtube.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
.dmtracker.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
in.getclicky.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
.clickbank.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
.adserver.adtechus.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
.clickbank.net [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
.clickbank.net [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
c4105.rsadvert.ru [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
c4105.rsadvert.ru [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
.eaeacom.112.2o7.net [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
.amazon-adsystem.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
.amazon-adsystem.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
content.clickbank.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
.lucidmedia.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
.clickbank.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
.clickbank.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
.adhitz.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
.adhitz.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
content.clickbank.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
www.clickbank.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
.adhitz.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
.clickbank.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
.adhitz.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
.adhitz.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
.adhitz.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
.adhitz.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
.clickbank.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
.stats.paypal.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
c3364.rsadvert.ru [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
c3364.rsadvert.ru [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
.hentaitoplist.org [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
.yadro.ru [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
.histats.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
.histats.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
.solvemedia.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
.solvemedia.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
.questionmarket.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
.questionmarket.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
c5205.rsadvert.ru [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
c5205.rsadvert.ru [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
.userporn.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
.hentaicounter.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
www.findtubes.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
.findtubes.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
.findtubes.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
.findtubes.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
.hardsextube.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
www.hardsextube.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
.hardsextube.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
dev.hardsextube.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
.hardsextube.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
.hardsextube.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
.hardsextube.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
.hardsextube.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
.hardsextube.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
.hardsextube.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
.hardsextube.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
.hardsextube.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
.hardsextube.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
.hardsextube.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
.hardsextube.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
www.hardsextube.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
.stats.complex.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
.stats.complex.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
.stats.complex.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
.c.atdmt.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
.c.atdmt.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
www.warez-bb.org [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
.warez-bb.org [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
.warez-bb.org [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
.warez-bb.org [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
.cracked.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
.cracked.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
.www.cracked.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
.cracked.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
.cracked.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
.www.cracked.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
www.cracked.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
.cracked.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
.cracked.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
.cracked.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
.cracked.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
.getclicky.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
.static.getclicky.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
.w3counter.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
.cracked.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
.cracked.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
.cracked.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
www.cracked.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
.cracked.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
.cracked.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
.www.cracked.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
www.cracked.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
www.cracked.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
www.cracked.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
accounts.google.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
accounts.google.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOKIES.SQLITE ]
cdn.tremormedia.com [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\538BLXT4 ]
objects.tremormedia.com [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\538BLXT4 ]

Browser Hijacker.Deskbar
(x64) HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}

Riskware.HideWindows
P:\PROGRAM FILES (X86)\LUCASARTS\STAR WARS JEDI KNIGHT JEDI ACADEMY\DEMO\CMDS\CMDOW.EXE

Trojan.Agent/Gen-FakeAlert[Local]
P:\PROGRAM FILES (X86)\LUCASARTS\STAR WARS JEDI KNIGHT JEDI ACADEMY\GAMEDATA\TOOLS\CARCASS.EXE
P:\PROGRAM FILES (X86)\LUCASARTS\STAR WARS JEDI KNIGHT JEDI ACADEMY\GAMEDATA\TOOLS\MD3VIEW.EXE

Trojan.Agent/Gen-Krpytik
C:\TASM\TASM\BIN\SVGA32.DLL
C:\TASM\TASM\BIN\TDKBD32.DLL

HIJACK THIS LOG
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:58:08 AM, on 5/29/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\a folder\Files\DOWNLOADS\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://toolbar.inbox.com/help/sa_customize.aspx?tbid=80115
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\a folder\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: IMinent WebBooster - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Microsoft Web Test Recorder 10.0 Helper - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\a folder\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"
O4 - HKLM\..\Run: [Aimersoft Helper Compact.exe] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
O4 - HKLM\..\Run: [Iminent] C:\Program Files (x86)\Iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C"
O4 - HKLM\..\Run: [IminentMessenger] C:\Program Files (x86)\Iminent\Iminent.Messengers.exe /startup
O4 - HKLM\..\Run: [NI Background Service] C:\a folder\Program Files (x86)\National Instruments\Shared\Update Service\BackgroundService.exe
O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\a folder\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Adflybot] C:\Eliteclicks\Adflybot
O4 - HKCU\..\Run: [ghost] C:\temp\ghost
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\a folder\Program Files\SuperAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Default user')
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\AFOLDE~1\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\AFOLDE~1\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\AFOLDE~1\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\a folder\Program Files (x86)\AIM\aim.exe
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://www.facebook.com
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\a folder\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\a folder\Program Files\SuperAntiSpyware\SASCORE64.EXE
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\Windows\SysWOW64\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments Corporation - C:\Windows\SysWOW64\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments Corporation - C:\Windows\SysWOW64\lktsrv.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\a folder\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments Corporation - C:\a folder\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corporation - C:\Windows\SysWOW64\nisvcloc.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\a folder\Program Files\OO Software\Defrag\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11627 bytes


----------



## eddie5659 (Mar 19, 2001)

In MBAM, the following are shown as not removed. Have they been, or still on the computer:



> C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\microsoft.visual.studio.2010.patch.exe (PUP.Hacktool.Patcher) -> No action taken.
> C:\Users\PEP\AppData\Local\TempDIR\BetterInstaller.exe (PUP.BundleInstaller.Somoto) -> No action taken.
> C:\Users\PEP\Downloads\aimersoft.dvd.creator.2.6.3.19_2b\Reg\patch\aimersof t.dvd.creator.2.6.3.19-patch.exe (PUP.Hacktool.Patcher) -> No action taken.
> C:\Users\PEP\Local Settings\TempDIR\BetterInstaller.exe (PUP.BundleInstaller.Somoto) -> No action taken.


-------------

Can you run the following tools, and copy/paste the logs that they produce here. If its over a few posts, that's fine 

Download the latest version of TDSSKiller from *here* and save it to your Desktop.


Doubleclick on *TDSSKiller.exe* to run the application, then click on *Change parameters*.










Check the boxes beside *Verify Driver Digital Signature and Detect TDLFS* file system, then click OK.










Click the *Start Scan* button.










If a suspicious object is detected, the default action will be *Skip*, click on *Continue*.










If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure *Cure* is selected, then click *Continue* => *Reboot now* to finish the cleaning process.










Note: *If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.*

A report will be created in your root directory, (usually C:\ folder) in the form of *"TDSSKiller.[Version]_[Date]_[Time]_log.txt"*. Please copy and paste its contents on your next reply

--------------------------

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan 









On completion of the scan click save log, save it to your desktop and post in your next reply 









-------------------------

*Delete any copies of Combofix that you have.*

Download ComboFix from one of these locations:

*Link 1*
*Link 2*

** IMPORTANT !!! As you download it rename it to username123.exe and save it to your Desktop *


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

Click on *this link* to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
*Remember to re-enable the protection again afterwards before connecting to the Internet.*

Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.








Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:










Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the *C:\ComboFix.txt* in your next reply.

eddie


----------



## PEP (Mar 1, 2006)

I manually deleted the files that you mentioned.

Here are the logs: 
TDSKILLER:

07:21:52.0040 1400	TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
07:21:52.0330 1400	============================================================
07:21:52.0330 1400	Current date / time: 2012/06/03 07:21:52.0330
07:21:52.0330 1400	SystemInfo:
07:21:52.0330 1400	
07:21:52.0330 1400	OS Version: 6.1.7601 ServicePack: 1.0
07:21:52.0330 1400	Product type: Workstation
07:21:52.0330 1400	ComputerName: PEPBOBA
07:21:52.0330 1400	UserName: PEP
07:21:52.0330 1400	Windows directory: C:\Windows
07:21:52.0330 1400	System windows directory: C:\Windows
07:21:52.0330 1400	Running under WOW64
07:21:52.0330 1400	Processor architecture: Intel x64
07:21:52.0330 1400	Number of processors: 4
07:21:52.0330 1400	Page size: 0x1000
07:21:52.0330 1400	Boot type: Normal boot
07:21:52.0330 1400	============================================================
07:21:53.0830 1400	Drive \Device\Harddisk0\DR0 - Size: 0x7470AFDE00 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
07:21:53.0840 1400	============================================================
07:21:53.0840 1400	\Device\Harddisk0\DR0:
07:21:53.0840 1400	MBR partitions:
07:21:53.0840 1400	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x24414000
07:21:53.0840 1400	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x24414800, BlocksNum 0x15F6F800
07:21:53.0840 1400	============================================================
07:21:53.0880 1400	C: <-> \Device\Harddisk0\DR0\Partition0
07:21:53.0920 1400	P: <-> \Device\Harddisk0\DR0\Partition1
07:21:53.0920 1400	============================================================
07:21:53.0920 1400	Initialize success
07:21:53.0920 1400	============================================================
07:25:36.0306 4584	============================================================
07:25:36.0306 4584	Scan started
07:25:36.0306 4584	Mode: Manual; SigCheck; TDLFS; 
07:25:36.0306 4584	============================================================
07:25:37.0446 4584	!SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\a folder\Program Files\SuperAntiSpyware\SASCORE64.EXE
07:25:37.0506 4584	!SASCORE - ok
07:25:37.0706 4584	1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
07:25:37.0746 4584	1394ohci - ok
07:25:37.0816 4584	ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
07:25:37.0826 4584	ACPI - ok
07:25:37.0846 4584	AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
07:25:37.0916 4584	AcpiPmi - ok
07:25:37.0976 4584	adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
07:25:37.0996 4584	adp94xx - ok
07:25:38.0026 4584	adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
07:25:38.0046 4584	adpahci - ok
07:25:38.0076 4584	adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
07:25:38.0086 4584	adpu320 - ok
07:25:38.0116 4584	AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
07:25:38.0416 4584	AeLookupSvc - ok
07:25:38.0466 4584	AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
07:25:38.0536 4584	AFD - ok
07:25:38.0566 4584	agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
07:25:38.0576 4584	agp440 - ok
07:25:38.0656 4584	ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
07:25:38.0696 4584	ALG - ok
07:25:38.0746 4584	aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
07:25:38.0756 4584	aliide - ok
07:25:38.0806 4584	AMD External Events Utility (20c8a3e435a47f0408a1ea674afa6194) C:\Windows\system32\atiesrxx.exe
07:25:38.0836 4584	AMD External Events Utility - ok
07:25:38.0846 4584	amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
07:25:38.0866 4584	amdide - ok
07:25:38.0906 4584	AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
07:25:38.0956 4584	AmdK8 - ok
07:25:39.0506 4584	amdkmdag (0b45c18b0f3ee996d25baa4e74884b83) C:\Windows\system32\DRIVERS\atikmdag.sys
07:25:39.0786 4584	amdkmdag - ok
07:25:39.0936 4584	amdkmdap (0e57258e5cc4cc7a9a9a877afdf0cec6) C:\Windows\system32\DRIVERS\atikmpag.sys
07:25:39.0996 4584	amdkmdap - ok
07:25:40.0016 4584	AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
07:25:40.0056 4584	AmdPPM - ok
07:25:40.0086 4584	amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
07:25:40.0106 4584	amdsata - ok
07:25:40.0126 4584	amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
07:25:40.0146 4584	amdsbs - ok
07:25:40.0156 4584	amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
07:25:40.0166 4584	amdxata - ok
07:25:40.0226 4584	AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
07:25:40.0266 4584	AppID - ok
07:25:40.0286 4584	AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
07:25:40.0336 4584	AppIDSvc - ok
07:25:40.0396 4584	Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
07:25:40.0436 4584	Appinfo - ok
07:25:40.0486 4584	AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
07:25:40.0516 4584	AppMgmt - ok
07:25:40.0536 4584	arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
07:25:40.0556 4584	arc - ok
07:25:40.0576 4584	arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
07:25:40.0586 4584	arcsas - ok
07:25:40.0776 4584	aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
07:25:40.0786 4584	aspnet_state - ok
07:25:40.0816 4584	AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
07:25:40.0876 4584	AsyncMac - ok
07:25:40.0906 4584	atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
07:25:40.0916 4584	atapi - ok
07:25:40.0956 4584	AtiHDAudioService (24464b908e143d2561e9e452fee97309) C:\Windows\system32\drivers\AtihdW76.sys
07:25:40.0986 4584	AtiHDAudioService - ok
07:25:41.0016 4584	AtiHdmiService (2d648572ba9a610952fcafba1e119c2d) C:\Windows\system32\drivers\AtiHdmi.sys
07:25:41.0026 4584	AtiHdmiService - ok
07:25:41.0556 4584	atikmdag (0b45c18b0f3ee996d25baa4e74884b83) C:\Windows\system32\DRIVERS\atikmdag.sys
07:25:41.0676 4584	atikmdag - ok
07:25:41.0816 4584	atksgt (64f07381335e37c142f6d176705ffca6) C:\Windows\system32\DRIVERS\atksgt.sys
07:25:41.0826 4584	atksgt - ok
07:25:41.0906 4584	AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
07:25:41.0956 4584	AudioEndpointBuilder - ok
07:25:41.0966 4584	AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
07:25:41.0996 4584	AudioSrv - ok
07:25:42.0096 4584	AVP (2718dc27571bd1e37813f5759d2dc118) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
07:25:42.0106 4584	AVP - ok
07:25:42.0146 4584	AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
07:25:42.0196 4584	AxInstSV - ok
07:25:42.0246 4584	b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
07:25:42.0276 4584	b06bdrv - ok
07:25:42.0316 4584	b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
07:25:42.0346 4584	b57nd60a - ok
07:25:42.0386 4584	BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
07:25:42.0426 4584	BDESVC - ok
07:25:42.0436 4584	Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
07:25:42.0486 4584	Beep - ok
07:25:42.0576 4584	BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
07:25:42.0696 4584	BFE - ok
07:25:42.0766 4584	BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
07:25:42.0826 4584	BITS - ok
07:25:42.0866 4584	blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
07:25:42.0896 4584	blbdrive - ok
07:25:42.0926 4584	bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
07:25:42.0956 4584	bowser - ok
07:25:42.0976 4584	BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
07:25:43.0036 4584	BrFiltLo - ok
07:25:43.0046 4584	BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
07:25:43.0066 4584	BrFiltUp - ok
07:25:43.0116 4584	Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
07:25:43.0186 4584	Browser - ok
07:25:43.0206 4584	Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
07:25:43.0246 4584	Brserid - ok
07:25:43.0256 4584	BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
07:25:43.0276 4584	BrSerWdm - ok
07:25:43.0296 4584	BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
07:25:43.0326 4584	BrUsbMdm - ok
07:25:43.0336 4584	BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
07:25:43.0366 4584	BrUsbSer - ok
07:25:43.0396 4584	BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
07:25:43.0426 4584	BTHMODEM - ok
07:25:43.0466 4584	bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
07:25:43.0516 4584	bthserv - ok
07:25:43.0536 4584	cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
07:25:43.0576 4584	cdfs - ok
07:25:43.0686 4584	cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
07:25:43.0706 4584	cdrom - ok
07:25:43.0746 4584	CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
07:25:43.0806 4584	CertPropSvc - ok
07:25:43.0816 4584	circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
07:25:43.0836 4584	circlass - ok
07:25:43.0876 4584	CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
07:25:43.0896 4584	CLFS - ok
07:25:43.0946 4584	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
07:25:43.0966 4584	clr_optimization_v2.0.50727_32 - ok
07:25:44.0006 4584	clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
07:25:44.0016 4584	clr_optimization_v2.0.50727_64 - ok
07:25:44.0096 4584	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
07:25:44.0106 4584	clr_optimization_v4.0.30319_32 - ok
07:25:44.0136 4584	clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
07:25:44.0146 4584	clr_optimization_v4.0.30319_64 - ok
07:25:44.0166 4584	CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
07:25:44.0186 4584	CmBatt - ok
07:25:44.0216 4584	cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
07:25:44.0226 4584	cmdide - ok
07:25:44.0286 4584	CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
07:25:44.0316 4584	CNG - ok
07:25:44.0326 4584	Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
07:25:44.0336 4584	Compbatt - ok
07:25:44.0366 4584	CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
07:25:44.0386 4584	CompositeBus - ok
07:25:44.0406 4584	COMSysApp - ok
07:25:44.0426 4584	crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
07:25:44.0436 4584	crcdisk - ok
07:25:44.0476 4584	CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
07:25:44.0526 4584	CryptSvc - ok
07:25:44.0646 4584	CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
07:25:44.0706 4584	CSC - ok
07:25:44.0766 4584	CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
07:25:44.0806 4584	CscService - ok
07:25:44.0896 4584	CSHelper (aefb8558199bd5212b268b09bfa1d71a) C:\Windows\SysWOW64\CSHelper.exe
07:25:44.0916 4584	CSHelper ( UnsignedFile.Multi.Generic ) - warning
07:25:44.0916 4584	CSHelper - detected UnsignedFile.Multi.Generic (1)
07:25:45.0016 4584	DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
07:25:45.0056 4584	DcomLaunch - ok
07:25:45.0096 4584	defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
07:25:45.0146 4584	defragsvc - ok
07:25:45.0206 4584	DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
07:25:45.0256 4584	DfsC - ok
07:25:45.0326 4584	Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
07:25:45.0376 4584	Dhcp - ok
07:25:45.0416 4584	discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
07:25:45.0456 4584	discache - ok
07:25:45.0486 4584	Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
07:25:45.0506 4584	Disk - ok
07:25:45.0546 4584	Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
07:25:45.0596 4584	Dnscache - ok
07:25:45.0696 4584	dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
07:25:45.0746 4584	dot3svc - ok
07:25:45.0796 4584	DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
07:25:45.0846 4584	DPS - ok
07:25:45.0876 4584	drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
07:25:45.0906 4584	drmkaud - ok
07:25:45.0996 4584	DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
07:25:46.0026 4584	DXGKrnl - ok
07:25:46.0056 4584	EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
07:25:46.0096 4584	EapHost - ok
07:25:46.0286 4584	ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
07:25:46.0366 4584	ebdrv - ok
07:25:46.0456 4584	EFS (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\System32\lsass.exe
07:25:46.0466 4584	EFS - ok
07:25:46.0556 4584	ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
07:25:46.0586 4584	ehRecvr - ok
07:25:46.0666 4584	ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
07:25:46.0676 4584	ehSched - ok
07:25:46.0746 4584	elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
07:25:46.0766 4584	elxstor - ok
07:25:46.0796 4584	ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
07:25:46.0846 4584	ErrDev - ok
07:25:46.0896 4584	EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
07:25:46.0946 4584	EventSystem - ok
07:25:46.0966 4584	exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
07:25:47.0026 4584	exfat - ok
07:25:47.0036 4584	fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
07:25:47.0096 4584	fastfat - ok
07:25:47.0166 4584	Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
07:25:47.0216 4584	Fax - ok
07:25:47.0226 4584	fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
07:25:47.0256 4584	fdc - ok
07:25:47.0256 4584	fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
07:25:47.0296 4584	fdPHost - ok
07:25:47.0306 4584	FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
07:25:47.0356 4584	FDResPub - ok
07:25:47.0366 4584	FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
07:25:47.0376 4584	FileInfo - ok
07:25:47.0386 4584	Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
07:25:47.0436 4584	Filetrace - ok
07:25:47.0456 4584	flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
07:25:47.0466 4584	flpydisk - ok
07:25:47.0516 4584	FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
07:25:47.0536 4584	FltMgr - ok
07:25:47.0686 4584	FontCache (b4447f606bb19fd8ad0bafb59b90f5d9) C:\Windows\system32\FntCache.dll
07:25:47.0746 4584	FontCache - ok
07:25:47.0826 4584	FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
07:25:47.0836 4584	FontCache3.0.0.0 - ok
07:25:47.0886 4584	FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
07:25:47.0896 4584	FsDepends - ok
07:25:47.0906 4584	Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
07:25:47.0926 4584	Fs_Rec - ok
07:25:47.0986 4584	fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
07:25:48.0006 4584	fvevol - ok
07:25:48.0026 4584	gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
07:25:48.0046 4584	gagp30kx - ok
07:25:48.0066 4584	gdrv (f51fb25e1328fa14f446a8b24ac52709) C:\Windows\gdrv.sys
07:25:48.0076 4584	gdrv - ok
07:25:48.0116 4584	GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
07:25:48.0126 4584	GEARAspiWDM - ok
07:25:48.0166 4584	gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
07:25:48.0216 4584	gpsvc - ok
07:25:48.0306 4584	gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
07:25:48.0316 4584	gupdate - ok
07:25:48.0326 4584	gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
07:25:48.0336 4584	gupdatem - ok
07:25:48.0356 4584	hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
07:25:48.0376 4584	hcw85cir - ok
07:25:48.0696 4584	HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
07:25:48.0736 4584	HdAudAddService - ok
07:25:48.0786 4584	HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
07:25:48.0816 4584	HDAudBus - ok
07:25:48.0826 4584	HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
07:25:48.0866 4584	HidBatt - ok
07:25:48.0886 4584	HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
07:25:48.0916 4584	HidBth - ok
07:25:48.0946 4584	HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
07:25:48.0986 4584	HidIr - ok
07:25:49.0026 4584	hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
07:25:49.0066 4584	hidserv - ok
07:25:49.0106 4584	HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
07:25:49.0126 4584	HidUsb - ok
07:25:49.0156 4584	hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
07:25:49.0226 4584	hkmsvc - ok
07:25:49.0266 4584	HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
07:25:49.0296 4584	HomeGroupListener - ok
07:25:49.0336 4584	HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
07:25:49.0366 4584	HomeGroupProvider - ok
07:25:49.0406 4584	HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
07:25:49.0416 4584	HpSAMD - ok
07:25:49.0496 4584	HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
07:25:49.0556 4584	HTTP - ok
07:25:49.0616 4584	hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
07:25:49.0636 4584	hwpolicy - ok
07:25:49.0686 4584	i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
07:25:49.0696 4584	i8042prt - ok
07:25:49.0726 4584	iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
07:25:49.0746 4584	iaStorV - ok
07:25:49.0856 4584	IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
07:25:49.0866 4584	IDriverT ( UnsignedFile.Multi.Generic ) - warning
07:25:49.0866 4584	IDriverT - detected UnsignedFile.Multi.Generic (1)
07:25:49.0956 4584	idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
07:25:49.0986 4584	idsvc - ok
07:25:50.0076 4584	iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
07:25:50.0086 4584	iirsp - ok
07:25:50.0166 4584	IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
07:25:50.0216 4584	IKEEXT - ok
07:25:50.0346 4584	IntcAzAudAddService (b1cf774c00a5d466277fe0b45439c643) C:\Windows\system32\drivers\RTKVHD64.sys
07:25:50.0396 4584	IntcAzAudAddService - ok
07:25:50.0486 4584	intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
07:25:50.0496 4584	intelide - ok
07:25:50.0516 4584	intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
07:25:50.0536 4584	intelppm - ok
07:25:50.0566 4584	IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
07:25:50.0606 4584	IPBusEnum - ok
07:25:50.0686 4584	IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
07:25:50.0736 4584	IpFilterDriver - ok
07:25:50.0796 4584	iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
07:25:50.0856 4584	iphlpsvc - ok
07:25:50.0886 4584	IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
07:25:50.0916 4584	IPMIDRV - ok
07:25:50.0946 4584	IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
07:25:50.0996 4584	IPNAT - ok
07:25:51.0076 4584	iPod Service (dc115bd67a913f71a77c7c72c1e64c0a) C:\Program Files\iPod\bin\iPodService.exe
07:25:51.0106 4584	iPod Service - ok
07:25:51.0126 4584	IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
07:25:51.0146 4584	IRENUM - ok
07:25:51.0176 4584	isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
07:25:51.0196 4584	isapnp - ok
07:25:51.0236 4584	iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
07:25:51.0256 4584	iScsiPrt - ok
07:25:51.0276 4584	kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
07:25:51.0286 4584	kbdclass - ok
07:25:51.0326 4584	kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
07:25:51.0346 4584	kbdhid - ok
07:25:51.0376 4584	KeyIso (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
07:25:51.0396 4584	KeyIso - ok
07:25:51.0456 4584	KL1 (e656fe10d6d27794afa08136685a69e8) C:\Windows\system32\DRIVERS\kl1.sys
07:25:51.0476 4584	KL1 - ok
07:25:51.0496 4584	kl2 (d865dd8b0448e3f963d68c04c532858f) C:\Windows\system32\DRIVERS\kl2.sys
07:25:51.0506 4584	kl2 - ok
07:25:51.0566 4584	KLIF (c7d4f357c482dd37e2b05f34093b7b0c) C:\Windows\system32\DRIVERS\klif.sys
07:25:51.0586 4584	KLIF - ok
07:25:51.0646 4584	KLIM6 (89fb5a33d7171b6d84f5eb721d5055e1) C:\Windows\system32\DRIVERS\klim6.sys
07:25:51.0656 4584	KLIM6 - ok
07:25:51.0666 4584	klmouflt (9468d07e91ba136d82415f5dfc1fe168) C:\Windows\system32\DRIVERS\klmouflt.sys
07:25:51.0676 4584	klmouflt - ok
07:25:51.0716 4584	KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
07:25:51.0726 4584	KSecDD - ok
07:25:51.0776 4584	KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
07:25:51.0786 4584	KSecPkg - ok
07:25:51.0816 4584	ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
07:25:51.0856 4584	ksthunk - ok
07:25:51.0886 4584	KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
07:25:51.0946 4584	KtmRm - ok
07:25:52.0006 4584	LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
07:25:52.0046 4584	LanmanServer - ok
07:25:52.0096 4584	LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
07:25:52.0146 4584	LanmanWorkstation - ok
07:25:52.0186 4584	lirsgt (83ba097acaad0b00505634a62d90f93a) C:\Windows\system32\DRIVERS\lirsgt.sys
07:25:52.0196 4584	lirsgt - ok
07:25:52.0316 4584	LkCitadelServer (20cdb07017497c94a0bad253c4bafcbc) C:\Windows\SysWOW64\lkcitdl.exe
07:25:52.0346 4584	LkCitadelServer - ok
07:25:52.0366 4584	lkClassAds (c373079f8d6a3543faadb96c874cf06b) C:\Windows\SysWOW64\lkads.exe
07:25:52.0376 4584	lkClassAds - ok
07:25:52.0386 4584	lkTimeSync (ed1c2f1b9b7dedee5c6287211ac4422e) C:\Windows\SysWOW64\lktsrv.exe
07:25:52.0396 4584	lkTimeSync - ok
07:25:52.0496 4584	lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
07:25:52.0546 4584	lltdio - ok
07:25:52.0576 4584	lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
07:25:52.0686 4584	lltdsvc - ok
07:25:52.0696 4584	lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
07:25:52.0726 4584	lmhosts - ok
07:25:52.0756 4584	lmimirr (413ecdcfad9a82804d3674c8d7eec24e) C:\Windows\system32\DRIVERS\lmimirr.sys
07:25:52.0776 4584	lmimirr - ok
07:25:52.0796 4584	LMIRfsDriver (c57d3faa50e6f395759ffb7c709bd944) C:\Windows\system32\drivers\LMIRfsDriver.sys
07:25:52.0806 4584	LMIRfsDriver - ok
07:25:52.0836 4584	LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
07:25:52.0846 4584	LSI_FC - ok
07:25:52.0866 4584	LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
07:25:52.0876 4584	LSI_SAS - ok
07:25:52.0896 4584	LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
07:25:52.0916 4584	LSI_SAS2 - ok
07:25:52.0926 4584	LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
07:25:52.0946 4584	LSI_SCSI - ok
07:25:52.0956 4584	luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
07:25:53.0006 4584	luafv - ok
07:25:53.0046 4584	MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
07:25:53.0066 4584	MBAMProtector - ok
07:25:53.0156 4584	MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\a folder\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
07:25:53.0166 4584	MBAMService - ok
07:25:53.0196 4584	mcdbus (dd7376c4154a4b65962c47f21850bdad) C:\Windows\system32\DRIVERS\mcdbus.sys
07:25:53.0216 4584	mcdbus - ok
07:25:53.0246 4584	Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
07:25:53.0266 4584	Mcx2Svc - ok
07:25:53.0286 4584	megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
07:25:53.0296 4584	megasas - ok
07:25:53.0326 4584	MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
07:25:53.0336 4584	MegaSR - ok
07:25:53.0406 4584	Microsoft Office Groove Audit Service (7c4c76b39d5525c4a465e0be32528e19) C:\a folder\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
07:25:53.0416 4584	Microsoft Office Groove Audit Service - ok
07:25:53.0446 4584	MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
07:25:53.0496 4584	MMCSS - ok
07:25:53.0516 4584	Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
07:25:53.0556 4584	Modem - ok
07:25:53.0576 4584	monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
07:25:53.0606 4584	monitor - ok
07:25:53.0716 4584	mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
07:25:53.0726 4584	mouclass - ok
07:25:53.0806 4584	mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
07:25:53.0886 4584	mouhid - ok
07:25:53.0946 4584	mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
07:25:53.0966 4584	mountmgr - ok
07:25:54.0026 4584	MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
07:25:54.0056 4584	MozillaMaintenance - ok
07:25:54.0086 4584	mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
07:25:54.0106 4584	mpio - ok
07:25:54.0126 4584	mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
07:25:54.0156 4584	mpsdrv - ok
07:25:54.0236 4584	MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
07:25:54.0296 4584	MpsSvc - ok
07:25:54.0336 4584	MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
07:25:54.0376 4584	MRxDAV - ok
07:25:54.0406 4584	mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
07:25:54.0446 4584	mrxsmb - ok
07:25:54.0476 4584	mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
07:25:54.0506 4584	mrxsmb10 - ok
07:25:54.0536 4584	mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
07:25:54.0556 4584	mrxsmb20 - ok
07:25:54.0656 4584	msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
07:25:54.0676 4584	msahci - ok
07:25:54.0696 4584	msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
07:25:54.0716 4584	msdsm - ok
07:25:54.0746 4584	MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
07:25:54.0776 4584	MSDTC - ok
07:25:54.0826 4584	Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
07:25:54.0866 4584	Msfs - ok
07:25:54.0876 4584	mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
07:25:54.0936 4584	mshidkmdf - ok
07:25:54.0956 4584	msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
07:25:54.0966 4584	msisadrv - ok
07:25:55.0016 4584	MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
07:25:55.0076 4584	MSiSCSI - ok
07:25:55.0076 4584	msiserver - ok
07:25:55.0096 4584	MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
07:25:55.0126 4584	MSKSSRV - ok
07:25:55.0136 4584	MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
07:25:55.0186 4584	MSPCLOCK - ok
07:25:55.0206 4584	MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
07:25:55.0246 4584	MSPQM - ok
07:25:55.0296 4584	MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
07:25:55.0316 4584	MsRPC - ok
07:25:55.0356 4584	mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
07:25:55.0366 4584	mssmbios - ok
07:25:55.0386 4584	MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
07:25:55.0436 4584	MSTEE - ok
07:25:55.0446 4584	MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
07:25:55.0476 4584	MTConfig - ok
07:25:55.0506 4584	Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
07:25:55.0516 4584	Mup - ok
07:25:55.0576 4584	napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
07:25:55.0726 4584	napagent - ok
07:25:55.0766 4584	NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
07:25:55.0796 4584	NativeWifiP - ok
07:25:55.0866 4584	NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
07:25:55.0886 4584	NDIS - ok
07:25:55.0906 4584	NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
07:25:55.0936 4584	NdisCap - ok
07:25:55.0956 4584	NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
07:25:55.0986 4584	NdisTapi - ok
07:25:56.0026 4584	Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
07:25:56.0066 4584	Ndisuio - ok
07:25:56.0106 4584	NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
07:25:56.0156 4584	NdisWan - ok
07:25:56.0196 4584	NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
07:25:56.0226 4584	NDProxy - ok
07:25:56.0236 4584	NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
07:25:56.0276 4584	NetBIOS - ok
07:25:56.0316 4584	NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
07:25:56.0356 4584	NetBT - ok
07:25:56.0376 4584	Netlogon (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
07:25:56.0396 4584	Netlogon - ok
07:25:56.0446 4584	Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
07:25:56.0496 4584	Netman - ok
07:25:56.0676 4584	NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
07:25:56.0696 4584	NetMsmqActivator - ok
07:25:56.0696 4584	NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
07:25:56.0706 4584	NetPipeActivator - ok
07:25:56.0746 4584	netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
07:25:56.0796 4584	netprofm - ok
07:25:56.0796 4584	NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
07:25:56.0806 4584	NetTcpActivator - ok
07:25:56.0816 4584	NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
07:25:56.0826 4584	NetTcpPortSharing - ok
07:25:56.0866 4584	nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
07:25:56.0886 4584	nfrd960 - ok
07:25:57.0016 4584	NIDomainService (a36307747e7bb2dc015f9fe4350a4a08) C:\a folder\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
07:25:57.0026 4584	NIDomainService - ok
07:25:57.0146 4584	NILM License Manager (b17093b9a2c5f874975c732c1a8ba771) C:\a folder\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe
07:25:57.0196 4584	NILM License Manager ( UnsignedFile.Multi.Generic ) - warning
07:25:57.0196 4584	NILM License Manager - detected UnsignedFile.Multi.Generic (1)
07:25:57.0256 4584	niSvcLoc - ok
07:25:57.0346 4584	NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
07:25:57.0396 4584	NlaSvc - ok
07:25:57.0436 4584	Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
07:25:57.0476 4584	Npfs - ok
07:25:57.0496 4584	nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
07:25:57.0546 4584	nsi - ok
07:25:57.0566 4584	nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
07:25:57.0616 4584	nsiproxy - ok
07:25:57.0756 4584	Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
07:25:57.0806 4584	Ntfs - ok
07:25:57.0866 4584	Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
07:25:57.0916 4584	Null - ok
07:25:57.0956 4584	nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
07:25:57.0966 4584	nvraid - ok
07:25:58.0006 4584	nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
07:25:58.0016 4584	nvstor - ok
07:25:58.0066 4584	nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
07:25:58.0086 4584	nv_agp - ok
07:25:58.0276 4584	O&O Defrag (6ff0f6c590e92ff1dc559b3b1b3b1b11) C:\a folder\Program Files\OO Software\Defrag\oodag.exe
07:25:58.0316 4584	O&O Defrag - ok
07:25:58.0396 4584	odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
07:25:58.0416 4584	odserv - ok
07:25:58.0536 4584	ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
07:25:58.0566 4584	ohci1394 - ok
07:25:58.0646 4584	ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
07:25:58.0666 4584	ose - ok
07:25:58.0706 4584	p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
07:25:58.0736 4584	p2pimsvc - ok
07:25:58.0756 4584	p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
07:25:58.0786 4584	p2psvc - ok
07:25:58.0816 4584	Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
07:25:58.0826 4584	Parport - ok
07:25:58.0866 4584	partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
07:25:58.0886 4584	partmgr - ok
07:25:58.0896 4584	PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
07:25:58.0936 4584	PcaSvc - ok
07:25:59.0006 4584	pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
07:25:59.0026 4584	pci - ok
07:25:59.0026 4584	pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
07:25:59.0046 4584	pciide - ok
07:25:59.0066 4584	pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
07:25:59.0076 4584	pcmcia - ok
07:25:59.0096 4584	pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
07:25:59.0106 4584	pcw - ok
07:25:59.0146 4584	PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
07:25:59.0206 4584	PEAUTH - ok
07:25:59.0286 4584	PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
07:25:59.0346 4584	PeerDistSvc - ok
07:25:59.0416 4584	PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
07:25:59.0436 4584	PerfHost - ok
07:25:59.0586 4584	pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
07:25:59.0726 4584	pla - ok
07:25:59.0776 4584	PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
07:25:59.0806 4584	PlugPlay - ok
07:25:59.0836 4584	PnkBstrA - ok
07:25:59.0856 4584	PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
07:25:59.0866 4584	PNRPAutoReg - ok
07:25:59.0896 4584	PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
07:25:59.0916 4584	PNRPsvc - ok
07:25:59.0946 4584	PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
07:25:59.0996 4584	PolicyAgent - ok
07:26:00.0026 4584	Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
07:26:00.0086 4584	Power - ok
07:26:00.0146 4584	PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
07:26:00.0196 4584	PptpMiniport - ok
07:26:00.0226 4584	Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
07:26:00.0256 4584	Processor - ok
07:26:00.0276 4584	ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
07:26:00.0326 4584	ProfSvc - ok
07:26:00.0356 4584	ProtectedStorage (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
07:26:00.0366 4584	ProtectedStorage - ok
07:26:00.0416 4584	Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
07:26:00.0446 4584	Psched - ok
07:26:00.0546 4584	ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
07:26:00.0596 4584	ql2300 - ok
07:26:00.0696 4584	ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
07:26:00.0716 4584	ql40xx - ok
07:26:00.0746 4584	QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
07:26:00.0766 4584	QWAVE - ok
07:26:00.0786 4584	QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
07:26:00.0806 4584	QWAVEdrv - ok
07:26:00.0826 4584	RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
07:26:00.0876 4584	RasAcd - ok
07:26:00.0906 4584	RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
07:26:00.0946 4584	RasAgileVpn - ok
07:26:00.0966 4584	RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
07:26:01.0016 4584	RasAuto - ok
07:26:01.0056 4584	Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
07:26:01.0106 4584	Rasl2tp - ok
07:26:01.0146 4584	RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
07:26:01.0196 4584	RasMan - ok
07:26:01.0216 4584	RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
07:26:01.0256 4584	RasPppoe - ok
07:26:01.0276 4584	RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
07:26:01.0326 4584	RasSstp - ok
07:26:01.0376 4584	rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
07:26:01.0416 4584	rdbss - ok
07:26:01.0456 4584	RDID1053 (d22bd2c64e750013d23f97a50d183758) C:\Windows\system32\Drivers\rdwm1053.sys
07:26:01.0466 4584	RDID1053 - ok
07:26:01.0486 4584	rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
07:26:01.0516 4584	rdpbus - ok
07:26:01.0516 4584	RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
07:26:01.0556 4584	RDPCDD - ok
07:26:01.0656 4584	RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
07:26:01.0676 4584	RDPDR - ok
07:26:01.0696 4584	RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
07:26:01.0746 4584	RDPENCDD - ok
07:26:01.0766 4584	RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
07:26:01.0796 4584	RDPREFMP - ok
07:26:01.0846 4584	RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
07:26:01.0876 4584	RdpVideoMiniport - ok
07:26:01.0936 4584	RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
07:26:01.0976 4584	RDPWD - ok
07:26:02.0026 4584	rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
07:26:02.0036 4584	rdyboost - ok
07:26:02.0066 4584	RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
07:26:02.0116 4584	RemoteAccess - ok
07:26:02.0146 4584	RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
07:26:02.0206 4584	RemoteRegistry - ok
07:26:02.0226 4584	RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
07:26:02.0276 4584	RpcEptMapper - ok
07:26:02.0296 4584	RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
07:26:02.0316 4584	RpcLocator - ok
07:26:02.0366 4584	RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
07:26:02.0406 4584	RpcSs - ok
07:26:02.0446 4584	rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
07:26:02.0486 4584	rspndr - ok
07:26:02.0526 4584	RTL8169 (faeeed5a8949e6ba611a7b738ad28cee) C:\Windows\system32\DRIVERS\Rtlh64.sys
07:26:02.0556 4584	RTL8169 - ok
07:26:02.0596 4584	s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
07:26:02.0656 4584	s3cap - ok
07:26:02.0686 4584	SamSs (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
07:26:02.0706 4584	SamSs - ok
07:26:02.0786 4584	SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\a folder\Program Files\SuperAntiSpyware\SASDIFSV64.SYS
07:26:02.0796 4584	SASDIFSV - ok
07:26:02.0806 4584	SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\a folder\Program Files\SuperAntiSpyware\SASKUTIL64.SYS
07:26:02.0816 4584	SASKUTIL - ok
07:26:02.0846 4584	sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
07:26:02.0856 4584	sbp2port - ok
07:26:02.0906 4584	SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
07:26:02.0966 4584	SCardSvr - ok
07:26:02.0996 4584	scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
07:26:03.0036 4584	scfilter - ok
07:26:03.0126 4584	Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
07:26:03.0176 4584	Schedule - ok
07:26:03.0216 4584	SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
07:26:03.0246 4584	SCPolicySvc - ok
07:26:03.0286 4584	SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
07:26:03.0316 4584	SDRSVC - ok
07:26:03.0386 4584	secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
07:26:03.0426 4584	secdrv - ok
07:26:03.0466 4584	seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
07:26:03.0496 4584	seclogon - ok
07:26:03.0516 4584	SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
07:26:03.0556 4584	SENS - ok
07:26:03.0576 4584	SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
07:26:03.0586 4584	SensrSvc - ok
07:26:03.0656 4584	Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
07:26:03.0676 4584	Serenum - ok
07:26:03.0686 4584	Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
07:26:03.0696 4584	Serial - ok
07:26:03.0736 4584	sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
07:26:03.0766 4584	sermouse - ok
07:26:03.0806 4584	SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
07:26:03.0866 4584	SessionEnv - ok
07:26:03.0896 4584	sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
07:26:03.0926 4584	sffdisk - ok
07:26:03.0946 4584	sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
07:26:03.0966 4584	sffp_mmc - ok
07:26:04.0016 4584	sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
07:26:04.0086 4584	sffp_sd - ok
07:26:04.0126 4584	sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
07:26:04.0136 4584	sfloppy - ok
07:26:04.0256 4584	SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
07:26:04.0316 4584	SharedAccess - ok
07:26:04.0356 4584	ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
07:26:04.0416 4584	ShellHWDetection - ok
07:26:04.0446 4584	SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
07:26:04.0456 4584	SiSRaid2 - ok
07:26:04.0466 4584	SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
07:26:04.0486 4584	SiSRaid4 - ok
07:26:04.0506 4584	Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
07:26:04.0556 4584	Smb - ok
07:26:04.0656 4584	SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
07:26:04.0686 4584	SNMPTRAP - ok
07:26:04.0756 4584	speedfan (5f9785e7535f8f602cb294a54962c9e7) C:\Windows\syswow64\speedfan.sys
07:26:04.0766 4584	speedfan - ok
07:26:04.0776 4584	spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
07:26:04.0786 4584	spldr - ok
07:26:04.0846 4584	Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
07:26:04.0886 4584	Spooler - ok
07:26:05.0076 4584	sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
07:26:05.0176 4584	sppsvc - ok
07:26:05.0256 4584	sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
07:26:05.0296 4584	sppuinotify - ok
07:26:05.0386 4584	sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
07:26:05.0386 4584	Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
07:26:05.0396 4584	sptd ( LockedFile.Multi.Generic ) - warning
07:26:05.0396 4584	sptd - detected LockedFile.Multi.Generic (1)
07:26:05.0436 4584	srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
07:26:05.0466 4584	srv - ok
07:26:05.0506 4584	srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
07:26:05.0546 4584	srv2 - ok
07:26:05.0566 4584	srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
07:26:05.0596 4584	srvnet - ok
07:26:05.0666 4584	SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
07:26:05.0726 4584	SSDPSRV - ok
07:26:05.0736 4584	SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
07:26:05.0776 4584	SstpSvc - ok
07:26:05.0816 4584	Steam Client Service - ok
07:26:05.0836 4584	stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
07:26:05.0846 4584	stexstor - ok
07:26:05.0916 4584	stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
07:26:05.0976 4584	stisvc - ok
07:26:06.0026 4584	storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
07:26:06.0036 4584	storflt - ok
07:26:06.0086 4584	storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
07:26:06.0096 4584	storvsc - ok
07:26:06.0126 4584	swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
07:26:06.0146 4584	swenum - ok
07:26:06.0176 4584	swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
07:26:06.0226 4584	swprv - ok
07:26:06.0246 4584	Synth3dVsc - ok
07:26:06.0356 4584	SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
07:26:06.0416 4584	SysMain - ok
07:26:06.0506 4584	TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
07:26:06.0546 4584	TabletInputService - ok
07:26:06.0586 4584	TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
07:26:06.0696 4584	TapiSrv - ok
07:26:06.0706 4584	TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
07:26:06.0746 4584	TBS - ok
07:26:06.0866 4584	Tcpip (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys
07:26:06.0916 4584	Tcpip - ok
07:26:07.0046 4584	TCPIP6 (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys
07:26:07.0086 4584	TCPIP6 - ok
07:26:07.0146 4584	tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
07:26:07.0196 4584	tcpipreg - ok
07:26:07.0226 4584	TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
07:26:07.0266 4584	TDPIPE - ok
07:26:07.0286 4584	TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
07:26:07.0326 4584	TDTCP - ok
07:26:07.0376 4584	tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
07:26:07.0416 4584	tdx - ok
07:26:07.0456 4584	TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
07:26:07.0466 4584	TermDD - ok
07:26:07.0536 4584	TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
07:26:07.0646 4584	TermService - ok
07:26:07.0676 4584	Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
07:26:07.0706 4584	Themes - ok
07:26:07.0726 4584	THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
07:26:07.0766 4584	THREADORDER - ok
07:26:07.0806 4584	TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
07:26:07.0866 4584	TrkWks - ok
07:26:07.0946 4584	TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
07:26:07.0986 4584	TrustedInstaller - ok
07:26:08.0026 4584	tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
07:26:08.0066 4584	tssecsrv - ok
07:26:08.0116 4584	TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
07:26:08.0126 4584	TsUsbFlt - ok
07:26:08.0136 4584	tsusbhub - ok
07:26:08.0196 4584	tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
07:26:08.0246 4584	tunnel - ok
07:26:08.0266 4584	uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
07:26:08.0286 4584	uagp35 - ok
07:26:08.0316 4584	udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
07:26:08.0376 4584	udfs - ok
07:26:08.0396 4584	UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
07:26:08.0416 4584	UI0Detect - ok
07:26:08.0456 4584	uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
07:26:08.0476 4584	uliagpkx - ok
07:26:08.0526 4584	umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
07:26:08.0546 4584	umbus - ok
07:26:08.0556 4584	UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
07:26:08.0586 4584	UmPass - ok
07:26:08.0686 4584	UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
07:26:08.0716 4584	UmRdpService - ok
07:26:08.0736 4584	upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
07:26:08.0786 4584	upnphost - ok
07:26:08.0816 4584	usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\drivers\usbccgp.sys
07:26:08.0836 4584	usbccgp - ok
07:26:08.0876 4584	usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
07:26:08.0896 4584	usbcir - ok
07:26:08.0936 4584	usbehci (74ee782b1d9c241efe425565854c661c) C:\Windows\system32\drivers\usbehci.sys
07:26:08.0946 4584	usbehci - ok
07:26:08.0996 4584	usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\drivers\usbhub.sys
07:26:09.0036 4584	usbhub - ok
07:26:09.0056 4584	usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
07:26:09.0066 4584	usbohci - ok
07:26:09.0096 4584	usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
07:26:09.0126 4584	usbprint - ok
07:26:09.0156 4584	usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
07:26:09.0176 4584	usbscan - ok
07:26:09.0206 4584	USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\DRIVERS\USBSTOR.SYS
07:26:09.0236 4584	USBSTOR - ok
07:26:09.0276 4584	usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys
07:26:09.0326 4584	usbuhci - ok
07:26:09.0436 4584	UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
07:26:09.0516 4584	UxSms - ok
07:26:09.0536 4584	VaultSvc (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
07:26:09.0546 4584	VaultSvc - ok
07:26:09.0646 4584	vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
07:26:09.0666 4584	vdrvroot - ok
07:26:09.0716 4584	vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
07:26:09.0766 4584	vds - ok
07:26:09.0776 4584	vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
07:26:09.0796 4584	vga - ok
07:26:09.0806 4584	VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
07:26:09.0856 4584	VgaSave - ok
07:26:09.0876 4584	VGPU - ok
07:26:09.0896 4584	vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
07:26:09.0916 4584	vhdmp - ok
07:26:09.0926 4584	viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
07:26:09.0936 4584	viaide - ok
07:26:09.0986 4584	vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
07:26:09.0996 4584	vmbus - ok
07:26:10.0036 4584	VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
07:26:10.0066 4584	VMBusHID - ok
07:26:10.0106 4584	volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
07:26:10.0116 4584	volmgr - ok
07:26:10.0166 4584	volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
07:26:10.0186 4584	volmgrx - ok
07:26:10.0216 4584	volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
07:26:10.0236 4584	volsnap - ok
07:26:10.0266 4584	vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
07:26:10.0286 4584	vsmraid - ok
07:26:10.0426 4584	VSPerfDrv100 (1928b9ca20f51bfbbad54d2c2c447b13) C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys
07:26:10.0436 4584	VSPerfDrv100 - ok
07:26:10.0546 4584	VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
07:26:10.0646 4584	VSS - ok
07:26:10.0726 4584	vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
07:26:10.0756 4584	vwifibus - ok
07:26:10.0786 4584	W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
07:26:10.0836 4584	W32Time - ok
07:26:10.0856 4584	WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
07:26:10.0876 4584	WacomPen - ok
07:26:10.0926 4584	WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
07:26:10.0976 4584	WANARP - ok
07:26:10.0976 4584	Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
07:26:11.0016 4584	Wanarpv6 - ok
07:26:11.0106 4584	WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
07:26:11.0156 4584	WatAdminSvc - ok
07:26:11.0256 4584	wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
07:26:11.0316 4584	wbengine - ok
07:26:11.0396 4584	WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
07:26:11.0426 4584	WbioSrvc - ok
07:26:11.0476 4584	wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
07:26:11.0516 4584	wcncsvc - ok
07:26:11.0526 4584	WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
07:26:11.0546 4584	WcsPlugInService - ok
07:26:11.0656 4584	Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
07:26:11.0666 4584	Wd - ok
07:26:11.0706 4584	Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
07:26:11.0736 4584	Wdf01000 - ok
07:26:11.0746 4584	WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
07:26:11.0786 4584	WdiServiceHost - ok
07:26:11.0786 4584	WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
07:26:11.0806 4584	WdiSystemHost - ok
07:26:11.0856 4584	WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
07:26:11.0886 4584	WebClient - ok
07:26:11.0916 4584	Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
07:26:11.0976 4584	Wecsvc - ok
07:26:11.0986 4584	wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
07:26:12.0046 4584	wercplsupport - ok
07:26:12.0066 4584	WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
07:26:12.0106 4584	WerSvc - ok
07:26:12.0136 4584	WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
07:26:12.0166 4584	WfpLwf - ok
07:26:12.0186 4584	WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
07:26:12.0196 4584	WIMMount - ok
07:26:12.0216 4584	WinDefend - ok
07:26:12.0226 4584	WinHttpAutoProxySvc - ok
07:26:12.0266 4584	Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
07:26:12.0316 4584	Winmgmt - ok
07:26:12.0436 4584	WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
07:26:12.0506 4584	WinRM - ok
07:26:12.0666 4584	WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
07:26:12.0676 4584	WinUsb - ok
07:26:12.0746 4584	Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
07:26:12.0786 4584	Wlansvc - ok
07:26:12.0986 4584	wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
07:26:13.0026 4584	wlidsvc - ok
07:26:13.0086 4584	WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
07:26:13.0116 4584	WmiAcpi - ok
07:26:13.0176 4584	wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
07:26:13.0206 4584	wmiApSrv - ok
07:26:13.0236 4584	WMPNetworkSvc - ok
07:26:13.0266 4584	WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
07:26:13.0276 4584	WPCSvc - ok
07:26:13.0316 4584	WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
07:26:13.0346 4584	WPDBusEnum - ok
07:26:13.0366 4584	ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
07:26:13.0416 4584	ws2ifsl - ok
07:26:13.0446 4584	wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
07:26:13.0476 4584	wscsvc - ok
07:26:13.0476 4584	WSearch - ok
07:26:13.0706 4584	wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
07:26:13.0796 4584	wuauserv - ok
07:26:13.0896 4584	WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
07:26:13.0936 4584	WudfPf - ok
07:26:13.0976 4584	WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
07:26:14.0006 4584	WUDFRd - ok
07:26:14.0046 4584	wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
07:26:14.0086 4584	wudfsvc - ok
07:26:14.0106 4584	WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
07:26:14.0146 4584	WwanSvc - ok
07:26:14.0156 4584	MBR (0x1B8) (4661f953f30d48fd76a9da73c4892179) \Device\Harddisk0\DR0
07:26:14.0646 4584	\Device\Harddisk0\DR0 ( TDSS File System ) - warning
07:26:14.0646 4584	\Device\Harddisk0\DR0 - detected TDSS File System (1)
07:26:14.0676 4584	Boot (0x1200) (b4f67d19b2b9cb025785cc00f8bccdfe) \Device\Harddisk0\DR0\Partition0
07:26:14.0676 4584	\Device\Harddisk0\DR0\Partition0 - ok
07:26:14.0696 4584	Boot (0x1200) (4d2cca53ef627626c7ad78ce199b81f7) \Device\Harddisk0\DR0\Partition1
07:26:14.0696 4584	\Device\Harddisk0\DR0\Partition1 - ok
07:26:14.0696 4584	============================================================
07:26:14.0696 4584	Scan finished
07:26:14.0696 4584	============================================================
07:26:14.0706 3128	Detected object count: 5
07:26:14.0706 3128	Actual detected object count: 5
07:26:57.0626 3128	CSHelper ( UnsignedFile.Multi.Generic ) - skipped by user
07:26:57.0626 3128	CSHelper ( UnsignedFile.Multi.Generic ) - User select action: Skip 
07:26:57.0626 3128	IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
07:26:57.0626 3128	IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
07:26:57.0626 3128	NILM License Manager ( UnsignedFile.Multi.Generic ) - skipped by user
07:26:57.0626 3128	NILM License Manager ( UnsignedFile.Multi.Generic ) - User select action: Skip 
07:26:57.0636 3128	sptd ( LockedFile.Multi.Generic ) - skipped by user
07:26:57.0636 3128	sptd ( LockedFile.Multi.Generic ) - User select action: Skip 
07:26:57.0636 3128	\Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
07:26:57.0636 3128	\Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip 
07:27:30.0436 5900	============================================================
07:27:30.0436 5900	Scan started
07:27:30.0436 5900	Mode: Manual; SigCheck; TDLFS; 
07:27:30.0436 5900	============================================================
07:27:30.0876 5900	!SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\a folder\Program Files\SuperAntiSpyware\SASCORE64.EXE
07:27:30.0896 5900	!SASCORE - ok
07:27:30.0936 5900	1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
07:27:30.0956 5900	1394ohci - ok
07:27:31.0006 5900	ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
07:27:31.0016 5900	ACPI - ok
07:27:31.0036 5900	AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
07:27:31.0056 5900	AcpiPmi - ok
07:27:31.0096 5900	adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
07:27:31.0116 5900	adp94xx - ok
07:27:31.0146 5900	adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
07:27:31.0156 5900	adpahci - ok
07:27:31.0186 5900	adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
07:27:31.0196 5900	adpu320 - ok
07:27:31.0226 5900	AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
07:27:31.0266 5900	AeLookupSvc - ok
07:27:31.0296 5900	AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
07:27:31.0316 5900	AFD - ok
07:27:31.0356 5900	agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
07:27:31.0366 5900	agp440 - ok
07:27:31.0386 5900	ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
07:27:31.0396 5900	ALG - ok
07:27:31.0406 5900	aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
07:27:31.0416 5900	aliide - ok
07:27:31.0466 5900	AMD External Events Utility (20c8a3e435a47f0408a1ea674afa6194) C:\Windows\system32\atiesrxx.exe
07:27:31.0486 5900	AMD External Events Utility - ok
07:27:31.0496 5900	amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
07:27:31.0506 5900	amdide - ok
07:27:31.0526 5900	AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
07:27:31.0536 5900	AmdK8 - ok
07:27:32.0126 5900	amdkmdag (0b45c18b0f3ee996d25baa4e74884b83) C:\Windows\system32\DRIVERS\atikmdag.sys
07:27:32.0246 5900	amdkmdag - ok
07:27:32.0376 5900	amdkmdap (0e57258e5cc4cc7a9a9a877afdf0cec6) C:\Windows\system32\DRIVERS\atikmpag.sys
07:27:32.0396 5900	amdkmdap - ok
07:27:32.0426 5900	AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
07:27:32.0446 5900	AmdPPM - ok
07:27:32.0456 5900	amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
07:27:32.0476 5900	amdsata - ok
07:27:32.0496 5900	amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
07:27:32.0516 5900	amdsbs - ok
07:27:32.0526 5900	amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
07:27:32.0536 5900	amdxata - ok
07:27:32.0576 5900	AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
07:27:32.0606 5900	AppID - ok
07:27:32.0666 5900	AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
07:27:32.0696 5900	AppIDSvc - ok
07:27:32.0696 5900	Scan interrupted by user!
07:27:32.0696 5900	Scan interrupted by user!
07:27:32.0696 5900	Scan interrupted by user!
07:27:32.0696 5900	============================================================
07:27:32.0696 5900	Scan finished
07:27:32.0696 5900	============================================================
07:27:32.0706 3592	Detected object count: 0
07:27:32.0706 3592	Actual detected object count: 0
07:27:34.0636 5204	============================================================
07:27:34.0636 5204	Scan started
07:27:34.0636 5204	Mode: Manual; SigCheck; TDLFS; 
07:27:34.0636 5204	============================================================
07:27:35.0116 5204	!SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\a folder\Program Files\SuperAntiSpyware\SASCORE64.EXE
07:27:35.0126 5204	!SASCORE - ok
07:27:35.0166 5204	1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
07:27:35.0176 5204	1394ohci - ok
07:27:35.0226 5204	ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
07:27:35.0246 5204	ACPI - ok
07:27:35.0266 5204	AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
07:27:35.0286 5204	AcpiPmi - ok
07:27:35.0316 5204	adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
07:27:35.0336 5204	adp94xx - ok
07:27:35.0366 5204	adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
07:27:35.0376 5204	adpahci - ok
07:27:35.0406 5204	adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
07:27:35.0416 5204	adpu320 - ok
07:27:35.0446 5204	AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
07:27:35.0476 5204	AeLookupSvc - ok
07:27:35.0516 5204	AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
07:27:35.0536 5204	AFD - ok
07:27:35.0576 5204	agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
07:27:35.0586 5204	agp440 - ok
07:27:35.0656 5204	ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
07:27:35.0676 5204	ALG - ok
07:27:35.0686 5204	aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
07:27:35.0696 5204	aliide - ok
07:27:35.0746 5204	AMD External Events Utility (20c8a3e435a47f0408a1ea674afa6194) C:\Windows\system32\atiesrxx.exe
07:27:35.0766 5204	AMD External Events Utility - ok
07:27:35.0786 5204	amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
07:27:35.0796 5204	amdide - ok
07:27:35.0806 5204	AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
07:27:35.0826 5204	AmdK8 - ok
07:27:36.0346 5204	amdkmdag (0b45c18b0f3ee996d25baa4e74884b83) C:\Windows\system32\DRIVERS\atikmdag.sys
07:27:36.0476 5204	amdkmdag - ok
07:27:36.0656 5204	amdkmdap (0e57258e5cc4cc7a9a9a877afdf0cec6) C:\Windows\system32\DRIVERS\atikmpag.sys
07:27:36.0676 5204	amdkmdap - ok
07:27:36.0706 5204	AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
07:27:36.0716 5204	AmdPPM - ok
07:27:36.0736 5204	amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
07:27:36.0746 5204	amdsata - ok
07:27:36.0776 5204	amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
07:27:36.0786 5204	amdsbs - ok
07:27:36.0796 5204	amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
07:27:36.0806 5204	amdxata - ok
07:27:36.0846 5204	AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
07:27:36.0886 5204	AppID - ok
07:27:36.0906 5204	AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
07:27:36.0936 5204	AppIDSvc - ok
07:27:36.0976 5204	Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
07:27:37.0006 5204	Appinfo - ok
07:27:37.0036 5204	AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
07:27:37.0056 5204	AppMgmt - ok
07:27:37.0066 5204	arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
07:27:37.0086 5204	arc - ok
07:27:37.0096 5204	arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
07:27:37.0106 5204	arcsas - ok
07:27:37.0216 5204	aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
07:27:37.0226 5204	aspnet_state - ok
07:27:37.0246 5204	AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
07:27:37.0276 5204	AsyncMac - ok
07:27:37.0316 5204	atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
07:27:37.0326 5204	atapi - ok
07:27:37.0376 5204	AtiHDAudioService (24464b908e143d2561e9e452fee97309) C:\Windows\system32\drivers\AtihdW76.sys
07:27:37.0386 5204	AtiHDAudioService - ok
07:27:37.0416 5204	AtiHdmiService (2d648572ba9a610952fcafba1e119c2d) C:\Windows\system32\drivers\AtiHdmi.sys
07:27:37.0426 5204	AtiHdmiService - ok
07:27:38.0016 5204	atikmdag (0b45c18b0f3ee996d25baa4e74884b83) C:\Windows\system32\DRIVERS\atikmdag.sys
07:27:38.0136 5204	atikmdag - ok
07:27:38.0256 5204	atksgt (64f07381335e37c142f6d176705ffca6) C:\Windows\system32\DRIVERS\atksgt.sys
07:27:38.0276 5204	atksgt - ok
07:27:38.0336 5204	AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
07:27:38.0376 5204	AudioEndpointBuilder - ok
07:27:38.0376 5204	AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
07:27:38.0416 5204	AudioSrv - ok
07:27:38.0486 5204	AVP (2718dc27571bd1e37813f5759d2dc118) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
07:27:38.0496 5204	AVP - ok
07:27:38.0536 5204	AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
07:27:38.0556 5204	AxInstSV - ok
07:27:38.0666 5204	b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
07:27:38.0686 5204	b06bdrv - ok
07:27:38.0726 5204	b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
07:27:38.0736 5204	b57nd60a - ok
07:27:38.0766 5204	BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
07:27:38.0776 5204	BDESVC - ok
07:27:38.0796 5204	Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
07:27:38.0826 5204	Beep - ok
07:27:38.0896 5204	BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
07:27:38.0936 5204	BFE - ok
07:27:38.0986 5204	BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
07:27:39.0026 5204	BITS - ok
07:27:39.0046 5204	blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
07:27:39.0056 5204	blbdrive - ok
07:27:39.0096 5204	bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
07:27:39.0106 5204	bowser - ok
07:27:39.0126 5204	BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
07:27:39.0136 5204	BrFiltLo - ok
07:27:39.0156 5204	BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
07:27:39.0166 5204	BrFiltUp - ok
07:27:39.0206 5204	Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
07:27:39.0246 5204	Browser - ok
07:27:39.0266 5204	Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
07:27:39.0286 5204	Brserid - ok
07:27:39.0306 5204	BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
07:27:39.0316 5204	BrSerWdm - ok
07:27:39.0336 5204	BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
07:27:39.0346 5204	BrUsbMdm - ok
07:27:39.0356 5204	BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
07:27:39.0376 5204	BrUsbSer - ok
07:27:39.0396 5204	BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
07:27:39.0416 5204	BTHMODEM - ok
07:27:39.0556 5204	bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
07:27:39.0596 5204	bthserv - ok
07:27:39.0706 5204	cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
07:27:39.0736 5204	cdfs - ok
07:27:39.0766 5204	cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
07:27:39.0786 5204	cdrom - ok
07:27:39.0816 5204	CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
07:27:39.0856 5204	CertPropSvc - ok
07:27:39.0866 5204	circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
07:27:39.0886 5204	circlass - ok
07:27:39.0916 5204	CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
07:27:39.0926 5204	CLFS - ok
07:27:39.0976 5204	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
07:27:39.0986 5204	clr_optimization_v2.0.50727_32 - ok
07:27:40.0016 5204	clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
07:27:40.0026 5204	clr_optimization_v2.0.50727_64 - ok
07:27:40.0106 5204	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
07:27:40.0116 5204	clr_optimization_v4.0.30319_32 - ok
07:27:40.0146 5204	clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
07:27:40.0156 5204	clr_optimization_v4.0.30319_64 - ok
07:27:40.0166 5204	CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
07:27:40.0176 5204	CmBatt - ok
07:27:40.0216 5204	cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
07:27:40.0226 5204	cmdide - ok
07:27:40.0286 5204	CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
07:27:40.0306 5204	CNG - ok
07:27:40.0316 5204	Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
07:27:40.0326 5204	Compbatt - ok
07:27:40.0346 5204	CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
07:27:40.0366 5204	CompositeBus - ok
07:27:40.0366 5204	COMSysApp - ok
07:27:40.0376 5204	crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
07:27:40.0386 5204	crcdisk - ok
07:27:40.0436 5204	CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
07:27:40.0466 5204	CryptSvc - ok
07:27:40.0526 5204	CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
07:27:40.0546 5204	CSC - ok
07:27:40.0676 5204	CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
07:27:40.0696 5204	CscService - ok
07:27:40.0776 5204	CSHelper (aefb8558199bd5212b268b09bfa1d71a) C:\Windows\SysWOW64\CSHelper.exe
07:27:40.0776 5204	CSHelper ( UnsignedFile.Multi.Generic ) - warning
07:27:40.0776 5204	CSHelper - detected UnsignedFile.Multi.Generic (1)
07:27:40.0856 5204	DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
07:27:40.0896 5204	DcomLaunch - ok
07:27:40.0936 5204	defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
07:27:40.0966 5204	defragsvc - ok
07:27:41.0006 5204	DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
07:27:41.0046 5204	DfsC - ok
07:27:41.0066 5204	Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
07:27:41.0106 5204	Dhcp - ok
07:27:41.0116 5204	discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
07:27:41.0156 5204	discache - ok
07:27:41.0166 5204	Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
07:27:41.0186 5204	Disk - ok
07:27:41.0226 5204	Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
07:27:41.0236 5204	Dnscache - ok
07:27:41.0286 5204	dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
07:27:41.0316 5204	dot3svc - ok
07:27:41.0356 5204	DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
07:27:41.0386 5204	DPS - ok
07:27:41.0406 5204	drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
07:27:41.0426 5204	drmkaud - ok
07:27:41.0486 5204	DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
07:27:41.0516 5204	DXGKrnl - ok
07:27:41.0546 5204	EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
07:27:41.0576 5204	EapHost - ok
07:27:41.0796 5204	ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
07:27:41.0836 5204	ebdrv - ok
07:27:41.0916 5204	EFS (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\System32\lsass.exe
07:27:41.0936 5204	EFS - ok
07:27:42.0026 5204	ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
07:27:42.0046 5204	ehRecvr - ok
07:27:42.0066 5204	ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
07:27:42.0086 5204	ehSched - ok
07:27:42.0136 5204	elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
07:27:42.0146 5204	elxstor - ok
07:27:42.0186 5204	ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
07:27:42.0206 5204	ErrDev - ok
07:27:42.0236 5204	EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
07:27:42.0276 5204	EventSystem - ok
07:27:42.0306 5204	exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
07:27:42.0336 5204	exfat - ok
07:27:42.0366 5204	fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
07:27:42.0396 5204	fastfat - ok
07:27:42.0456 5204	Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
07:27:42.0476 5204	Fax - ok
07:27:42.0496 5204	fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
07:27:42.0506 5204	fdc - ok
07:27:42.0526 5204	fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
07:27:42.0556 5204	fdPHost - ok
07:27:42.0566 5204	FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
07:27:42.0596 5204	FDResPub - ok
07:27:42.0646 5204	FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
07:27:42.0666 5204	FileInfo - ok
07:27:42.0676 5204	Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
07:27:42.0716 5204	Filetrace - ok
07:27:42.0726 5204	flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
07:27:42.0736 5204	flpydisk - ok
07:27:42.0786 5204	FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
07:27:42.0806 5204	FltMgr - ok
07:27:42.0896 5204	FontCache (b4447f606bb19fd8ad0bafb59b90f5d9) C:\Windows\system32\FntCache.dll
07:27:42.0946 5204	FontCache - ok
07:27:43.0026 5204	FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
07:27:43.0036 5204	FontCache3.0.0.0 - ok
07:27:43.0066 5204	FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
07:27:43.0086 5204	FsDepends - ok
07:27:43.0096 5204	Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
07:27:43.0106 5204	Fs_Rec - ok
07:27:43.0146 5204	fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
07:27:43.0166 5204	fvevol - ok
07:27:43.0176 5204	gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
07:27:43.0186 5204	gagp30kx - ok
07:27:43.0206 5204	gdrv (f51fb25e1328fa14f446a8b24ac52709) C:\Windows\gdrv.sys
07:27:43.0216 5204	gdrv - ok
07:27:43.0236 5204	GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
07:27:43.0246 5204	GEARAspiWDM - ok
07:27:43.0296 5204	gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
07:27:43.0336 5204	gpsvc - ok
07:27:43.0406 5204	gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
07:27:43.0416 5204	gupdate - ok
07:27:43.0426 5204	gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
07:27:43.0436 5204	gupdatem - ok
07:27:43.0446 5204	hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
07:27:43.0456 5204	hcw85cir - ok
07:27:43.0506 5204	HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
07:27:43.0526 5204	HdAudAddService - ok
07:27:43.0556 5204	HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
07:27:43.0576 5204	HDAudBus - ok
07:27:43.0646 5204	HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
07:27:43.0666 5204	HidBatt - ok
07:27:43.0676 5204	HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
07:27:43.0696 5204	HidBth - ok
07:27:43.0706 5204	HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
07:27:43.0726 5204	HidIr - ok
07:27:43.0746 5204	hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
07:27:43.0776 5204	hidserv - ok
07:27:43.0806 5204	HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
07:27:43.0816 5204	HidUsb - ok
07:27:43.0856 5204	hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
07:27:43.0896 5204	hkmsvc - ok
07:27:43.0946 5204	HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
07:27:43.0956 5204	HomeGroupListener - ok
07:27:43.0996 5204	HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
07:27:44.0016 5204	HomeGroupProvider - ok
07:27:44.0046 5204	HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
07:27:44.0056 5204	HpSAMD - ok
07:27:44.0126 5204	HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
07:27:44.0166 5204	HTTP - ok
07:27:44.0206 5204	hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
07:27:44.0216 5204	hwpolicy - ok
07:27:44.0246 5204	i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
07:27:44.0266 5204	i8042prt - ok
07:27:44.0296 5204	iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
07:27:44.0306 5204	iaStorV - ok
07:27:44.0396 5204	IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
07:27:44.0406 5204	IDriverT ( UnsignedFile.Multi.Generic ) - warning
07:27:44.0406 5204	IDriverT - detected UnsignedFile.Multi.Generic (1)
07:27:44.0496 5204	idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
07:27:44.0516 5204	idsvc - ok
07:27:44.0656 5204	iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
07:27:44.0666 5204	iirsp - ok
07:27:44.0766 5204	IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
07:27:44.0806 5204	IKEEXT - ok
07:27:44.0906 5204	IntcAzAudAddService (b1cf774c00a5d466277fe0b45439c643) C:\Windows\system32\drivers\RTKVHD64.sys
07:27:44.0936 5204	IntcAzAudAddService - ok
07:27:45.0026 5204	intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
07:27:45.0036 5204	intelide - ok
07:27:45.0046 5204	intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
07:27:45.0056 5204	intelppm - ok
07:27:45.0086 5204	IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
07:27:45.0116 5204	IPBusEnum - ok
07:27:45.0166 5204	IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
07:27:45.0196 5204	IpFilterDriver - ok
07:27:45.0246 5204	iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
07:27:45.0286 5204	iphlpsvc - ok
07:27:45.0326 5204	IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
07:27:45.0336 5204	IPMIDRV - ok
07:27:45.0366 5204	IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
07:27:45.0396 5204	IPNAT - ok
07:27:45.0466 5204	iPod Service (dc115bd67a913f71a77c7c72c1e64c0a) C:\Program Files\iPod\bin\iPodService.exe
07:27:45.0486 5204	iPod Service - ok
07:27:45.0496 5204	IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
07:27:45.0516 5204	IRENUM - ok
07:27:45.0556 5204	isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
07:27:45.0566 5204	isapnp - ok
07:27:45.0676 5204	iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
07:27:45.0686 5204	iScsiPrt - ok
07:27:45.0706 5204	kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
07:27:45.0716 5204	kbdclass - ok
07:27:45.0736 5204	kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
07:27:45.0756 5204	kbdhid - ok
07:27:45.0766 5204	KeyIso (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
07:27:45.0786 5204	KeyIso - ok
07:27:45.0836 5204	KL1 (e656fe10d6d27794afa08136685a69e8) C:\Windows\system32\DRIVERS\kl1.sys
07:27:45.0856 5204	KL1 - ok
07:27:45.0866 5204	kl2 (d865dd8b0448e3f963d68c04c532858f) C:\Windows\system32\DRIVERS\kl2.sys
07:27:45.0876 5204	kl2 - ok
07:27:45.0916 5204	KLIF (c7d4f357c482dd37e2b05f34093b7b0c) C:\Windows\system32\DRIVERS\klif.sys
07:27:45.0936 5204	KLIF - ok
07:27:45.0946 5204	KLIM6 (89fb5a33d7171b6d84f5eb721d5055e1) C:\Windows\system32\DRIVERS\klim6.sys
07:27:45.0956 5204	KLIM6 - ok
07:27:45.0966 5204	klmouflt (9468d07e91ba136d82415f5dfc1fe168) C:\Windows\system32\DRIVERS\klmouflt.sys
07:27:45.0966 5204	klmouflt - ok
07:27:45.0986 5204	KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
07:27:45.0996 5204	KSecDD - ok
07:27:46.0036 5204	KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
07:27:46.0056 5204	KSecPkg - ok
07:27:46.0056 5204	ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
07:27:46.0086 5204	ksthunk - ok
07:27:46.0126 5204	KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
07:27:46.0156 5204	KtmRm - ok
07:27:46.0196 5204	LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
07:27:46.0236 5204	LanmanServer - ok
07:27:46.0276 5204	LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
07:27:46.0306 5204	LanmanWorkstation - ok
07:27:46.0326 5204	lirsgt (83ba097acaad0b00505634a62d90f93a) C:\Windows\system32\DRIVERS\lirsgt.sys
07:27:46.0336 5204	lirsgt - ok
07:27:46.0446 5204	LkCitadelServer (20cdb07017497c94a0bad253c4bafcbc) C:\Windows\SysWOW64\lkcitdl.exe
07:27:46.0466 5204	LkCitadelServer - ok
07:27:46.0486 5204	lkClassAds (c373079f8d6a3543faadb96c874cf06b) C:\Windows\SysWOW64\lkads.exe
07:27:46.0496 5204	lkClassAds - ok
07:27:46.0506 5204	lkTimeSync (ed1c2f1b9b7dedee5c6287211ac4422e) C:\Windows\SysWOW64\lktsrv.exe
07:27:46.0516 5204	lkTimeSync - ok
07:27:46.0586 5204	lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
07:27:46.0616 5204	lltdio - ok
07:27:46.0666 5204	lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
07:27:46.0706 5204	lltdsvc - ok
07:27:46.0716 5204	lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
07:27:46.0756 5204	lmhosts - ok
07:27:46.0766 5204	lmimirr (413ecdcfad9a82804d3674c8d7eec24e) C:\Windows\system32\DRIVERS\lmimirr.sys
07:27:46.0776 5204	lmimirr - ok
07:27:46.0786 5204	LMIRfsDriver (c57d3faa50e6f395759ffb7c709bd944) C:\Windows\system32\drivers\LMIRfsDriver.sys
07:27:46.0796 5204	LMIRfsDriver - ok
07:27:46.0816 5204	LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
07:27:46.0826 5204	LSI_FC - ok
07:27:46.0836 5204	LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
07:27:46.0856 5204	LSI_SAS - ok
07:27:46.0866 5204	LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
07:27:46.0886 5204	LSI_SAS2 - ok
07:27:46.0896 5204	LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
07:27:46.0916 5204	LSI_SCSI - ok
07:27:46.0916 5204	luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
07:27:46.0956 5204	luafv - ok
07:27:46.0976 5204	MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
07:27:46.0986 5204	MBAMProtector - ok
07:27:47.0076 5204	MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\a folder\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
07:27:47.0096 5204	MBAMService - ok
07:27:47.0116 5204	mcdbus (dd7376c4154a4b65962c47f21850bdad) C:\Windows\system32\DRIVERS\mcdbus.sys
07:27:47.0126 5204	mcdbus - ok
07:27:47.0166 5204	Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
07:27:47.0176 5204	Mcx2Svc - ok
07:27:47.0196 5204	megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
07:27:47.0206 5204	megasas - ok
07:27:47.0236 5204	MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
07:27:47.0256 5204	MegaSR - ok
07:27:47.0296 5204	Microsoft Office Groove Audit Service (7c4c76b39d5525c4a465e0be32528e19) C:\a folder\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
07:27:47.0306 5204	Microsoft Office Groove Audit Service - ok
07:27:47.0326 5204	MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
07:27:47.0366 5204	MMCSS - ok
07:27:47.0376 5204	Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
07:27:47.0416 5204	Modem - ok
07:27:47.0426 5204	monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
07:27:47.0446 5204	monitor - ok
07:27:47.0476 5204	mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
07:27:47.0486 5204	mouclass - ok
07:27:47.0506 5204	mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
07:27:47.0516 5204	mouhid - ok
07:27:47.0556 5204	mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
07:27:47.0566 5204	mountmgr - ok
07:27:47.0676 5204	MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
07:27:47.0686 5204	MozillaMaintenance - ok
07:27:47.0726 5204	mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
07:27:47.0736 5204	mpio - ok
07:27:47.0766 5204	mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
07:27:47.0796 5204	mpsdrv - ok
07:27:47.0876 5204	MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
07:27:47.0916 5204	MpsSvc - ok
07:27:47.0966 5204	MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
07:27:47.0986 5204	MRxDAV - ok
07:27:48.0016 5204	mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
07:27:48.0026 5204	mrxsmb - ok
07:27:48.0056 5204	mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
07:27:48.0076 5204	mrxsmb10 - ok
07:27:48.0096 5204	mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
07:27:48.0106 5204	mrxsmb20 - ok
07:27:48.0126 5204	msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
07:27:48.0136 5204	msahci - ok
07:27:48.0166 5204	msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
07:27:48.0186 5204	msdsm - ok
07:27:48.0216 5204	MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
07:27:48.0236 5204	MSDTC - ok
07:27:48.0256 5204	Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
07:27:48.0286 5204	Msfs - ok
07:27:48.0306 5204	mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
07:27:48.0336 5204	mshidkmdf - ok
07:27:48.0356 5204	msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
07:27:48.0366 5204	msisadrv - ok
07:27:48.0396 5204	MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
07:27:48.0436 5204	MSiSCSI - ok
07:27:48.0436 5204	msiserver - ok
07:27:48.0446 5204	MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
07:27:48.0486 5204	MSKSSRV - ok
07:27:48.0496 5204	MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
07:27:48.0526 5204	MSPCLOCK - ok
07:27:48.0546 5204	MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
07:27:48.0576 5204	MSPQM - ok
07:27:48.0686 5204	MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
07:27:48.0706 5204	MsRPC - ok
07:27:48.0746 5204	mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
07:27:48.0756 5204	mssmbios - ok
07:27:48.0766 5204	MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
07:27:48.0806 5204	MSTEE - ok
07:27:48.0826 5204	MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
07:27:48.0846 5204	MTConfig - ok
07:27:48.0856 5204	Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
07:27:48.0866 5204	Mup - ok
07:27:48.0906 5204	napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
07:27:48.0936 5204	napagent - ok
07:27:48.0966 5204	NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
07:27:48.0986 5204	NativeWifiP - ok
07:27:49.0056 5204	NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
07:27:49.0076 5204	NDIS - ok
07:27:49.0096 5204	NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
07:27:49.0126 5204	NdisCap - ok
07:27:49.0136 5204	NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
07:27:49.0166 5204	NdisTapi - ok
07:27:49.0206 5204	Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
07:27:49.0236 5204	Ndisuio - ok
07:27:49.0286 5204	NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
07:27:49.0316 5204	NdisWan - ok
07:27:49.0356 5204	NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
07:27:49.0386 5204	NDProxy - ok
07:27:49.0406 5204	NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
07:27:49.0436 5204	NetBIOS - ok
07:27:49.0456 5204	NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
07:27:49.0496 5204	NetBT - ok
07:27:49.0516 5204	Netlogon (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
07:27:49.0536 5204	Netlogon - ok
07:27:49.0566 5204	Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
07:27:49.0606 5204	Netman - ok
07:27:49.0866 5204	NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
07:27:49.0876 5204	NetMsmqActivator - ok
07:27:49.0916 5204	NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
07:27:49.0926 5204	NetPipeActivator - ok
07:27:49.0986 5204	netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
07:27:50.0016 5204	netprofm - ok
07:27:50.0026 5204	NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
07:27:50.0036 5204	NetTcpActivator - ok
07:27:50.0036 5204	NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
07:27:50.0046 5204	NetTcpPortSharing - ok
07:27:50.0086 5204	nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
07:27:50.0096 5204	nfrd960 - ok
07:27:50.0216 5204	NIDomainService (a36307747e7bb2dc015f9fe4350a4a08) C:\a folder\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
07:27:50.0226 5204	NIDomainService - ok
07:27:50.0336 5204	NILM License Manager (b17093b9a2c5f874975c732c1a8ba771) C:\a folder\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe
07:27:50.0356 5204	NILM License Manager ( UnsignedFile.Multi.Generic ) - warning
07:27:50.0356 5204	NILM License Manager - detected UnsignedFile.Multi.Generic (1)
07:27:50.0426 5204	niSvcLoc - ok
07:27:50.0496 5204	NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
07:27:50.0536 5204	NlaSvc - ok
07:27:50.0556 5204	Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
07:27:50.0586 5204	Npfs - ok
07:27:50.0646 5204	nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
07:27:50.0686 5204	nsi - ok
07:27:50.0686 5204	nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
07:27:50.0726 5204	nsiproxy - ok
07:27:50.0836 5204	Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
07:27:50.0876 5204	Ntfs - ok
07:27:50.0916 5204	Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
07:27:50.0946 5204	Null - ok
07:27:50.0976 5204	nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
07:27:50.0986 5204	nvraid - ok
07:27:51.0006 5204	nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
07:27:51.0026 5204	nvstor - ok
07:27:51.0056 5204	nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
07:27:51.0066 5204	nv_agp - ok
07:27:51.0246 5204	O&O Defrag (6ff0f6c590e92ff1dc559b3b1b3b1b11) C:\a folder\Program Files\OO Software\Defrag\oodag.exe
07:27:51.0286 5204	O&O Defrag - ok
07:27:51.0376 5204	odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
07:27:51.0396 5204	odserv - ok
07:27:51.0446 5204	ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
07:27:51.0466 5204	ohci1394 - ok
07:27:51.0496 5204	ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
07:27:51.0506 5204	ose - ok
07:27:51.0546 5204	p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
07:27:51.0566 5204	p2pimsvc - ok
07:27:51.0656 5204	p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
07:27:51.0666 5204	p2psvc - ok
07:27:51.0696 5204	Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
07:27:51.0706 5204	Parport - ok
07:27:51.0756 5204	partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
07:27:51.0766 5204	partmgr - ok
07:27:51.0786 5204	PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
07:27:51.0806 5204	PcaSvc - ok
07:27:51.0846 5204	pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
07:27:51.0866 5204	pci - ok
07:27:51.0866 5204	pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
07:27:51.0886 5204	pciide - ok
07:27:51.0906 5204	pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
07:27:51.0926 5204	pcmcia - ok
07:27:51.0946 5204	pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
07:27:51.0956 5204	pcw - ok
07:27:51.0986 5204	PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
07:27:52.0026 5204	PEAUTH - ok
07:27:52.0116 5204	PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
07:27:52.0146 5204	PeerDistSvc - ok
07:27:52.0216 5204	PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
07:27:52.0236 5204	PerfHost - ok
07:27:52.0376 5204	pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
07:27:52.0426 5204	pla - ok
07:27:52.0466 5204	PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
07:27:52.0486 5204	PlugPlay - ok
07:27:52.0486 5204	PnkBstrA - ok
07:27:52.0496 5204	PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
07:27:52.0516 5204	PNRPAutoReg - ok
07:27:52.0536 5204	PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
07:27:52.0556 5204	PNRPsvc - ok
07:27:52.0646 5204	PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
07:27:52.0686 5204	PolicyAgent - ok
07:27:52.0716 5204	Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
07:27:52.0756 5204	Power - ok
07:27:52.0796 5204	PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
07:27:52.0836 5204	PptpMiniport - ok
07:27:52.0866 5204	Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
07:27:52.0876 5204	Processor - ok
07:27:52.0906 5204	ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
07:27:52.0936 5204	ProfSvc - ok
07:27:52.0956 5204	ProtectedStorage (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
07:27:52.0976 5204	ProtectedStorage - ok
07:27:53.0016 5204	Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
07:27:53.0046 5204	Psched - ok
07:27:53.0126 5204	ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
07:27:53.0166 5204	ql2300 - ok
07:27:53.0226 5204	ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
07:27:53.0236 5204	ql40xx - ok
07:27:53.0276 5204	QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
07:27:53.0296 5204	QWAVE - ok
07:27:53.0316 5204	QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
07:27:53.0326 5204	QWAVEdrv - ok
07:27:53.0346 5204	RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
07:27:53.0376 5204	RasAcd - ok
07:27:53.0406 5204	RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
07:27:53.0446 5204	RasAgileVpn - ok
07:27:53.0466 5204	RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
07:27:53.0496 5204	RasAuto - ok
07:27:53.0536 5204	Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
07:27:53.0576 5204	Rasl2tp - ok
07:27:53.0676 5204	RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
07:27:53.0716 5204	RasMan - ok
07:27:53.0726 5204	RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
07:27:53.0766 5204	RasPppoe - ok
07:27:53.0776 5204	RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
07:27:53.0806 5204	RasSstp - ok
07:27:53.0856 5204	rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
07:27:53.0896 5204	rdbss - ok
07:27:53.0916 5204	RDID1053 (d22bd2c64e750013d23f97a50d183758) C:\Windows\system32\Drivers\rdwm1053.sys
07:27:53.0926 5204	RDID1053 - ok
07:27:53.0946 5204	rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
07:27:53.0966 5204	rdpbus - ok
07:27:53.0976 5204	RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
07:27:54.0006 5204	RDPCDD - ok
07:27:54.0056 5204	RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
07:27:54.0066 5204	RDPDR - ok
07:27:54.0086 5204	RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
07:27:54.0116 5204	RDPENCDD - ok
07:27:54.0126 5204	RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
07:27:54.0166 5204	RDPREFMP - ok
07:27:54.0206 5204	RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
07:27:54.0216 5204	RdpVideoMiniport - ok
07:27:54.0266 5204	RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
07:27:54.0296 5204	RDPWD - ok
07:27:54.0336 5204	rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
07:27:54.0356 5204	rdyboost - ok
07:27:54.0376 5204	RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
07:27:54.0416 5204	RemoteAccess - ok
07:27:54.0426 5204	RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
07:27:54.0466 5204	RemoteRegistry - ok
07:27:54.0486 5204	RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
07:27:54.0516 5204	RpcEptMapper - ok
07:27:54.0546 5204	RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
07:27:54.0556 5204	RpcLocator - ok
07:27:54.0666 5204	RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
07:27:54.0706 5204	RpcSs - ok
07:27:54.0716 5204	rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
07:27:54.0756 5204	rspndr - ok
07:27:54.0776 5204	RTL8169 (faeeed5a8949e6ba611a7b738ad28cee) C:\Windows\system32\DRIVERS\Rtlh64.sys
07:27:54.0796 5204	RTL8169 - ok
07:27:54.0836 5204	s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
07:27:54.0846 5204	s3cap - ok
07:27:54.0866 5204	SamSs (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
07:27:54.0886 5204	SamSs - ok
07:27:54.0986 5204	SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\a folder\Program Files\SuperAntiSpyware\SASDIFSV64.SYS
07:27:54.0996 5204	SASDIFSV - ok
07:27:55.0006 5204	SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\a folder\Program Files\SuperAntiSpyware\SASKUTIL64.SYS
07:27:55.0016 5204	SASKUTIL - ok
07:27:55.0046 5204	sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
07:27:55.0056 5204	sbp2port - ok
07:27:55.0086 5204	SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
07:27:55.0116 5204	SCardSvr - ok
07:27:55.0156 5204	scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
07:27:55.0186 5204	scfilter - ok
07:27:55.0266 5204	Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
07:27:55.0316 5204	Schedule - ok
07:27:55.0356 5204	SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
07:27:55.0386 5204	SCPolicySvc - ok
07:27:55.0426 5204	SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
07:27:55.0446 5204	SDRSVC - ok
07:27:55.0486 5204	secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
07:27:55.0526 5204	secdrv - ok
07:27:55.0556 5204	seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
07:27:55.0596 5204	seclogon - ok
07:27:55.0656 5204	SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
07:27:55.0686 5204	SENS - ok
07:27:55.0706 5204	SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
07:27:55.0716 5204	SensrSvc - ok
07:27:55.0726 5204	Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
07:27:55.0746 5204	Serenum - ok
07:27:55.0756 5204	Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
07:27:55.0776 5204	Serial - ok
07:27:55.0796 5204	sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
07:27:55.0816 5204	sermouse - ok
07:27:55.0856 5204	SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
07:27:55.0886 5204	SessionEnv - ok
07:27:55.0906 5204	sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
07:27:55.0926 5204	sffdisk - ok
07:27:55.0946 5204	sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
07:27:55.0956 5204	sffp_mmc - ok
07:27:55.0976 5204	sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
07:27:55.0996 5204	sffp_sd - ok
07:27:56.0006 5204	sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
07:27:56.0016 5204	sfloppy - ok
07:27:56.0056 5204	SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
07:27:56.0096 5204	SharedAccess - ok
07:27:56.0146 5204	ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
07:27:56.0186 5204	ShellHWDetection - ok
07:27:56.0196 5204	SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
07:27:56.0206 5204	SiSRaid2 - ok
07:27:56.0226 5204	SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
07:27:56.0236 5204	SiSRaid4 - ok
07:27:56.0256 5204	Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
07:27:56.0296 5204	Smb - ok
07:27:56.0316 5204	SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
07:27:56.0336 5204	SNMPTRAP - ok
07:27:56.0406 5204	speedfan (5f9785e7535f8f602cb294a54962c9e7) C:\Windows\syswow64\speedfan.sys
07:27:56.0416 5204	speedfan - ok
07:27:56.0426 5204	spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
07:27:56.0436 5204	spldr - ok
07:27:56.0496 5204	Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
07:27:56.0536 5204	Spooler - ok
07:27:56.0776 5204	sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
07:27:56.0846 5204	sppsvc - ok
07:27:56.0916 5204	sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
07:27:56.0956 5204	sppuinotify - ok
07:27:57.0026 5204	sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
07:27:57.0026 5204	Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
07:27:57.0026 5204	sptd ( LockedFile.Multi.Generic ) - warning
07:27:57.0026 5204	sptd - detected LockedFile.Multi.Generic (1)
07:27:57.0076 5204	srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
07:27:57.0096 5204	srv - ok
07:27:57.0126 5204	srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
07:27:57.0146 5204	srv2 - ok
07:27:57.0166 5204	srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
07:27:57.0186 5204	srvnet - ok
07:27:57.0196 5204	SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
07:27:57.0236 5204	SSDPSRV - ok
07:27:57.0246 5204	SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
07:27:57.0286 5204	SstpSvc - ok
07:27:57.0316 5204	Steam Client Service - ok
07:27:57.0346 5204	stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
07:27:57.0356 5204	stexstor - ok
07:27:57.0416 5204	stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
07:27:57.0446 5204	stisvc - ok
07:27:57.0476 5204	storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
07:27:57.0486 5204	storflt - ok
07:27:57.0526 5204	storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
07:27:57.0536 5204	storvsc - ok
07:27:57.0566 5204	swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
07:27:57.0586 5204	swenum - ok
07:27:57.0666 5204	swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
07:27:57.0706 5204	swprv - ok
07:27:57.0716 5204	Synth3dVsc - ok
07:27:57.0826 5204	SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
07:27:57.0866 5204	SysMain - ok
07:27:57.0956 5204	TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
07:27:57.0976 5204	TabletInputService - ok
07:27:58.0036 5204	TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
07:27:58.0076 5204	TapiSrv - ok
07:27:58.0096 5204	TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
07:27:58.0126 5204	TBS - ok
07:27:58.0246 5204	Tcpip (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys
07:27:58.0286 5204	Tcpip - ok
07:27:58.0416 5204	TCPIP6 (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys
07:27:58.0446 5204	TCPIP6 - ok
07:27:58.0516 5204	tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
07:27:58.0546 5204	tcpipreg - ok
07:27:58.0566 5204	TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
07:27:58.0596 5204	TDPIPE - ok
07:27:58.0656 5204	TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
07:27:58.0686 5204	TDTCP - ok
07:27:58.0736 5204	tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
07:27:58.0766 5204	tdx - ok
07:27:58.0806 5204	TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
07:27:58.0816 5204	TermDD - ok
07:27:58.0896 5204	TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
07:27:58.0936 5204	TermService - ok
07:27:58.0946 5204	Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
07:27:58.0966 5204	Themes - ok
07:27:58.0986 5204	THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
07:27:59.0016 5204	THREADORDER - ok
07:27:59.0036 5204	TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
07:27:59.0076 5204	TrkWks - ok
07:27:59.0136 5204	TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
07:27:59.0166 5204	TrustedInstaller - ok
07:27:59.0206 5204	tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
07:27:59.0236 5204	tssecsrv - ok
07:27:59.0276 5204	TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
07:27:59.0286 5204	TsUsbFlt - ok
07:27:59.0286 5204	tsusbhub - ok
07:27:59.0336 5204	tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
07:27:59.0366 5204	tunnel - ok
07:27:59.0386 5204	uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
07:27:59.0396 5204	uagp35 - ok
07:27:59.0436 5204	udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
07:27:59.0466 5204	udfs - ok
07:27:59.0496 5204	UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
07:27:59.0506 5204	UI0Detect - ok
07:27:59.0526 5204	uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
07:27:59.0536 5204	uliagpkx - ok
07:27:59.0576 5204	umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
07:27:59.0586 5204	umbus - ok
07:27:59.0656 5204	UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
07:27:59.0666 5204	UmPass - ok
07:27:59.0716 5204	UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
07:27:59.0726 5204	UmRdpService - ok
07:27:59.0756 5204	upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
07:27:59.0796 5204	upnphost - ok
07:27:59.0826 5204	usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\drivers\usbccgp.sys
07:27:59.0846 5204	usbccgp - ok
07:27:59.0876 5204	usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
07:27:59.0886 5204	usbcir - ok
07:27:59.0926 5204	usbehci (74ee782b1d9c241efe425565854c661c) C:\Windows\system32\drivers\usbehci.sys
07:27:59.0946 5204	usbehci - ok
07:28:00.0176 5204	usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\drivers\usbhub.sys
07:28:00.0196 5204	usbhub - ok
07:28:00.0216 5204	usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
07:28:00.0236 5204	usbohci - ok
07:28:00.0246 5204	usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
07:28:00.0256 5204	usbprint - ok
07:28:00.0276 5204	usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
07:28:00.0296 5204	usbscan - ok
07:28:00.0326 5204	USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\DRIVERS\USBSTOR.SYS
07:28:00.0336 5204	USBSTOR - ok
07:28:00.0376 5204	usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys
07:28:00.0386 5204	usbuhci - ok
07:28:00.0396 5204	UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
07:28:00.0436 5204	UxSms - ok
07:28:00.0456 5204	VaultSvc (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
07:28:00.0476 5204	VaultSvc - ok
07:28:00.0486 5204	vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
07:28:00.0496 5204	vdrvroot - ok
07:28:00.0556 5204	vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
07:28:00.0596 5204	vds - ok
07:28:00.0656 5204	vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
07:28:00.0666 5204	vga - ok
07:28:00.0686 5204	VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
07:28:00.0716 5204	VgaSave - ok
07:28:00.0716 5204	VGPU - ok
07:28:00.0746 5204	vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
07:28:00.0756 5204	vhdmp - ok
07:28:00.0776 5204	viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
07:28:00.0786 5204	viaide - ok
07:28:00.0826 5204	vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
07:28:00.0836 5204	vmbus - ok
07:28:00.0876 5204	VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
07:28:00.0886 5204	VMBusHID - ok
07:28:00.0926 5204	volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
07:28:00.0936 5204	volmgr - ok
07:28:00.0996 5204	volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
07:28:01.0006 5204	volmgrx - ok
07:28:01.0036 5204	volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
07:28:01.0046 5204	volsnap - ok
07:28:01.0066 5204	vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
07:28:01.0076 5204	vsmraid - ok
07:28:01.0196 5204	VSPerfDrv100 (1928b9ca20f51bfbbad54d2c2c447b13) C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys
07:28:01.0206 5204	VSPerfDrv100 - ok
07:28:01.0336 5204	VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
07:28:01.0386 5204	VSS - ok
07:28:01.0466 5204	vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
07:28:01.0476 5204	vwifibus - ok
07:28:01.0506 5204	W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
07:28:01.0546 5204	W32Time - ok
07:28:01.0566 5204	WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
07:28:01.0586 5204	WacomPen - ok
07:28:01.0656 5204	WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
07:28:01.0686 5204	WANARP - ok
07:28:01.0696 5204	Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
07:28:01.0726 5204	Wanarpv6 - ok
07:28:01.0816 5204	WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
07:28:01.0846 5204	WatAdminSvc - ok
07:28:01.0936 5204	wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
07:28:01.0966 5204	wbengine - ok
07:28:02.0016 5204	WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
07:28:02.0046 5204	WbioSrvc - ok
07:28:02.0086 5204	wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
07:28:02.0116 5204	wcncsvc - ok
07:28:02.0126 5204	WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
07:28:02.0146 5204	WcsPlugInService - ok
07:28:02.0156 5204	Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
07:28:02.0166 5204	Wd - ok
07:28:02.0206 5204	Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
07:28:02.0226 5204	Wdf01000 - ok
07:28:02.0246 5204	WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
07:28:02.0266 5204	WdiServiceHost - ok
07:28:02.0276 5204	WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
07:28:02.0296 5204	WdiSystemHost - ok
07:28:02.0346 5204	WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
07:28:02.0366 5204	WebClient - ok
07:28:02.0386 5204	Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
07:28:02.0426 5204	Wecsvc - ok
07:28:02.0446 5204	wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
07:28:02.0486 5204	wercplsupport - ok
07:28:02.0496 5204	WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
07:28:02.0536 5204	WerSvc - ok
07:28:02.0546 5204	WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
07:28:02.0586 5204	WfpLwf - ok
07:28:02.0656 5204	WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
07:28:02.0666 5204	WIMMount - ok
07:28:02.0676 5204	WinDefend - ok
07:28:02.0676 5204	WinHttpAutoProxySvc - ok
07:28:02.0726 5204	Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
07:28:02.0756 5204	Winmgmt - ok
07:28:02.0886 5204	WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
07:28:02.0936 5204	WinRM - ok
07:28:03.0016 5204	WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
07:28:03.0036 5204	WinUsb - ok
07:28:03.0106 5204	Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
07:28:03.0136 5204	Wlansvc - ok
07:28:03.0296 5204	wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
07:28:03.0336 5204	wlidsvc - ok
07:28:03.0406 5204	WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
07:28:03.0416 5204	WmiAcpi - ok
07:28:03.0476 5204	wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
07:28:03.0496 5204	wmiApSrv - ok
07:28:03.0516 5204	WMPNetworkSvc - ok
07:28:03.0526 5204	WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
07:28:03.0546 5204	WPCSvc - ok
07:28:03.0576 5204	WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
07:28:03.0596 5204	WPDBusEnum - ok
07:28:03.0666 5204	ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
07:28:03.0706 5204	ws2ifsl - ok
07:28:03.0716 5204	wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
07:28:03.0736 5204	wscsvc - ok
07:28:03.0746 5204	WSearch - ok
07:28:03.0886 5204	wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
07:28:03.0936 5204	wuauserv - ok
07:28:04.0006 5204	WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
07:28:04.0036 5204	WudfPf - ok
07:28:04.0056 5204	WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
07:28:04.0086 5204	WUDFRd - ok
07:28:04.0126 5204	wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
07:28:04.0156 5204	wudfsvc - ok
07:28:04.0196 5204	WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
07:28:04.0216 5204	WwanSvc - ok
07:28:04.0236 5204	MBR (0x1B8) (4661f953f30d48fd76a9da73c4892179) \Device\Harddisk0\DR0
07:28:04.0706 5204	\Device\Harddisk0\DR0 ( TDSS File System ) - warning
07:28:04.0706 5204	\Device\Harddisk0\DR0 - detected TDSS File System (1)
07:28:04.0746 5204	Boot (0x1200) (b4f67d19b2b9cb025785cc00f8bccdfe) \Device\Harddisk0\DR0\Partition0
07:28:04.0746 5204	\Device\Harddisk0\DR0\Partition0 - ok
07:28:04.0766 5204	Boot (0x1200) (4d2cca53ef627626c7ad78ce199b81f7) \Device\Harddisk0\DR0\Partition1
07:28:04.0766 5204	\Device\Harddisk0\DR0\Partition1 - ok
07:28:04.0766 5204	============================================================
07:28:04.0766 5204	Scan finished
07:28:04.0766 5204	============================================================
07:28:04.0776 4336	Detected object count: 5
07:28:04.0776 4336	Actual detected object count: 5
07:28:16.0526 4336	CSHelper ( UnsignedFile.Multi.Generic ) - skipped by user
07:28:16.0526 4336	CSHelper ( UnsignedFile.Multi.Generic ) - User select action: Skip 
07:28:16.0526 4336	IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
07:28:16.0526 4336	IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
07:28:16.0526 4336	NILM License Manager ( UnsignedFile.Multi.Generic ) - skipped by user
07:28:16.0526 4336	NILM License Manager ( UnsignedFile.Multi.Generic ) - User select action: Skip 
07:28:16.0526 4336	sptd ( LockedFile.Multi.Generic ) - skipped by user
07:28:16.0526 4336	sptd ( LockedFile.Multi.Generic ) - User select action: Skip 
07:28:16.0526 4336	\Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
07:28:16.0526 4336	\Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip 
07:28:50.0385 5536	============================================================
07:28:50.0385 5536	Scan started
07:28:50.0385 5536	Mode: Manual; SigCheck; TDLFS; 
07:28:50.0385 5536	============================================================
07:28:51.0015 5536	!SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\a folder\Program Files\SuperAntiSpyware\SASCORE64.EXE
07:28:51.0025 5536	!SASCORE - ok
07:28:51.0075 5536	1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
07:28:51.0095 5536	1394ohci - ok
07:28:51.0175 5536	ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
07:28:51.0185 5536	ACPI - ok
07:28:51.0205 5536	AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
07:28:51.0225 5536	AcpiPmi - ok
07:28:51.0265 5536	adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
07:28:51.0285 5536	adp94xx - ok
07:28:51.0315 5536	adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
07:28:51.0325 5536	adpahci - ok
07:28:51.0345 5536	adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
07:28:51.0355 5536	adpu320 - ok
07:28:51.0385 5536	AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
07:28:51.0415 5536	AeLookupSvc - ok
07:28:51.0455 5536	AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
07:28:51.0475 5536	AFD - ok
07:28:51.0515 5536	agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
07:28:51.0525 5536	agp440 - ok
07:28:51.0535 5536	ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
07:28:51.0555 5536	ALG - ok
07:28:51.0565 5536	aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
07:28:51.0575 5536	aliide - ok
07:28:51.0675 5536	AMD External Events Utility (20c8a3e435a47f0408a1ea674afa6194) C:\Windows\system32\atiesrxx.exe
07:28:51.0695 5536	AMD External Events Utility - ok
07:28:51.0705 5536	amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
07:28:51.0715 5536	amdide - ok
07:28:51.0735 5536	AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
07:28:51.0745 5536	AmdK8 - ok
07:28:52.0285 5536	amdkmdag (0b45c18b0f3ee996d25baa4e74884b83) C:\Windows\system32\DRIVERS\atikmdag.sys
07:28:52.0405 5536	amdkmdag - ok
07:28:52.0525 5536	amdkmdap (0e57258e5cc4cc7a9a9a877afdf0cec6) C:\Windows\system32\DRIVERS\atikmpag.sys
07:28:52.0545 5536	amdkmdap - ok
07:28:52.0575 5536	AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
07:28:52.0585 5536	AmdPPM - ok
07:28:52.0665 5536	amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
07:28:52.0675 5536	amdsata - ok
07:28:52.0695 5536	amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
07:28:52.0705 5536	amdsbs - ok
07:28:52.0725 5536	amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
07:28:52.0735 5536	amdxata - ok
07:28:52.0775 5536	AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
07:28:52.0805 5536	AppID - ok
07:28:52.0825 5536	AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
07:28:52.0865 5536	AppIDSvc - ok
07:28:52.0895 5536	Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
07:28:52.0925 5536	Appinfo - ok
07:28:52.0965 5536	AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
07:28:52.0975 5536	AppMgmt - ok
07:28:52.0995 5536	arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
07:28:53.0005 5536	arc - ok
07:28:53.0015 5536	arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
07:28:53.0035 5536	arcsas - ok
07:28:53.0135 5536	aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
07:28:53.0145 5536	aspnet_state - ok
07:28:53.0155 5536	AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
07:28:53.0185 5536	AsyncMac - ok
07:28:53.0215 5536	atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
07:28:53.0235 5536	atapi - ok
07:28:53.0285 5536	AtiHDAudioService (24464b908e143d2561e9e452fee97309) C:\Windows\system32\drivers\AtihdW76.sys
07:28:53.0295 5536	AtiHDAudioService - ok
07:28:53.0315 5536	AtiHdmiService (2d648572ba9a610952fcafba1e119c2d) C:\Windows\system32\drivers\AtiHdmi.sys
07:28:53.0325 5536	AtiHdmiService - ok
07:28:53.0905 5536	atikmdag (0b45c18b0f3ee996d25baa4e74884b83) C:\Windows\system32\DRIVERS\atikmdag.sys
07:28:54.0025 5536	atikmdag - ok
07:28:54.0145 5536	atksgt (64f07381335e37c142f6d176705ffca6) C:\Windows\system32\DRIVERS\atksgt.sys
07:28:54.0155 5536	atksgt - ok
07:28:54.0215 5536	AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
07:28:54.0255 5536	AudioEndpointBuilder - ok
07:28:54.0255 5536	AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
07:28:54.0295 5536	AudioSrv - ok
07:28:54.0365 5536	AVP (2718dc27571bd1e37813f5759d2dc118) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
07:28:54.0375 5536	AVP - ok
07:28:54.0415 5536	AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
07:28:54.0435 5536	AxInstSV - ok
07:28:54.0475 5536	b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
07:28:54.0485 5536	b06bdrv - ok
07:28:54.0525 5536	b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
07:28:54.0545 5536	b57nd60a - ok
07:28:54.0565 5536	BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
07:28:54.0585 5536	BDESVC - ok
07:28:54.0645 5536	Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
07:28:54.0685 5536	Beep - ok
07:28:54.0745 5536	BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
07:28:54.0785 5536	BFE - ok
07:28:54.0835 5536	BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
07:28:54.0875 5536	BITS - ok
07:28:54.0895 5536	blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
07:28:54.0905 5536	blbdrive - ok
07:28:54.0945 5536	bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
07:28:54.0955 5536	bowser - ok
07:28:54.0965 5536	BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
07:28:54.0975 5536	BrFiltLo - ok
07:28:54.0995 5536	BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
07:28:55.0015 5536	BrFiltUp - ok
07:28:55.0045 5536	Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
07:28:55.0085 5536	Browser - ok
07:28:55.0115 5536	Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
07:28:55.0125 5536	Brserid - ok
07:28:55.0145 5536	BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
07:28:55.0155 5536	BrSerWdm - ok
07:28:55.0175 5536	BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
07:28:55.0185 5536	BrUsbMdm - ok
07:28:55.0195 5536	BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
07:28:55.0215 5536	BrUsbSer - ok
07:28:55.0235 5536	BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
07:28:55.0245 5536	BTHMODEM - ok
07:28:55.0275 5536	bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
07:28:55.0305 5536	bthserv - ok
07:28:55.0325 5536	cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
07:28:55.0355 5536	cdfs - ok
07:28:55.0375 5536	cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
07:28:55.0395 5536	cdrom - ok
07:28:55.0425 5536	CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
07:28:55.0455 5536	CertPropSvc - ok
07:28:55.0475 5536	circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
07:28:55.0485 5536	circlass - ok
07:28:55.0515 5536	CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
07:28:55.0535 5536	CLFS - ok
07:28:55.0645 5536	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
07:28:55.0655 5536	clr_optimization_v2.0.50727_32 - ok
07:28:55.0705 5536	clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
07:28:55.0715 5536	clr_optimization_v2.0.50727_64 - ok
07:28:55.0785 5536	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
07:28:55.0795 5536	clr_optimization_v4.0.30319_32 - ok
07:28:55.0825 5536	clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
07:28:55.0835 5536	clr_optimization_v4.0.30319_64 - ok
07:28:55.0845 5536	CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
07:28:55.0865 5536	CmBatt - ok
07:28:55.0895 5536	cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
07:28:55.0905 5536	cmdide - ok
07:28:55.0975 5536	CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
07:28:55.0995 5536	CNG - ok
07:28:56.0005 5536	Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
07:28:56.0015 5536	Compbatt - ok
07:28:56.0035 5536	CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
07:28:56.0055 5536	CompositeBus - ok
07:28:56.0055 5536	COMSysApp - ok
07:28:56.0065 5536	crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
07:28:56.0075 5536	crcdisk - ok
07:28:56.0125 5536	CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
07:28:56.0155 5536	CryptSvc - ok
07:28:56.0405 5536	CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
07:28:56.0425 5536	CSC - ok
07:28:56.0505 5536	CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
07:28:56.0525 5536	CscService - ok
07:28:56.0655 5536	CSHelper (aefb8558199bd5212b268b09bfa1d71a) C:\Windows\SysWOW64\CSHelper.exe
07:28:56.0665 5536	CSHelper ( UnsignedFile.Multi.Generic ) - warning
07:28:56.0665 5536	CSHelper - detected UnsignedFile.Multi.Generic (1)
07:28:56.0755 5536	DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
07:28:56.0795 5536	DcomLaunch - ok
07:28:56.0825 5536	defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
07:28:56.0855 5536	defragsvc - ok
07:28:56.0895 5536	DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
07:28:56.0935 5536	DfsC - ok
07:28:56.0965 5536	Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
07:28:56.0995 5536	Dhcp - ok
07:28:57.0005 5536	discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
07:28:57.0045 5536	discache - ok
07:28:57.0055 5536	Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
07:28:57.0065 5536	Disk - ok
07:28:57.0105 5536	Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
07:28:57.0125 5536	Dnscache - ok
07:28:57.0165 5536	dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
07:28:57.0195 5536	dot3svc - ok
07:28:57.0235 5536	DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
07:28:57.0275 5536	DPS - ok
07:28:57.0295 5536	drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
07:28:57.0305 5536	drmkaud - ok
07:28:57.0365 5536	DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
07:28:57.0385 5536	DXGKrnl - ok
07:28:57.0415 5536	EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
07:28:57.0445 5536	EapHost - ok
07:28:57.0685 5536	ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
07:28:57.0725 5536	ebdrv - ok
07:28:57.0805 5536	EFS (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\System32\lsass.exe
07:28:57.0825 5536	EFS - ok
07:28:57.0915 5536	ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
07:28:57.0935 5536	ehRecvr - ok
07:28:57.0955 5536	ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
07:28:57.0975 5536	ehSched - ok
07:28:58.0025 5536	elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
07:28:58.0045 5536	elxstor - ok
07:28:58.0075 5536	ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
07:28:58.0095 5536	ErrDev - ok
07:28:58.0135 5536	EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
07:28:58.0165 5536	EventSystem - ok
07:28:58.0195 5536	exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
07:28:58.0225 5536	exfat - ok
07:28:58.0255 5536	fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
07:28:58.0285 5536	fastfat - ok
07:28:58.0345 5536	Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
07:28:58.0365 5536	Fax - ok
07:28:58.0385 5536	fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
07:28:58.0395 5536	fdc - ok
07:28:58.0405 5536	fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
07:28:58.0435 5536	fdPHost - ok
07:28:58.0445 5536	FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
07:28:58.0485 5536	FDResPub - ok
07:28:58.0495 5536	FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
07:28:58.0505 5536	FileInfo - ok
07:28:58.0515 5536	Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
07:28:58.0555 5536	Filetrace - ok
07:28:58.0565 5536	flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
07:28:58.0575 5536	flpydisk - ok
07:28:58.0675 5536	FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
07:28:58.0695 5536	FltMgr - ok
07:28:58.0785 5536	FontCache (b4447f606bb19fd8ad0bafb59b90f5d9) C:\Windows\system32\FntCache.dll
07:28:58.0835 5536	FontCache - ok
07:28:58.0915 5536	FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
07:28:58.0925 5536	FontCache3.0.0.0 - ok
07:28:58.0965 5536	FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
07:28:58.0975 5536	FsDepends - ok
07:28:58.0985 5536	Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
07:28:58.0995 5536	Fs_Rec - ok
07:28:59.0035 5536	fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
07:28:59.0055 5536	fvevol - ok
07:28:59.0065 5536	gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
07:28:59.0075 5536	gagp30kx - ok
07:28:59.0095 5536	gdrv (f51fb25e1328fa14f446a8b24ac52709) C:\Windows\gdrv.sys
07:28:59.0105 5536	gdrv - ok
07:28:59.0125 5536	GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
07:28:59.0135 5536	GEARAspiWDM - ok
07:28:59.0185 5536	gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
07:28:59.0225 5536	gpsvc - ok
07:28:59.0295 5536	gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
07:28:59.0305 5536	gupdate - ok
07:28:59.0315 5536	gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
07:28:59.0325 5536	gupdatem - ok
07:28:59.0335 5536	hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
07:28:59.0345 5536	hcw85cir - ok
07:28:59.0395 5536	HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
07:28:59.0415 5536	HdAudAddService - ok
07:28:59.0445 5536	HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
07:28:59.0465 5536	HDAudBus - ok
07:28:59.0475 5536	HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
07:28:59.0495 5536	HidBatt - ok
07:28:59.0505 5536	HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
07:28:59.0515 5536	HidBth - ok
07:28:59.0545 5536	HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
07:28:59.0555 5536	HidIr - ok
07:28:59.0575 5536	hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
07:28:59.0615 5536	hidserv - ok
07:28:59.0675 5536	HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
07:28:59.0685 5536	HidUsb - ok
07:28:59.0725 5536	hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
07:28:59.0755 5536	hkmsvc - ok
07:28:59.0805 5536	HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
07:28:59.0825 5536	HomeGroupListener - ok
07:28:59.0865 5536	HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
07:28:59.0875 5536	HomeGroupProvider - ok
07:28:59.0905 5536	HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
07:28:59.0925 5536	HpSAMD - ok
07:29:00.0005 5536	HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
07:29:00.0045 5536	HTTP - ok
07:29:00.0075 5536	hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
07:29:00.0085 5536	hwpolicy - ok
07:29:00.0125 5536	i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
07:29:00.0135 5536	i8042prt - ok
07:29:00.0165 5536	iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
07:29:00.0185 5536	iaStorV - ok
07:29:00.0275 5536	IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
07:29:00.0275 5536	IDriverT ( UnsignedFile.Multi.Generic ) - warning
07:29:00.0275 5536	IDriverT - detected UnsignedFile.Multi.Generic (1)
07:29:00.0365 5536	idsvc  (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
07:29:00.0385 5536	idsvc - ok
07:29:00.0465 5536	iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
07:29:00.0475 5536	iirsp - ok
07:29:00.0545 5536	IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
07:29:00.0585 5536	IKEEXT - ok
07:29:00.0735 5536	IntcAzAudAddService (b1cf774c00a5d466277fe0b45439c643) C:\Windows\system32\drivers\RTKVHD64.sys
07:29:00.0765 5536	IntcAzAudAddService - ok
07:29:00.0855 5536	intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
07:29:00.0865 5536	intelide - ok
07:29:00.0875 5536	intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
07:29:00.0895 5536	intelppm - ok
07:29:00.0915 5536	IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
07:29:00.0955 5536	IPBusEnum - ok
07:29:00.0995 5536	IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
07:29:01.0025 5536	IpFilterDriver - ok
07:29:01.0085 5536	iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
07:29:01.0115 5536	iphlpsvc - ok
07:29:01.0155 5536	IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
07:29:01.0165 5536	IPMIDRV - ok
07:29:01.0195 5536	IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
07:29:01.0235 5536	IPNAT - ok
07:29:01.0295 5536	iPod Service (dc115bd67a913f71a77c7c72c1e64c0a) C:\Program Files\iPod\bin\iPodService.exe
07:29:01.0315 5536	iPod Service - ok
07:29:01.0335 5536	IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
07:29:01.0345 5536	IRENUM - ok
07:29:01.0385 5536	isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
07:29:01.0395 5536	isapnp - ok
07:29:01.0645 5536	iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
07:29:01.0665 5536	iScsiPrt - ok
07:29:01.0675 5536	kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
07:29:01.0685 5536	kbdclass - ok
07:29:01.0715 5536	kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
07:29:01.0725 5536	kbdhid - ok
07:29:01.0745 5536	KeyIso (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
07:29:01.0755 5536	KeyIso - ok
07:29:01.0805 5536	KL1 (e656fe10d6d27794afa08136685a69e8) C:\Windows\system32\DRIVERS\kl1.sys
07:29:01.0825 5536	KL1 - ok
07:29:01.0835 5536	kl2 (d865dd8b0448e3f963d68c04c532858f) C:\Windows\system32\DRIVERS\kl2.sys
07:29:01.0845 5536	kl2 - ok
07:29:01.0885 5536	KLIF (c7d4f357c482dd37e2b05f34093b7b0c) C:\Windows\system32\DRIVERS\klif.sys
07:29:01.0905 5536	KLIF - ok
07:29:01.0925 5536	KLIM6 (89fb5a33d7171b6d84f5eb721d5055e1) C:\Windows\system32\DRIVERS\klim6.sys
07:29:01.0935 5536	KLIM6 - ok
07:29:01.0935 5536	klmouflt (9468d07e91ba136d82415f5dfc1fe168) C:\Windows\system32\DRIVERS\klmouflt.sys
07:29:01.0945 5536	klmouflt - ok
07:29:01.0985 5536	KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
07:29:01.0995 5536	KSecDD - ok
07:29:02.0035 5536	KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
07:29:02.0055 5536	KSecPkg - ok
07:29:02.0065 5536	ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
07:29:02.0095 5536	ksthunk - ok
07:29:02.0125 5536	KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
07:29:02.0155 5536	KtmRm - ok
07:29:02.0195 5536	LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
07:29:02.0235 5536	LanmanServer - ok
07:29:02.0265 5536	LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
07:29:02.0305 5536	LanmanWorkstation - ok
07:29:02.0325 5536	lirsgt (83ba097acaad0b00505634a62d90f93a) C:\Windows\system32\DRIVERS\lirsgt.sys
07:29:02.0335 5536	lirsgt - ok
07:29:02.0445 5536	LkCitadelServer (20cdb07017497c94a0bad253c4bafcbc) C:\Windows\SysWOW64\lkcitdl.exe
07:29:02.0465 5536	LkCitadelServer - ok
07:29:02.0495 5536	lkClassAds (c373079f8d6a3543faadb96c874cf06b) C:\Windows\SysWOW64\lkads.exe
07:29:02.0495 5536	lkClassAds - ok
07:29:02.0515 5536	lkTimeSync (ed1c2f1b9b7dedee5c6287211ac4422e) C:\Windows\SysWOW64\lktsrv.exe
07:29:02.0525 5536	lkTimeSync - ok
07:29:02.0645 5536	lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
07:29:02.0685 5536	lltdio - ok
07:29:02.0705 5536	lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
07:29:02.0745 5536	lltdsvc - ok
07:29:02.0755 5536	lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
07:29:02.0795 5536	lmhosts - ok
07:29:02.0805 5536	lmimirr (413ecdcfad9a82804d3674c8d7eec24e) C:\Windows\system32\DRIVERS\lmimirr.sys
07:29:02.0815 5536	lmimirr - ok
07:29:02.0825 5536	LMIRfsDriver (c57d3faa50e6f395759ffb7c709bd944) C:\Windows\system32\drivers\LMIRfsDriver.sys
07:29:02.0835 5536	LMIRfsDriver - ok
07:29:02.0865 5536	LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
07:29:02.0875 5536	LSI_FC - ok
07:29:02.0885 5536	LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
07:29:02.0895 5536	LSI_SAS - ok
07:29:02.0915 5536	LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
07:29:02.0935 5536	LSI_SAS2 - ok
07:29:02.0945 5536	LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
07:29:02.0955 5536	LSI_SCSI - ok
07:29:02.0965 5536	luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
07:29:03.0005 5536	luafv - ok
07:29:03.0025 5536	MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
07:29:03.0025 5536	MBAMProtector - ok
07:29:03.0125 5536	MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\a folder\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
07:29:03.0145 5536	MBAMService - ok
07:29:03.0155 5536	mcdbus (dd7376c4154a4b65962c47f21850bdad) C:\Windows\system32\DRIVERS\mcdbus.sys
07:29:03.0175 5536	mcdbus - ok
07:29:03.0205 5536	Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
07:29:03.0215 5536	Mcx2Svc - ok
07:29:03.0235 5536	megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
07:29:03.0245 5536	megasas - ok
07:29:03.0265 5536	MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
07:29:03.0285 5536	MegaSR - ok
07:29:03.0325 5536	Microsoft Office Groove Audit Service (7c4c76b39d5525c4a465e0be32528e19) C:\a folder\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
07:29:03.0335 5536	Microsoft Office Groove Audit Service - ok
07:29:03.0365 5536	MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
07:29:03.0405 5536	MMCSS - ok
07:29:03.0415 5536	Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
07:29:03.0455 5536	Modem - ok
07:29:03.0475 5536	monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
07:29:03.0485 5536	monitor - ok
07:29:03.0515 5536	mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
07:29:03.0525 5536	mouclass - ok
07:29:03.0545 5536	mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
07:29:03.0555 5536	mouhid - ok
07:29:03.0655 5536	mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
07:29:03.0665 5536	mountmgr - ok
07:29:03.0735 5536	MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
07:29:03.0745 5536	MozillaMaintenance - ok
07:29:03.0775 5536	mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
07:29:03.0785 5536	mpio - ok
07:29:03.0805 5536	mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
07:29:03.0835 5536	mpsdrv - ok
07:29:03.0915 5536	MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
07:29:03.0955 5536	MpsSvc - ok
07:29:04.0005 5536	MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
07:29:04.0025 5536	MRxDAV - ok
07:29:04.0055 5536	mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
07:29:04.0065 5536	mrxsmb - ok
07:29:04.0105 5536	mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
07:29:04.0115 5536	mrxsmb10 - ok
07:29:04.0135 5536	mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
07:29:04.0145 5536	mrxsmb20 - ok
07:29:04.0155 5536	msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
07:29:04.0175 5536	msahci - ok
07:29:04.0195 5536	msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
07:29:04.0205 5536	msdsm - ok
07:29:04.0235 5536	MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
07:29:04.0255 5536	MSDTC - ok
07:29:04.0265 5536	Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
07:29:04.0305 5536	Msfs - ok
07:29:04.0315 5536	mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
07:29:04.0345 5536	mshidkmdf - ok
07:29:04.0365 5536	msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
07:29:04.0375 5536	msisadrv - ok
07:29:04.0405 5536	MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
07:29:04.0435 5536	MSiSCSI - ok
07:29:04.0445 5536	msiserver - ok
07:29:04.0455 5536	MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
07:29:04.0485 5536	MSKSSRV - ok
07:29:04.0495 5536	MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
07:29:04.0525 5536	MSPCLOCK - ok
07:29:04.0545 5536	MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
07:29:04.0575 5536	MSPQM - ok
07:29:04.0685 5536	MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
07:29:04.0705 5536	MsRPC - ok
07:29:04.0735 5536	mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
07:29:04.0745 5536	mssmbios - ok
07:29:04.0755 5536	MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
07:29:04.0795 5536	MSTEE - ok
07:29:04.0805 5536	MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
07:29:04.0815 5536	MTConfig - ok
07:29:04.0835 5536	Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
07:29:04.0845 5536	Mup - ok
07:29:04.0875 5536	napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
07:29:04.0915 5536	napagent - ok
07:29:04.0945 5536	NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
07:29:04.0965 5536	NativeWifiP - ok
07:29:05.0015 5536	NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
07:29:05.0045 5536	NDIS - ok
07:29:05.0055 5536	NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
07:29:05.0095 5536	NdisCap - ok
07:29:05.0105 5536	NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
07:29:05.0135 5536	NdisTapi - ok
07:29:05.0175 5536	Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
07:29:05.0205 5536	Ndisuio - ok
07:29:05.0245 5536	NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
07:29:05.0275 5536	NdisWan - ok
07:29:05.0325 5536	NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
07:29:05.0355 5536	NDProxy - ok
07:29:05.0365 5536	NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
07:29:05.0395 5536	NetBIOS - ok
07:29:05.0415 5536	NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
07:29:05.0445 5536	NetBT - ok
07:29:05.0475 5536	Netlogon (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
07:29:05.0485 5536	Netlogon - ok
07:29:05.0525 5536	Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
07:29:05.0565 5536	Netman - ok
07:29:05.0705 5536	NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
07:29:05.0715 5536	NetMsmqActivator - ok
07:29:05.0725 5536	NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
07:29:05.0735 5536	NetPipeActivator - ok
07:29:05.0765 5536	netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
07:29:05.0805 5536	netprofm - ok
07:29:05.0805 5536	NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
07:29:05.0815 5536	NetTcpActivator - ok
07:29:05.0815 5536	NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
07:29:05.0825 5536	NetTcpPortSharing - ok
07:29:05.0865 5536	nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
07:29:05.0875 5536	nfrd960 - ok
07:29:05.0985 5536	NIDomainService (a36307747e7bb2dc015f9fe4350a4a08) C:\a folder\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
07:29:05.0995 5536	NIDomainService - ok
07:29:06.0115 5536	NILM License Manager (b17093b9a2c5f874975c732c1a8ba771) C:\a folder\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe
07:29:06.0125 5536	NILM License Manager ( UnsignedFile.Multi.Generic ) - warning
07:29:06.0125 5536	NILM License Manager - detected UnsignedFile.Multi.Generic (1)
07:29:06.0195 5536	niSvcLoc - ok
07:29:06.0275 5536	NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
07:29:06.0305 5536	NlaSvc - ok
07:29:06.0325 5536	Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
07:29:06.0365 5536	Npfs - ok
07:29:06.0395 5536	nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
07:29:06.0435 5536	nsi - ok
07:29:06.0435 5536	nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
07:29:06.0475 5536	nsiproxy - ok
07:29:06.0665 5536	Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
07:29:06.0705 5536	Ntfs - ok
07:29:06.0735 5536	Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
07:29:06.0765 5536	Null - ok
07:29:06.0795 5536	nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
07:29:06.0815 5536	nvraid - ok
07:29:06.0835 5536	nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
07:29:06.0845 5536	nvstor - ok
07:29:06.0885 5536	nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
07:29:06.0895 5536	nv_agp - ok
07:29:07.0075 5536	O&O Defrag (6ff0f6c590e92ff1dc559b3b1b3b1b11) C:\a folder\Program Files\OO Software\Defrag\oodag.exe
07:29:07.0105 5536	O&O Defrag - ok
07:29:07.0205 5536	odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
07:29:07.0215 5536	odserv - ok
07:29:07.0325 5536	ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
07:29:07.0335 5536	ohci1394 - ok
07:29:07.0365 5536	ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
07:29:07.0375 5536	ose - ok
07:29:07.0425 5536	p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
07:29:07.0435 5536	p2pimsvc - ok
07:29:07.0465 5536	p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
07:29:07.0485 5536	p2psvc - ok
07:29:07.0505 5536	Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
07:29:07.0525 5536	Parport - ok
07:29:07.0555 5536	partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
07:29:07.0565 5536	partmgr - ok
07:29:07.0645 5536	PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
07:29:07.0665 5536	PcaSvc - ok
07:29:07.0715 5536	pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
07:29:07.0725 5536	pci - ok
07:29:07.0735 5536	pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
07:29:07.0745 5536	pciide - ok
07:29:07.0765 5536	pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
07:29:07.0785 5536	pcmcia - ok
07:29:07.0795 5536	pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
07:29:07.0815 5536	pcw - ok
07:29:07.0845 5536	PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
07:29:07.0885 5536	PEAUTH - ok
07:29:07.0975 5536	PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
07:29:08.0005 5536	PeerDistSvc - ok
07:29:08.0075 5536	PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
07:29:08.0085 5536	PerfHost - ok
07:29:08.0235 5536	pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
07:29:08.0285 5536	pla - ok
07:29:08.0315 5536	PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
07:29:08.0335 5536	PlugPlay - ok
07:29:08.0345 5536	PnkBstrA - ok
07:29:08.0365 5536	PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
07:29:08.0385 5536	PNRPAutoReg - ok
07:29:08.0405 5536	PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
07:29:08.0425 5536	PNRPsvc - ok
07:29:08.0475 5536	PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
07:29:08.0515 5536	PolicyAgent - ok
07:29:08.0545 5536	Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
07:29:08.0575 5536	Power - ok
07:29:08.0685 5536	PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
07:29:08.0725 5536	PptpMiniport - ok
07:29:08.0745 5536	Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
07:29:08.0755 5536	Processor - ok
07:29:08.0785 5536	ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
07:29:08.0815 5536	ProfSvc - ok
07:29:08.0835 5536	ProtectedStorage (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
07:29:08.0855 5536	ProtectedStorage - ok
07:29:08.0895 5536	Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
07:29:08.0925 5536	Psched - ok
07:29:09.0015 5536	ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
07:29:09.0045 5536	ql2300 - ok
07:29:09.0105 5536	ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
07:29:09.0125 5536	ql40xx - ok
07:29:09.0145 5536	QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
07:29:09.0165 5536	QWAVE - ok
07:29:09.0185 5536	QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
07:29:09.0205 5536	QWAVEdrv - ok
07:29:09.0215 5536	RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
07:29:09.0245 5536	RasAcd - ok
07:29:09.0275 5536	RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
07:29:09.0305 5536	RasAgileVpn - ok
07:29:09.0335 5536	RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
07:29:09.0375 5536	RasAuto - ok
07:29:09.0415 5536	Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
07:29:09.0445 5536	Rasl2tp - ok
07:29:09.0485 5536	RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
07:29:09.0525 5536	RasMan - ok
07:29:09.0545 5536	RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
07:29:09.0575 5536	RasPppoe - ok
07:29:09.0645 5536	RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
07:29:09.0685 5536	RasSstp - ok
07:29:09.0735 5536	rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
07:29:09.0765 5536	rdbss - ok
07:29:09.0795 5536	RDID1053 (d22bd2c64e750013d23f97a50d183758) C:\Windows\system32\Drivers\rdwm1053.sys
07:29:09.0805 5536	RDID1053 - ok
07:29:09.0815 5536	rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
07:29:09.0825 5536	rdpbus - ok
07:29:09.0835 5536	RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
07:29:09.0865 5536	RDPCDD - ok
07:29:09.0915 5536	RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
07:29:09.0925 5536	RDPDR - ok
07:29:09.0935 5536	RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
07:29:09.0975 5536	RDPENCDD - ok
07:29:09.0985 5536	RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
07:29:10.0015 5536	RDPREFMP - ok
07:29:10.0055 5536	RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
07:29:10.0065 5536	RdpVideoMiniport - ok
07:29:10.0105 5536	RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
07:29:10.0145 5536	RDPWD - ok
07:29:10.0175 5536	rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
07:29:10.0195 5536	rdyboost - ok
07:29:10.0215 5536	RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
07:29:10.0255 5536	RemoteAccess - ok
07:29:10.0275 5536	RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
07:29:10.0305 5536	RemoteRegistry - ok
07:29:10.0325 5536	RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
07:29:10.0355 5536	RpcEptMapper - ok
07:29:10.0385 5536	RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
07:29:10.0395 5536	RpcLocator - ok
07:29:10.0445 5536	RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
07:29:10.0485 5536	RpcSs - ok
07:29:10.0505 5536	rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
07:29:10.0535 5536	rspndr - ok
07:29:10.0555 5536	RTL8169 (faeeed5a8949e6ba611a7b738ad28cee) C:\Windows\system32\DRIVERS\Rtlh64.sys
07:29:10.0575 5536	RTL8169 - ok
07:29:10.0695 5536	s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
07:29:10.0705 5536	s3cap - ok
07:29:10.0755 5536	SamSs (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
07:29:10.0775 5536	SamSs - ok
07:29:10.0845 5536	SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\a folder\Program Files\SuperAntiSpyware\SASDIFSV64.SYS
07:29:10.0855 5536	SASDIFSV - ok
07:29:10.0865 5536	SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\a folder\Program Files\SuperAntiSpyware\SASKUTIL64.SYS
07:29:10.0875 5536	SASKUTIL - ok
07:29:10.0905 5536	sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
07:29:10.0925 5536	sbp2port - ok
07:29:10.0945 5536	SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
07:29:10.0985 5536	SCardSvr - ok
07:29:11.0015 5536	scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
07:29:11.0055 5536	scfilter - ok
07:29:11.0135 5536	Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
07:29:11.0185 5536	Schedule - ok
07:29:11.0215 5536	SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
07:29:11.0255 5536	SCPolicySvc - ok
07:29:11.0295 5536	SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
07:29:11.0315 5536	SDRSVC - ok
07:29:11.0355 5536	secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
07:29:11.0385 5536	secdrv - ok
07:29:11.0425 5536	seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
07:29:11.0455 5536	seclogon - ok
07:29:11.0475 5536	SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
07:29:11.0515 5536	SENS - ok
07:29:11.0525 5536	SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
07:29:11.0545 5536	SensrSvc - ok
07:29:11.0555 5536	Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
07:29:11.0565 5536	Serenum - ok
07:29:11.0585 5536	Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
07:29:11.0595 5536	Serial - ok
07:29:11.0685 5536	sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
07:29:11.0695 5536	sermouse - ok
07:29:11.0895 5536	SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
07:29:11.0925 5536	SessionEnv - ok
07:29:11.0945 5536	sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
07:29:11.0965 5536	sffdisk - ok
07:29:11.0985 5536	sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
07:29:11.0995 5536	sffp_mmc - ok
07:29:12.0025 5536	sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
07:29:12.0035 5536	sffp_sd - ok
07:29:12.0055 5536	sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
07:29:12.0065 5536	sfloppy - ok
07:29:12.0115 5536	SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
07:29:12.0155 5536	SharedAccess - ok
07:29:12.0195 5536	ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
07:29:12.0235 5536	ShellHWDetection - ok
07:29:12.0245 5536	SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
07:29:12.0255 5536	SiSRaid2 - ok
07:29:12.0275 5536	SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
07:29:12.0285 5536	SiSRaid4 - ok
07:29:12.0305 5536	Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
07:29:12.0335 5536	Smb - ok
07:29:12.0355 5536	SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
07:29:12.0375 5536	SNMPTRAP - ok
07:29:12.0445 5536	speedfan (5f9785e7535f8f602cb294a54962c9e7) C:\Windows\syswow64\speedfan.sys
07:29:12.0455 5536	speedfan - ok
07:29:12.0465 5536	spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
07:29:12.0475 5536	spldr - ok
07:29:12.0535 5536	Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
07:29:12.0575 5536	Spooler - ok
07:29:12.0825 5536	sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
07:29:12.0895 5536	sppsvc - ok
07:29:12.0955 5536	sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
07:29:12.0995 5536	sppuinotify - ok
07:29:13.0055 5536	sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
07:29:13.0055 5536	Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
07:29:13.0055 5536	sptd ( LockedFile.Multi.Generic ) - warning
07:29:13.0055 5536	sptd - detected LockedFile.Multi.Generic (1)
07:29:13.0095 5536	srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
07:29:13.0115 5536	srv - ok
07:29:13.0155 5536	srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
07:29:13.0175 5536	srv2 - ok
07:29:13.0195 5536	srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
07:29:13.0205 5536	srvnet - ok
07:29:13.0225 5536	SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
07:29:13.0255 5536	SSDPSRV - ok
07:29:13.0265 5536	SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
07:29:13.0305 5536	SstpSvc - ok
07:29:13.0345 5536	Steam Client Service - ok
07:29:13.0365 5536	stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
07:29:13.0375 5536	stexstor - ok
07:29:13.0435 5536	stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
07:29:13.0465 5536	stisvc - ok
07:29:13.0495 5536	storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
07:29:13.0515 5536	storflt - ok
07:29:13.0545 5536	storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
07:29:13.0555 5536	storvsc - ok
07:29:13.0665 5536	swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
07:29:13.0675 5536	swenum - ok
07:29:13.0715 5536	swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
07:29:13.0755 5536	swprv - ok
07:29:13.0755 5536	Synth3dVsc - ok
07:29:13.0875 5536	SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
07:29:13.0905 5536	SysMain - ok
07:29:14.0005 5536	TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
07:29:14.0025 5536	TabletInputService - ok
07:29:14.0065 5536	TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
07:29:14.0105 5536	TapiSrv - ok
07:29:14.0125 5536	TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
07:29:14.0165 5536	TBS - ok
07:29:14.0285 5536	Tcpip (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys
07:29:14.0315 5536	Tcpip - ok
07:29:14.0445 5536	TCPIP6 (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys
07:29:14.0485 5536	TCPIP6 - ok
07:29:14.0545 5536	tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
07:29:14.0575 5536	tcpipreg - ok
07:29:14.0665 5536	TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
07:29:14.0695 5536	TDPIPE - ok
07:29:14.0715 5536	TDTCP  (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
07:29:14.0745 5536	TDTCP - ok
07:29:14.0785 5536	tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
07:29:14.0815 5536	tdx - ok
07:29:14.0855 5536	TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
07:29:14.0865 5536	TermDD - ok
07:29:14.0945 5536	TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
07:29:14.0985 5536	TermService - ok
07:29:14.0995 5536	Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
07:29:15.0015 5536	Themes - ok
07:29:15.0035 5536	THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
07:29:15.0065 5536	THREADORDER - ok
07:29:15.0085 5536	TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
07:29:15.0125 5536	TrkWks - ok
07:29:15.0185 5536	TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
07:29:15.0215 5536	TrustedInstaller - ok
07:29:15.0255 5536	tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
07:29:15.0285 5536	tssecsrv - ok
07:29:15.0315 5536	TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
07:29:15.0335 5536	TsUsbFlt - ok
07:29:15.0335 5536	tsusbhub - ok
07:29:15.0375 5536	tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
07:29:15.0415 5536	tunnel - ok
07:29:15.0435 5536	uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
07:29:15.0445 5536	uagp35 - ok
07:29:15.0485 5536	udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
07:29:15.0515 5536	udfs - ok
07:29:15.0545 5536	UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
07:29:15.0555 5536	UI0Detect - ok
07:29:15.0575 5536	uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
07:29:15.0585 5536	uliagpkx - ok
07:29:15.0675 5536	umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
07:29:15.0685 5536	umbus - ok
07:29:15.0695 5536	UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
07:29:15.0715 5536	UmPass - ok
07:29:15.0755 5536	UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
07:29:15.0765 5536	UmRdpService - ok
07:29:15.0795 5536	upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
07:29:15.0835 5536	upnphost - ok
07:29:15.0865 5536	usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\drivers\usbccgp.sys
07:29:15.0885 5536	usbccgp - ok
07:29:15.0915 5536	usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
07:29:15.0925 5536	usbcir - ok
07:29:15.0965 5536	usbehci (74ee782b1d9c241efe425565854c661c) C:\Windows\system32\drivers\usbehci.sys
07:29:15.0985 5536	usbehci - ok
07:29:16.0035 5536	usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\drivers\usbhub.sys
07:29:16.0045 5536	usbhub - ok
07:29:16.0065 5536	usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
07:29:16.0085 5536	usbohci - ok
07:29:16.0095 5536	usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
07:29:16.0105 5536	usbprint - ok
07:29:16.0125 5536	usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
07:29:16.0145 5536	usbscan - ok
07:29:16.0175 5536	USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\DRIVERS\USBSTOR.SYS
07:29:16.0185 5536 USBSTOR - ok
07:29:16.0225 5536	usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys
07:29:16.0235 5536	usbuhci - ok
07:29:16.0245 5536	UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
07:29:16.0285 5536	UxSms - ok
07:29:16.0305 5536	VaultSvc (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
07:29:16.0325 5536	VaultSvc - ok
07:29:16.0335 5536	vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
07:29:16.0345 5536	vdrvroot - ok
07:29:16.0405 5536	vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
07:29:16.0445 5536	vds - ok
07:29:16.0455 5536	vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
07:29:16.0475 5536	vga - ok
07:29:16.0485 5536	VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
07:29:16.0525 5536	VgaSave - ok
07:29:16.0525 5536	VGPU - ok
07:29:16.0555 5536	vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
07:29:16.0565 5536	vhdmp - ok
07:29:16.0655 5536	viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
07:29:16.0665 5536	viaide - ok
07:29:16.0715 5536	vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
07:29:16.0725 5536	vmbus - ok
07:29:16.0765 5536	VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
07:29:16.0775 5536	VMBusHID - ok
07:29:16.0815 5536	volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
07:29:16.0825 5536	volmgr - ok
07:29:16.0885 5536	volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
07:29:16.0895 5536	volmgrx - ok
07:29:16.0935 5536	volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
07:29:16.0955 5536	volsnap - ok
07:29:16.0975 5536	vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
07:29:16.0985 5536	vsmraid - ok
07:29:17.0095 5536	VSPerfDrv100 (1928b9ca20f51bfbbad54d2c2c447b13) C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys
07:29:17.0105 5536	VSPerfDrv100 - ok
07:29:17.0215 5536	VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
07:29:17.0265 5536	VSS - ok
07:29:17.0345 5536	vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
07:29:17.0355 5536	vwifibus - ok
07:29:17.0395 5536	W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
07:29:17.0425 5536	W32Time - ok
07:29:17.0445 5536	WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
07:29:17.0465 5536	WacomPen - ok
07:29:17.0475 5536	WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
07:29:17.0515 5536	WANARP - ok
07:29:17.0515 5536	Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
07:29:17.0545 5536	Wanarpv6 - ok
07:29:17.0695 5536	WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
07:29:17.0725 5536	WatAdminSvc - ok
07:29:17.0825 5536	wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
07:29:17.0855 5536	wbengine - ok
07:29:17.0915 5536	WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
07:29:17.0935 5536	WbioSrvc - ok
07:29:17.0985 5536	wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
07:29:18.0005 5536	wcncsvc - ok
07:29:18.0015 5536	WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
07:29:18.0035 5536	WcsPlugInService - ok
07:29:18.0045 5536	Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
07:29:18.0055 5536	Wd - ok
07:29:18.0095 5536	Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
07:29:18.0115 5536	Wdf01000 - ok
07:29:18.0135 5536	WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
07:29:18.0155 5536	WdiServiceHost - ok
07:29:18.0165 5536	WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
07:29:18.0185 5536	WdiSystemHost - ok
07:29:18.0245 5536	WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
07:29:18.0275 5536	WebClient - ok
07:29:18.0295 5536	Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
07:29:18.0335 5536	Wecsvc - ok
07:29:18.0355 5536	wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
07:29:18.0385 5536	wercplsupport - ok
07:29:18.0395 5536	WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
07:29:18.0435 5536	WerSvc - ok
07:29:18.0445 5536	WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
07:29:18.0485 5536	WfpLwf - ok
07:29:18.0495 5536	WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
07:29:18.0505 5536	WIMMount - ok
07:29:18.0525 5536	WinDefend - ok
07:29:18.0525 5536	WinHttpAutoProxySvc - ok
07:29:18.0575 5536	Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
07:29:18.0605 5536	Winmgmt - ok
07:29:18.0765 5536	WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
07:29:18.0825 5536	WinRM - ok
07:29:18.0895 5536	WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
07:29:18.0905 5536	WinUsb - ok
07:29:18.0975 5536	Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
07:29:19.0005 5536	Wlansvc - ok
07:29:19.0165 5536	wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
07:29:19.0205 5536	wlidsvc - ok
07:29:19.0275 5536	WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
07:29:19.0285 5536	WmiAcpi - ok
07:29:19.0345 5536	wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
07:29:19.0365 5536	wmiApSrv - ok
07:29:19.0375 5536	WMPNetworkSvc - ok
07:29:19.0395 5536	WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
07:29:19.0405 5536	WPCSvc - ok
07:29:19.0445 5536	WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
07:29:19.0455 5536	WPDBusEnum - ok
07:29:19.0485 5536	ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
07:29:19.0515 5536	ws2ifsl - ok
07:29:19.0535 5536	wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
07:29:19.0555 5536	wscsvc - ok
07:29:19.0555 5536	WSearch - ok
07:29:19.0755 5536	wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
07:29:19.0815 5536	wuauserv - ok
07:29:19.0875 5536	WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
07:29:19.0915 5536	WudfPf - ok
07:29:19.0935 5536	WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
07:29:19.0965 5536	WUDFRd - ok
07:29:20.0005 5536	wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
07:29:20.0045 5536	wudfsvc - ok
07:29:20.0065 5536	WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
07:29:20.0085 5536	WwanSvc - ok
07:29:20.0095 5536	MBR (0x1B8) (4661f953f30d48fd76a9da73c4892179) \Device\Harddisk0\DR0
07:29:20.0525 5536	\Device\Harddisk0\DR0 ( TDSS File System ) - warning
07:29:20.0525 5536	\Device\Harddisk0\DR0 - detected TDSS File System (1)
07:29:20.0565 5536	Boot (0x1200) (b4f67d19b2b9cb025785cc00f8bccdfe) \Device\Harddisk0\DR0\Partition0
07:29:20.0565 5536	\Device\Harddisk0\DR0\Partition0 - ok
07:29:20.0585 5536	Boot (0x1200) (4d2cca53ef627626c7ad78ce199b81f7) \Device\Harddisk0\DR0\Partition1
07:29:20.0645 5536	\Device\Harddisk0\DR0\Partition1 - ok
07:29:20.0645 5536	============================================================
07:29:20.0645 5536	Scan finished
07:29:20.0645 5536	============================================================
07:29:20.0645 2516	Detected object count: 5
07:29:20.0645 2516	Actual detected object count: 5
07:29:38.0775 2516	CSHelper ( UnsignedFile.Multi.Generic ) - skipped by user
07:29:38.0775 2516	CSHelper ( UnsignedFile.Multi.Generic ) - User select action: Skip 
07:29:38.0775 2516	IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
07:29:38.0775 2516	IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
07:29:38.0775 2516	NILM License Manager ( UnsignedFile.Multi.Generic ) - skipped by user
07:29:38.0775 2516	NILM License Manager ( UnsignedFile.Multi.Generic ) - User select action: Skip 
07:29:38.0775 2516	sptd ( LockedFile.Multi.Generic ) - skipped by user
07:29:38.0775 2516	sptd ( LockedFile.Multi.Generic ) - User select action: Skip 
07:29:38.0775 2516	\Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
07:29:38.0775 2516	\Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip 
07:30:01.0165 4956	Deinitialize success

ASWMBR LOG:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-03 07:31:48
-----------------------------
07:31:48.935 OS Version: Windows x64 6.1.7601 Service Pack 1
07:31:48.935 Number of processors: 4 586 0xF0B
07:31:48.935 ComputerName: PEPBOBA UserName: PEP
07:31:50.159 Initialize success
07:32:14.228 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
07:32:14.230 Disk 0 Vendor: WDC_WD5000AAKS-07A7B0 01.03B01 Size: 476938MB BusType: 3
07:32:14.261 Disk 0 MBR read successfully
07:32:14.264 Disk 0 MBR scan
07:32:14.266 Disk 0 unknown MBR code
07:32:14.271 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 297000 MB offset 2048
07:32:14.290 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 179935 MB offset 608258048
07:32:14.334 Disk 0 scanning C:\Windows\system32\drivers
07:32:21.580 Service scanning
07:32:27.023 Service KL1 C:\Windows\system32\DRIVERS\kl1.sys **LOCKED** 5
07:32:27.046 Service kl2 C:\Windows\system32\DRIVERS\kl2.sys **LOCKED** 5
07:32:27.096 Service KLIM6 C:\Windows\system32\DRIVERS\klim6.sys **LOCKED** 5
07:32:27.110 Service klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys **LOCKED** 5
07:32:32.676 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
07:32:36.632 Modules scanning
07:32:36.640 Disk 0 trace - called modules:
07:32:36.652 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80046ea2c0]<<spjx.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys 
07:32:36.657 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004b35060]
07:32:36.661 3 CLASSPNP.SYS[fffff8800200143f] -> nt!IofCallDriver -> [0xfffffa80048d9520]
07:32:36.666 5 ACPI.sys[fffff880011a87a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa800481a680]
07:32:36.670 \Driver\atapi[0xfffffa800494b4e0] -> IRP_MJ_CREATE -> 0xfffffa80046ea2c0
07:32:36.675 Scan finished successfully
07:33:04.291 Disk 0 MBR has been saved successfully to "C:\Users\PEP\Desktop\MBR.dat"
07:33:04.296 The log file has been saved successfully to "C:\Users\PEP\Desktop\aswMBR.txt"

COMBOFIX LOG:
ComboFix 12-06-03.01 - PEP 06/03/2012 7:39.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1251.7.1033.18.4094.2499 [GMT -4:00]
Running from: c:\users\PEP\Desktop\username123.exe
AV: Kaspersky Internet Security *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\PEP\AppData\Local\assembly\tmp
c:\users\PEP\AppData\Roaming\9791e4fc.dat
c:\users\PEP\AppData\Roaming\PEPlog.dat
c:\windows\SysWow64\tmp71FC.tmp
c:\windows\SysWow64\tmp71FD.tmp
c:\windows\SysWow64\tmp868E.tmp
c:\windows\SysWow64\tmp869E.tmp
c:\windows\SysWow64\tmpBC54.tmp
c:\windows\SysWow64\tmpBC64.tmp
c:\windows\SysWow64\tmpFBC5.tmp
c:\windows\SysWow64\tmpFBC6.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-05-03 to 2012-06-03 )))))))))))))))))))))))))))))))
.
.
2012-06-03 11:48 . 2012-06-03 11:48	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-06-01 22:20 . 2012-06-01 22:20	--------	d-----w-	c:\program files (x86)\TexturePacker
2012-05-31 18:52 . 2012-05-31 18:52	--------	d-----w-	c:\programdata\regid.1986-12.com.adobe
2012-05-31 18:47 . 2012-05-31 18:47	--------	d-----w-	c:\programdata\ALM
2012-05-31 18:45 . 2012-05-31 18:45	--------	d-----w-	c:\program files (x86)\Adobe Media Player
2012-05-27 07:40 . 2012-05-27 07:40	--------	d-----w-	c:\users\PEP\AppData\Roaming\SUPERAntiSpyware.com
2012-05-27 07:37 . 2012-05-27 07:37	--------	d-----w-	c:\programdata\SUPERAntiSpyware.com
2012-05-25 10:57 . 2012-05-25 10:57	--------	d-----w-	c:\users\PEP\AppData\Roaming\Malwarebytes
2012-05-25 10:57 . 2012-05-25 10:57	--------	d-----w-	c:\programdata\Malwarebytes
2012-05-25 10:57 . 2012-04-04 19:56	24904	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-05-21 05:44 . 2012-05-21 05:44	--------	d-----w-	C:\BigFishGamesCache
2012-05-15 05:27 . 2012-05-15 06:14	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2012-05-10 03:37 . 2012-05-10 03:39	--------	d-----w-	c:\users\PEP\.dia
2012-05-09 04:48 . 2012-05-09 04:48	--------	d-----w-	c:\programdata\ATI
2012-05-09 04:48 . 2012-05-09 04:48	--------	d-----w-	c:\program files (x86)\AMD APP
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-22 00:22 . 2008-11-15 02:33	202448	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2012-04-06 05:22 . 2012-04-06 05:22	11174400	----a-w-	c:\windows\system32\drivers\atikmdag.sys
2012-04-06 02:34 . 2012-04-06 02:34	187392	----a-w-	c:\windows\system32\clinfo.exe
2012-04-06 02:34 . 2012-04-06 02:34	74752	----a-w-	c:\windows\system32\OpenVideo64.dll
2012-04-06 02:34 . 2012-04-06 02:34	64512	----a-w-	c:\windows\SysWow64\OpenVideo.dll
2012-04-06 02:33 . 2012-04-06 02:33	63488	----a-w-	c:\windows\system32\OVDecode64.dll
2012-04-06 02:33 . 2012-04-06 02:33	56320	----a-w-	c:\windows\SysWow64\OVDecode.dll
2012-04-06 02:33 . 2012-04-06 02:33	16457216	----a-w-	c:\windows\system32\amdocl64.dll
2012-04-06 02:32 . 2012-04-06 02:32	13007872	----a-w-	c:\windows\SysWow64\amdocl.dll
2012-04-06 02:22 . 2012-04-06 02:22	159744	----a-w-	c:\windows\system32\atiapfxx.exe
2012-04-06 02:21 . 2011-04-20 02:09	909312	----a-w-	c:\windows\SysWow64\aticfx32.dll
2012-04-06 02:20 . 2010-05-05 02:18	1067520	----a-w-	c:\windows\system32\aticfx64.dll
2012-04-06 02:16 . 2011-12-06 03:12	442368	----a-w-	c:\windows\system32\ATIDEMGX.dll
2012-04-06 02:16 . 2012-04-06 02:16	503808	----a-w-	c:\windows\system32\atieclxx.exe
2012-04-06 02:16 . 2012-04-06 02:16	236544	----a-w-	c:\windows\system32\atiesrxx.exe
2012-04-06 02:14 . 2012-04-06 02:14	120320	----a-w-	c:\windows\system32\atitmm64.dll
2012-04-06 02:14 . 2012-04-06 02:14	21504	----a-w-	c:\windows\system32\atimuixx.dll
2012-04-06 02:14 . 2012-04-06 02:14	59392	----a-w-	c:\windows\system32\atiedu64.dll
2012-04-06 02:14 . 2012-04-06 02:14	43520	----a-w-	c:\windows\SysWow64\ati2edxx.dll
2012-04-06 02:13 . 2011-04-20 01:59	6800896	----a-w-	c:\windows\SysWow64\atidxx32.dll
2012-04-06 02:10 . 2012-04-06 02:10	26181632	----a-w-	c:\windows\system32\atio6axx.dll
2012-04-06 02:00 . 2010-05-05 01:35	64000	----a-w-	c:\windows\system32\coinst.dll
2012-04-06 01:54 . 2009-08-14 02:03	7479296	----a-w-	c:\windows\system32\atidxx64.dll
2012-04-06 01:50 . 2012-04-06 01:50	19753984	----a-w-	c:\windows\SysWow64\atioglxx.dll
2012-04-06 01:35 . 2012-04-06 01:35	1120768	----a-w-	c:\windows\system32\atiumd6v.dll
2012-04-06 01:34 . 2012-04-06 01:34	1831424	----a-w-	c:\windows\SysWow64\atiumdmv.dll
2012-04-06 01:34 . 2011-12-06 02:39	4731904	----a-w-	c:\windows\system32\atiumd6a.dll
2012-04-06 01:34 . 2012-04-06 01:34	6203392	----a-w-	c:\windows\SysWow64\atiumdag.dll
2012-04-06 01:30 . 2012-04-06 01:30	51200	----a-w-	c:\windows\system32\aticalrt64.dll
2012-04-06 01:30 . 2012-04-06 01:30	46080	----a-w-	c:\windows\SysWow64\aticalrt.dll
2012-04-06 01:30 . 2012-04-06 01:30	44544	----a-w-	c:\windows\system32\aticalcl64.dll
2012-04-06 01:30 . 2012-04-06 01:30	44032	----a-w-	c:\windows\SysWow64\aticalcl.dll
2012-04-06 01:29 . 2012-04-06 01:29	16090624	----a-w-	c:\windows\system32\aticaldd64.dll
2012-04-06 01:25 . 2012-04-06 01:25	13764096	----a-w-	c:\windows\SysWow64\aticaldd.dll
2012-04-06 01:23 . 2011-12-06 02:24	7431680	----a-w-	c:\windows\system32\atiumd64.dll
2012-04-06 01:22 . 2012-04-06 01:22	4795904	----a-w-	c:\windows\SysWow64\atiumdva.dll
2012-04-06 01:11 . 2011-12-06 02:13	514560	----a-w-	c:\windows\system32\atiadlxx.dll
2012-04-06 01:11 . 2012-04-06 01:11	360448	----a-w-	c:\windows\SysWow64\atiadlxy.dll
2012-04-06 01:11 . 2012-04-06 01:11	17408	----a-w-	c:\windows\system32\atig6pxx.dll
2012-04-06 01:11 . 2012-04-06 01:11	14848	----a-w-	c:\windows\SysWow64\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11	14848	----a-w-	c:\windows\system32\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11	41984	----a-w-	c:\windows\system32\atig6txx.dll
2012-04-06 01:10 . 2012-04-06 01:10	33280	----a-w-	c:\windows\SysWow64\atigktxx.dll
2012-04-06 01:10 . 2012-04-06 01:10	343040	----a-w-	c:\windows\system32\drivers\atikmpag.sys
2012-04-06 01:09 . 2010-05-05 01:22	54784	----a-w-	c:\windows\system32\atiuxp64.dll
2012-04-06 01:09 . 2011-04-20 01:21	41984	----a-w-	c:\windows\SysWow64\atiuxpag.dll
2012-04-06 01:09 . 2011-12-06 02:11	44544	----a-w-	c:\windows\system32\atiu9p64.dll
2012-04-06 01:09 . 2011-05-25 02:24	32256	----a-w-	c:\windows\SysWow64\atiu9pag.dll
2012-04-06 01:09 . 2012-04-06 01:09	53248	----a-w-	c:\windows\system32\drivers\ati2erec.dll
2012-04-06 01:06 . 2012-04-06 01:06	54784	----a-w-	c:\windows\system32\atimpc64.dll
2012-04-06 01:06 . 2012-04-06 01:06	54784	----a-w-	c:\windows\system32\amdpcom64.dll
2012-04-06 01:06 . 2012-04-06 01:06	53760	----a-w-	c:\windows\SysWow64\atimpc32.dll
2012-04-06 01:06 . 2012-04-06 01:06	53760	----a-w-	c:\windows\SysWow64\amdpcom32.dll
2012-03-25 18:25 . 2011-05-13 09:04	414368	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-09 05:24 . 2012-03-09 05:24	54272	----a-w-	c:\windows\system32\OpenCL.dll
2012-03-09 05:24 . 2012-03-09 05:24	48128	----a-w-	c:\windows\SysWow64\OpenCL.dll
2012-03-08 22:37 . 2012-03-08 22:37	302448	----a-w-	c:\windows\WLXPGSS.SCR
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adflybot"="c:\eliteclicks\Adflybot" [X]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2010-11-20 163328]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"Adobe Reader Speed Launcher"="c:\a folder\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2011-04-25 202296]
"NI Background Service"="c:\a folder\Program Files (x86)\National Instruments\Shared\Update Service\BackgroundService.exe" [2009-08-25 77824]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-06 641664]
"Malwarebytes' Anti-Malware"="c:\a folder\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-15 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-15 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-21 129976]
R3 RDID1053;PC-50;c:\windows\system32\Drivers\rdwm1053.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2010-03-18 68440]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 CSHelper;CopySafe Helper Service;c:\windows\SysWOW64\CSHelper.exe [2010-01-30 266240]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
S1 SASDIFSV;SASDIFSV;c:\a folder\Program Files\SuperAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\a folder\Program Files\SuperAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\a folder\Program Files\SuperAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 MBAMService;MBAMService;c:\a folder\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-15 04:40]
.
2012-06-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-15 04:40]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-02-17 7037984]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-02-17 1833504]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\system32\blank.htm
IE: Add to Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
Trusted Zone: facebook.com\www
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
FF - ProfilePath - c:\users\PEP\AppData\Roaming\Mozilla\Firefox\Profiles\pv2z0nyu.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{84FF7BD6-B47F-46F8-9130-01B2696B36CB} - (no file)
BHO-{84FF7BD6-B47F-46F8-9130-01B2696B36CB} - (no file)
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-ATICustomerCare - c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe
Wow6432Node-HKLM-Run-Aimersoft Helper Compact.exe - c:\program files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
Wow6432Node-HKLM-Run-Iminent - c:\program files (x86)\Iminent\Iminent.exe
Wow6432Node-HKLM-Run-IminentMessenger - c:\program files (x86)\Iminent\Iminent.Messengers.exe
Toolbar-Locked - (no file)
AddRemove-Dev-C++ - c:\dev-cpp\uninstall.exe
AddRemove-Grand Theft Auto - f:\gta1\Uninst.isu
AddRemove-IMBoosterARP - c:\program files (x86)\Iminent\inst\Bootstrapper\Bootstrapper.exe
AddRemove-{13C0E1F7-BB8A-4545-B25E-628D025A94AD}_is1 - c:\qtweb\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3924556204-3487639632-2258398569-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8755E78F-6D1F-7C34-959D-8881783F5E69}*]
"iapjihekbjfkkgacjn"=hex:69,61,63,68,65,65,64,66,69,6d,61,69,61,69,64,6b,6d,6a,
00,00
"hajkofdmhdceeecb"=hex:69,61,63,68,65,65,64,66,69,6d,61,69,61,69,64,6b,6d,6a,
00,00
.
[HKEY_USERS\S-1-5-21-3924556204-3487639632-2258398569-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A4A6A70A-7ED1-4DB3-BFBF-546F7405A606}*]
"hakljdhibnddlfim"=hex:6a,61,66,68,68,6f,6c,6b,65,62,6f,69,61,63,6e,6e,67,64,
6a,6b,00,00
"iaalddiaejcgingjkd"=hex:6a,61,66,68,68,6f,6c,6b,65,62,6f,69,61,63,6e,6e,67,64,
6a,6b,00,00
"haldbfedihkbpbgc"=hex:61,63,6b,68,66,6f,6b,6b,69,68,61,6d,6a,62,68,69,66,6b,
66,6b,6c,62,65,67,67,65,66,61,6a,64,65,70,62,69,6c,6a,6c,62,6f,68,68,62,6a,\
.
[HKEY_USERS\S-1-5-21-3924556204-3487639632-2258398569-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:1d,95,30,5e,fb,dd,83,9b,84,5e,8e,f2,cf,37,94,bd,67,71,52,46,33,ac,86,
a5,7f,93,2f,da,ad,0c,a6,db,a1,06,d2,c4,a2,1d,d2,f4,2d,69,bf,ce,54,ca,fd,b0,\
"??"=hex:64,c7,47,3c,b1,46,dc,87,ee,75,dd,19,bc,bf,1a,4f
.
[HKEY_USERS\S-1-5-21-3924556204-3487639632-2258398569-1000\Software\SecuROM\License information*]
"datasecu"=hex:3f,f8,70,63,d7,18,a4,68,54,86,a6,9c,b8,9a,25,32,22,4e,74,8f,d1,
b2,44,f5,49,9d,dc,54,0b,c7,d1,6a,bc,c9,08,7e,56,52,32,e4,43,b9,92,a5,79,74,\
"rkeysecu"=hex:d4,46,73,92,b3,86,58,32,28,6b,1f,b9,40,5a,eb,cb
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8755E78F-6D1F-7C34-959D-8881783F5E69}\InProcServer32*]
"jafldkobhojdafobbmgj"=hex:69,61,63,68,65,65,64,66,69,6d,61,69,61,69,64,6b,6d,
6a,00,00
"iaflnleckfbhmpbood"=hex:69,61,63,68,65,65,64,66,69,6d,61,69,61,69,64,6b,6d,6a,
00,00
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A4A6A70A-7ED1-4DB3-BFBF-546F7405A606}\InProcServer32*]
"jagmadgejgelkpbloilp"=hex:6a,61,66,68,68,6f,6c,6b,65,62,6f,69,61,63,6e,6e,67,
64,6a,6b,00,df
"iagmkimdopdbpllaeb"=hex:6a,61,66,68,68,6f,6c,6b,65,62,6f,69,61,63,6e,6e,67,64,
6a,6b,00,00
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG12.00.00.01PROFESSIONAL"="C19BBF812550E14CD03A90C28F2637EDA1F57C2BB11DE4999DA059DB378BDB3193EF9BABF4DD9780E375FA431D72887F41601C840BC8955E7816DAC0137B9DE9D7939BC46C8D183E179FAB2EA8873D3ED8D635983961C06E3A773F0F81C49C10EB0DC4590792EB8F675F53969D44D3CB2A3BBF1FB694FEA10204664230812B4BF01A01CCBF13BC94180DFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3DA9C6AECB7A5D1407A6A0AC4980AC79331EFD33BB0154EE9DAF084DCFE9C0FA3972F6691FE9D4566CF3F503C21BA0B0F7722CEED8D01E54E333C73D56ADDE90315DD6369F548ABDDA726A5C761D3646B14E1605B7E4FDCBF8B9B4FC6861F74D618F013F0B14F4EBCA6A7D40D53C12385669B0BA2B679510500727A16488A48A5E73D48CEE25BFFB0C0E33453B8C93811562C159F7A69B1C13404DC51DC890666DD903274A272ACD9E776107F1C831E1493AE6ACD714D8B31C71A6065AEE7AC48575139E12DE0B83BAA232263C4B735D89578F85F8472E597D070805D66835C9D65CDC06AD334885CAEEA5C6CE97793D1C017F387EF78B58FBD399E741C7A95F428C8FF279B05FFC6DA20E8ED2D0F10E7CE54E1EFC0678BD8F0F5A58BCC4D0B5DB632C01C58660DA74E4122B64C0A31EDA9866137F718D5964D31984E0BABBBDEE25894ED5896F51E6C22DCA1554E703998B89788361FB41DA9E7B9D38A70CADF779507C62B0445800ABAD22EA9A2C15511BCAB37B9F834E8853F958C2AEFAFEA9EAFDB417982D2BABF4B5E75D4B70EECD82922BCC197C9D35B6E1F0729653F167696520138108C78F56BCD85B3ECA710DE49BCCD1E0CE105D7553A1ADCA7385CDC7ABEC6D4EC97201EC8D3444EFE541C3C5F50AD8AC7ACB319CC2AF50D9CE83A73E4BCE2A87FA318A38C63D6D01FCC6D99005D5A3569039969DF95E2A766D73F7E891FB4858B850E99E5B3C20B6E0ACE91202AA695B398526D015777D77692473459FAEB691B1DD9265917B99F979E443FA770452DD2DA22AEF85C98159F3A70437ECA5D9A6AC2E2B3C84CC0AD8BD22E9E04662FCA3BA442519102660B84E554708412588AFFE588DB023819782BB5D16BD20CAFA97C4644ACECB623A5AD0C50FDFBB71116895364839B0F2DACC955232ED8FC6D3C5C14004772758222366D7DF514D57B0B072E79EAC43FC60AF7F815F34ED6180E0BAD86CDD62E41E200F2D744EBC241E8DA75086C8C4FDA9C9C3AFEEB46CAC7040CFF2D6B013EAA97EDC2DB92D23A97FA46017AAAD75592CDABDE3E9F98D3C825BB198C48021CE3592F800D0AB6EC0F044D5A7E95E68F8CFC6616A8A712B298F51A79671C449FA21521C168FE76043045A5A2F554502C5729831D342EA6F1061E48A"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\lkads.exe
c:\windows\SysWOW64\lktsrv.exe
c:\a folder\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
c:\windows\SysWOW64\nisvcloc.exe
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Completion time: 2012-06-03 07:59:39 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-03 11:59
.
Pre-Run: 78,781,505,536 bytes free
Post-Run: 78,388,199,424 bytes free
.
- - End Of File - - 79F3FFE9FF32DC8D70E103F4CC773258


----------



## eddie5659 (Mar 19, 2001)

Download suspicious file packer from http://www.safer-networking.org/en/tools/index.html (direct download http://www.safer-networking.org/files/sfp.zip )

Unzip it to desktop, open it & paste in the contents of the quote box below, press next & it will create an archive (zip/cab file) on desktop

please upload that to http://www.thespykiller.co.uk/index.php?board=1.0 so we can examine the files

Just press new topic, fill in the needed details and just give a link to your post here & then press the browse button and then navigate to & select the files on your computer, When the file is listed in the windows press send to upload the file



> *
> c:\eliteclicks\Adflybot
> *


Let me know when they're uploaded 

-------------------

Download *OTL* to your Desktop


Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Select *All Users*

Please copy the text in the code box below and paste it in the *Custom Scans/Fixes* box in OTL:


```
netsvcs
activex
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%windir%\Installer\*.*
%windir%\system32\tasks\*.* /64
%systemroot%\Fonts\*.exe
%systemroot%\*. /mp /s
/md5start
consrv.dll
explorer.exe
winlogon.exe
regedit.exe
Userinit.exe
svchost.exe
/md5stop
C:\Windows\assembly\tmp\U\*.* /s
%Temp%\smtmp\1\*.*
%Temp%\smtmp\2\*.*
%Temp%\smtmp\3\*.*
%Temp%\smtmp\4\*.*
>C:\commands.txt echo list vol /raw /hide /c
/wait
>C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
/wait
type c:\diskreport.txt /c
/wait
erase c:\commands.txt /hide /c
/wait
erase c:\diskreport.txt /hide /c
CREATERESTOREPOINT
```

Click the *Quick Scan* button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. *OTL.Txt* and *Extras.Txt*. These are saved in the same location as OTL.

Please copy *(Edit->Select All, Edit->Copy)* the contents of these files, one at a time and post them in your topic


----------



## PEP (Mar 1, 2006)

ok i did the upload, doing otl stuff now


----------



## PEP (Mar 1, 2006)

OTL.TXT

OTL logfile created on: 6/10/2012 2:23:38 AM - Run 1
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\PEP\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 1.83 Gb Available Physical Memory | 45.74% Memory free
9.99 Gb Paging File | 7.74 Gb Available in Paging File | 77.43% Paging File free
Paging file location(s): c:\pagefile.sys 6141 6141 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 290.04 Gb Total Space | 66.97 Gb Free Space | 23.09% Space Free | Partition Type: NTFS
Drive H: | 7.45 Gb Total Space | 1.32 Gb Free Space | 17.70% Space Free | Partition Type: FAT32
Drive P: | 175.72 Gb Total Space | 53.89 Gb Free Space | 30.67% Space Free | Partition Type: NTFS

Computer Name: PEPBOBA | User Name: PEP | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/10 02:21:50 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\PEP\Desktop\OTL.exe
PRC - [2012/04/20 21:18:58 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\a folder\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/04/25 00:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
PRC - [2011/03/29 21:09:01 | 000,232,896 | ---- | M] (Vuze Inc.) -- C:\a folder\Program Files (x86)\Vuze\Azureus.exe
PRC - [2011/03/20 21:26:10 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2009/06/18 07:01:50 | 000,356,912 | ---- | M] (National Instruments Corporation) -- C:\a folder\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
PRC - [2009/06/18 06:57:28 | 000,042,544 | ---- | M] (National Instruments Corporation) -- C:\Windows\SysWOW64\lkads.exe
PRC - [2009/06/18 06:56:32 | 000,053,296 | ---- | M] (National Instruments Corporation) -- C:\Windows\SysWOW64\lktsrv.exe
PRC - [2009/06/04 04:14:28 | 000,013,896 | ---- | M] (National Instruments Corporation) -- C:\Windows\SysWOW64\nisvcloc.exe

========== Modules (No Company Name) ==========

MOD - [2012/06/06 21:15:51 | 000,028,160 | ---- | M] () -- C:\Users\PEP\AppData\Roaming\Azureus\plugins\azutp\win32\utp.dll
MOD - [2012/04/20 21:19:01 | 001,952,696 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/02/28 16:10:13 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/04/25 00:13:30 | 007,008,656 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtgui4.dll
MOD - [2011/04/25 00:13:28 | 000,192,912 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtsql4.dll
MOD - [2011/04/25 00:13:26 | 001,270,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtscript4.dll
MOD - [2011/04/25 00:13:26 | 000,758,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtnetwork4.dll
MOD - [2011/04/25 00:13:24 | 002,118,032 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtcore4.dll
MOD - [2011/04/25 00:13:24 | 002,089,360 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtdeclarative4.dll
MOD - [2011/04/20 20:56:28 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll
MOD - [2011/03/29 21:09:01 | 000,087,480 | ---- | M] () -- C:\a folder\Program Files (x86)\Vuze\aereg.dll

========== Win32 Services (SafeList) ==========

SRV:*64bit:* - [2012/04/05 22:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:*64bit:* - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:*64bit:* - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/04/20 21:19:00 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\a folder\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/11 19:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\a folder\Program Files\SuperAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV - [2011/04/25 00:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP)
SRV - [2011/03/20 21:26:10 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/11/18 23:25:46 | 000,403,240 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/30 18:24:23 | 000,266,240 | ---- | M] () [Disabled | Stopped] -- C:\Windows\SysWOW64\CSHelper.exe -- (CSHelper)
SRV - [2009/09/18 10:10:28 | 001,007,616 | ---- | M] (Macrovision Corporation) [Disabled | Stopped] -- C:\a folder\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe -- (NILM License Manager)
SRV - [2009/09/12 01:40:22 | 002,287,360 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\a folder\Program Files\OO Software\Defrag\oodag.exe -- (O&O Defrag)
SRV - [2009/06/18 07:01:50 | 000,356,912 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\a folder\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe -- (NIDomainService)
SRV - [2009/06/18 06:57:28 | 000,042,544 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Windows\SysWOW64\lkads.exe -- (lkClassAds)
SRV - [2009/06/18 06:56:32 | 000,053,296 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Windows\SysWOW64\lktsrv.exe -- (lkTimeSync)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 04:14:28 | 000,013,896 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Windows\SysWOW64\nisvcloc.exe -- (niSvcLoc)
SRV - [2008/10/31 14:52:54 | 000,695,136 | ---- | M] (National Instruments, Inc.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\lkcitdl.exe -- (LkCitadelServer)
SRV - [2008/10/25 11:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\a folder\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)

========== Driver Services (SafeList) ==========

DRV:*64bit:* - [2012/04/06 01:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:*64bit:* - [2012/04/06 01:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:*64bit:* - [2012/04/05 21:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:*64bit:* - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:*64bit:* - [2012/02/23 15:28:08 | 000,615,728 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:*64bit:* - [2012/02/23 08:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:*64bit:* - [2011/03/10 19:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:*64bit:* - [2011/03/04 14:23:28 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)
DRV:*64bit:* - [2011/03/04 14:23:24 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:*64bit:* - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:*64bit:* - [2010/11/20 09:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:*64bit:* - [2010/11/20 09:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:*64bit:* - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:*64bit:* - [2010/11/20 07:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:*64bit:* - [2010/05/06 05:21:46 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:*64bit:* - [2009/12/27 22:57:46 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:*64bit:* - [2009/11/02 21:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:*64bit:* - [2009/09/18 02:08:00 | 000,081,792 | ---- | M] (Roland Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rdwm1053.sys -- (RDID1053)
DRV:*64bit:* - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:*64bit:* - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:*64bit:* - [2009/07/13 21:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:*64bit:* - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:*64bit:* - [2009/06/12 22:35:20 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:*64bit:* - [2009/06/12 22:35:20 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:*64bit:* - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:*64bit:* - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:*64bit:* - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:*64bit:* - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:*64bit:* - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:*64bit:* - [2008/07/24 19:46:08 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:*64bit:* - [2008/07/24 19:45:20 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
DRV:*64bit:* - [2007/08/13 23:08:34 | 000,202,176 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV:*64bit:* - [2007/06/25 06:37:14 | 000,108,032 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rtlh64.sys -- (RTL8169)
DRV - [2011/07/22 12:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\a folder\Program Files\SuperAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV - [2011/07/12 17:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\a folder\Program Files\SuperAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008/12/20 17:54:14 | 000,020,544 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:*64bit:* - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:*64bit:* - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}: "URL" = http://search.iminent.com/?appId=&ref=toolbox&q={searchTerms}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3924556204-3487639632-2258398569-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3924556204-3487639632-2258398569-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FE 43 99 C7 CF 0A CD 01 [binary data]
IE - HKU\S-1-5-21-3924556204-3487639632-2258398569-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3924556204-3487639632-2258398569-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3924556204-3487639632-2258398569-1000\..\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}: "URL" = http://search.iminent.com/?appId=&ref=toolbox&q={searchTerms}
IE - HKU\S-1-5-21-3924556204-3487639632-2258398569-1000\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://toolbar.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80115&lng=en
IE - HKU\S-1-5-21-3924556204-3487639632-2258398569-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:*64bit:* - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:*64bit:* - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:*64bit:* - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF:*64bit:* - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:*64bit:* - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\a folder\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@artistscope.com/ArtistScope DRM plugin 1,version=1.1.0.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npArtistScopeDRM11.dll (ArtistScope)
FF - HKLM\Software\MozillaPlugins\@artistscope.com/ArtistScope plugin 42,version=4.2.0.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npArtistScope42.dll (ArtistScope)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\a folder\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\a folder\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@artistscope.com/ArtistScope DRM plugin 1,version=1.1.0.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npArtistScopeDRM11.dll (ArtistScope)
FF - HKCU\Software\MozillaPlugins\@artistscope.com/ArtistScope plugin 42,version=4.2.0.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npArtistScope42.dll (ArtistScope)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\PEP\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll File not found
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\PEP\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\[email protected] [2012/05/03 12:46:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\[email protected] [2012/05/03 12:46:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\[email protected] [2012/05/03 12:46:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/15 01:28:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/20 14:14:38 | 000,000,000 | ---D | M]

[2009/12/25 07:22:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PEP\AppData\Roaming\Mozilla\Extensions
[2012/05/02 11:43:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PEP\AppData\Roaming\Mozilla\Firefox\Profiles\pv2z0nyu.default\extensions
[2012/03/29 20:39:36 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\PEP\AppData\Roaming\Mozilla\Firefox\Profiles\pv2z0nyu.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/05/15 01:28:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/12/30 14:46:25 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]_bak
[2010/12/30 14:46:24 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]_bak
[2012/04/20 21:19:34 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2009/01/15 14:53:03 | 000,616,448 | ---- | M] (ArtistScope) -- C:\Program Files (x86)\mozilla firefox\plugins\npArtistScope42.dll
[2009/02/02 02:06:56 | 000,211,456 | ---- | M] (ArtistScope) -- C:\Program Files (x86)\mozilla firefox\plugins\npArtistScopeDRM11.dll
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2008/12/10 14:49:34 | 000,023,040 | ---- | M] (National Instruments) -- C:\Program Files (x86)\mozilla firefox\plugins\nplv86win32.dll
[2009/10/07 16:11:28 | 000,025,088 | ---- | M] (National Instruments) -- C:\Program Files (x86)\mozilla firefox\plugins\nplv90win32.dll
[2012/04/20 21:18:25 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/12/23 13:02:16 | 000,002,157 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\SearchTheWeb.xml
[2012/04/20 21:18:25 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/06/03 07:51:30 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:*64bit:* - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:*64bit:* - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\a folder\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No CLSID value found.
O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
O3 - HKU\S-1-5-21-3924556204-3487639632-2258398569-1000\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
O4:*64bit:* - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:*64bit:* - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:*64bit:* - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\a folder\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NI Background Service] C:\a folder\Program Files (x86)\National Instruments\Shared\Update Service\BackgroundService.exe (National Instruments)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-3924556204-3487639632-2258398569-1000..\Run: [Adflybot] C:\Eliteclicks\Adflybot File not found
O4 - HKU\S-1-5-21-3924556204-3487639632-2258398569-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11g_ActiveX.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\PEP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\a folder\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3924556204-3487639632-2258398569-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3924556204-3487639632-2258398569-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3924556204-3487639632-2258398569-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:*64bit:* - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O9:*64bit:* - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O9:*64bit:* - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\a folder\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\a folder\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\a folder\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\a folder\Program Files (x86)\AIM\aim.exe (America Online, Inc.)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O15 - HKU\S-1-5-21-3924556204-3487639632-2258398569-1000\..Trusted Domains: facebook.com ([www] http in Trusted sites)
O16:*64bit:* - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 10.4.0)
O16:*64bit:* - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 1.7.0_04)
O16:*64bit:* - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 1.7.0_04)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/betapit/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{659D3C6A-9AF6-47A6-8D43-C5166F4A3B63}: DhcpNameServer = 192.168.1.1 192.168.1.1
O18:*64bit:* - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:*64bit:* - Protocol\Handler\ms-help - No CLSID value found
O18:*64bit:* - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\a folder\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:*64bit:* - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\a folder\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (OODBS)
O35:*64bit:* - HKLM\..comfile [open] -- "%1" %*
O35:*64bit:* - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:*64bit:* - HKLM\...com [@ = ComFile] -- "%1" %*
O37:*64bit:* - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs:*64bit:* AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

ActiveX:*64bit:* {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:*64bit:* {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:*64bit:* {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:*64bit:* {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:*64bit:* {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:*64bit:* {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:*64bit:* {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:*64bit:* {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:*64bit:* {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:*64bit:* {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:*64bit:* {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:*64bit:* {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:*64bit:* {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:*64bit:* {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:*64bit:* {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:*64bit:* {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:*64bit:* {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:*64bit:* {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:*64bit:* {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:*64bit:* {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:*64bit:* {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:*64bit:* {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:*64bit:* >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:*64bit:* >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:*64bit:* >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

MsConfig:64bit - StartUpReg: *Adobe ARM* - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: *Adobe Reader Speed Launcher* - hkey= - key= - C:\a folder\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: *AMTDeviceService* - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: *EPSON Stylus NX400 Series* - hkey= - key= - C:\Windows\SysNative\spool\DRIVERS\x64\3\E_IATIEGA.EXE (SEIKO EPSON CORPORATION)
MsConfig:64bit - StartUpReg: *GrooveMonitor* - hkey= - key= - C:\a folder\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: *iTunesHelper* - hkey= - key= - C:\a folder\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: *OODefragTray* - hkey= - key= - C:\a folder\Program Files\OO Software\Defrag\oodtray.exe (O&O Software GmbH)
MsConfig:64bit - StartUpReg: *QuickTime Task* - hkey= - key= - C:\a folder\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: *SiteRanker* - hkey= - key= - File not found
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "services" - Reg Error: Key error.

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/06/10 02:21:50 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\PEP\Desktop\OTL.exe
[2012/06/10 02:15:35 | 000,000,000 | ---D | C] -- C:\Users\PEP\Desktop\sfp
[2012/06/10 02:14:04 | 000,000,000 | ---D | C] -- C:\Users\PEP\Desktop\vstuff
[2012/06/07 13:15:58 | 000,000,000 | ---D | C] -- C:\Users\PEP\AppData\Local\{5BACA261-352A-4298-A263-53FA6901779E}
[2012/06/07 13:15:47 | 000,000,000 | ---D | C] -- C:\Users\PEP\AppData\Local\{C338CF99-EE53-47DC-9690-C9264C8EA72F}
[2012/06/06 23:16:48 | 000,000,000 | ---D | C] -- C:\Users\PEP\AppData\Local\{E26418B8-A9B5-4ADF-9CF6-BC33B102B58F}
[2012/06/06 23:16:37 | 000,000,000 | ---D | C] -- C:\Users\PEP\AppData\Local\{E899EF6D-6942-4DE4-A5B7-74F192E2F9B2}
[2012/06/06 23:06:22 | 000,000,000 | ---D | C] -- C:\Users\PEP\Documents\OneNote Notebooks
[2012/06/06 21:15:35 | 000,000,000 | ---D | C] -- C:\Users\PEP\.swt
[2012/06/06 21:11:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/06/06 21:10:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
[2012/06/05 20:59:06 | 000,000,000 | ---D | C] -- C:\SD
[2012/06/05 20:18:02 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012/06/04 03:03:40 | 000,000,000 | ---D | C] -- C:\Users\PEP\AppData\Roaming\MonoDevelop-Unity-2.8
[2012/06/04 03:03:34 | 000,000,000 | ---D | C] -- C:\Users\PEP\AppData\Local\MonoDevelop-Unity-2.8
[2012/06/03 07:59:45 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/06/03 07:51:47 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/06/03 07:35:44 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/06/03 07:35:44 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/06/03 07:35:44 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/06/03 07:35:36 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/06/03 07:35:33 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/06/01 18:29:34 | 000,000,000 | ---D | C] -- C:\Users\PEP\Documents\WAP
[2012/06/01 18:20:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TexturePacker
[2012/06/01 18:12:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TexturePacker
[2012/05/31 14:52:18 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2012/05/31 14:47:00 | 000,000,000 | ---D | C] -- C:\ProgramData\ALM
[2012/05/31 14:45:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Media Player
[2012/05/31 14:45:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
[2012/05/27 03:40:32 | 000,000,000 | ---D | C] -- C:\Users\PEP\AppData\Roaming\SUPERAntiSpyware.com
[2012/05/27 03:38:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/05/27 03:37:58 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/05/25 06:57:54 | 000,000,000 | ---D | C] -- C:\Users\PEP\AppData\Roaming\Malwarebytes
[2012/05/25 06:57:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/05/25 06:57:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/05/25 06:57:49 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/05/23 05:40:00 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[2012/05/21 01:44:18 | 000,000,000 | ---D | C] -- C:\BigFishGamesCache
[2012/05/15 01:27:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/05/15 01:27:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Users\PEP\Desktop\*.tmp files -> C:\Users\PEP\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/10 02:21:50 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\PEP\Desktop\OTL.exe
[2012/06/10 02:15:53 | 000,000,340 | ---- | M] () -- C:\Users\PEP\Desktop\requested-files[2012-06-10_02_15].cab
[2012/06/10 02:14:56 | 000,264,875 | ---- | M] () -- C:\Users\PEP\Desktop\sfp.zip
[2012/06/10 01:35:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/09 17:35:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/09 06:42:39 | 000,020,704 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/09 06:42:39 | 000,020,704 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/09 06:34:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/09 06:34:32 | 003,155,769 | ---- | M] () -- C:\Windows\SysNative\oodbs.lor
[2012/06/07 21:31:21 | 000,000,576 | ---- | M] () -- C:\Users\PEP\AppData\Roaming\AutoGK.ini
[2012/06/07 07:29:29 | 005,007,800 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/06 23:43:00 | 000,017,920 | ---- | M] () -- C:\Users\PEP\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/06 23:06:20 | 000,001,226 | ---- | M] () -- C:\Users\PEP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2012/06/05 21:43:36 | 000,000,845 | ---- | M] () -- C:\Users\PEP\Desktop\eclipse.exe - Shortcut.lnk
[2012/06/05 15:16:25 | 000,041,892 | ---- | M] () -- C:\Users\PEP\Desktop\_save786332.sav
[2012/06/03 07:51:30 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/06/02 21:22:19 | 000,003,303 | ---- | M] () -- C:\Users\PEP\Desktop\face.png
[2012/06/01 19:07:50 | 000,001,058 | ---- | M] () -- C:\Users\Public\Desktop\Unity.lnk
[2012/05/31 15:00:40 | 000,004,716 | ---- | M] () -- C:\Users\PEP\Desktop\Untitled.png
[2012/05/18 14:43:46 | 003,145,782 | ---- | M] () -- C:\Users\PEP\Desktop\screenshot100.bmp
[2012/05/18 01:14:43 | 006,209,857 | ---- | M] () -- C:\Users\PEP\Desktop\cube.exe
[2012/05/15 01:28:44 | 000,001,134 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/05/13 22:11:49 | 000,006,784 | ---- | M] () -- C:\Users\PEP\AppData\Local\recently-used.xbel
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Users\PEP\Desktop\*.tmp files -> C:\Users\PEP\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/10 02:15:53 | 000,000,340 | ---- | C] () -- C:\Users\PEP\Desktop\requested-files[2012-06-10_02_15].cab
[2012/06/10 02:14:46 | 000,264,875 | ---- | C] () -- C:\Users\PEP\Desktop\sfp.zip
[2012/06/06 23:06:20 | 000,001,226 | ---- | C] () -- C:\Users\PEP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2012/06/05 21:43:36 | 000,000,845 | ---- | C] () -- C:\Users\PEP\Desktop\eclipse.exe - Shortcut.lnk
[2012/06/03 07:35:44 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/06/03 07:35:44 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/06/03 07:35:44 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/06/03 07:35:44 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/06/03 07:35:44 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/06/02 21:21:40 | 000,003,303 | ---- | C] () -- C:\Users\PEP\Desktop\face.png
[2012/06/01 19:07:50 | 000,001,058 | ---- | C] () -- C:\Users\Public\Desktop\Unity.lnk
[2012/05/31 15:00:40 | 000,004,716 | ---- | C] () -- C:\Users\PEP\Desktop\Untitled.png
[2012/05/31 14:47:02 | 000,001,588 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CS5.lnk
[2012/05/31 14:46:42 | 000,001,107 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.lnk
[2012/05/31 14:46:27 | 000,001,200 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.lnk
[2012/05/31 14:44:55 | 000,001,291 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.lnk
[2012/05/31 14:44:48 | 000,001,523 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.lnk
[2012/05/31 14:44:20 | 000,000,997 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2012/05/18 14:43:46 | 003,145,782 | ---- | C] () -- C:\Users\PEP\Desktop\screenshot100.bmp
[2012/05/18 14:42:07 | 000,041,892 | ---- | C] () -- C:\Users\PEP\Desktop\_save786332.sav
[2012/05/18 01:13:47 | 006,209,857 | ---- | C] () -- C:\Users\PEP\Desktop\cube.exe
[2012/05/15 01:28:44 | 000,001,146 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/05/15 01:28:44 | 000,001,134 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/05/13 22:11:49 | 000,006,784 | ---- | C] () -- C:\Users\PEP\AppData\Local\recently-used.xbel
[2012/03/28 11:17:16 | 000,000,101 | ---- | C] () -- C:\Windows\TheMatrix.ini
[2012/03/25 14:26:58 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2012/03/20 15:36:37 | 000,004,696 | ---- | C] () -- C:\Windows\scad3.INI
[2012/03/09 00:31:26 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/03/09 00:31:26 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/03/05 15:16:52 | 000,000,000 | ---- | C] () -- C:\Windows\lmtools.INI
[2012/03/05 14:55:23 | 000,000,527 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2012/02/23 15:31:30 | 000,017,408 | ---- | C] () -- C:\Users\PEP\AppData\Local\WebpageIcons.db
[2012/01/31 07:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/01/13 15:29:45 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2012/01/13 00:03:49 | 000,000,576 | ---- | C] () -- C:\Users\PEP\AppData\Roaming\AutoGK.ini
[2011/10/25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011/09/12 18:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/05/18 16:36:37 | 000,000,033 | ---- | C] () -- C:\ProgramData\{081230F8-EA50-42A9-983C-D22ABC2EED3B}.ini
[2011/01/26 19:52:26 | 000,007,605 | ---- | C] () -- C:\Users\PEP\AppData\Local\Resmon.ResmonCfg
[2010/10/22 23:42:28 | 000,000,604 | -H-- | C] () -- C:\Program Files (x86)\STLL Notifier
[2010/10/22 23:27:11 | 000,000,482 | ---- | C] () -- C:\Windows\{17FE44E2-D21A-4F0C-BE49-798A8FBC374E}_WiseFW.ini
[2010/08/22 17:01:56 | 000,000,298 | ---- | C] () -- C:\Windows\vtmb.ini
[2010/07/02 21:08:09 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini

========== LOP Check ==========

[2011/12/24 10:03:43 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\.minecraft
[2009/12/25 07:21:55 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\Aim
[2011/11/12 08:50:07 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\Amvud
[2012/01/22 14:21:03 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\Audacity
[2012/06/10 02:29:33 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\Azureus
[2011/01/13 20:56:39 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\Bioshock2
[2012/01/01 18:03:47 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\Canneverbe Limited
[2012/05/23 21:22:48 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\DAEMON Tools Lite
[2011/06/21 21:21:19 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\Deckadance16
[2009/12/25 07:21:58 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\DeepBurner
[2011/05/13 04:41:19 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\Dev-Cpp
[2010/03/29 22:17:59 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\EMCO
[2011/01/16 19:46:53 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\Filter Forge 2
[2009/12/25 07:21:58 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\FreeImageConverter
[2009/12/25 07:21:58 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\Games
[2012/01/24 14:00:08 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\GetRightToGo
[2011/12/31 21:12:03 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\gtk-2.0
[2010/09/17 23:09:04 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\Helios
[2011/08/28 16:27:31 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\hte
[2011/06/21 22:18:16 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\Image-Line
[2012/01/12 21:35:32 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\ImgBurn
[2009/12/25 07:21:58 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\Leadertech
[2010/04/07 19:41:21 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\Lionhead Studios
[2012/01/13 15:30:07 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\MinMaxGames
[2012/06/01 18:26:15 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\MonoDevelop-Unity
[2012/06/04 03:03:49 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\MonoDevelop-Unity-2.8
[2009/12/25 07:22:24 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\Mount&Blade
[2010/04/13 00:33:38 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\Mount&Blade Warband
[2011/05/09 18:17:49 | 000,000,000 | -HSD | M] -- C:\Users\PEP\AppData\Roaming\ms-drivers
[2009/12/25 07:22:26 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\MuPAD
[2010/10/12 22:29:34 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\MusE
[2012/03/25 22:42:09 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\National Instruments
[2011/08/27 17:01:58 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\Notepad++
[2010/12/27 15:11:21 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\PACE Anti-Piracy
[2011/07/30 21:37:10 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\Picsoft
[2009/12/31 13:33:50 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\PlayFirst
[2011/03/20 21:26:07 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\PunkBuster
[2012/03/11 23:03:57 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\Rational
[2011/05/18 18:30:58 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\ScripterRon
[2010/01/25 19:39:46 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\ScummVM
[2011/06/21 21:21:19 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\SongManager
[2010/03/20 20:31:08 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\SprillRichiEng
[2011/08/08 21:38:45 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\stetic
[2011/02/22 00:22:08 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\System
[2011/11/06 19:15:27 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\SystemRequirementsLab
[2011/04/18 19:07:45 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\The Creative Assembly
[2009/12/25 07:22:27 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\Thinstall
[2010/05/28 22:27:48 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\Tropico 3
[2010/04/16 00:42:08 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\Ubisoft
[2012/06/01 19:16:10 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\Unity
[2011/11/11 17:02:23 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\Uppae
[2012/01/12 19:38:07 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\windows-dvd-maker
[2011/05/09 17:42:04 | 000,000,000 | -HSD | M] -- C:\Users\PEP\AppData\Roaming\wyUpdate AU
[2009/12/25 07:22:28 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\XRay Engine
[2012/05/29 08:14:55 | 000,032,648 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*. >
[2009/12/25 09:52:30 | 000,000,000 | ---D | M] -- C:\$INPLACE.~TR
[2012/06/05 21:22:33 | 000,000,000 | ---D | M] -- C:\$RECYCLE.BIN
[2009/12/25 07:29:37 | 000,000,000 | ---D | M] -- C:\$WINDOWS.~Q
[2012/05/05 08:28:35 | 000,000,000 | ---D | M] -- C:\a folder
[2011/09/18 20:48:08 | 000,000,000 | ---D | M] -- C:\altera
[2012/03/29 21:26:30 | 000,000,000 | ---D | M] -- C:\AMD
[2012/01/04 11:37:43 | 000,000,000 | ---D | M] -- C:\ANDROIDHW
[2011/10/29 11:28:38 | 000,000,000 | ---D | M] -- C:\ATI
[2012/05/21 01:44:18 | 000,000,000 | ---D | M] -- C:\BigFishGamesCache
[2011/04/13 03:24:04 | 000,000,000 | ---D | M] -- C:\Boot
[2010/10/28 20:41:30 | 000,000,000 | ---D | M] -- C:\CIMTEMP
[2012/06/06 21:11:14 | 000,000,000 | ---D | M] -- C:\Config.Msi
[2008/12/20 18:22:45 | 000,000,000 | ---D | M] -- C:\CPQSYSTEM
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2012/01/12 21:48:57 | 000,000,000 | ---D | M] -- C:\DVR216D
[2012/01/04 11:42:05 | 000,000,000 | ---D | M] -- C:\ECLIPSEHW
[2011/08/25 19:50:17 | 000,000,000 | ---D | M] -- C:\emu8086
[2011/05/09 22:51:50 | 000,000,000 | ---D | M] -- C:\goblin
[2011/09/18 16:26:05 | 000,000,000 | ---D | M] -- C:\holy
[2008/10/25 10:03:02 | 000,000,000 | ---D | M] -- C:\Intel
[2009/10/28 23:58:15 | 000,000,000 | R--D | M] -- C:\MSOCache
[2012/03/25 21:50:38 | 000,000,000 | ---D | M] -- C:\National Instruments Downloads
[2010/01/25 20:40:16 | 000,000,000 | ---D | M] -- C:\nite
[2009/07/13 23:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012/06/05 20:18:02 | 000,000,000 | R--D | M] -- C:\Program Files
[2012/06/06 21:10:50 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012/05/31 14:52:18 | 000,000,000 | ---D | M] -- C:\ProgramData
[2012/06/03 07:59:50 | 000,000,000 | ---D | M] -- C:\Qoobox
[2009/12/25 07:45:59 | 000,000,000 | ---D | M] -- C:\Recovery
[2012/06/05 21:44:54 | 000,000,000 | ---D | M] -- C:\SD
[2012/06/10 02:32:22 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2010/11/10 03:04:43 | 000,000,000 | ---D | M] -- C:\tasm
[2009/12/25 07:23:49 | 000,000,000 | R--D | M] -- C:\Users
[2012/06/03 07:59:45 | 000,000,000 | ---D | M] -- C:\Windows

< %PROGRAMFILES%\*.exe >

< %LOCALAPPDATA%\*.exe >

< %windir%\Installer\*.* >
[2009/10/16 08:09:28 | 002,518,016 | R--- | M] () -- C:\Windows\Installer\100f17a.msp
[2009/11/21 00:36:14 | 005,002,752 | R--- | M] () -- C:\Windows\Installer\100f191.msp
[2010/12/06 18:28:24 | 002,523,136 | ---- | M] () -- C:\Windows\Installer\104e6fa.msi
[2010/12/06 18:30:16 | 006,798,336 | ---- | M] () -- C:\Windows\Installer\104e919.msi
[2010/10/07 19:43:04 | 001,980,416 | R--- | M] () -- C:\Windows\Installer\11ca53e.msp
[2010/10/21 19:12:42 | 003,359,744 | R--- | M] () -- C:\Windows\Installer\11ca555.msp
[2010/09/17 07:04:16 | 009,401,856 | R--- | M] () -- C:\Windows\Installer\11ca56c.msp
[2011/01/11 17:53:56 | 001,763,328 | R--- | M] () -- C:\Windows\Installer\1239607.msp
[2011/02/16 13:54:08 | 004,992,000 | R--- | M] () -- C:\Windows\Installer\123961e.msp
[2011/01/07 20:05:12 | 004,583,936 | R--- | M] () -- C:\Windows\Installer\12d59b.msp
[2011/06/05 19:03:23 | 007,054,336 | ---- | M] () -- C:\Windows\Installer\1377e7d.msi
[2008/12/02 15:03:57 | 000,020,992 | ---- | M] () -- C:\Windows\Installer\13a246.msi
[2011/09/04 16:10:06 | 021,237,248 | ---- | M] () -- C:\Windows\Installer\14263f9.msi
[2010/03/19 09:19:04 | 000,155,136 | ---- | M] () -- C:\Windows\Installer\148745a.msi
[2010/09/22 15:16:52 | 007,013,888 | R--- | M] () -- C:\Windows\Installer\156772.msp
[2010/07/23 01:04:08 | 011,395,072 | R--- | M] () -- C:\Windows\Installer\1691e0c.msp
[2010/08/04 15:12:26 | 001,004,544 | R--- | M] () -- C:\Windows\Installer\1691e14.msp
[2010/08/19 17:57:46 | 003,395,584 | R--- | M] () -- C:\Windows\Installer\1691e2b.msp
[2010/08/04 15:13:04 | 000,686,080 | R--- | M] () -- C:\Windows\Installer\1691e42.msp
[2011/11/06 19:15:27 | 000,245,760 | ---- | M] () -- C:\Windows\Installer\1692595.msi
[2012/03/25 14:25:33 | 009,420,800 | ---- | M] () -- C:\Windows\Installer\174640c.msi
[2005/12/06 13:53:46 | 000,157,696 | ---- | M] () -- C:\Windows\Installer\1781cdd.msi
[2009/11/24 23:46:17 | 024,760,320 | ---- | M] () -- C:\Windows\Installer\17855e7.msi
[2007/10/22 17:09:10 | 017,566,720 | ---- | M] () -- C:\Windows\Installer\1838476.msi
[2010/03/29 18:09:47 | 001,484,288 | ---- | M] () -- C:\Windows\Installer\18426ad.msi
[2010/03/19 11:25:14 | 000,163,328 | ---- | M] () -- C:\Windows\Installer\1873b00.msi
[2010/03/18 23:09:05 | 000,695,296 | ---- | M] () -- C:\Windows\Installer\1873b0b.msi
[2011/10/04 21:39:07 | 000,377,344 | ---- | M] () -- C:\Windows\Installer\1873b11.msi
[2010/03/19 09:40:13 | 000,269,824 | ---- | M] () -- C:\Windows\Installer\1873b17.msi
[2010/03/19 15:46:10 | 008,565,760 | ---- | M] () -- C:\Windows\Installer\1873b3b.msi
[2011/10/04 21:50:27 | 000,548,352 | ---- | M] () -- C:\Windows\Installer\1873b42.msi
[2010/03/11 14:58:35 | 006,492,160 | ---- | M] () -- C:\Windows\Installer\1873b48.msi
[2010/03/19 11:00:19 | 000,250,880 | ---- | M] () -- C:\Windows\Installer\1873b50.msi
[2010/03/19 09:20:04 | 000,260,096 | ---- | M] () -- C:\Windows\Installer\1873b56.msi
[2010/03/19 09:27:40 | 000,135,680 | ---- | M] () -- C:\Windows\Installer\1873b5c.msi
[2011/10/04 21:51:30 | 004,121,600 | ---- | M] () -- C:\Windows\Installer\1873b62.msi
[2010/02/28 21:40:32 | 003,468,800 | ---- | M] () -- C:\Windows\Installer\1873b68.msi
[2010/02/28 21:40:29 | 003,590,144 | ---- | M] () -- C:\Windows\Installer\1873b6f.msi
[2010/02/28 21:40:32 | 010,955,264 | ---- | M] () -- C:\Windows\Installer\1873b75.msi
[2010/02/28 21:40:29 | 016,429,568 | ---- | M] () -- C:\Windows\Installer\1873b96.msi
[2010/03/11 14:57:44 | 001,490,944 | ---- | M] () -- C:\Windows\Installer\1873b9c.msi
[2010/03/11 14:57:45 | 005,067,776 | ---- | M] () -- C:\Windows\Installer\1873ba3.msi
[2010/03/11 14:57:47 | 002,853,376 | ---- | M] () -- C:\Windows\Installer\1873ba9.msi
[2010/04/20 17:48:32 | 000,168,960 | ---- | M] () -- C:\Windows\Installer\190d7d.msi
[2012/06/06 21:08:27 | 017,379,840 | ---- | M] () -- C:\Windows\Installer\19789a4.msi
[2012/06/06 21:10:26 | 000,461,312 | ---- | M] () -- C:\Windows\Installer\19789a8.msi
[2012/06/06 21:11:05 | 000,179,200 | ---- | M] () -- C:\Windows\Installer\19789b8.msi
[2009/12/25 05:34:09 | 000,603,136 | ---- | M] () -- C:\Windows\Installer\19fee2.msi
[2012/04/19 18:17:27 | 000,026,112 | ---- | M] () -- C:\Windows\Installer\1aa42f4.msi
[2011/11/04 13:36:13 | 009,433,088 | ---- | M] () -- C:\Windows\Installer\1aa42fd.msi
[2012/04/19 18:17:37 | 004,426,240 | R--- | M] () -- C:\Windows\Installer\1aa430c.msp
[2011/11/04 13:38:12 | 007,710,720 | ---- | M] () -- C:\Windows\Installer\1aa4311.msi
[2012/04/19 18:17:40 | 002,932,224 | R--- | M] () -- C:\Windows\Installer\1aa4325.msp
[2011/11/04 13:38:55 | 000,429,056 | ---- | M] () -- C:\Windows\Installer\1aa432a.msi
[2012/04/19 18:17:40 | 000,136,704 | R--- | M] () -- C:\Windows\Installer\1aa432f.msp
[2011/11/04 13:39:10 | 004,004,864 | ---- | M] () -- C:\Windows\Installer\1aa4334.msi
[2012/04/19 18:17:43 | 001,139,712 | R--- | M] () -- C:\Windows\Installer\1aa4340.msp
[2011/11/04 13:39:27 | 002,310,656 | ---- | M] () -- C:\Windows\Installer\1aa4345.msi
[2012/04/19 18:17:45 | 000,715,264 | R--- | M] () -- C:\Windows\Installer\1aa434d.msp
[2011/11/04 13:40:02 | 008,332,288 | ---- | M] () -- C:\Windows\Installer\1aa4355.msi
[2012/04/19 18:17:57 | 003,312,128 | R--- | M] () -- C:\Windows\Installer\1aa4371.msp
[2011/11/04 13:41:28 | 034,193,408 | ---- | M] () -- C:\Windows\Installer\1aa437d.msi
[2012/04/19 18:18:13 | 014,624,256 | R--- | M] () -- C:\Windows\Installer\1aa43a8.msp
[2011/11/04 13:42:57 | 011,846,656 | ---- | M] () -- C:\Windows\Installer\1aa43b0.msi
[2012/04/19 18:18:16 | 003,734,016 | R--- | M] () -- C:\Windows\Installer\1aa43b9.msp
[2011/11/04 13:43:19 | 000,067,072 | ---- | M] () -- C:\Windows\Installer\1aa43bf.msi
[2012/04/19 18:18:17 | 000,029,184 | R--- | M] () -- C:\Windows\Installer\1aa43c5.msp
[2011/11/04 13:43:32 | 001,492,992 | ---- | M] () -- C:\Windows\Installer\1aa43ca.msi
[2012/04/19 18:18:18 | 000,625,664 | R--- | M] () -- C:\Windows\Installer\1aa43d3.msp
[2011/11/04 13:43:47 | 001,070,592 | ---- | M] () -- C:\Windows\Installer\1aa43d8.msi
[2012/04/19 18:18:18 | 000,468,480 | R--- | M] () -- C:\Windows\Installer\1aa43e2.msp
[2011/11/04 13:44:11 | 004,250,112 | ---- | M] () -- C:\Windows\Installer\1aa43e8.msi
[2012/04/19 18:18:26 | 002,146,304 | R--- | M] () -- C:\Windows\Installer\1aa43f3.msp
[2011/11/04 13:44:28 | 000,153,600 | ---- | M] () -- C:\Windows\Installer\1aa43f9.msi
[2012/04/19 18:18:26 | 000,060,416 | R--- | M] () -- C:\Windows\Installer\1aa43fe.msp
[2012/06/05 20:14:39 | 000,471,040 | ---- | M] () -- C:\Windows\Installer\1ae0eea.msi
[2012/05/03 00:32:12 | 020,036,096 | ---- | M] () -- C:\Windows\Installer\1ae0ef1.msi
[2012/06/05 20:17:42 | 000,440,832 | ---- | M] () -- C:\Windows\Installer\1ae0ef5.msi
[2012/06/05 20:18:21 | 000,514,048 | ---- | M] () -- C:\Windows\Installer\1ae0ef9.msi
[2011/04/28 09:57:38 | 002,721,280 | R--- | M] () -- C:\Windows\Installer\1ae7bb9.msp
[2011/04/28 17:35:20 | 001,375,744 | R--- | M] () -- C:\Windows\Installer\1ae7bc1.msp
[2011/07/27 07:42:04 | 004,985,856 | R--- | M] () -- C:\Windows\Installer\1ae7bd7.msp
[2010/01/08 21:19:18 | 001,399,808 | ---- | M] () -- C:\Windows\Installer\1b7c415.msi
[2012/02/12 22:39:28 | 000,032,256 | ---- | M] () -- C:\Windows\Installer\1b92a2d.msi
[2009/08/10 14:09:46 | 017,254,912 | R--- | M] () -- C:\Windows\Installer\1be8b1.msp
[2009/07/12 03:35:00 | 002,736,640 | ---- | M] () -- C:\Windows\Installer\1bf8161.msi
[2010/07/04 14:53:29 | 001,222,656 | ---- | M] () -- C:\Windows\Installer\1c87c8.msi
[2008/12/13 10:02:26 | 000,802,816 | R--- | M] () -- C:\Windows\Installer\1cfb4c1.msp
[2011/04/28 05:42:32 | 004,990,976 | R--- | M] () -- C:\Windows\Installer\1d101f2.msp
[2011/04/29 12:27:04 | 004,158,464 | R--- | M] () -- C:\Windows\Installer\1d10218.msp
[2011/04/22 19:41:34 | 011,507,712 | R--- | M] () -- C:\Windows\Installer\1d10233.msp
[2010/09/17 06:06:50 | 003,355,648 | R--- | M] () -- C:\Windows\Installer\1d34d44.msp
[2010/07/16 08:41:36 | 001,732,608 | R--- | M] () -- C:\Windows\Installer\1d34d4c.msp
[2010/08/13 18:00:36 | 009,404,928 | R--- | M] () -- C:\Windows\Installer\1d34d63.msp
[2010/08/13 18:02:20 | 002,545,664 | R--- | M] () -- C:\Windows\Installer\1d34d7a.msp
[2010/08/13 17:59:46 | 008,182,272 | R--- | M] () -- C:\Windows\Installer\1d34d91.msp
[2010/08/13 18:01:28 | 008,993,280 | R--- | M] () -- C:\Windows\Installer\1d34da8.msp
[2009/10/28 23:59:06 | 002,397,184 | ---- | M] () -- C:\Windows\Installer\1d60616.msi
[2009/10/28 23:59:12 | 000,501,248 | ---- | M] () -- C:\Windows\Installer\1d6061c.msi
[2009/10/28 23:59:18 | 001,713,152 | ---- | M] () -- C:\Windows\Installer\1d60622.msi
[2009/10/28 23:59:24 | 002,022,912 | ---- | M] () -- C:\Windows\Installer\1d60628.msi
[2009/10/28 23:59:28 | 001,640,960 | ---- | M] () -- C:\Windows\Installer\1d6062e.msi
[2009/10/28 23:59:32 | 001,647,616 | ---- | M] () -- C:\Windows\Installer\1d60634.msi
[2009/10/28 23:59:36 | 000,501,248 | ---- | M] () -- C:\Windows\Installer\1d6063a.msi
[2009/10/28 23:59:40 | 002,319,872 | ---- | M] () -- C:\Windows\Installer\1d60640.msi
[2009/10/28 23:59:44 | 000,502,272 | ---- | M] () -- C:\Windows\Installer\1d60646.msi
[2009/10/28 23:59:47 | 000,501,248 | ---- | M] () -- C:\Windows\Installer\1d6064c.msi
[2009/10/28 23:59:52 | 000,513,024 | ---- | M] () -- C:\Windows\Installer\1d60652.msi
[2009/10/28 23:59:57 | 000,516,608 | ---- | M] () -- C:\Windows\Installer\1d60659.msi
[2009/10/29 00:00:03 | 000,506,880 | ---- | M] () -- C:\Windows\Installer\1d60660.msi
[2009/10/29 00:00:07 | 000,501,248 | ---- | M] () -- C:\Windows\Installer\1d60666.msi
[2009/10/29 00:00:11 | 001,652,736 | ---- | M] () -- C:\Windows\Installer\1d6066c.msi
[2009/10/29 00:00:15 | 001,652,736 | ---- | M] () -- C:\Windows\Installer\1d60672.msi
[2009/10/29 00:00:21 | 001,652,736 | ---- | M] () -- C:\Windows\Installer\1d60678.msi
[2009/10/29 00:00:25 | 000,501,248 | ---- | M] () -- C:\Windows\Installer\1d6067e.msi
[2009/10/29 00:00:29 | 001,640,960 | ---- | M] () -- C:\Windows\Installer\1d60684.msi
[2009/10/29 00:00:38 | 000,846,848 | ---- | M] () -- C:\Windows\Installer\1d6068b.msi
[2009/10/29 00:06:45 | 018,181,632 | ---- | M] () -- C:\Windows\Installer\1d60693.msi
[2011/10/17 14:26:31 | 001,437,184 | ---- | M] () -- C:\Windows\Installer\1e34bc9.msi
[2010/04/24 17:10:46 | 008,486,400 | R--- | M] () -- C:\Windows\Installer\1e79fd6.msp
[2010/04/24 17:07:04 | 010,118,144 | R--- | M] () -- C:\Windows\Installer\1e79fee.msp
[2010/05/18 23:35:24 | 005,023,744 | R--- | M] () -- C:\Windows\Installer\1e7a005.msp
[2010/04/24 17:05:14 | 004,199,424 | R--- | M] () -- C:\Windows\Installer\1e7a01c.msp
[2010/04/24 17:07:58 | 004,667,392 | R--- | M] () -- C:\Windows\Installer\1e7a042.msp
[2010/03/24 18:54:54 | 002,516,992 | R--- | M] () -- C:\Windows\Installer\1e7a06c.msp
[2010/03/24 18:54:48 | 003,126,272 | R--- | M] () -- C:\Windows\Installer\1e7a06d.msp
[2010/04/24 17:08:48 | 009,129,984 | R--- | M] () -- C:\Windows\Installer\1e7a085.msp
[2010/04/24 17:09:46 | 011,750,912 | R--- | M] () -- C:\Windows\Installer\1e7a09c.msp
[2009/07/12 12:16:26 | 000,223,232 | ---- | M] () -- C:\Windows\Installer\1ea4ac4.msi
[2009/04/03 19:55:22 | 021,390,848 | R--- | M] () -- C:\Windows\Installer\1f0b76f.msp
[2009/04/03 19:55:36 | 009,926,144 | R--- | M] () -- C:\Windows\Installer\1f0b7a2.msp
[2009/04/03 19:55:48 | 001,282,560 | R--- | M] () -- C:\Windows\Installer\1f0b7aa.msp
[2009/04/03 19:55:42 | 007,888,384 | R--- | M] () -- C:\Windows\Installer\1f0b7b4.msp
[2009/04/03 19:55:10 | 007,999,488 | R--- | M] () -- C:\Windows\Installer\1f0b7c3.msp
[2009/04/03 19:55:30 | 015,190,016 | R--- | M] () -- C:\Windows\Installer\1f0b7ca.msp
[2009/04/03 19:55:04 | 343,058,432 | R--- | M] () -- C:\Windows\Installer\1f0b917.msp
[2010/03/11 23:59:18 | 005,031,424 | R--- | M] () -- C:\Windows\Installer\1fb5965.msp
[2010/02/21 01:02:24 | 004,195,840 | R--- | M] () -- C:\Windows\Installer\1fb597c.msp
[2010/02/21 01:03:34 | 004,472,832 | R--- | M] () -- C:\Windows\Installer\1fb5999.msp
[2010/03/22 16:03:14 | 011,732,992 | R--- | M] () -- C:\Windows\Installer\1fb59b0.msp
[2011/03/22 21:31:40 | 007,671,808 | ---- | M] () -- C:\Windows\Installer\206579.msi
[2009/12/03 15:15:12 | 005,004,288 | R--- | M] () -- C:\Windows\Installer\208c966.msp
[2010/12/21 14:06:38 | 011,570,688 | R--- | M] () -- C:\Windows\Installer\210608c.msp
[2010/12/17 01:17:02 | 003,362,304 | R--- | M] () -- C:\Windows\Installer\21060a3.msp
[2012/03/22 12:02:44 | 006,859,264 | ---- | M] () -- C:\Windows\Installer\211ee9f.msi
[2012/01/26 23:25:54 | 028,719,616 | ---- | M] () -- C:\Windows\Installer\211eee6.msi
[2006/12/02 07:09:06 | 002,818,048 | ---- | M] () -- C:\Windows\Installer\211eeec.msi
[2010/02/04 01:59:48 | 005,031,936 | R--- | M] () -- C:\Windows\Installer\2171055.msp
[2010/02/21 02:00:02 | 008,480,768 | R--- | M] () -- C:\Windows\Installer\217106c.msp
[2010/02/04 18:24:30 | 009,122,304 | R--- | M] () -- C:\Windows\Installer\2171083.msp
[2009/11/21 00:46:06 | 011,524,608 | R--- | M] () -- C:\Windows\Installer\217109a.msp
[2010/01/14 22:26:08 | 005,027,840 | R--- | M] () -- C:\Windows\Installer\21a20c9.msp
[2010/04/09 15:21:24 | 005,025,792 | R--- | M] () -- C:\Windows\Installer\21b4aa6.msp
[2009/10/16 07:08:48 | 002,237,952 | R--- | M] () -- C:\Windows\Installer\21b4abd.msp
[2011/05/30 23:45:52 | 000,041,984 | ---- | M] () -- C:\Windows\Installer\224a66c.msi
[2011/08/09 18:20:45 | 020,333,056 | R--- | M] () -- C:\Windows\Installer\224a673.msp
[2009/11/11 00:53:08 | 000,868,352 | ---- | M] () -- C:\Windows\Installer\2699129.msi
[2009/08/18 13:57:54 | 009,122,304 | R--- | M] () -- C:\Windows\Installer\27adf68.msp
[2009/08/18 13:58:56 | 008,301,056 | R--- | M] () -- C:\Windows\Installer\27adf7f.msp
[2009/08/18 14:19:26 | 010,098,688 | R--- | M] () -- C:\Windows\Installer\27adf97.msp
[2009/10/16 08:03:20 | 005,003,776 | R--- | M] () -- C:\Windows\Installer\27adfae.msp
[2011/11/10 21:46:06 | 000,998,400 | ---- | M] () -- C:\Windows\Installer\27b1d35.msi
[2009/04/24 13:29:02 | 009,013,760 | R--- | M] () -- C:\Windows\Installer\288b1c6.msp
[2009/08/18 13:50:38 | 012,022,272 | R--- | M] () -- C:\Windows\Installer\288b202.msp
[2009/11/06 04:01:32 | 000,259,072 | ---- | M] () -- C:\Windows\Installer\288b209.msi
[2009/11/06 04:01:44 | 000,248,832 | ---- | M] () -- C:\Windows\Installer\288b20f.msi
[2009/04/14 05:50:22 | 005,191,680 | R--- | M] () -- C:\Windows\Installer\288b217.msp
[2009/08/18 14:08:34 | 001,373,696 | R--- | M] () -- C:\Windows\Installer\288b22e.msp
[2009/05/26 19:53:56 | 000,579,072 | R--- | M] () -- C:\Windows\Installer\288b244.msp
[2009/09/18 10:30:44 | 005,016,576 | R--- | M] () -- C:\Windows\Installer\288b25b.msp
[2009/04/14 04:20:06 | 009,573,376 | R--- | M] () -- C:\Windows\Installer\288b264.msp
[2009/07/27 05:31:24 | 003,738,624 | R--- | M] () -- C:\Windows\Installer\288b27b.msp
[2009/04/24 13:28:00 | 004,450,816 | R--- | M] () -- C:\Windows\Installer\288b294.msp
[2009/08/05 08:49:32 | 003,457,024 | R--- | M] () -- C:\Windows\Installer\288b2ad.msp
[2009/02/25 20:08:18 | 008,311,808 | R--- | M] () -- C:\Windows\Installer\288b2c3.msp
[2009/04/24 13:30:16 | 002,583,552 | R--- | M] () -- C:\Windows\Installer\288b2dc.msp
[2009/04/14 05:51:24 | 001,303,040 | R--- | M] () -- C:\Windows\Installer\288b2e5.msp
[2009/05/04 08:47:22 | 009,124,864 | R--- | M] () -- C:\Windows\Installer\288b2fd.msp
[2009/05/26 19:54:44 | 004,192,768 | R--- | M] () -- C:\Windows\Installer\288b319.msp
[2009/05/04 08:46:14 | 008,299,008 | R--- | M] () -- C:\Windows\Installer\288b331.msp
[2009/04/14 05:18:14 | 009,684,480 | R--- | M] () -- C:\Windows\Installer\288b33a.msp
[2009/04/14 05:49:26 | 001,922,560 | R--- | M] () -- C:\Windows\Installer\288b342.msp
[2011/07/27 07:39:50 | 009,892,352 | R--- | M] () -- C:\Windows\Installer\28b04a4.msp
[2011/07/27 07:37:28 | 011,592,192 | R--- | M] () -- C:\Windows\Installer\28b04c2.msp
[2011/09/06 21:48:02 | 008,181,248 | R--- | M] () -- C:\Windows\Installer\28b04d9.msp
[2011/08/10 17:42:04 | 007,070,208 | R--- | M] () -- C:\Windows\Installer\28b04f0.msp
[2011/08/24 06:37:22 | 004,985,856 | R--- | M] () -- C:\Windows\Installer\28b0507.msp
[2011/06/21 11:59:26 | 001,764,352 | R--- | M] () -- C:\Windows\Installer\28b051f.msp
[2011/09/06 21:46:22 | 009,006,080 | R--- | M] () -- C:\Windows\Installer\28b0536.msp
[2011/08/10 17:43:30 | 003,795,968 | R--- | M] () -- C:\Windows\Installer\28b054d.msp
[2007/11/07 08:12:28 | 000,232,960 | ---- | M] () -- C:\Windows\Installer\28b0a2c.msi
[2008/08/08 15:11:02 | 000,232,960 | ---- | M] () -- C:\Windows\Installer\29c035c.msi
[2012/04/26 10:56:06 | 000,630,272 | ---- | M] () -- C:\Windows\Installer\29d85fc.msi
[2012/04/26 11:02:22 | 008,302,080 | ---- | M] () -- C:\Windows\Installer\29d8603.msi
[2012/03/30 05:38:34 | 000,507,904 | ---- | M] () -- C:\Windows\Installer\29d880b.msi
[2012/04/26 10:58:16 | 001,891,328 | ---- | M] () -- C:\Windows\Installer\29d8811.msi
[2012/04/26 10:53:34 | 000,811,520 | ---- | M] () -- C:\Windows\Installer\29d8817.msi
[2012/04/26 10:53:42 | 000,782,336 | ---- | M] () -- C:\Windows\Installer\29d881d.msi
[2012/04/26 10:53:46 | 000,808,960 | ---- | M] () -- C:\Windows\Installer\29d8823.msi
[2012/04/26 10:53:54 | 000,927,744 | ---- | M] () -- C:\Windows\Installer\29d8829.msi
[2012/04/26 10:54:00 | 000,770,048 | ---- | M] () -- C:\Windows\Installer\29d882f.msi
[2012/04/26 10:54:06 | 000,792,064 | ---- | M] () -- C:\Windows\Installer\29d8835.msi
[2012/04/26 10:54:12 | 000,778,752 | ---- | M] () -- C:\Windows\Installer\29d883b.msi
[2012/04/26 10:54:18 | 000,800,256 | ---- | M] () -- C:\Windows\Installer\29d8841.msi
[2012/04/26 10:54:24 | 000,814,592 | ---- | M] () -- C:\Windows\Installer\29d8847.msi
[2012/04/26 10:54:30 | 000,786,432 | ---- | M] () -- C:\Windows\Installer\29d884d.msi
[2012/04/26 10:54:36 | 000,843,776 | ---- | M] () -- C:\Windows\Installer\29d8853.msi
[2012/04/26 10:54:42 | 000,823,808 | ---- | M] () -- C:\Windows\Installer\29d8859.msi
[2012/04/26 10:54:48 | 000,778,752 | ---- | M] () -- C:\Windows\Installer\29d885f.msi
[2012/04/26 10:54:54 | 000,773,120 | ---- | M] () -- C:\Windows\Installer\29d8865.msi
[2012/04/26 10:55:00 | 000,808,448 | ---- | M] () -- C:\Windows\Installer\29d886b.msi
[2012/04/26 10:55:06 | 000,790,016 | ---- | M] () -- C:\Windows\Installer\29d8871.msi
[2012/04/26 10:55:14 | 000,906,752 | ---- | M] () -- C:\Windows\Installer\29d8877.msi
[2012/04/26 10:55:22 | 000,775,680 | ---- | M] () -- C:\Windows\Installer\29d887d.msi
[2012/04/26 10:55:28 | 000,880,640 | ---- | M] () -- C:\Windows\Installer\29d8883.msi
[2012/04/26 10:55:36 | 000,796,160 | ---- | M] () -- C:\Windows\Installer\29d8889.msi
[2012/04/26 10:55:42 | 000,786,432 | ---- | M] () -- C:\Windows\Installer\29d888f.msi
[2012/04/26 10:55:48 | 000,803,328 | ---- | M] () -- C:\Windows\Installer\29d8895.msi
[2012/04/26 10:56:00 | 000,984,576 | ---- | M] () -- C:\Windows\Installer\29d889b.msi
[2012/04/26 10:56:34 | 000,397,312 | ---- | M] () -- C:\Windows\Installer\29d88a1.msi
[2012/04/26 10:52:06 | 014,508,032 | ---- | M] () -- C:\Windows\Installer\29d88a8.msi
[2012/04/26 11:02:30 | 001,793,024 | ---- | M] () -- C:\Windows\Installer\29d88b8.msi
[2012/04/26 11:03:24 | 016,913,920 | ---- | M] () -- C:\Windows\Installer\29d88cf.msi
[2010/10/08 23:07:04 | 011,559,424 | R--- | M] () -- C:\Windows\Installer\29fc3b8.msp
[2010/07/23 02:03:24 | 000,338,432 | R--- | M] () -- C:\Windows\Installer\29fc3cf.msp
[2010/11/21 00:35:20 | 003,359,744 | R--- | M] () -- C:\Windows\Installer\29fc3e6.msp
[2010/10/21 19:10:00 | 003,995,136 | R--- | M] () -- C:\Windows\Installer\29fc401.msp
[2011/04/23 21:41:44 | 285,707,264 | R--- | M] () -- C:\Windows\Installer\2adcfb2.msp
[2011/04/27 08:36:42 | 014,359,552 | R--- | M] () -- C:\Windows\Installer\2add1b9.msp
[2008/11/19 22:53:37 | 000,354,304 | ---- | M] () -- C:\Windows\Installer\2b55b8.msi
[2009/01/01 12:50:15 | 001,174,528 | ---- | M] () -- C:\Windows\Installer\2b822d.msi
[2008/12/29 02:00:14 | 001,100,288 | ---- | M] () -- C:\Windows\Installer\2ba1af.msi
[2009/11/13 20:49:18 | 001,619,968 | ---- | M] () -- C:\Windows\Installer\2d60679.msi
[2008/11/12 22:53:41 | 019,210,240 | R--- | M] () -- C:\Windows\Installer\2d96cd.msp
[2011/06/30 21:44:57 | 000,272,896 | ---- | M] () -- C:\Windows\Installer\2e1ee29.msi
[2010/07/14 11:21:34 | 001,530,880 | ---- | M] () -- C:\Windows\Installer\2f1ea.msi
[2009/09/12 02:35:50 | 021,596,672 | ---- | M] () -- C:\Windows\Installer\2fe9570.msi
[2009/04/14 04:22:08 | 019,840,000 | R--- | M] () -- C:\Windows\Installer\2fef74f.msp
[2009/04/14 05:56:18 | 020,498,944 | R--- | M] () -- C:\Windows\Installer\2fef758.msp
[2009/05/07 10:04:06 | 018,341,376 | R--- | M] () -- C:\Windows\Installer\2fef761.msp
[2009/04/14 04:46:12 | 015,438,848 | R--- | M] () -- C:\Windows\Installer\2fef76a.msp
[2009/04/14 05:21:34 | 015,303,168 | R--- | M] () -- C:\Windows\Installer\2fef773.msp
[2009/12/18 00:12:34 | 000,942,592 | ---- | M] () -- C:\Windows\Installer\30eccd4.msi
[2009/12/18 00:12:16 | 003,705,856 | ---- | M] () -- C:\Windows\Installer\30eccda.msi
[2009/12/18 00:12:32 | 003,328,512 | ---- | M] () -- C:\Windows\Installer\30ecce0.msi
[2009/12/18 00:12:16 | 000,664,576 | ---- | M] () -- C:\Windows\Installer\30ecce6.msi
[2009/12/18 00:12:32 | 000,673,280 | ---- | M] () -- C:\Windows\Installer\30eccf1.msi
[2009/12/18 00:12:32 | 021,783,552 | ---- | M] () -- C:\Windows\Installer\30eccf9.msi
[2009/12/18 00:11:58 | 001,066,496 | ---- | M] () -- C:\Windows\Installer\30eccff.msi
[2009/12/18 00:12:34 | 000,746,496 | ---- | M] () -- C:\Windows\Installer\30ecd05.msi
[2009/12/18 00:12:24 | 000,806,912 | ---- | M] () -- C:\Windows\Installer\30ecd0b.msi
[2009/12/18 00:11:56 | 000,814,592 | ---- | M] () -- C:\Windows\Installer\30ecd11.msi
[2009/12/18 00:12:06 | 000,733,696 | ---- | M] () -- C:\Windows\Installer\30ecd17.msi
[2009/12/18 00:12:28 | 000,940,544 | ---- | M] () -- C:\Windows\Installer\30ecd24.msi
[2009/12/18 00:12:30 | 000,686,592 | ---- | M] () -- C:\Windows\Installer\30ecd2a.msi
[2009/12/18 00:12:28 | 000,734,720 | ---- | M] () -- C:\Windows\Installer\30ecd30.msi
[2009/12/18 00:12:26 | 001,062,912 | ---- | M] () -- C:\Windows\Installer\30ecd36.msi
[2009/12/18 00:12:02 | 001,154,048 | ---- | M] () -- C:\Windows\Installer\30ecd3c.msi
[2009/12/18 00:12:24 | 000,733,696 | ---- | M] () -- C:\Windows\Installer\30ecd42.msi
[2009/12/18 00:12:34 | 000,588,800 | ---- | M] () -- C:\Windows\Installer\30ecd48.msi
[2009/12/18 00:12:24 | 000,889,856 | ---- | M] () -- C:\Windows\Installer\30ecd50.msi
[2009/12/18 00:11:58 | 000,573,440 | ---- | M] () -- C:\Windows\Installer\30ecd56.msi
[2009/12/18 00:12:30 | 000,735,232 | ---- | M] () -- C:\Windows\Installer\30ecd5c.msi
[2009/12/18 00:12:10 | 000,732,672 | ---- | M] () -- C:\Windows\Installer\30ecd62.msi
[2009/12/18 00:12:28 | 000,737,280 | ---- | M] () -- C:\Windows\Installer\30ecd68.msi
[2009/12/18 00:12:30 | 000,688,128 | ---- | M] () -- C:\Windows\Installer\30ecd6e.msi
[2009/12/18 00:12:32 | 000,688,640 | ---- | M] () -- C:\Windows\Installer\30ecd74.msi
[2009/12/18 00:12:18 | 000,697,344 | ---- | M] () -- C:\Windows\Installer\30ecd7a.msi
[2009/12/18 00:12:30 | 000,687,104 | ---- | M] () -- C:\Windows\Installer\30ecd80.msi
[2009/12/18 00:12:34 | 000,671,232 | ---- | M] () -- C:\Windows\Installer\30ecd86.msi
[2009/12/18 00:12:22 | 000,671,232 | ---- | M] () -- C:\Windows\Installer\30ecd8c.msi
[2009/12/18 00:12:28 | 000,735,744 | ---- | M] () -- C:\Windows\Installer\30ecd94.msi
[2009/12/18 00:12:22 | 031,014,912 | ---- | M] () -- C:\Windows\Installer\30ecda7.msi
[2009/12/18 00:12:22 | 001,084,928 | ---- | M] () -- C:\Windows\Installer\30ecdad.msi
[2009/12/18 00:12:22 | 000,872,448 | ---- | M] () -- C:\Windows\Installer\30ecdb3.msi
[2009/12/18 00:12:26 | 010,805,760 | ---- | M] () -- C:\Windows\Installer\30ecdbc.msi
[2009/12/18 00:12:00 | 004,123,136 | ---- | M] () -- C:\Windows\Installer\30ecdc5.msi
[2009/12/18 00:12:30 | 030,598,144 | ---- | M] () -- C:\Windows\Installer\30ecdd1.msi
[2009/12/18 00:12:26 | 000,714,752 | ---- | M] () -- C:\Windows\Installer\30ecdd7.msi
[2009/12/18 00:12:26 | 001,307,136 | ---- | M] () -- C:\Windows\Installer\30ecddd.msi
[2009/12/18 00:12:04 | 000,712,704 | ---- | M] () -- C:\Windows\Installer\30ecde3.msi
[2009/12/18 00:12:24 | 013,020,160 | ---- | M] () -- C:\Windows\Installer\30ecded.msi
[2009/12/18 00:12:26 | 000,808,960 | ---- | M] () -- C:\Windows\Installer\30ecdf3.msi
[2009/12/18 00:12:32 | 000,737,792 | ---- | M] () -- C:\Windows\Installer\30ecdf9.msi
[2009/12/18 00:12:12 | 000,733,184 | ---- | M] () -- C:\Windows\Installer\30ecdff.msi
[2011/09/21 16:18:24 | 004,985,856 | R--- | M] () -- C:\Windows\Installer\3176607.msp
[2011/07/11 17:33:14 | 023,254,016 | R--- | M] () -- C:\Windows\Installer\317661a.msp
[2011/10/14 03:07:55 | 020,333,568 | R--- | M] () -- C:\Windows\Installer\3176625.msp
[2011/04/16 00:14:54 | 003,186,176 | ---- | M] () -- C:\Windows\Installer\32c9689.msi
[2011/04/16 08:44:26 | 002,770,944 | ---- | M] () -- C:\Windows\Installer\32c969c.msi
[2011/04/29 12:33:30 | 008,173,568 | R--- | M] () -- C:\Windows\Installer\32c96e4.msp
[2011/04/19 04:21:02 | 000,235,520 | ---- | M] () -- C:\Windows\Installer\32c9762.msi
[2011/04/19 04:54:14 | 000,227,328 | ---- | M] () -- C:\Windows\Installer\32c9769.msi
[2011/04/29 12:28:40 | 001,995,264 | R--- | M] () -- C:\Windows\Installer\32c977f.msp
[2011/04/29 12:31:46 | 009,006,080 | R--- | M] () -- C:\Windows\Installer\32c9796.msp
[2011/03/17 20:03:50 | 000,308,736 | R--- | M] () -- C:\Windows\Installer\32c97ac.msp
[2006/05/11 13:52:32 | 005,148,016 | ---- | M] () -- C:\Windows\Installer\32e7839.msi
[2010/08/25 10:16:08 | 001,061,376 | ---- | M] () -- C:\Windows\Installer\363ae7.msi
[2008/11/14 10:15:51 | 014,939,136 | R--- | M] () -- C:\Windows\Installer\383da21.msp
[2011/03/25 09:16:38 | 005,135,872 | R--- | M] () -- C:\Windows\Installer\38e1270.msp
[2011/04/13 11:48:16 | 035,326,464 | R--- | M] () -- C:\Windows\Installer\38e1286.msp
[2010/07/10 20:06:20 | 010,120,192 | R--- | M] () -- C:\Windows\Installer\3b4f11b.msp
[2010/07/10 20:14:14 | 002,850,816 | R--- | M] () -- C:\Windows\Installer\3b4f132.msp
[2010/07/26 16:00:00 | 005,010,944 | R--- | M] () -- C:\Windows\Installer\3b4f149.msp
[2010/09/01 04:00:00 | 005,314,048 | ---- | M] () -- C:\Windows\Installer\49d8f6.msi
[2010/04/15 14:44:22 | 022,104,064 | ---- | M] () -- C:\Windows\Installer\49d905.msi
[2010/05/14 12:23:28 | 005,448,704 | ---- | M] () -- C:\Windows\Installer\49d966.msi
[2009/07/14 05:29:38 | 005,922,304 | ---- | M] () -- C:\Windows\Installer\4a8c5.msi
[2009/07/14 05:29:38 | 019,210,240 | R--- | M] () -- C:\Windows\Installer\4a927.msp
[2011/02/11 08:59:10 | 023,633,408 | R--- | M] () -- C:\Windows\Installer\597f7f.msp
[2011/02/24 15:15:46 | 011,551,232 | R--- | M] () -- C:\Windows\Installer\597f9b.msp
[2010/11/20 23:33:46 | 001,980,928 | R--- | M] () -- C:\Windows\Installer\597fb2.msp
[2011/01/11 17:50:38 | 008,177,152 | R--- | M] () -- C:\Windows\Installer\597fc9.msp
[2011/03/17 20:01:58 | 009,563,648 | R--- | M] () -- C:\Windows\Installer\597fe0.msp
[2010/11/20 23:32:52 | 004,165,120 | R--- | M] () -- C:\Windows\Installer\598007.msp
[2011/03/17 20:00:20 | 000,090,624 | R--- | M] () -- C:\Windows\Installer\59800f.msp
[2011/01/11 17:49:20 | 009,003,008 | R--- | M] () -- C:\Windows\Installer\598026.msp
[2011/03/17 20:05:24 | 004,989,440 | R--- | M] () -- C:\Windows\Installer\59803d.msp
[2009/07/12 09:43:18 | 000,231,936 | ---- | M] () -- C:\Windows\Installer\5a7e7.msi
[2011/08/12 06:52:04 | 004,643,840 | ---- | M] () -- C:\Windows\Installer\64a7b.msi
[2008/08/08 15:46:10 | 000,242,176 | ---- | M] () -- C:\Windows\Installer\68d658.msi
[2008/08/11 16:41:00 | 001,305,600 | ---- | M] () -- C:\Windows\Installer\72b7070.msi
[2008/11/09 20:20:28 | 003,443,712 | ---- | M] () -- C:\Windows\Installer\7917ee.msi
[2008/11/09 20:21:10 | 001,620,992 | ---- | M] () -- C:\Windows\Installer\7a2082.msi
[2010/04/07 12:42:30 | 002,211,328 | ---- | M] () -- C:\Windows\Installer\7aba8f.msi
[2010/04/07 12:42:30 | 001,997,312 | ---- | M] () -- C:\Windows\Installer\7aba95.msi
[2010/04/07 12:42:30 | 000,725,504 | ---- | M] () -- C:\Windows\Installer\7aba9b.msi
[2010/04/07 12:42:30 | 003,670,016 | ---- | M] () -- C:\Windows\Installer\7abaa1.msi
[2010/04/07 12:42:30 | 000,606,208 | ---- | M] () -- C:\Windows\Installer\7abaa7.msi
[2010/04/07 12:42:32 | 012,719,104 | ---- | M] () -- C:\Windows\Installer\7abaad.msi
[2012/05/31 14:44:19 | 000,023,040 | ---- | M] () -- C:\Windows\Installer\7abab3.msi
[2012/05/31 14:45:39 | 000,022,528 | ---- | M] () -- C:\Windows\Installer\7abab9.msi
[2010/04/07 12:42:22 | 002,258,944 | ---- | M] () -- C:\Windows\Installer\7ababf.msi
[2012/03/23 17:30:23 | 000,025,600 | ---- | M] () -- C:\Windows\Installer\80043d.msi
[2003/02/04 16:14:56 | 001,684,480 | ---- | M] () -- C:\Windows\Installer\82b86d.msi
[2003/02/04 16:14:53 | 000,808,960 | ---- | M] () -- C:\Windows\Installer\82b873.msi
[2009/03/20 11:53:36 | 000,183,808 | R--- | M] () -- C:\Windows\Installer\87999b.msp
[2012/01/04 03:05:25 | 003,979,776 | ---- | M] () -- C:\Windows\Installer\8aeffa.msi
[2012/03/27 11:47:55 | 004,959,232 | R--- | M] () -- C:\Windows\Installer\8c4292.msp
[2009/04/29 16:56:26 | 341,439,488 | ---- | M] () -- C:\Windows\Installer\8c5353.msi
[2009/07/22 01:23:56 | 000,199,680 | ---- | M] () -- C:\Windows\Installer\8cc46e.msi
[2011/11/04 13:37:18 | 008,822,784 | ---- | M] () -- C:\Windows\Installer\8e9f21.msi
[2011/11/04 13:37:31 | 002,081,792 | ---- | M] () -- C:\Windows\Installer\8e9f25.msi
[2011/11/04 13:37:54 | 004,425,728 | R--- | M] () -- C:\Windows\Installer\8e9f3c.msp
[2011/11/04 13:38:27 | 002,933,248 | R--- | M] () -- C:\Windows\Installer\8e9f54.msp
[2011/11/04 13:38:35 | 004,680,704 | ---- | M] () -- C:\Windows\Installer\8e9f58.msi
[2011/11/04 13:38:44 | 002,343,936 | ---- | M] () -- C:\Windows\Installer\8e9f5c.msi
[2011/11/04 13:38:49 | 000,147,968 | ---- | M] () -- C:\Windows\Installer\8e9f60.msi
[2011/11/04 13:38:59 | 000,136,704 | R--- | M] () -- C:\Windows\Installer\8e9f69.msp
[2011/11/04 13:39:18 | 001,139,200 | R--- | M] () -- C:\Windows\Installer\8e9f79.msp
[2011/11/04 13:39:33 | 000,715,264 | R--- | M] () -- C:\Windows\Installer\8e9f85.msp
[2011/11/04 13:40:18 | 003,313,152 | R--- | M] () -- C:\Windows\Installer\8e9fa5.msp
[2011/11/04 13:40:28 | 001,819,136 | ---- | M] () -- C:\Windows\Installer\8e9faa.msi
[2011/11/04 13:42:32 | 014,623,744 | R--- | M] () -- C:\Windows\Installer\8e9fda.msp
[2011/11/04 13:43:13 | 003,731,968 | R--- | M] () -- C:\Windows\Installer\8e9fe8.msp
[2011/11/04 13:43:23 | 000,029,184 | R--- | M] () -- C:\Windows\Installer\8e9ff3.msp
[2011/11/04 13:43:39 | 000,626,688 | R--- | M] () -- C:\Windows\Installer\8ea000.msp
[2011/11/04 13:43:53 | 000,468,480 | R--- | M] () -- C:\Windows\Installer\8ea00e.msp
[2011/11/04 13:44:22 | 002,146,816 | R--- | M] () -- C:\Windows\Installer\8ea01e.msp
[2011/11/04 13:44:32 | 000,060,416 | R--- | M] () -- C:\Windows\Installer\8ea028.msp
[2010/09/17 23:08:30 | 002,618,368 | ---- | M] () -- C:\Windows\Installer\947351.msi
[2010/05/20 19:58:28 | 012,114,432 | R--- | M] () -- C:\Windows\Installer\ae6816.msp
[2010/06/11 11:03:22 | 005,021,184 | R--- | M] () -- C:\Windows\Installer\ae682d.msp
[2010/05/20 19:57:12 | 005,907,456 | R--- | M] () -- C:\Windows\Installer\ae684d.msp
[2010/05/20 19:57:18 | 004,989,952 | R--- | M] () -- C:\Windows\Installer\ae684e.msp
[2011/01/25 18:43:44 | 378,156,544 | ---- | M] () -- C:\Windows\Installer\b51d82.msp
[2011/01/25 18:09:23 | 000,003,584 | ---- | M] () -- C:\Windows\Installer\b51d83.mst
[2009/09/29 02:11:07 | 001,850,368 | ---- | M] () -- C:\Windows\Installer\b537bb.msi
[2010/02/24 23:47:16 | 000,224,768 | ---- | M] () -- C:\Windows\Installer\b537c2.msi
[2010/03/18 17:41:24 | 001,901,056 | ---- | M] () -- C:\Windows\Installer\b537c8.msi
[2010/03/18 20:29:04 | 000,872,448 | ---- | M] () -- C:\Windows\Installer\b537ce.msi
[2011/06/21 12:01:14 | 004,991,488 | R--- | M] () -- C:\Windows\Installer\b9c3b5.msp
[2010/03/19 19:58:20 | 000,551,424 | ---- | M] () -- C:\Windows\Installer\ba87ed.msi
[2010/03/18 22:39:40 | 000,176,640 | ---- | M] () -- C:\Windows\Installer\ba87f3.msi
[2010/03/11 16:58:26 | 003,164,160 | ---- | M] () -- C:\Windows\Installer\ba880b.msi
[2010/02/24 23:46:00 | 003,653,120 | ---- | M] () -- C:\Windows\Installer\ba8816.msi
[2010/09/24 00:02:36 | 000,517,120 | ---- | M] () -- C:\Windows\Installer\ba881c.msi
[2004/10/14 19:07:15 | 008,087,040 | ---- | M] () -- C:\Windows\Installer\d59579.msi
[2010/08/22 17:09:44 | 010,036,736 | ---- | M] () -- C:\Windows\Installer\d5958d.msi
[2010/03/16 13:37:54 | 014,171,136 | ---- | M] () -- C:\Windows\Installer\ff9a93.msi
[2010/03/25 16:03:30 | 002,097,664 | ---- | M] () -- C:\Windows\Installer\ff9adb.msi
[2010/03/25 15:59:38 | 026,932,224 | ---- | M] () -- C:\Windows\Installer\ff9d8a.msi
[2010/03/26 01:48:24 | 058,121,216 | ---- | M] () -- C:\Windows\Installer\ff9d8e.msi
[2010/04/10 13:00:32 | 000,000,000 | ---- | M] () -- C:\Windows\Installer\wix{CA4AF936-3312-4AF4-A191-527531490DCD}.SchedServiceConfig.rmi

< %windir%\system32\tasks\*.* /64 >
[2012/03/23 17:30:30 | 000,003,636 | ---- | M] () -- C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore
[2012/03/23 17:30:31 | 000,003,888 | ---- | M] () -- C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA
[2010/07/23 22:01:01 | 000,003,246 | ---- | M] () -- C:\Windows\SysNative\tasks\SidebarExecute
[2011/09/18 20:28:48 | 000,002,894 | ---- | M] () -- C:\Windows\SysNative\tasks\{104E2012-6B9D-4573-8F08-6810D7E45666}
[2011/09/18 20:30:05 | 000,002,894 | ---- | M] () -- C:\Windows\SysNative\tasks\{1E05F877-732F-4326-AF6A-EE69D86EE140}
[2011/09/18 20:28:49 | 000,002,894 | ---- | M] () -- C:\Windows\SysNative\tasks\{1EF829AD-1866-4FF0-90D0-1A1D5C6AE9A9}
[2010/06/03 21:20:34 | 000,002,972 | ---- | M] () -- C:\Windows\SysNative\tasks\{29577EAE-8381-4B52-8780-DD607BF81059}
[2010/04/02 18:48:04 | 000,003,074 | ---- | M] () -- C:\Windows\SysNative\tasks\{3B467E81-76DC-4C40-B481-31EC11E18436}
[2008/11/17 01:22:02 | 000,003,174 | ---- | M] () -- C:\Windows\SysNative\tasks\{426BBE3C-F00B-4A5F-92C3-66F535EE80B7}
[2011/09/18 20:28:50 | 000,002,894 | ---- | M] () -- C:\Windows\SysNative\tasks\{46C507D3-4F73-4E27-8448-C3196391C342}
[2010/08/15 20:49:59 | 000,003,134 | ---- | M] () -- C:\Windows\SysNative\tasks\{598F790F-3476-4172-B9E7-D473726C3216}
[2011/09/18 20:28:48 | 000,002,894 | ---- | M] () -- C:\Windows\SysNative\tasks\{5D8A6BF8-CAA6-41DF-8682-3FD6CABCBAF8}
[2010/01/22 04:34:26 | 000,003,138 | ---- | M] () -- C:\Windows\SysNative\tasks\{6BDA90D2-0B44-4D04-A32B-A763EAFAE51F}
[2011/09/18 20:28:47 | 000,002,894 | ---- | M] () -- C:\Windows\SysNative\tasks\{74B0DF68-6948-4FBD-B179-3B1FA316A593}
[2011/09/18 20:28:47 | 000,002,894 | ---- | M] () -- C:\Windows\SysNative\tasks\{78BC9F60-39AC-4EAB-9812-5209AE9227AD}
[2010/08/15 20:51:34 | 000,003,134 | ---- | M] () -- C:\Windows\SysNative\tasks\{7952CBBD-2432-45A7-BB87-71EAECE25F5B}
[2011/09/18 20:28:46 | 000,002,894 | ---- | M] () -- C:\Windows\SysNative\tasks\{86EF5081-46C5-4F7D-A84A-2772C3538170}
[2009/11/24 23:37:08 | 000,002,994 | ---- | M] () -- C:\Windows\SysNative\tasks\{8AC8DFF2-2157-4EAD-A5B0-8092414F338C}
[2011/09/18 20:28:45 | 000,002,894 | ---- | M] () -- C:\Windows\SysNative\tasks\{98C4C8E2-2340-49B1-BB53-05974D12780B}
[2011/09/18 20:28:49 | 000,002,894 | ---- | M] () -- C:\Windows\SysNative\tasks\{9EE61094-8304-40FB-9E9C-42999BD1FD8F}
[2010/08/04 19:13:05 | 000,002,950 | ---- | M] () -- C:\Windows\SysNative\tasks\{9F225DB8-B3DA-4009-B51F-F2A7C36B50B6}
[2010/06/03 21:20:36 | 000,002,972 | ---- | M] () -- C:\Windows\SysNative\tasks\{A3BEFF05-36E0-4531-9D61-4DED51C4CDF6}
[2010/10/23 18:22:03 | 000,003,268 | ---- | M] () -- C:\Windows\SysNative\tasks\{B083207F-087E-440C-9044-62457B7F0A37}
[2011/09/18 20:28:30 | 000,002,894 | ---- | M] () -- C:\Windows\SysNative\tasks\{B35B7AFB-A395-4054-9B4B-1CD1D6D89B1D}
[2011/09/18 20:28:47 | 000,002,894 | ---- | M] () -- C:\Windows\SysNative\tasks\{B8806484-D2E9-4615-BF32-104F4B865879}
[2010/05/22 18:07:49 | 000,003,252 | ---- | M] () -- C:\Windows\SysNative\tasks\{BAE59C2C-0756-4404-9564-563A9B2757E9}
[2010/08/04 19:13:05 | 000,002,950 | ---- | M] () -- C:\Windows\SysNative\tasks\{CC12C8C9-AA12-4B1F-94E9-0D7CA5BC20FF}
[2011/09/18 20:30:04 | 000,002,894 | ---- | M] () -- C:\Windows\SysNative\tasks\{DDB7232E-8749-4B04-AAEE-8A68B7C9F0AC}
[2011/09/18 20:30:18 | 000,002,894 | ---- | M] () -- C:\Windows\SysNative\tasks\{E4472D0E-51C8-445C-BADA-78E16B466525}
[2011/09/18 20:28:51 | 000,002,894 | ---- | M] () -- C:\Windows\SysNative\tasks\{F1BF76F6-F3E0-4EC2-B520-629A85BAC9D1}

< %systemroot%\Fonts\*.exe >

< %systemroot%\*. /mp /s >

< MD5 for: EXPLORER.EXE >
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SysWOW64\explorer.exe
[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 02:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2009/10/31 02:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 01:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 09:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\ERDNT\cache86\explorer.exe
[2010/11/20 09:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\explorer.exe
[2010/11/20 09:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 02:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 01:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 21:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 02:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009/08/03 02:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: REGEDIT.EXE >
[2009/07/13 21:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\ERDNT\cache86\regedit.exe
[2009/07/13 21:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe
[2009/07/13 21:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009/07/13 21:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe
[2009/07/13 21:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe

< MD5 for: SVCHOST.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\a folder\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache86\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\ERDNT\cache64\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache86\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\ERDNT\cache64\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\a folder\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\ERDNT\cache64\winlogon.exe
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 21:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 03:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 02:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< C:\Windows\assembly\tmp\U\*.* /s >

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< type c:\diskreport.txt /c >
Microsoft DiskPart version 6.1.7601
Copyright (C) 1999-2008 Microsoft Corporation.
On computer: PEPBOBA
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 D DVD-ROM 0 B No Media 
Volume 1 E DVD-ROM 0 B No Media 
Volume 2 C NTFS Partition 290 GB Healthy System 
Volume 3 P PEP NTFS Partition 175 GB Healthy 
Volume 4 H PATRIOT FAT32 Removable 7644 MB Healthy

========== Alternate Data Streams ==========

@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:05EE1EEF
@Alternate Data Stream - 1253 bytes -> C:\ProgramData\Microsoft:Z5kZgN54EEOKemOeSDKHWY4jiDH
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:BB1102D7
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:8CE646EE
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:C8B8CEBD
@Alternate Data Stream - 1133 bytes -> C:\Users\PEP\AppData\Local\Temp:tIEBoLDxzfOncxhAJhlsx70nBLpy
@Alternate Data Stream - 1110 bytes -> C:\ProgramData\Microsoft:vnCmNOPrayl7udt8VOTRBar

< End of report >


----------



## PEP (Mar 1, 2006)

EXTRAS.TXT

OTL Extras logfile created on: 6/10/2012 2:23:38 AM - Run 1
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\PEP\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 1.83 Gb Available Physical Memory | 45.74% Memory free
9.99 Gb Paging File | 7.74 Gb Available in Paging File | 77.43% Paging File free
Paging file location(s): c:\pagefile.sys 6141 6141 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 290.04 Gb Total Space | 66.97 Gb Free Space | 23.09% Space Free | Partition Type: NTFS
Drive H: | 7.45 Gb Total Space | 1.32 Gb Free Space | 17.70% Space Free | Partition Type: FAT32
Drive P: | 175.72 Gb Total Space | 53.89 Gb Free Space | 30.67% Space Free | Partition Type: NTFS

Computer Name: PEPBOBA | User Name: PEP | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3924556204-3487639632-2258398569-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\a folder\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\a folder\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\a folder\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\AFOLDE~1\PROGRA~1\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\a folder\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\a folder\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\a folder\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\a folder\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\AFOLDE~1\PROGRA~1\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\a folder\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1472C893-D724-4240-8A37-C12E894BAE4D}" = rport=445 | protocol=6 | dir=out | app=system | 
"{1D372302-FE92-4391-85CB-CCABC85568D7}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{24636F04-D562-4E48-8BD5-3FA7D3B6E875}" = rport=137 | protocol=17 | dir=out | app=system | 
"{36A5DA01-927B-473C-9402-BBD22A276530}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{375CAC8F-DD24-435F-AED8-D61C2EEC69A5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{437F6664-9380-4C08-8394-20A8399ECDE5}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{4CF5CC16-5567-49CF-B560-DF95B779B985}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{5B2E5BE2-ED79-444E-B5CB-FE49A963E48B}" = lport=138 | protocol=17 | dir=in | app=system | 
"{64552C9B-0B1B-4DD3-9731-9E9807BD2118}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{6B8B7BB7-7243-418C-B401-D40EDC982704}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{749D3AC1-8F63-4F55-B5C0-CEE2583F0D18}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{81C5D623-C452-4543-B1F8-4EF33178F382}" = rport=139 | protocol=6 | dir=out | app=system | 
"{933A3A2F-C989-40CF-AF0B-86B05BA6ADD7}" = lport=139 | protocol=6 | dir=in | app=system | 
"{94D22FCB-9F1C-44EA-870E-E1D4260AD08D}" = rport=138 | protocol=17 | dir=out | app=system | 
"{9876CD1F-FF12-478B-A604-4CE0BA96D719}" = lport=137 | protocol=17 | dir=in | app=system | 
"{98A60BC6-302E-4F92-BD3D-2EC546A4447C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{9DB907AE-9C39-4FF6-8C7D-18462B1B3CD8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{9DC0EA03-B682-46BC-847C-79D76E02941E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | 
"{9F2A4ED0-C3F2-4EEA-AF0D-E3F99195F21B}" = lport=445 | protocol=6 | dir=in | app=system | 
"{B1240748-39AE-4237-A7E9-0C7991C018C2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C0B2CEB5-ECBF-4889-9DB5-700CFFE2DF3A}" = lport=6004 | protocol=17 | dir=in | app=c:\a folder\program files (x86)\microsoft office\office12\outlook.exe | 
"{CADAD728-DB51-46BC-A39D-A9F9BC3C5BAF}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{CBC476F9-52EE-4716-98EB-94477A0B2736}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{DEE85E8A-8B61-402C-BE93-09F91BED8FCE}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{F2D790EA-F0CB-41E2-B85A-BD959C6E6F7F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04DADBCE-243A-4E9B-9638-FF876A0E6C8F}" = protocol=6 | dir=in | app=p:\program files (x86)\dragon age 2\bin_ship\dragonage2.exe | 
"{06B82B24-1B16-4CD0-B8F3-D9CD3A299952}" = protocol=17 | dir=in | app=c:\a folder\program files (x86)\sibelius software\sibelius 6\sibelius.exe | 
"{07A1752C-7177-4102-ABFB-097552DEF6BC}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{07A33C07-B825-4931-B839-4D08DA1E8312}" = protocol=17 | dir=in | app=p:\program files (x86)\gsc world publishing\s.t.a.l.k.e.r\bin\dedicated\xr_3da.exe | 
"{07BE22DF-814C-4FEC-991F-82062A154021}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{089DE47C-1CC6-4A9A-BAB5-8E3D970BF1AE}" = protocol=17 | dir=in | app=c:\a folder\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe | 
"{0BA43BA1-4FE2-404B-BAA2-0E5AC847AC45}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{0C9ECC9C-F7A9-4894-A886-2B39AF18070F}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{0D26C5C0-A461-4CBB-A8EE-8B2E921EB084}" = protocol=6 | dir=in | app=c:\a folder\program files (x86)\sibelius software\sibelius 6\regtool.exe | 
"{12C870AD-773A-4874-8D88-FB81A3A380D8}" = dir=in | app=c:\program files (x86)\iminent\iminent.exe | 
"{14037CAE-56DA-400E-AFD0-CEE25031947E}" = protocol=6 | dir=in | app=c:\a folder\program files (x86)\microsoft office\office12\groove.exe | 
"{1720CB1B-087E-43B0-9926-2B833CF005D1}" = protocol=6 | dir=in | app=p:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{18AA295C-152A-489B-949C-6630B27E842F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{1FCCCDAC-3057-4FCD-82EF-5EDD10A1EBD4}" = protocol=17 | dir=in | app=p:\program files (x86)\capcom\dead rising 2\deadrising2.exe | 
"{2071EED4-F1A5-428D-8727-87982D8C77A8}" = protocol=6 | dir=in | app=c:\a folder\program files (x86)\steam\steamapps\luniac\source sdk base 2007\hl2.exe | 
"{2485CB0A-DC4D-49BC-B1DF-D48E97FEBCB9}" = protocol=6 | dir=in | app=c:\a folder\program files (x86)\steam\steamapps\common\magicka\magicka.exe | 
"{2CBD9BC1-F746-485A-9588-A166AD5CD956}" = protocol=6 | dir=in | app=c:\a folder\program files (x86)\steam\steamapps\common\mountblade warband\mb_warband.exe | 
"{2CD5A4D0-CFE5-42DF-BEEB-FFEDB6D8B369}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{2F09BED0-25D5-41EC-8075-A22C79ABEE7E}" = protocol=17 | dir=in | app=c:\a folder\program files (x86)\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe | 
"{30AA094E-EB9B-4833-83BC-5A8A26F46871}" = dir=in | app=c:\program files (x86)\iminent\iminent.messengers.exe | 
"{30BB5D7C-7E5A-4C19-80ED-A09B433C6981}" = protocol=6 | dir=in | app=c:\a folder\program files (x86)\steam\steamapps\common\tales of monkey island - chapter 1\monkeyisland101.exe | 
"{318B2EDB-7E33-46F2-8208-C142FBC30B5E}" = protocol=17 | dir=in | app=c:\program files (x86)\bioware\star wars - the old republic\launcher.exe | 
"{387DA31F-7BE2-46A9-A082-9ED1718049A7}" = protocol=17 | dir=in | app=c:\a folder\program files (x86)\steam\steamapps\common\tales of monkey island - chapter 1\monkeyisland101.exe | 
"{546EEDA1-37F7-4120-A288-551D325CD521}" = protocol=17 | dir=in | app=c:\program files (x86)\relevantknowledge\rlvknlg.exe | 
"{5A58EDEE-8504-4B83-B7A3-745D57B50755}" = protocol=17 | dir=in | app=p:\program files (x86)\dragon age 2\dragonage2launcher.exe | 
"{5A6E34B7-AA35-4829-8351-D6D122B40281}" = protocol=17 | dir=in | app=p:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2updater.exe | 
"{5FECAA27-D451-414A-B5EA-0CAA988B7791}" = protocol=6 | dir=in | app=p:\program files (x86)\half-life 2\hl2.exe | 
"{66088122-2DAB-4E95-B717-7B0B7007E731}" = protocol=6 | dir=in | app=p:\program files (x86)\gsc world publishing\s.t.a.l.k.e.r\bin\dedicated\xr_3da.exe | 
"{6993E15B-5B76-4B0F-87D6-8D36A9E23D7B}" = protocol=6 | dir=in | app=p:\program files (x86)\gsc world publishing\s.t.a.l.k.e.r\bin\xr_3da.exe | 
"{69C49913-9DA1-4FBC-98DF-ECD2B423E8D4}" = protocol=58 | dir=in | [email protected],-28545 | 
"{6DD6DAD0-A657-4354-8D97-2F615A60B36A}" = protocol=17 | dir=in | app=c:\a folder\program files (x86)\steam\steamapps\common\star wars battlefront ii\gamedata\battlefrontii.exe | 
"{7AB3F8D5-5174-48FF-AD05-A2699D719FA5}" = protocol=17 | dir=in | app=p:\program files (x86)\half-life 2\hl2.exe | 
"{7D668575-A739-43B2-A33D-0DB4474E5A18}" = protocol=6 | dir=in | app=c:\a folder\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe | 
"{7D852A32-B01C-4A77-AEA3-DB5B903649CA}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{7F19C043-BC48-4D8C-96F0-B26CF116FE21}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{827D0B70-F3E1-4569-AAC5-B0F6FE3036F9}" = protocol=17 | dir=in | app=c:\a folder\program files (x86)\steam\steamapps\common\magicka\magicka.exe | 
"{833A12E2-BD80-4592-A6D7-A534464A3B3D}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe | 
"{83832E64-8F54-467B-AB6A-3E2FBEC197C2}" = protocol=6 | dir=in | app=p:\program files (x86)\mass effect 3\binaries\win32\masseffect3.exe | 
"{85309405-D8E4-4D41-8159-7D3E003EA9B7}" = protocol=17 | dir=in | app=c:\a folder\program files (x86)\steam\steamapps\luniac\dark messiah might and magic multi-player\runme.exe | 
"{85477DE8-DFCA-4CDC-9AEF-5BC19E43154D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8A7F3492-1FC0-4340-B546-E6148546D89F}" = protocol=6 | dir=in | app=c:\program files (x86)\bioware\star wars - the old republic\launcher.exe | 
"{8D167BF8-6397-4E48-B9B6-06CB2E9202EA}" = protocol=6 | dir=in | app=p:\program files (x86)\capcom\dead rising 2\deadrising2.exe | 
"{8E7AD75D-16CE-4CDD-9B5E-783FD2748807}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{90999657-4D7F-4D1F-9503-AD8EBE9FA7FE}" = protocol=17 | dir=in | app=c:\a folder\program files (x86)\steam\steamapps\common\mountblade warband\mb_warband.exe | 
"{94AB2618-3338-49CD-8083-F65588C10539}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{951C040B-1291-4967-983E-E133A4AF85B1}" = protocol=17 | dir=in | app=p:\program files (x86)\gsc world publishing\s.t.a.l.k.e.r\bin\xr_3da.exe | 
"{95A94D00-AFB9-44EE-9529-EB021A067B34}" = protocol=6 | dir=in | app=c:\a folder\program files (x86)\steam\steamapps\luniac\dark messiah might and magic multi-player\runme.exe | 
"{97C02BA5-E3C8-427A-AFCE-DDA14417C1BF}" = protocol=6 | dir=in | app=c:\a folder\program files (x86)\steam\steamapps\common\alien swarm\srcds.exe | 
"{9A76FFFF-E373-4524-851D-9D3C132A76E7}" = protocol=6 | dir=in | app=p:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2updater.exe | 
"{9C8B792C-4030-4DCD-9029-A402170A0710}" = protocol=6 | dir=in | app=c:\a folder\program files (x86)\itunes\itunes.exe | 
"{9FDDD8F8-5DD3-4D8F-A0A8-E6F50B00AC82}" = protocol=6 | dir=in | app=c:\a folder\program files (x86)\steam\steamapps\common\grand theft auto vice city\gta-vc.exe | 
"{AA48AB67-EA3E-4725-9591-B616ACC03B52}" = protocol=17 | dir=in | app=c:\a folder\program files (x86)\itunes\itunes.exe | 
"{AA5AE089-79F3-4DB6-A88D-58BA7F10421C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{AF4C76C3-9A0E-4D56-8E43-0632CA35C122}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B436D705-D896-481C-813B-BD5BEAC7482E}" = protocol=58 | dir=out | [email protected],-28546 | 
"{B440D3BF-22D9-40CC-9576-53A3D0078D25}" = protocol=17 | dir=in | app=p:\program files (x86)\ubisoft\assassin's creed revelations\acrmp.exe | 
"{B5626616-5271-441C-95A1-BBE9C7221D3A}" = protocol=6 | dir=in | app=c:\a folder\program files (x86)\microsoft office\office12\onenote.exe | 
"{B5F3DF31-679C-4592-A8C5-6C526464F349}" = protocol=6 | dir=in | app=c:\a folder\program files (x86)\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe | 
"{BC26646C-5C3D-4E64-B24F-0853A9427264}" = protocol=6 | dir=in | app=p:\program files (x86)\ubisoft\assassin's creed brotherhood\acbmp.exe | 
"{BC4A8C6D-6F85-4A68-B17F-85C9608F2287}" = protocol=17 | dir=in | app=c:\a folder\program files (x86)\microsoft office\office12\groove.exe | 
"{BCC0D4FE-47ED-49CB-901F-325E052A3A1E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{BD2B5A0C-709A-4654-AEDB-5797373A9F8C}" = protocol=17 | dir=in | app=c:\a folder\program files (x86)\steam\steamapps\common\alien swarm\srcds.exe | 
"{BDF1F23A-B34A-44D5-B4AF-2441F7C1D714}" = protocol=17 | dir=in | app=p:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{BEB1500A-99CF-4D90-899F-64FBDB87F966}" = protocol=6 | dir=in | app=c:\a folder\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{C0677A9D-17B1-41B3-A6A0-1DD94B0D9CDF}" = protocol=17 | dir=in | app=c:\program files (x86)\bioware\star wars - the old republic\launcher.exe | 
"{C9A8C29E-4656-4112-9E45-F6CEA82D82B4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{CACD7EA5-AB40-41A3-84C7-AF569BC54263}" = protocol=1 | dir=out | [email protected],-28544 | 
"{CEEA9467-DB34-49EB-8204-60016309172E}" = protocol=6 | dir=out | app=system | 
"{CFB82206-E6B6-4DC4-93F9-602D29105B90}" = protocol=6 | dir=in | app=p:\program files (x86)\ubisoft\assassin's creed revelations\acrmp.exe | 
"{D283D88D-334F-4978-B3B8-6C73F1C223BC}" = protocol=17 | dir=in | app=c:\a folder\program files (x86)\steam\steamapps\common\grand theft auto vice city\gta-vc.exe | 
"{D446FFBD-A5B5-4B36-8397-2227BEA366FF}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe | 
"{D59192F5-91F9-4B95-AF17-7952C92600F8}" = protocol=6 | dir=in | app=c:\a folder\program files (x86)\steam\steamapps\common\star wars battlefront ii\gamedata\battlefrontii.exe | 
"{D866BB1F-CFB9-4AAA-8337-65EB2F79E1EF}" = protocol=1 | dir=in | [email protected],-28543 | 
"{DB594F78-1102-46B7-9433-B63F84CD5ABB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{DBAD3C3F-32FA-492D-AB93-FB744BE5DBB1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{DC722427-37D6-4012-9DA3-A30EC9C28355}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{E5BAA7E0-8C66-42D7-981C-AA0282EAB129}" = protocol=6 | dir=in | app=p:\program files (x86)\dragon age 2\dragonage2launcher.exe | 
"{E6E9B0E9-A0D5-4031-9A40-5C275E942A42}" = protocol=17 | dir=in | app=p:\program files (x86)\ubisoft\assassin's creed brotherhood\acbmp.exe | 
"{E96F5FFE-5836-4BD0-8F38-C8DF6F28E411}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{EFB21C95-4EE5-4BBA-B1A3-B5FD2E5D640E}" = protocol=6 | dir=in | app=c:\a folder\program files (x86)\sibelius software\sibelius 6\sibelius.exe | 
"{F2115520-5407-4E9D-8769-5453438E68C4}" = protocol=6 | dir=in | app=c:\program files (x86)\bioware\star wars - the old republic\launcher.exe | 
"{F2EE435D-BD52-4D6A-9EF5-1C4BC2B4752F}" = protocol=17 | dir=in | app=c:\a folder\program files (x86)\microsoft office\office12\onenote.exe | 
"{F3FB9D88-A566-4828-9522-7EBA539269C1}" = protocol=17 | dir=in | app=p:\program files (x86)\dragon age 2\bin_ship\dragonage2.exe | 
"{F735C2F9-B985-49BB-9485-3DF33AA021B3}" = protocol=17 | dir=in | app=c:\a folder\program files (x86)\sibelius software\sibelius 6\regtool.exe | 
"{F9F86010-30D8-487B-AD2E-A6D1657E1444}" = protocol=6 | dir=in | app=c:\program files (x86)\relevantknowledge\rlvknlg.exe | 
"{FA739618-D6FA-433C-89D1-A37FB4B6FADA}" = protocol=17 | dir=in | app=p:\program files (x86)\mass effect 3\binaries\win32\masseffect3.exe | 
"{FC5189F5-4A5B-4F26-A685-1BFC801DFE24}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{FEFE399E-D73C-49DC-B145-6325B4DE9A88}" = protocol=17 | dir=in | app=c:\a folder\program files (x86)\steam\steamapps\luniac\source sdk base 2007\hl2.exe | 
"{FF104646-6916-4553-92B9-34E42A580414}" = protocol=17 | dir=in | app=c:\a folder\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{FF393D1D-0FC6-45F4-A559-377A276D5E3F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"TCP Query User{4FC40671-5DC0-4067-B576-80F189FDCBDA}P:\program files (x86)\2k games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=p:\program files (x86)\2k games\gearbox software\borderlands\binaries\borderlands.exe | 
"TCP Query User{D87CFEDB-4C97-44BB-9EAC-2B4B16097DD8}P:\program files (x86)\call of duty game of the year edition\codmp.exe" = protocol=6 | dir=in | app=p:\program files (x86)\call of duty game of the year edition\codmp.exe | 
"UDP Query User{61122A4E-AF15-4068-BFE8-6871EEC228CC}P:\program files (x86)\2k games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=p:\program files (x86)\2k games\gearbox software\borderlands\binaries\borderlands.exe | 
"UDP Query User{C80D5FB5-DDD4-4DA9-A1AA-7F056443671A}P:\program files (x86)\call of duty game of the year edition\codmp.exe" = protocol=17 | dir=in | app=p:\program files (x86)\call of duty game of the year edition\codmp.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1111706F-666A-4037-7777-210648764D10}" = JavaFX 2.1.0 (64-bit)
"{186D2CCE-DEFE-4188-AB44-62008E9BC3E0}" = O&O Defrag Professional
"{1AB7EDC5-D891-34C5-9FF1-BE6A85ACC44B}" = Microsoft Team Foundation Server 2010 Object Model - ENU
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{21903252-3854-48D6-8F0C-F648CFA818C9}" = NI Help Assistant (64bit)
"{2222706F-666A-4037-7777-210648764D10}" = JavaFX 2.1.0 SDK (64-bit)
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417004FF}" = Java(TM) 7 Update 4 (64-bit)
"{28A0318C-B98D-B6B1-64D1-4E4755A8E668}" = AMD Drag and Drop Transcoding
"{2E8D6204-D656-8355-1ED3-2988AC52EB0F}" = ccc-utility64
"{3987279A-3504-2916-D063-741B910F0747}" = AMD Accelerated Video Transcoding
"{4A8CE6D7-4D52-43B9-970B-03FC75FAD667}" = Microsoft SQL Server System CLR Types (x64)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4CE36E6A-300B-427C-BEC7-B261CC13814E}" = iTunes
"{4D87DC92-C328-46EC-A7B4-9C88129DC696}" = Dead Space™
"{4EBBC187-6988-4B10-A846-E1DBD2AD2B8D}" = NI Math Kernel Libraries (64-bit)
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5831C6D6-309D-DBB5-14F7-FEE57086CEE7}" = AMD Catalyst Install Manager
"{5D068141-189F-39E2-A052-E40D4B561256}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{63CE6C32-1EB3-4C51-89FC-9FD96A661A9C}" = AMD Media Foundation Decoders
"{64A3A4F4-B792-11D6-A78A-00B0D0170040}" = Java SE Development Kit 7 Update 4 (64-bit)
"{65CBBF0F-F891-4F33-860C-C75E963653A2}" = NI TDMS (64-bit)
"{662014D2-0450-37ED-ABAE-157C88127BEB}" = Visual Studio 2010 Prerequisites - English
"{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD(R)
"{79E44BF5-C355-4A5D-8F9F-25F53ACF794E}" = NI VC2008MSMs x64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{88BAE373-00F4-3E33-828F-96E89E5E0CB9}" = Microsoft Visual Studio 2010 IntelliTrace Collection (x64)
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8FF0ACBD-17A5-3637-95F4-D7C69723E2BF}" = Microsoft Visual Studio 2010 Performance Collection Tools - ENU
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90AB246D-A0A0-29EA-199A-4B07841E0737}" = ATI AVIVO64 Codecs
"{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A9C6CA47-D937-D61D-4BD3-7CFAB7A5BA56}" = ATI Problem Report Wizard
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B71ACAB7-C0C4-42AF-A55E-50BDE3399D8B}" = EMCO MoveOnBoot v2.1
"{BCA26999-EC22-3007-BB79-638913079C9A}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU
"{CA7DAF6F-D5F4-46FD-A824-7E0B472C3211}" = NI USI 1.7.0 64-Bit
"{CCC79B52-19CF-4A50-BE60-AEE3DE96B3EA}" = NI Web Pipeline 2.0.1 64-bit support
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D0F9AD6F-2C2A-44A8-8961-F21B5356E050}" = NI Logos64 XT Support
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{D8C0E5E1-3B66-465D-8F9B-F591F5CDA726}" = NI Trace Engine (64-bit)
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DA67488A-2689-4F10-B90F-D2F6977509D6}" = Microsoft SQL Server 2008 R2 Management Objects (x64)
"{E68686D1-A5BB-467A-8DE7-A01166722607}" = NI VC2005MSMs x64
"{EC90795D-968C-4BCA-B958-27B111F3B3F6}" = NI Logos64 5.1
"{F5079164-1DB9-3BDA-853B-F78AF67CE071}" = Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CCleaner" = CCleaner
"Crysis WARHEAD(R)" = Crysis WARHEAD(R)
"EPSON Stylus NX400 Series" = EPSON Stylus NX400 Series Printer Uninstall
"MatlabR2009b" = MATLAB R2009b
"Microsoft .NET Framework 3.5 Language Pack - rus" = Языковой пакет Microsoft .NET Framework 3.5 - RUS
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Team Foundation Server 2010 Object Model - ENU" = Microsoft Team Foundation Server 2010 Object Model - ENU
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05046BCC-5E64-4A85-8615-D84DE4C1D865}" = NI VC2005MSMs x86
"{07A99739-82EE-4537-AF2E-1607015D9992}" = NI Service Locator
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{08F8FD7C-44A5-4423-B87C-EBD3D94C9F87}" = Vampire - The Masquerade Bloodlines
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0DDCEC37-369C-484B-B16D-B4413FD42FB9}" = Microsoft SQL Server 2008 R2 Data-Tier Application Framework
"{0DFF0C5C-D82D-4C11-91AB-86411792D081}" = NI Uninstaller
"{0FD812C9-3BBE-4CC5-A43C-B7304E3EC581}" = NI Web Pipeline 2.0.1
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
"{13C0E1F7-BB8A-4545-B25E-628D025A94AD}_is1" = QtWeb Internet Browser 3.7.3
"{17FE44E2-D21A-4F0C-BE49-798A8FBC374E}" = Sibelius 6
"{184A26D9-6561-49A9-A571-4D9BD93394C8}" = QtSpim
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{19D614EB-D62A-AEE7-2391-E74126601D59}" = CCC Help Italian
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1B06E3AF-1CE2-4085-AE4E-DFEC369E86D3}" = NI Logos XT Support
"{1C373820-B9C8-0F7F-8F84-FC1B76A85F27}" = CCC Help Portuguese
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F77C418-2C90-459C-BD33-B56A4182B9FA}" = System Requirements Lab CYRI
"{1FBC283A-8B22-48FA-9DFA-6C65E34455FA}" = NI LabVIEW Real-Time NBFifo
"{200927E3-5E45-493A-9343-508613BC59CE}" = NI LabVIEW Web Services Runtime
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{22D66ACE-E0A1-482E-B797-0A6A377D3E91}" = IBM Rational Rose Enterprise Edition
"{245CA706-313C-4B13-B8AF-D6067B7DC535}" = ModelSim-Altera 6.6d (Quartus II 11.0) Starter Edition
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 4
"{27BDABE9-4752-4BBF-8B3F-8714A3F7FD9B}" = Quartus II 9.1 Web Edition
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}" = GTA2
"{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2D35BC33-7D08-D529-DF91-8A15FBF2600E}" = CCC Help Polish
"{2DFA85ED-588F-4CE3-A175-29E52C3804A8}}_is1" = Folder Size 1.9.5.0
"{307776AF-FA52-4CBA-84DA-190E52929C35}" = NI Update Service Extras 1.0
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{337788D1-43D1-9A0F-9787-DD00DB512D41}" = Catalyst Control Center Localization All
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{383AD0A2-FD79-4CF0-B823-C695E32BD08D}" = NI LabVIEW Run-Time Engine Web Services
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3DAA4182-08B7-45D9-8620-6B0E13018670}" = NI TDMS
"{3F64C088-9A45-41B3-8B99-71AFAB720A56}" = Sherlock Holmes versus Jack the Ripper
"{4343080E-91B7-4388-AB4D-FB1000008200}" = Dead Rising 2
"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"{4725833D-4325-5C34-57D4-1FE23E5AE578}" = CCC Help Chinese Standard
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B271648-43CB-DD31-FF24-E7B06D3EE72A}" = Catalyst Control Center InstallProxy
"{4BD8E034-E0F4-4509-A753-467A8E854CD8}" = Iminent
"{4D87DC92-C328-46EC-A7B4-9C88129DC696}" = Dead Space™
"{4DC37F33-7AEC-A4CB-56B1-69A402828763}" = CCC Help Japanese
"{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects
"{4FFBBF14-D82E-483D-8C1D-FCECAABD399E}" = NI LabWindows/CVI 9.0.1 Run-Time Engine
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5708A38A-30BD-4D53-BEC9-37615564D73F}_is1" = 3DMGAMEЎ¶°®АцЛїЈє·иїс»Ш№йЎ·УўИХОДНкХыУІЕМ°ж °ж±ѕ 1.0
"{5710DAC2-8F2A-503C-CFC2-A973ADE0EA4C}" = CCC Help Czech
"{57517F96-22C6-4AD8-86A2-C582B20A91D4}" = Google Desktop Plugin - Google Earth
"{578485F8-60F3-4C61-9183-0698E581B902}" = From Dust
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{57B77060-04B4-468E-89A9-F68EEE466F57}" = NI USI 1.7.0
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5A70FCD2-C019-4723-868F-07CD6C7755FF}" = NI Logos 5.1
"{5C763682-4C40-86DA-9C46-31924D7D2C34}" = CCC Help Thai
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60E5022D-FA4B-C6A2-1E80-B46EC39096F3}" = CCC Help Chinese Traditional
"{60F34FDF-267C-408F-290E-EC90D841C8CB}" = CCC Help German
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{644DAD90-2083-4871-BD49-721BF8FAE295}" = NI LabVIEW Run-Time Engine 8.6.1
"{66B79AE1-C6E2-B958-689C-D0812DE86BAB}" = CCC Help Greek
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A9D1594-7791-48f5-9CAA-DE9BCB968320}" = Mass Effect™ 3
"{6B39BE0F-0F5E-A8FA-33E4-8481AE39D96C}" = CCC Help Russian
"{6C520D64-E109-4A73-82A3-7808592051BC}" = NI Circuit Design Suite 11.0 Core
"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
"{6F7D11DC-DE87-45C8-A37E-A35B724FC771}" = NI Help Assistant
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD(R)
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{78C3657E-742C-40B1-9F53-E5A921D40F17}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
"{7ACFB216-29F7-4331-A5ED-2563AEB51F21}" = NI Trace Engine
"{7B8CE908-BF69-4E20-9BFE-681C573879F1}" = NI LabVIEW Run-Time Engine 2009
"{7BE5AA0C-E564-430F-B297-2B01121A1C5A}" = NI LabVIEW Real-Time NBFifo
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84FAE06F-A199-4991-8526-AF57A2A0D779}" = NI Circuit Design Suite 11.0 Pro
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E19F2AF-7145-51DE-E395-7729A9374973}" = Catalyst Control Center Graphics Previews Common
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{91CB5B8B-4EC8-DBA1-A88D-99FD480567B0}" = CCC Help English
"{92482FB3-C05B-41C6-89E7-75D985602A6E}" = System Requirements Lab
"{924FBAC4-60D2-7981-3C3E-979DF9CBB346}" = CCC Help Finnish
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93A3AB24-36E8-41BA-80C6-CCEC237836DC}" = Alice Madness Returns
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9530AE42-DAE1-4619-9594-B23487285D17}" = NVIDIA PhysX
"{97AAF472-E437-4C89-AAB3-FD6785315069}" = NI Circuit Design Suite 11.0 Pro Licenses
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B97EC91-B3FD-4BFF-88FC-5345A26AC2E7}" = Adobe Illustrator CS5
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DC939DC-B7A4-D0E2-C582-A442DF1B3EBE}" = CCC Help Spanish
"{A07CDDA5-5F52-478E-881D-E7BC34743F90}" = FreeSpace 2 SCP
"{A129D1F2-CAC4-4AD7-B26D-3C6411B87DCC}" = Psychonauts
"{A1BD938B-F006-6E6D-70B2-47E1DD56F7DE}" = CCC Help Swedish
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{ABD79E99-F9E3-413B-8D18-11070754355F}" = NI Math Kernel Libraries
"{AC2C1BDB-1E91-4F94-B99C-E716FE2E9C75}_is1" = MinGW-Get version 0.1-alpha-4
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{AFEDF70D-8DC3-40CB-93A0-F276E64BDF9C}" = NI VC2008MSMs x86
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B6EC7388-E277-4A5B-8C8F-71067A41BA64}" = TextPad 5
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{BABF7852-C2DD-6A8A-9956-101720C715C7}" = CCC Help Turkish
"{BB7C2A56-9706-43B8-5A8C-210AF5816106}" = CCC Help French
"{BBA6DF34-EA20-4FFB-8440-1F9657643F79}" = NI MDF Support
"{BC0464FA-A0BA-3E38-85BF-DC5B3A401F48}" = Microsoft Visual Studio 2010 Ultimate - ENU
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C496ED25-F3EC-0CBC-37DB-B31C6E6592C9}" = Application Profiles
"{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}" = Vampire - The Masquerade Bloodlines
"{C5773953-8F33-47BD-85D7-BE719021EB3E}" = NI Update Service 1.0
"{C9894B05-06D2-4F85-86C8-6B0D011A6BA5}" = NI License Manager
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE7CB214-DB11-4B5D-A6AF-3B4ED47C68B7}" = Microsoft Game Studios Common Redistributables Pack 1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFC2CB60-5654-05A7-4D30-C661800A3A92}" = CCC Help Korean
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D04CE005-D1D2-80F3-84C8-B3524FCD39C3}" = CCC Help Norwegian
"{D10227CA-792C-4517-872A-8AF5DB472D48}" = PCSpim
"{D1725D54-279A-40C5-A70D-23C1785DB920}_is1" = AoA Audio Extractor
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D544AE4C-4152-225B-A897-6756C8986B14}" = Catalyst Control Center
"{D6782F44-58DB-4DE5-A65C-890320CF3F99}" = Prince of Persia The Two Thrones
"{D76162F1-AFAC-47BE-9302-5F35491725E1}" = NI LabVIEW Run-Time Engine Interop 2009
"{D81E9069-3CCC-4405-3751-71E4AFEACC52}" = CCC Help Hungarian
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DB2C5648-700D-4AEF-83E1-70C72F0C34FA}" = NI Math Kernel Libraries
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DFFE2B1F-07E0-45A9-8801-CD8514CAA876}" = Prince of Persia T2T
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E37CCD6C-56C1-43C7-B2FA-24A32B6B09F7}" = NI Example Finder 9.0
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E5AE9031-79A5-4627-9641-BEFA82819B08}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
"{E6F385C0-79A1-44F0-9C15-70D1F2C74D01}" = NI EULA Depot
"{E93FF166-DF14-2537-8FB4-96BB5810A96C}" = CCC Help Danish
"{EA0B63C1-E579-43DD-A5F7-0DA5E9092554}" = CryEngine(R)2 Sandbox(TM)2
"{ECCA8FE7-767A-4C8A-9DAA-BAB60F877C41}" = Sins of a Solar Empire
"{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B}" = The Witcher 2
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F208D986-7DBA-47A1-B2B6-29048C1C3087}" = NI MetaSuite Installer
"{F2E23139-3404-4E3C-9855-7724415D62A5}" = Dragon Age II
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FA9827E1-8A8E-C176-4923-0840A67ED4DE}" = CCC Help Dutch
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FE24BCDF-9231-450D-AA08-D3550B81EE41}" = NI LabVIEW Web Server for Run-Time Engine
"{FEFA778A-05D2-4D0F-80A3-7AE24B8161C0}" = NI LabVIEW Web Server for Run-Time Engine
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"8461-7759-5462-8226" = Vuze
"[email protected] UNDELETE 7" = [email protected] UNDELETE 7
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Allok Video to FLV Converter_is1" = Allok Video to FLV Converter 6.2.0603
"Amazon Kindle" = Amazon Kindle
"Android SDK Tools" = Android SDK Tools
"AOL Instant Messenger" = AOL Instant Messenger
"ArtistScope Plugin FX4.2.0.3" = ArtistScope Plugin FX
"ASIO4ALL" = ASIO4ALL
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.14 (Unicode)
"Auto Window Manager" = Auto Window Manager
"AutoGK" = Auto Gordian Knot 2.55
"AviSynth" = AviSynth 2.5
"Axife Mouse Recorder DEMO_is1" = Axife Mouse Recorder DEMO 5.01
"BFGC" = Big Fish Games: Game Manager
"BFG-Mini Robot Wars" = Mini Robot Wars
"bgbennyboyGrimReplacementSetup_is1" = Grim Fandango
"Call of Duty Game of the Year Edition" = Call of Duty Game of the Year Edition
"CEDAR Logic Simulator_is1" = CEDARLS 1.5 beta
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CityEngine TRIAL" = CityEngine TRIAL
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Crysis WARHEAD(R)" = Crysis WARHEAD(R)
"Dear Esther_is1" = Dear Esther
"Deckadance" = Deckadance
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"Dia" = Dia (remove only)
"DirectVobSub" = DirectVobSub (remove only)
"DVD Flick_is1" = DVD Flick 1.3.0.7
"emu8086 microprocessor emulator_is1" = emu8086 microprocessor emulator
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Scanner" = EPSON Scan
"Fallout New Vegas_is1" = Fallout New Vegas
"Filter Forge 2_is1" = Filter Forge 2.008
"FL Studio 10" = FL Studio 10
"Fraps" = Fraps (remove only)
"Freelancer 1.0" = Freelancer
"FreeSpace Open Campaign Pack v2.0" = FreeSpace Open Campaign Pack v2.0
"FreeSpace2" = FreeSpace 2
"FXAA Post Process Injector" = FXAA Post Process Injector
"GFWL_{4343080E-91B7-4388-AB4D-FB1000008200}" = Dead Rising 2
"Gish" = Gish
"Golden Axe_is1" = Golden Axe
"Grand Theft Auto" = Grand Theft Auto
"HC51 9.60PL0" = HI-TECH C51-lite V9.60PL0
"HijackThis" = HijackThis 2.0.2
"IL Download Manager" = IL Download Manager
"InstallShield_{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch
"InstallShield_{9208F706-6528-4591-A997-F41395FBD8A7}" = Spider-Man(R) - Web of Shadows(TM) 1.1 Patch
"InstallShield_{A07CDDA5-5F52-478E-881D-E7BC34743F90}" = FreeSpace 2 SCP
"InstallShield_{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}" = Vampire - The Masquerade Bloodlines
"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"IrfanView" = IrfanView (remove only)
"LinkLines" = LinkLines (remove only)
"LTspice IV" = LTspice IV
"LunaPix_is1" = LunaPix demo version 0.900
"Machinarium" = Machinarium
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"MapleStory" = MapleStory
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft Visual Studio 2010 Ultimate - ENU" = Microsoft Visual Studio 2010 Ultimate - ENU
"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
"Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"nbi-nb-base-6.9.1.0.0" = NetBeans IDE 6.9.1
"NI Uninstaller" = National Instruments Software
"Nitemare-3D Trilogy for Windows_is1" = Nitemare-3D Trilogy for Windows 1.10
"Notepad++" = Notepad++
"NPC Quest_is1" = NPC Quest v1.0
"OpenAL" = OpenAL
"Panda3D 1.7.0" = Panda3D 1.7.0
"PathPix_is1" = PathPix Registered Version
"PICC 9.60PL0" = HI-TECH PICC lite V9.60PL0
"Postal 2_is1" = Portal 2
"PowerArchiver" = PowerArchiver
"PunkBusterSvc" = PunkBuster Services
"Q3E Minimizer_is1" = Q3E Minimizer v1.51
"ScummVM_is1" = ScummVM 1.0.0
"Sins of a Solar Empire" = Sins of a Solar Empire
"SleeplessHollowDemo" = SleeplessHollowDemo (remove only)
"SpeedFan" = SpeedFan (remove only)
"Sprill & Ritchie Adventures in Time_is1" = Sprill & Ritchie Adventures in Time
"StarCraft II" = StarCraft II
"Steam App 12110" = Grand Theft Auto: Vice City
"Steam App 218" = Source SDK Base 2007
"Steam App 31170" = Tales of Monkey Island: Chapter 1 - Launch of the Screaming Narwhal
"Steam App 42910" = Magicka
"Steam App 440" = Team Fortress 2
"Steam App 48700" = Mount and Blade: Warband
"Steam App 550" = Left 4 Dead 2
"Steam App 6060" = Star Wars - Battlefront II
"TexturePacker" = TexturePacker
"Unity" = Unity
"Universe Sandbox" = Universe Sandbox
"Verizon High Speed Internet_is1" = Verizon High Speed Internet
"VLC media player" = VLC media player 1.0.5
"VobSub" = VobSub v2.23 (Remove Only)
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Xfire" = Xfire (remove only)
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3924556204-3487639632-2258398569-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Half-Life 2" = Half-Life 2
"Play65" = Play65
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/9/2012 10:10:30 PM | Computer Name = PEPBOBA | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 6/9/2012 10:10:30 PM | Computer Name = PEPBOBA | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 6/9/2012 10:10:30 PM | Computer Name = PEPBOBA | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 6/10/2012 2:20:27 AM | Computer Name = PEPBOBA | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 6/10/2012 2:20:27 AM | Computer Name = PEPBOBA | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 6/10/2012 2:20:27 AM | Computer Name = PEPBOBA | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 6/10/2012 2:20:27 AM | Computer Name = PEPBOBA | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 6/10/2012 2:20:27 AM | Computer Name = PEPBOBA | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 6/10/2012 2:20:27 AM | Computer Name = PEPBOBA | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 6/10/2012 2:20:27 AM | Computer Name = PEPBOBA | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 6/10/2012 2:20:27 AM | Computer Name = PEPBOBA | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

[ Media Center Events ]
Error - 10/24/2008 11:59:02 AM | Computer Name = PEPBOBA | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.SqmFlushSession failed; Win32 GetLastError
returned 0D Process: DefaultDomain Object Name: Media Center Guide

Error - 1/8/2009 6:41:51 PM | Computer Name = PEPBOBA | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/7/2009 6:56:17 PM | Computer Name = PEPBOBA | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 11/1/2009 3:59:55 AM | Computer Name = PEPBOBA | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 11/11/2009 1:10:08 AM | Computer Name = PEPBOBA | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 11/15/2009 10:14:36 AM | Computer Name = PEPBOBA | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

[ System Events ]
Error - 6/3/2012 7:45:21 AM | Computer Name = PEPBOBA | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 6/3/2012 7:48:25 AM | Computer Name = PEPBOBA | Source = Application Popup | ID = 1060
Description = \??\C:\username123\catchme.sys has been blocked from loading due to
incompatibility with this system. Please contact your software vendor for a compatible
version of the driver.

Error - 6/3/2012 7:49:06 AM | Computer Name = PEPBOBA | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 6/3/2012 7:50:22 AM | Computer Name = PEPBOBA | Source = Service Control Manager | ID = 7023
Description = The Windows Defender service terminated with the following error: 
%%126

Error - 6/4/2012 8:20:27 AM | Computer Name = PEPBOBA | Source = EventLog | ID = 6008
Description = The previous system shutdown at 3:19:16 AM on ?6/?4/?2012 was unexpected.

Error - 6/5/2012 1:41:22 AM | Computer Name = PEPBOBA | Source = EventLog | ID = 6008
Description = The previous system shutdown at 12:55:29 AM on ?6/?5/?2012 was unexpected.

Error - 6/6/2012 5:55:34 AM | Computer Name = PEPBOBA | Source = EventLog | ID = 6008
Description = The previous system shutdown at 5:03:07 AM on ?6/?6/?2012 was unexpected.

Error - 6/7/2012 7:29:32 AM | Computer Name = PEPBOBA | Source = EventLog | ID = 6008
Description = The previous system shutdown at 5:12:48 AM on ?6/?7/?2012 was unexpected.

Error - 6/9/2012 6:34:38 AM | Computer Name = PEPBOBA | Source = EventLog | ID = 6008
Description = The previous system shutdown at 4:57:00 AM on ?6/?9/?2012 was unexpected.

Error - 6/10/2012 2:44:52 AM | Computer Name = PEPBOBA | Source = VDS Basic Provider | ID = 33554433
Description =

< End of report >


----------



## eddie5659 (Mar 19, 2001)

Okay, can you firstly uninstall this via AddRemove Programs:

*Iminent*

Also, do you know what program this is? Its in the AddRemove as well:

*3DMGAMEЎ¶°®АцЛїЈє·иїс»Ш№йЎ·УўИХОДНкХыУІЕМ°ж °ж±ѕ 1.0*

After uninstalling the Iminent program, can you do the following:

Run OTL 

Under the *Custom Scans/Fixes* box at the bottom, paste in the following 

```
:OTL
IE - HKLM\..\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}: "URL" = http://search.iminent.com/?appId=&ref=toolbox&q={searchTerms}
IE - HKU\S-1-5-21-3924556204-3487639632-2258398569-1000\..\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}: "URL" = http://search.iminent.com/?appId=&ref=toolbox&q={searchTerms}
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\PEP\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll File not found
[2011/12/23 13:02:16 | 000,002,157 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\SearchTheWeb.xml
O2 - BHO: (no name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No CLSID value found.
O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
IE - HKU\S-1-5-21-3924556204-3487639632-2258398569-1000\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://toolbar.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80115&lng=en
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
O3 - HKU\S-1-5-21-3924556204-3487639632-2258398569-1000\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
O4 - HKU\S-1-5-21-3924556204-3487639632-2258398569-1000..\Run: [Adflybot] C:\Eliteclicks\Adflybot File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3924556204-3487639632-2258398569-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Users\PEP\Desktop\*.tmp files -> C:\Users\PEP\Desktop\*.tmp -> ]
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:05EE1EEF
@Alternate Data Stream - 1253 bytes -> C:\ProgramData\Microsoft:Z5kZgN54EEOKemOeSDKHWY4jiDH
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:BB1102D7
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:8CE646EE
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:C8B8CEBD
@Alternate Data Stream - 1133 bytes -> C:\Users\PEP\AppData\Local\Temp:tIEBoLDxzfOncxhAJhlsx70nBLpy
@Alternate Data Stream - 1110 bytes -> C:\ProgramData\Microsoft:vnCmNOPrayl7udt8VOTRBar
:Files
ipconfig /flushdns /c
:Commands 
[purity] 
[resethosts] 
[emptytemp] 
[emptyjava]
[EMPTYFLASH] 
[CREATERESTOREPOINT] 
[Reboot]
```

Then click the *Run Fix* button at the top 
Click OK.
OTL may ask to reboot the machine. Please do so if asked.

The report should appear in Notepad after the reboot. Copy/Paste the report in your next reply.

-------------------------

After doing that, can you run this via OTL again, using the following as you initially did at the beginning. Only one log will be produced:


Select *All Users*

Please copy the text in the code box below and paste it in the *Custom Scans/Fixes* box in OTL:


```
type C:\Windows\SysNative\tasks\{104E2012-6B9D-4573-8F08-6810D7E45666} /c
type C:\Windows\SysNative\tasks\{1E05F877-732F-4326-AF6A-EE69D86EE140} /c
type C:\Windows\SysNative\tasks\{1EF829AD-1866-4FF0-90D0-1A1D5C6AE9A9} /c
type C:\Windows\SysNative\tasks\{29577EAE-8381-4B52-8780-DD607BF81059} /c
type C:\Windows\SysNative\tasks\{3B467E81-76DC-4C40-B481-31EC11E18436} /c
type C:\Windows\SysNative\tasks\{426BBE3C-F00B-4A5F-92C3-66F535EE80B7} /c
type C:\Windows\SysNative\tasks\{46C507D3-4F73-4E27-8448-C3196391C342} /c
type C:\Windows\SysNative\tasks\{598F790F-3476-4172-B9E7-D473726C3216} /c
type C:\Windows\SysNative\tasks\{5D8A6BF8-CAA6-41DF-8682-3FD6CABCBAF8} /c
type C:\Windows\SysNative\tasks\{6BDA90D2-0B44-4D04-A32B-A763EAFAE51F} /c
type C:\Windows\SysNative\tasks\{74B0DF68-6948-4FBD-B179-3B1FA316A593} /c
type C:\Windows\SysNative\tasks\{78BC9F60-39AC-4EAB-9812-5209AE9227AD} /c
type C:\Windows\SysNative\tasks\{7952CBBD-2432-45A7-BB87-71EAECE25F5B} /c
type C:\Windows\SysNative\tasks\{86EF5081-46C5-4F7D-A84A-2772C3538170} /c
type C:\Windows\SysNative\tasks\{8AC8DFF2-2157-4EAD-A5B0-8092414F338C} /c
type C:\Windows\SysNative\tasks\{98C4C8E2-2340-49B1-BB53-05974D12780B} /c
type C:\Windows\SysNative\tasks\{9EE61094-8304-40FB-9E9C-42999BD1FD8F} /c
type C:\Windows\SysNative\tasks\{9F225DB8-B3DA-4009-B51F-F2A7C36B50B6} /c
type C:\Windows\SysNative\tasks\{A3BEFF05-36E0-4531-9D61-4DED51C4CDF6} /c
type C:\Windows\SysNative\tasks\{B083207F-087E-440C-9044-62457B7F0A37} /c
type C:\Windows\SysNative\tasks\{B35B7AFB-A395-4054-9B4B-1CD1D6D89B1D} /c
type C:\Windows\SysNative\tasks\{B8806484-D2E9-4615-BF32-104F4B865879} /c
type C:\Windows\SysNative\tasks\{BAE59C2C-0756-4404-9564-563A9B2757E9} /c
type C:\Windows\SysNative\tasks\{CC12C8C9-AA12-4B1F-94E9-0D7CA5BC20FF} /c
type C:\Windows\SysNative\tasks\{DDB7232E-8749-4B04-AAEE-8A68B7C9F0AC} /c
type C:\Windows\SysNative\tasks\{E4472D0E-51C8-445C-BADA-78E16B466525} /c
type C:\Windows\SysNative\tasks\{F1BF76F6-F3E0-4EC2-B520-629A85BAC9D1} /c
```

Click the *Quick Scan* button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open a notepad window. *OTL.Txt* .This is saved in the same location as OTL.

Please copy *(Edit->Select All, Edit->Copy)* the contents of this file and post them in your topic


eddie


----------



## PEP (Mar 1, 2006)

yea that program is a game.

LOG AFTER FIX:
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}\ not found.
Registry key HKEY_USERS\S-1-5-21-3924556204-3487639632-2258398569-1000\Software\Microsoft\Internet Explorer\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/JavaPlugin\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin\ not found.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3\ not found.
File C:\Program Files (x86)\mozilla firefox\searchplugins\SearchTheWeb.xml not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
Registry key HKEY_USERS\S-1-5-21-3924556204-3487639632-2258398569-1000\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C04B7D22-5AEC-4561-8F49-27F6269208F6}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}\ not found.
Registry value HKEY_USERS\S-1-5-21-3924556204-3487639632-2258398569-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}\ not found.
Registry value HKEY_USERS\S-1-5-21-3924556204-3487639632-2258398569-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Adflybot not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ not found.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-21-3924556204-3487639632-2258398569-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\grooveLocalGWS\ not found.
File Protocol\Handler\grooveLocalGWS - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ not found.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ not found.
File Protocol\Handler\wlpg - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
File/Folder C:\Windows\*.tmp not found.
File/Folder C:\Users\PEP\Desktop\*.tmp not found.
Unable to delete ADS C:\ProgramData\TEMP:05EE1EEF .
Unable to delete ADS C:\ProgramData\Microsoft:Z5kZgN54EEOKemOeSDKHWY4jiDH .
Unable to delete ADS C:\ProgramData\TEMP:BB1102D7 .
Unable to delete ADS C:\ProgramData\TEMP:8CE646EE .
Unable to delete ADS C:\ProgramData\TEMP:C8B8CEBD .
Unable to delete ADS C:\Users\PEP\AppData\Local\Temp:tIEBoLDxzfOncxhAJhlsx70nBLpy .
Unable to delete ADS C:\ProgramData\Microsoft:vnCmNOPrayl7udt8VOTRBar .
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\PEP\Desktop\cmd.bat deleted successfully.
C:\Users\PEP\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 134 bytes
->Flash cache emptied: 56475 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: PEP
->Temp folder emptied: 21093256 bytes
->Temporary Internet Files folder emptied: 235017884 bytes
->Java cache emptied: 80653366 bytes
->FireFox cache emptied: 71946550 bytes
->Flash cache emptied: 798269 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 11436 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67630 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes
RecycleBin emptied: 2912163361 bytes

Total Files Cleaned = 3,168.00 mb

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: PEP
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: PEP
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.48.0 log created on 06142012_180734

Files\Folders moved on Reboot...
C:\Users\PEP\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

OTL LOG:
OTL logfile created on: 6/14/2012 6:15:07 PM - Run 2
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\PEP\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.38 Gb Available Physical Memory | 59.49% Memory free
9.99 Gb Paging File | 8.20 Gb Available in Paging File | 82.03% Paging File free
Paging file location(s): c:\pagefile.sys 6141 6141 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 290.04 Gb Total Space | 66.04 Gb Free Space | 22.77% Space Free | Partition Type: NTFS
Drive P: | 175.72 Gb Total Space | 74.60 Gb Free Space | 42.46% Space Free | Partition Type: NTFS

Computer Name: PEPBOBA | User Name: PEP | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/10 02:21:50 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\PEP\Desktop\OTL.exe
PRC - [2012/04/20 21:18:58 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\a folder\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/04/25 00:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
PRC - [2011/03/20 21:26:10 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2009/06/18 07:01:50 | 000,356,912 | ---- | M] (National Instruments Corporation) -- C:\a folder\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
PRC - [2009/06/18 06:57:28 | 000,042,544 | ---- | M] (National Instruments Corporation) -- C:\Windows\SysWOW64\lkads.exe
PRC - [2009/06/18 06:56:32 | 000,053,296 | ---- | M] (National Instruments Corporation) -- C:\Windows\SysWOW64\lktsrv.exe
PRC - [2009/06/04 04:14:28 | 000,013,896 | ---- | M] (National Instruments Corporation) -- C:\Windows\SysWOW64\nisvcloc.exe

========== Modules (No Company Name) ==========

MOD - [2012/04/20 21:19:01 | 001,952,696 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/04/25 00:13:30 | 007,008,656 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtgui4.dll
MOD - [2011/04/25 00:13:28 | 000,192,912 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtsql4.dll
MOD - [2011/04/25 00:13:26 | 001,270,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtscript4.dll
MOD - [2011/04/25 00:13:26 | 000,758,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtnetwork4.dll
MOD - [2011/04/25 00:13:24 | 002,118,032 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtcore4.dll
MOD - [2011/04/25 00:13:24 | 002,089,360 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtdeclarative4.dll
MOD - [2011/04/20 20:56:28 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll

========== Win32 Services (SafeList) ==========

SRV:*64bit:* - [2012/04/05 22:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:*64bit:* - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:*64bit:* - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/04/20 21:19:00 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\a folder\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/11 19:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\a folder\Program Files\SuperAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV - [2011/04/25 00:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP)
SRV - [2011/03/20 21:26:10 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/11/18 23:25:46 | 000,403,240 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/30 18:24:23 | 000,266,240 | ---- | M] () [Disabled | Stopped] -- C:\Windows\SysWOW64\CSHelper.exe -- (CSHelper)
SRV - [2009/09/18 10:10:28 | 001,007,616 | ---- | M] (Macrovision Corporation) [Disabled | Stopped] -- C:\a folder\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe -- (NILM License Manager)
SRV - [2009/09/12 01:40:22 | 002,287,360 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\a folder\Program Files\OO Software\Defrag\oodag.exe -- (O&O Defrag)
SRV - [2009/06/18 07:01:50 | 000,356,912 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\a folder\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe -- (NIDomainService)
SRV - [2009/06/18 06:57:28 | 000,042,544 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Windows\SysWOW64\lkads.exe -- (lkClassAds)
SRV - [2009/06/18 06:56:32 | 000,053,296 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Windows\SysWOW64\lktsrv.exe -- (lkTimeSync)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 04:14:28 | 000,013,896 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Windows\SysWOW64\nisvcloc.exe -- (niSvcLoc)
SRV - [2008/10/31 14:52:54 | 000,695,136 | ---- | M] (National Instruments, Inc.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\lkcitdl.exe -- (LkCitadelServer)
SRV - [2008/10/25 11:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\a folder\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)

========== Driver Services (SafeList) ==========

DRV:*64bit:* - [2012/04/06 01:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:*64bit:* - [2012/04/06 01:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:*64bit:* - [2012/04/05 21:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:*64bit:* - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:*64bit:* - [2012/02/23 15:28:08 | 000,615,728 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:*64bit:* - [2012/02/23 08:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:*64bit:* - [2011/03/10 19:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:*64bit:* - [2011/03/04 14:23:28 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)
DRV:*64bit:* - [2011/03/04 14:23:24 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:*64bit:* - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:*64bit:* - [2010/11/20 09:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:*64bit:* - [2010/11/20 09:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:*64bit:* - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:*64bit:* - [2010/11/20 07:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:*64bit:* - [2010/05/06 05:21:46 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:*64bit:* - [2009/12/27 22:57:46 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:*64bit:* - [2009/11/02 21:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:*64bit:* - [2009/09/18 02:08:00 | 000,081,792 | ---- | M] (Roland Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rdwm1053.sys -- (RDID1053)
DRV:*64bit:* - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:*64bit:* - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:*64bit:* - [2009/07/13 21:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:*64bit:* - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:*64bit:* - [2009/06/12 22:35:20 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:*64bit:* - [2009/06/12 22:35:20 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:*64bit:* - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:*64bit:* - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:*64bit:* - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:*64bit:* - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:*64bit:* - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:*64bit:* - [2008/07/24 19:46:08 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:*64bit:* - [2008/07/24 19:45:20 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
DRV:*64bit:* - [2007/08/13 23:08:34 | 000,202,176 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV:*64bit:* - [2007/06/25 06:37:14 | 000,108,032 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rtlh64.sys -- (RTL8169)
DRV - [2011/07/22 12:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\a folder\Program Files\SuperAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV - [2011/07/12 17:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\a folder\Program Files\SuperAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008/12/20 17:54:14 | 000,020,544 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:*64bit:* - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:*64bit:* - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3924556204-3487639632-2258398569-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3924556204-3487639632-2258398569-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FE 43 99 C7 CF 0A CD 01 [binary data]
IE - HKU\S-1-5-21-3924556204-3487639632-2258398569-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3924556204-3487639632-2258398569-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3924556204-3487639632-2258398569-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:*64bit:* - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:*64bit:* - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\a folder\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@artistscope.com/ArtistScope DRM plugin 1,version=1.1.0.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npArtistScopeDRM11.dll (ArtistScope)
FF - HKLM\Software\MozillaPlugins\@artistscope.com/ArtistScope plugin 42,version=4.2.0.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npArtistScope42.dll (ArtistScope)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\a folder\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\a folder\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@artistscope.com/ArtistScope DRM plugin 1,version=1.1.0.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npArtistScopeDRM11.dll (ArtistScope)
FF - HKCU\Software\MozillaPlugins\@artistscope.com/ArtistScope plugin 42,version=4.2.0.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npArtistScope42.dll (ArtistScope)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\PEP\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\[email protected] [2012/05/03 12:46:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\[email protected] [2012/05/03 12:46:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\li[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\[email protected] [2012/05/03 12:46:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/15 01:28:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/20 14:14:38 | 000,000,000 | ---D | M]

[2009/12/25 07:22:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PEP\AppData\Roaming\Mozilla\Extensions
[2012/05/02 11:43:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PEP\AppData\Roaming\Mozilla\Firefox\Profiles\pv2z0nyu.default\extensions
[2012/03/29 20:39:36 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\PEP\AppData\Roaming\Mozilla\Firefox\Profiles\pv2z0nyu.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/05/15 01:28:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/12/30 14:46:25 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]_bak
[2010/12/30 14:46:24 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]_bak
[2012/04/20 21:19:34 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2009/01/15 14:53:03 | 000,616,448 | ---- | M] (ArtistScope) -- C:\Program Files (x86)\mozilla firefox\plugins\npArtistScope42.dll
[2009/02/02 02:06:56 | 000,211,456 | ---- | M] (ArtistScope) -- C:\Program Files (x86)\mozilla firefox\plugins\npArtistScopeDRM11.dll
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2008/12/10 14:49:34 | 000,023,040 | ---- | M] (National Instruments) -- C:\Program Files (x86)\mozilla firefox\plugins\nplv86win32.dll
[2009/10/07 16:11:28 | 000,025,088 | ---- | M] (National Instruments) -- C:\Program Files (x86)\mozilla firefox\plugins\nplv90win32.dll
[2012/04/20 21:18:25 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/04/20 21:18:25 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/06/14 18:07:34 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:*64bit:* - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:*64bit:* - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\a folder\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O4:*64bit:* - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:*64bit:* - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:*64bit:* - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [NI Background Service] C:\a folder\Program Files (x86)\National Instruments\Shared\Update Service\BackgroundService.exe (National Instruments)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-3924556204-3487639632-2258398569-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3924556204-3487639632-2258398569-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:*64bit:* - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O9:*64bit:* - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O9:*64bit:* - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\a folder\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\a folder\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\a folder\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\a folder\Program Files (x86)\AIM\aim.exe (America Online, Inc.)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O15 - HKU\S-1-5-21-3924556204-3487639632-2258398569-1000\..Trusted Domains: facebook.com ([www] http in Trusted sites)
O16:*64bit:* - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 10.4.0)
O16:*64bit:* - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 1.7.0_04)
O16:*64bit:* - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 1.7.0_04)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/betapit/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{659D3C6A-9AF6-47A6-8D43-C5166F4A3B63}: DhcpNameServer = 192.168.1.1 192.168.1.1
O20:*64bit:* - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: VMApplet - (systempropertiesperformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:*64bit:* - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\a folder\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (OODBS)
O35:*64bit:* - HKLM\..comfile [open] -- "%1" %*
O35:*64bit:* - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:*64bit:* - HKLM\...com [@ = ComFile] -- "%1" %*
O37:*64bit:* - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/14 18:04:55 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/06/13 14:24:07 | 000,000,000 | ---D | C] -- C:\Users\PEP\Desktop\brooklyntech
[2012/06/10 02:21:50 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\PEP\Desktop\OTL.exe
[2012/06/10 02:15:35 | 000,000,000 | ---D | C] -- C:\Users\PEP\Desktop\sfp
[2012/06/10 02:14:04 | 000,000,000 | ---D | C] -- C:\Users\PEP\Desktop\vstuff
[2012/06/07 13:15:58 | 000,000,000 | ---D | C] -- C:\Users\PEP\AppData\Local\{5BACA261-352A-4298-A263-53FA6901779E}
[2012/06/07 13:15:47 | 000,000,000 | ---D | C] -- C:\Users\PEP\AppData\Local\{C338CF99-EE53-47DC-9690-C9264C8EA72F}
[2012/06/06 23:16:48 | 000,000,000 | ---D | C] -- C:\Users\PEP\AppData\Local\{E26418B8-A9B5-4ADF-9CF6-BC33B102B58F}
[2012/06/06 23:16:37 | 000,000,000 | ---D | C] -- C:\Users\PEP\AppData\Local\{E899EF6D-6942-4DE4-A5B7-74F192E2F9B2}
[2012/06/06 23:06:22 | 000,000,000 | ---D | C] -- C:\Users\PEP\Documents\OneNote Notebooks
[2012/06/06 21:15:35 | 000,000,000 | ---D | C] -- C:\Users\PEP\.swt
[2012/06/06 21:11:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/06/06 21:10:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
[2012/06/05 20:59:06 | 000,000,000 | ---D | C] -- C:\SD
[2012/06/05 20:18:02 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012/06/04 03:03:40 | 000,000,000 | ---D | C] -- C:\Users\PEP\AppData\Roaming\MonoDevelop-Unity-2.8
[2012/06/04 03:03:34 | 000,000,000 | ---D | C] -- C:\Users\PEP\AppData\Local\MonoDevelop-Unity-2.8
[2012/06/03 07:59:45 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/06/03 07:51:47 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/06/03 07:35:44 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/06/03 07:35:44 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/06/03 07:35:44 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/06/03 07:35:36 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/06/03 07:35:33 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/06/01 18:29:34 | 000,000,000 | ---D | C] -- C:\Users\PEP\Documents\WAP
[2012/06/01 18:20:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TexturePacker
[2012/06/01 18:12:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TexturePacker
[2012/05/31 14:52:18 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2012/05/31 14:47:00 | 000,000,000 | ---D | C] -- C:\ProgramData\ALM
[2012/05/31 14:45:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Media Player
[2012/05/31 14:45:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
[2012/05/27 03:40:32 | 000,000,000 | ---D | C] -- C:\Users\PEP\AppData\Roaming\SUPERAntiSpyware.com
[2012/05/27 03:38:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/05/27 03:37:58 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/05/25 06:57:54 | 000,000,000 | ---D | C] -- C:\Users\PEP\AppData\Roaming\Malwarebytes
[2012/05/25 06:57:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/05/25 06:57:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/05/25 06:57:49 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/05/23 05:40:00 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[2012/05/21 01:44:18 | 000,000,000 | ---D | C] -- C:\BigFishGamesCache

========== Files - Modified Within 30 Days ==========

[2012/06/14 18:19:13 | 000,020,704 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/14 18:19:13 | 000,020,704 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/14 18:11:26 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/14 18:11:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/14 18:11:10 | 003,171,081 | ---- | M] () -- C:\Windows\SysNative\oodbs.lor
[2012/06/14 18:07:34 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/06/14 17:35:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/13 17:55:36 | 000,018,432 | ---- | M] () -- C:\Users\PEP\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/13 14:29:19 | 000,847,692 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/13 14:29:19 | 000,697,542 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/13 14:29:19 | 000,141,740 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/10 02:21:50 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\PEP\Desktop\OTL.exe
[2012/06/10 02:15:53 | 000,000,340 | ---- | M] () -- C:\Users\PEP\Desktop\requested-files[2012-06-10_02_15].cab
[2012/06/10 02:14:56 | 000,264,875 | ---- | M] () -- C:\Users\PEP\Desktop\sfp.zip
[2012/06/07 21:31:21 | 000,000,576 | ---- | M] () -- C:\Users\PEP\AppData\Roaming\AutoGK.ini
[2012/06/07 07:29:29 | 005,007,800 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/05 21:43:36 | 000,000,845 | ---- | M] () -- C:\Users\PEP\Desktop\eclipse.exe - Shortcut.lnk
[2012/06/05 15:16:25 | 000,041,892 | ---- | M] () -- C:\Users\PEP\Desktop\_save786332.sav
[2012/06/02 21:22:19 | 000,003,303 | ---- | M] () -- C:\Users\PEP\Desktop\face.png
[2012/06/01 19:07:50 | 000,001,058 | ---- | M] () -- C:\Users\Public\Desktop\Unity.lnk
[2012/05/31 15:00:40 | 000,004,716 | ---- | M] () -- C:\Users\PEP\Desktop\Untitled.png
[2012/05/18 14:43:46 | 003,145,782 | ---- | M] () -- C:\Users\PEP\Desktop\screenshot100.bmp
[2012/05/18 01:14:43 | 006,209,857 | ---- | M] () -- C:\Users\PEP\Desktop\cube.exe

========== Files Created - No Company Name ==========

[2012/06/10 02:15:53 | 000,000,340 | ---- | C] () -- C:\Users\PEP\Desktop\requested-files[2012-06-10_02_15].cab
[2012/06/10 02:14:46 | 000,264,875 | ---- | C] () -- C:\Users\PEP\Desktop\sfp.zip
[2012/06/05 21:43:36 | 000,000,845 | ---- | C] () -- C:\Users\PEP\Desktop\eclipse.exe - Shortcut.lnk
[2012/06/03 07:35:44 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/06/03 07:35:44 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/06/03 07:35:44 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/06/03 07:35:44 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/06/03 07:35:44 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/06/02 21:21:40 | 000,003,303 | ---- | C] () -- C:\Users\PEP\Desktop\face.png
[2012/06/01 19:07:50 | 000,001,058 | ---- | C] () -- C:\Users\Public\Desktop\Unity.lnk
[2012/05/31 15:00:40 | 000,004,716 | ---- | C] () -- C:\Users\PEP\Desktop\Untitled.png
[2012/05/31 14:47:02 | 000,001,588 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CS5.lnk
[2012/05/31 14:46:42 | 000,001,107 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.lnk
[2012/05/31 14:46:27 | 000,001,200 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.lnk
[2012/05/31 14:44:55 | 000,001,291 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.lnk
[2012/05/31 14:44:48 | 000,001,523 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.lnk
[2012/05/31 14:44:20 | 000,000,997 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2012/05/18 14:43:46 | 003,145,782 | ---- | C] () -- C:\Users\PEP\Desktop\screenshot100.bmp
[2012/05/18 14:42:07 | 000,041,892 | ---- | C] () -- C:\Users\PEP\Desktop\_save786332.sav
[2012/05/18 01:13:47 | 006,209,857 | ---- | C] () -- C:\Users\PEP\Desktop\cube.exe
[2012/05/13 22:11:49 | 000,006,784 | ---- | C] () -- C:\Users\PEP\AppData\Local\recently-used.xbel
[2012/03/28 11:17:16 | 000,000,101 | ---- | C] () -- C:\Windows\TheMatrix.ini
[2012/03/25 14:26:58 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2012/03/20 15:36:37 | 000,004,696 | ---- | C] () -- C:\Windows\scad3.INI
[2012/03/09 00:31:26 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/03/09 00:31:26 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/03/05 15:16:52 | 000,000,000 | ---- | C] () -- C:\Windows\lmtools.INI
[2012/03/05 14:55:23 | 000,000,527 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2012/02/23 15:31:30 | 000,017,408 | ---- | C] () -- C:\Users\PEP\AppData\Local\WebpageIcons.db
[2012/01/31 07:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/01/13 15:29:45 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2012/01/13 00:03:49 | 000,000,576 | ---- | C] () -- C:\Users\PEP\AppData\Roaming\AutoGK.ini
[2011/10/25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011/09/12 18:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/05/18 16:36:37 | 000,000,033 | ---- | C] () -- C:\ProgramData\{081230F8-EA50-42A9-983C-D22ABC2EED3B}.ini
[2011/01/26 19:52:26 | 000,007,605 | ---- | C] () -- C:\Users\PEP\AppData\Local\Resmon.ResmonCfg
[2010/10/22 23:42:28 | 000,000,604 | -H-- | C] () -- C:\Program Files (x86)\STLL Notifier
[2010/10/22 23:27:11 | 000,000,482 | ---- | C] () -- C:\Windows\{17FE44E2-D21A-4F0C-BE49-798A8FBC374E}_WiseFW.ini
[2010/08/22 17:01:56 | 000,000,298 | ---- | C] () -- C:\Windows\vtmb.ini
[2010/07/02 21:08:09 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini

========== LOP Check ==========

[2011/12/24 10:03:43 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\.minecraft
[2009/12/25 07:21:55 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\Aim
[2011/11/12 08:50:07 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\Amvud
[2012/01/22 14:21:03 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\Audacity
[2012/06/10 05:20:39 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\Azureus
[2011/01/13 20:56:39 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\Bioshock2
[2012/01/01 18:03:47 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\Canneverbe Limited
[2012/05/23 21:22:48 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\DAEMON Tools Lite
[2011/06/21 21:21:19 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\Deckadance16
[2009/12/25 07:21:58 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\DeepBurner
[2011/05/13 04:41:19 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\Dev-Cpp
[2010/03/29 22:17:59 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\EMCO
[2011/01/16 19:46:53 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\Filter Forge 2
[2009/12/25 07:21:58 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\FreeImageConverter
[2009/12/25 07:21:58 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\Games
[2012/01/24 14:00:08 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\GetRightToGo
[2011/12/31 21:12:03 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\gtk-2.0
[2010/09/17 23:09:04 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\Helios
[2011/08/28 16:27:31 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\hte
[2011/06/21 22:18:16 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\Image-Line
[2012/01/12 21:35:32 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\ImgBurn
[2009/12/25 07:21:58 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\Leadertech
[2010/04/07 19:41:21 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\Lionhead Studios
[2012/01/13 15:30:07 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\MinMaxGames
[2012/06/01 18:26:15 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\MonoDevelop-Unity
[2012/06/13 17:25:26 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\MonoDevelop-Unity-2.8
[2009/12/25 07:22:24 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\Mount&Blade
[2010/04/13 00:33:38 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\Mount&Blade Warband
[2011/05/09 18:17:49 | 000,000,000 | -HSD | M] -- C:\Users\PEP\AppData\Roaming\ms-drivers
[2009/12/25 07:22:26 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\MuPAD
[2010/10/12 22:29:34 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\MusE
[2012/03/25 22:42:09 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\National Instruments
[2011/08/27 17:01:58 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\Notepad++
[2010/12/27 15:11:21 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\PACE Anti-Piracy
[2011/07/30 21:37:10 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\Picsoft
[2009/12/31 13:33:50 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\PlayFirst
[2011/03/20 21:26:07 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\PunkBuster
[2012/03/11 23:03:57 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\Rational
[2011/05/18 18:30:58 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\ScripterRon
[2010/01/25 19:39:46 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\ScummVM
[2011/06/21 21:21:19 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\SongManager
[2010/03/20 20:31:08 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\SprillRichiEng
[2011/08/08 21:38:45 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\stetic
[2011/02/22 00:22:08 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\System
[2011/11/06 19:15:27 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\SystemRequirementsLab
[2011/04/18 19:07:45 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\The Creative Assembly
[2009/12/25 07:22:27 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\Thinstall
[2010/05/28 22:27:48 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\Tropico 3
[2010/04/16 00:42:08 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\Ubisoft
[2012/06/01 19:16:10 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\Unity
[2011/11/11 17:02:23 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\Uppae
[2012/01/12 19:38:07 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\windows-dvd-maker
[2011/05/09 17:42:04 | 000,000,000 | -HSD | M] -- C:\Users\PEP\AppData\Roaming\wyUpdate AU
[2009/12/25 07:22:28 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\XRay Engine
[2012/05/29 08:14:55 | 000,032,648 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< type C:\Windows\SysNative\tasks\{104E2012-6B9D-4573-8F08-6810D7E45666} /c >
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\holy\SETUP.EXE</Command>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>PEPBOBA\PEP</UserId>
<LogonType>InteractiveToken</LogonType>
<RunLevel>LeastPrivilege</RunLevel>
</Principal>
</Principals>
</Task>

< type C:\Windows\SysNative\tasks\{1E05F877-732F-4326-AF6A-EE69D86EE140} /c >
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\holy\SETUP.EXE</Command>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>PEPBOBA\PEP</UserId>
<LogonType>InteractiveToken</LogonType>
<RunLevel>LeastPrivilege</RunLevel>
</Principal>
</Principals>
</Task>

< type C:\Windows\SysNative\tasks\{1EF829AD-1866-4FF0-90D0-1A1D5C6AE9A9} /c >
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\holy\SETUP.EXE</Command>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>PEPBOBA\PEP</UserId>
<LogonType>InteractiveToken</LogonType>
<RunLevel>LeastPrivilege</RunLevel>
</Principal>
</Principals>
</Task>

< type C:\Windows\SysNative\tasks\{29577EAE-8381-4B52-8780-DD607BF81059} /c >
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\a folder\Files\DOWNLOADS\rnr_ru_update_setup3.0.2.exe</Command>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>PEPBOBA\PEP</UserId>
<LogonType>InteractiveToken</LogonType>
<RunLevel>LeastPrivilege</RunLevel>
</Principal>
</Principals>
</Task>

< type C:\Windows\SysNative\tasks\{3B467E81-76DC-4C40-B481-31EC11E18436} /c >
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\Windows\system32\pcalua.exe</Command>
<Arguments>-a P:\GAMES\BoulderDashTPSetup.exe -d P:\GAMES</Arguments>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>PEPBOBA\PEP</UserId>
<LogonType>InteractiveToken</LogonType>
<RunLevel>LeastPrivilege</RunLevel>
</Principal>
</Principals>
</Task>

< type C:\Windows\SysNative\tasks\{426BBE3C-F00B-4A5F-92C3-66F535EE80B7} /c >
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\Windows\system32\pcalua.exe</Command>
<Arguments>-a "C:\Program Files (x86)\InstallShield Installation Information\{D80A6A73-E58A-4673-AFF5-F12D7110661F}\setup.exe" -c -runfromtemp -l0x0409</Arguments>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>PEPBOBA\PEP</UserId>
<LogonType>InteractiveToken</LogonType>
</Principal>
</Principals>
</Task>

< type C:\Windows\SysNative\tasks\{46C507D3-4F73-4E27-8448-C3196391C342} /c >
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\holy\SETUP.EXE</Command>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>PEPBOBA\PEP</UserId>
<LogonType>InteractiveToken</LogonType>
<RunLevel>LeastPrivilege</RunLevel>
</Principal>
</Principals>
</Task>

< type C:\Windows\SysNative\tasks\{598F790F-3476-4172-B9E7-D473726C3216} /c >
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\a folder\Files\DOWNLOADS\PopCap.Games.Plants.vs.Zombies.v1.2.0.1073.Game.of.the.Year.Edition-LMi\Plants.vs.Zombies\PlantsVsZombies.exe</Command>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>PEPBOBA\PEP</UserId>
<LogonType>InteractiveToken</LogonType>
<RunLevel>LeastPrivilege</RunLevel>
</Principal>
</Principals>
</Task>

< type C:\Windows\SysNative\tasks\{5D8A6BF8-CAA6-41DF-8682-3FD6CABCBAF8} /c >
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\holy\SETUP.EXE</Command>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>PEPBOBA\PEP</UserId>
<LogonType>InteractiveToken</LogonType>
<RunLevel>LeastPrivilege</RunLevel>
</Principal>
</Principals>
</Task>

< type C:\Windows\SysNative\tasks\{6BDA90D2-0B44-4D04-A32B-A763EAFAE51F} /c >
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\Windows\system32\pcalua.exe</Command>
<Arguments>-a "C:\a folder\Program Files (x86)\Steam\steam.exe" -c steam://uninstall/2130</Arguments>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>PEPBOBA\PEP</UserId>
<LogonType>InteractiveToken</LogonType>
<RunLevel>LeastPrivilege</RunLevel>
</Principal>
</Principals>
</Task>

< type C:\Windows\SysNative\tasks\{74B0DF68-6948-4FBD-B179-3B1FA316A593} /c >
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\holy\SETUP.EXE</Command>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>PEPBOBA\PEP</UserId>
<LogonType>InteractiveToken</LogonType>
<RunLevel>LeastPrivilege</RunLevel>
</Principal>
</Principals>
</Task>

< type C:\Windows\SysNative\tasks\{78BC9F60-39AC-4EAB-9812-5209AE9227AD} /c >
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\holy\SETUP.EXE</Command>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>PEPBOBA\PEP</UserId>
<LogonType>InteractiveToken</LogonType>
<RunLevel>LeastPrivilege</RunLevel>
</Principal>
</Principals>
</Task>

< type C:\Windows\SysNative\tasks\{7952CBBD-2432-45A7-BB87-71EAECE25F5B} /c >
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\a folder\Files\DOWNLOADS\PopCap.Games.Plants.vs.Zombies.v1.2.0.1073.Game.of.the.Year.Edition-LMi\Plants.vs.Zombies\PlantsVsZombies.exe</Command>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>PEPBOBA\PEP</UserId>
<LogonType>InteractiveToken</LogonType>
<RunLevel>LeastPrivilege</RunLevel>
</Principal>
</Principals>
</Task>

< type C:\Windows\SysNative\tasks\{86EF5081-46C5-4F7D-A84A-2772C3538170} /c >
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\holy\SETUP.EXE</Command>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>PEPBOBA\PEP</UserId>
<LogonType>InteractiveToken</LogonType>
<RunLevel>LeastPrivilege</RunLevel>
</Principal>
</Principals>
</Task>

< type C:\Windows\SysNative\tasks\{8AC8DFF2-2157-4EAD-A5B0-8092414F338C} /c >
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\Windows\system32\pcalua.exe</Command>
<Arguments>-a C:\Windows\IsUninst.exe -c -ff:\gta1\Uninst.isu</Arguments>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>PEPBOBA\PEP</UserId>
<LogonType>InteractiveToken</LogonType>
</Principal>
</Principals>
</Task>

< type C:\Windows\SysNative\tasks\{98C4C8E2-2340-49B1-BB53-05974D12780B} /c >
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\holy\SETUP.EXE</Command>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>PEPBOBA\PEP</UserId>
<LogonType>InteractiveToken</LogonType>
<RunLevel>LeastPrivilege</RunLevel>
</Principal>
</Principals>
</Task>

< type C:\Windows\SysNative\tasks\{9EE61094-8304-40FB-9E9C-42999BD1FD8F} /c >
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\holy\SETUP.EXE</Command>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>PEPBOBA\PEP</UserId>
<LogonType>InteractiveToken</LogonType>
<RunLevel>LeastPrivilege</RunLevel>
</Principal>
</Principals>
</Task>

< type C:\Windows\SysNative\tasks\{9F225DB8-B3DA-4009-B51F-F2A7C36B50B6} /c >
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\Users\PEP\Desktop\StarCraft_2_NA_en-US.exe</Command>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>PEPBOBA\PEP</UserId>
<LogonType>InteractiveToken</LogonType>
<RunLevel>LeastPrivilege</RunLevel>
</Principal>
</Principals>
</Task>

< type C:\Windows\SysNative\tasks\{A3BEFF05-36E0-4531-9D61-4DED51C4CDF6} /c >
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\a folder\Files\DOWNLOADS\rnr_ru_update_setup3.0.2.exe</Command>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>PEPBOBA\PEP</UserId>
<LogonType>InteractiveToken</LogonType>
<RunLevel>LeastPrivilege</RunLevel>
</Principal>
</Principals>
</Task>

< type C:\Windows\SysNative\tasks\{B083207F-087E-440C-9044-62457B7F0A37} /c >
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\Windows\system32\pcalua.exe</Command>
<Arguments>-a "C:\Users\PEP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MYNOBAOY\sup_onlypumpkins[1].exe" -d C:\Users\PEP\Desktop</Arguments>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>PEPBOBA\PEP</UserId>
<LogonType>InteractiveToken</LogonType>
<RunLevel>LeastPrivilege</RunLevel>
</Principal>
</Principals>
</Task>

< type C:\Windows\SysNative\tasks\{B35B7AFB-A395-4054-9B4B-1CD1D6D89B1D} /c >
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\holy\SETUP.EXE</Command>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>PEPBOBA\PEP</UserId>
<LogonType>InteractiveToken</LogonType>
<RunLevel>LeastPrivilege</RunLevel>
</Principal>
</Principals>
</Task>

< type C:\Windows\SysNative\tasks\{B8806484-D2E9-4615-BF32-104F4B865879} /c >
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\holy\SETUP.EXE</Command>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>PEPBOBA\PEP</UserId>
<LogonType>InteractiveToken</LogonType>
<RunLevel>LeastPrivilege</RunLevel>
</Principal>
</Principals>
</Task>

< type C:\Windows\SysNative\tasks\{BAE59C2C-0756-4404-9564-563A9B2757E9} /c >
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\Windows\system32\pcalua.exe</Command>
<Arguments>-a "C:\Users\PEP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FHTT0DXW\sup_hh10[1].exe" -d C:\Users\PEP\Desktop</Arguments>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>PEPBOBA\PEP</UserId>
<LogonType>InteractiveToken</LogonType>
<RunLevel>LeastPrivilege</RunLevel>
</Principal>
</Principals>
</Task>

< type C:\Windows\SysNative\tasks\{CC12C8C9-AA12-4B1F-94E9-0D7CA5BC20FF} /c >
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\Users\PEP\Desktop\StarCraft_2_NA_en-US.exe</Command>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>PEPBOBA\PEP</UserId>
<LogonType>InteractiveToken</LogonType>
<RunLevel>LeastPrivilege</RunLevel>
</Principal>
</Principals>
</Task>

< type C:\Windows\SysNative\tasks\{DDB7232E-8749-4B04-AAEE-8A68B7C9F0AC} /c >
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\holy\SETUP.EXE</Command>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>PEPBOBA\PEP</UserId>
<LogonType>InteractiveToken</LogonType>
<RunLevel>LeastPrivilege</RunLevel>
</Principal>
</Principals>
</Task>

< type C:\Windows\SysNative\tasks\{E4472D0E-51C8-445C-BADA-78E16B466525} /c >
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\holy\SETUP.EXE</Command>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>PEPBOBA\PEP</UserId>
<LogonType>InteractiveToken</LogonType>
<RunLevel>LeastPrivilege</RunLevel>
</Principal>
</Principals>
</Task>

< type C:\Windows\SysNative\tasks\{F1BF76F6-F3E0-4EC2-B520-629A85BAC9D1} /c >
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\holy\SETUP.EXE</Command>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>PEPBOBA\PEP</UserId>
<LogonType>InteractiveToken</LogonType>
<RunLevel>LeastPrivilege</RunLevel>
</Principal>
</Principals>
</Task>

< End of report >


----------



## eddie5659 (Mar 19, 2001)

Okay, this is showing in the custom scan I asked for:

*C:\holy\SETUP.EXE*

Do you know what this is?

--------

Re-run TDSSKiller and select delete for this line

*\Device\Harddisk0\DR0 ( TDSS File System )*

and post the log afterwards

------------

*Delete any copies of Combofix that you have.*

Download ComboFix from one of these locations:

*Link 1*
*Link 2*

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open *notepad* and copy/paste the text in the quotebox below into it:



> RegNull::
> [HKEY_USERS\S-1-5-21-3924556204-3487639632-2258398569-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8755E78F-6D1F-7C34-959D-8881783F5E69}*]
> [HKEY_USERS\S-1-5-21-3924556204-3487639632-2258398569-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A4A6A70A-7ED1-4DB3-BFBF-546F7405A606}*]
> [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8755E78F-6D1F-7C34-959D-8881783F5E69}\InProcServer32*]
> ...


Save this as *CFScript.txt*, in the same location as ComboFix.exe










Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at *C:\ComboFix.txt* which I will require in your next reply.


----------



## PEP (Mar 1, 2006)

holy.exe is monty python and the holy grail 

The TDSSKIller didn't show \Device\Harddisk0\DR0 ( TDSS File System )
Heres the log for it anyways.
22:43:02.0418 5588	TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32
22:43:02.0796 5588	============================================================
22:43:02.0796 5588	Current date / time: 2012/06/24 22:43:02.0796
22:43:02.0796 5588	SystemInfo:
22:43:02.0796 5588	
22:43:02.0796 5588	OS Version: 6.1.7601 ServicePack: 1.0
22:43:02.0796 5588	Product type: Workstation
22:43:02.0797 5588	ComputerName: PEPBOBA
22:43:02.0797 5588	UserName: PEP
22:43:02.0797 5588	Windows directory: C:\Windows
22:43:02.0797 5588	System windows directory: C:\Windows
22:43:02.0797 5588	Running under WOW64
22:43:02.0797 5588	Processor architecture: Intel x64
22:43:02.0797 5588	Number of processors: 4
22:43:02.0797 5588	Page size: 0x1000
22:43:02.0797 5588	Boot type: Normal boot
22:43:02.0797 5588	============================================================
22:43:04.0462 5588	Drive \Device\Harddisk0\DR0 - Size: 0x7470AFDE00 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:43:04.0467 5588	Drive \Device\Harddisk1\DR1 - Size: 0x1DE000000 (7.47 Gb), SectorSize: 0x200, Cylinders: 0x3CE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
22:43:04.0469 5588	============================================================
22:43:04.0469 5588	\Device\Harddisk0\DR0:
22:43:04.0469 5588	MBR partitions:
22:43:04.0469 5588	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x24414000
22:43:04.0469 5588	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x24414800, BlocksNum 0x15F6F800
22:43:04.0470 5588	\Device\Harddisk1\DR1:
22:43:04.0470 5588	MBR partitions:
22:43:04.0470 5588	\Device\Harddisk1\DR1\Partition0: MBR, Type 0xB, StartLBA 0x1F80, BlocksNum 0xEEE080
22:43:04.0470 5588	============================================================
22:43:04.0498 5588	C: <-> \Device\Harddisk0\DR0\Partition0
22:43:04.0538 5588	P: <-> \Device\Harddisk0\DR0\Partition1
22:43:04.0538 5588	============================================================
22:43:04.0538 5588	Initialize success
22:43:04.0538 5588	============================================================
22:43:16.0447 4580	============================================================
22:43:16.0447 4580	Scan started
22:43:16.0447 4580	Mode: Manual; 
22:43:16.0447 4580	============================================================
22:43:17.0889 4580	!SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\a folder\Program Files\SuperAntiSpyware\SASCORE64.EXE
22:43:17.0936 4580	!SASCORE - ok
22:43:18.0087 4580	1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
22:43:18.0125 4580	1394ohci - ok
22:43:18.0196 4580	ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
22:43:18.0199 4580	ACPI - ok
22:43:18.0216 4580	AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
22:43:18.0275 4580	AcpiPmi - ok
22:43:18.0352 4580	adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
22:43:18.0364 4580	adp94xx - ok
22:43:18.0396 4580	adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
22:43:18.0404 4580	adpahci - ok
22:43:18.0428 4580	adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
22:43:18.0475 4580	adpu320 - ok
22:43:18.0510 4580	AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
22:43:18.0511 4580	AeLookupSvc - ok
22:43:18.0567 4580	AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
22:43:18.0712 4580	AFD - ok
22:43:18.0748 4580	agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
22:43:18.0751 4580	agp440 - ok
22:43:18.0766 4580	ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
22:43:18.0801 4580	ALG - ok
22:43:18.0836 4580	aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
22:43:18.0838 4580	aliide - ok
22:43:18.0898 4580	AMD External Events Utility (20c8a3e435a47f0408a1ea674afa6194) C:\Windows\system32\atiesrxx.exe
22:43:18.0901 4580	AMD External Events Utility - ok
22:43:18.0944 4580	amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
22:43:18.0946 4580	amdide - ok
22:43:19.0130 4580	AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
22:43:19.0176 4580	AmdK8 - ok
22:43:19.0839 4580	amdkmdag (0b45c18b0f3ee996d25baa4e74884b83) C:\Windows\system32\DRIVERS\atikmdag.sys
22:43:20.0087 4580	amdkmdag - ok
22:43:20.0238 4580	amdkmdap (0e57258e5cc4cc7a9a9a877afdf0cec6) C:\Windows\system32\DRIVERS\atikmpag.sys
22:43:20.0246 4580	amdkmdap - ok
22:43:20.0269 4580	AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
22:43:20.0272 4580	AmdPPM - ok
22:43:20.0303 4580	amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
22:43:20.0314 4580	amdsata - ok
22:43:20.0340 4580	amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
22:43:20.0389 4580	amdsbs - ok
22:43:20.0415 4580	amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
22:43:20.0416 4580	amdxata - ok
22:43:20.0474 4580	AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
22:43:20.0477 4580	AppID - ok
22:43:20.0493 4580	AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
22:43:20.0500 4580	AppIDSvc - ok
22:43:20.0549 4580	Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
22:43:20.0551 4580	Appinfo - ok
22:43:20.0661 4580	AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
22:43:20.0672 4580	AppMgmt - ok
22:43:20.0687 4580	arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
22:43:20.0695 4580	arc - ok
22:43:20.0713 4580	arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
22:43:20.0715 4580	arcsas - ok
22:43:20.0830 4580	aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
22:43:20.0832 4580	aspnet_state - ok
22:43:20.0857 4580	AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
22:43:20.0892 4580	AsyncMac - ok
22:43:20.0930 4580	atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
22:43:20.0931 4580	atapi - ok
22:43:20.0984 4580	AtiHDAudioService (24464b908e143d2561e9e452fee97309) C:\Windows\system32\drivers\AtihdW76.sys
22:43:21.0029 4580	AtiHDAudioService - ok
22:43:21.0078 4580	AtiHdmiService (2d648572ba9a610952fcafba1e119c2d) C:\Windows\system32\drivers\AtiHdmi.sys
22:43:21.0117 4580	AtiHdmiService - ok
22:43:21.0618 4580	atikmdag (0b45c18b0f3ee996d25baa4e74884b83) C:\Windows\system32\DRIVERS\atikmdag.sys
22:43:21.0676 4580	atikmdag - ok
22:43:21.0810 4580	atksgt (64f07381335e37c142f6d176705ffca6) C:\Windows\system32\DRIVERS\atksgt.sys
22:43:21.0819 4580	atksgt - ok
22:43:21.0892 4580	AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
22:43:21.0936 4580	AudioEndpointBuilder - ok
22:43:21.0942 4580	AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
22:43:21.0946 4580	AudioSrv - ok
22:43:22.0044 4580	AVP (2718dc27571bd1e37813f5759d2dc118) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
22:43:22.0046 4580	AVP - ok
22:43:22.0092 4580	AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
22:43:22.0101 4580	AxInstSV - ok
22:43:22.0148 4580	b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
22:43:22.0187 4580	b06bdrv - ok
22:43:22.0247 4580	b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
22:43:22.0286 4580	b57nd60a - ok
22:43:22.0341 4580	BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
22:43:22.0363 4580	BDESVC - ok
22:43:22.0393 4580	Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
22:43:22.0419 4580	Beep - ok
22:43:22.0526 4580	BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
22:43:22.0540 4580	BFE - ok
22:43:22.0674 4580	BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
22:43:22.0690 4580	BITS - ok
22:43:22.0731 4580	blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
22:43:22.0733 4580	blbdrive - ok
22:43:22.0778 4580	bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
22:43:22.0779 4580	bowser - ok
22:43:22.0809 4580	BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:43:22.0844 4580	BrFiltLo - ok
22:43:22.0873 4580	BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:43:22.0875 4580	BrFiltUp - ok
22:43:22.0907 4580	BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
22:43:22.0929 4580	BridgeMP - ok
22:43:22.0995 4580	Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
22:43:23.0044 4580	Browser - ok
22:43:23.0080 4580	Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
22:43:23.0089 4580	Brserid - ok
22:43:23.0105 4580	BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
22:43:23.0127 4580	BrSerWdm - ok
22:43:23.0161 4580	BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
22:43:23.0162 4580	BrUsbMdm - ok
22:43:23.0168 4580	BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
22:43:23.0169 4580	BrUsbSer - ok
22:43:23.0186 4580	BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
22:43:23.0211 4580	BTHMODEM - ok
22:43:23.0278 4580	bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
22:43:23.0286 4580	bthserv - ok
22:43:23.0300 4580	catchme - ok
22:43:23.0317 4580	cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
22:43:23.0319 4580	cdfs - ok
22:43:23.0363 4580	cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
22:43:23.0367 4580	cdrom - ok
22:43:23.0410 4580	CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
22:43:23.0418 4580	CertPropSvc - ok
22:43:23.0436 4580	circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
22:43:23.0438 4580	circlass - ok
22:43:23.0464 4580	CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
22:43:23.0467 4580	CLFS - ok
22:43:23.0524 4580	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:43:23.0526 4580	clr_optimization_v2.0.50727_32 - ok
22:43:23.0571 4580	clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:43:23.0597 4580	clr_optimization_v2.0.50727_64 - ok
22:43:23.0747 4580	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:43:23.0763 4580	clr_optimization_v4.0.30319_32 - ok
22:43:23.0787 4580	clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:43:23.0828 4580	clr_optimization_v4.0.30319_64 - ok
22:43:23.0858 4580	CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
22:43:23.0887 4580	CmBatt - ok
22:43:23.0918 4580	cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
22:43:23.0941 4580	cmdide - ok
22:43:23.0995 4580	CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
22:43:24.0000 4580	CNG - ok
22:43:24.0027 4580	Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
22:43:24.0029 4580	Compbatt - ok
22:43:24.0055 4580	CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
22:43:24.0076 4580	CompositeBus - ok
22:43:24.0100 4580	COMSysApp - ok
22:43:24.0113 4580	crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
22:43:24.0115 4580	crcdisk - ok
22:43:24.0177 4580	CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
22:43:24.0189 4580	CryptSvc - ok
22:43:24.0242 4580	CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
22:43:24.0295 4580	CSC - ok
22:43:24.0366 4580	CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
22:43:24.0371 4580	CscService - ok
22:43:24.0465 4580	CSHelper (aefb8558199bd5212b268b09bfa1d71a) C:\Windows\SysWOW64\CSHelper.exe
22:43:24.0475 4580	CSHelper - ok
22:43:24.0552 4580	DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
22:43:24.0557 4580	DcomLaunch - ok
22:43:24.0677 4580	defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
22:43:24.0680 4580	defragsvc - ok
22:43:24.0736 4580	DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
22:43:24.0737 4580	DfsC - ok
22:43:24.0772 4580	Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
22:43:24.0792 4580	Dhcp - ok
22:43:24.0846 4580	discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
22:43:24.0848 4580	discache - ok
22:43:24.0880 4580	Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
22:43:24.0881 4580	Disk - ok
22:43:24.0918 4580	Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
22:43:24.0956 4580	Dnscache - ok
22:43:24.0996 4580	dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
22:43:25.0012 4580	dot3svc - ok
22:43:25.0049 4580	DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
22:43:25.0051 4580	DPS - ok
22:43:25.0086 4580	drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
22:43:25.0088 4580	drmkaud - ok
22:43:25.0175 4580	DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
22:43:25.0200 4580	DXGKrnl - ok
22:43:25.0225 4580	EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
22:43:25.0230 4580	EapHost - ok
22:43:25.0405 4580	ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
22:43:25.0463 4580	ebdrv - ok
22:43:25.0560 4580	EFS (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\System32\lsass.exe
22:43:25.0672 4580	EFS - ok
22:43:25.0778 4580	ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
22:43:25.0793 4580	ehRecvr - ok
22:43:25.0847 4580	ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
22:43:25.0852 4580	ehSched - ok
22:43:25.0918 4580	elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
22:43:25.0928 4580	elxstor - ok
22:43:25.0958 4580	ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
22:43:25.0959 4580	ErrDev - ok
22:43:26.0009 4580	EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
22:43:26.0012 4580	EventSystem - ok
22:43:26.0036 4580	exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
22:43:26.0047 4580	exfat - ok
22:43:26.0071 4580	fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
22:43:26.0073 4580	fastfat - ok
22:43:26.0143 4580	Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
22:43:26.0166 4580	Fax - ok
22:43:26.0178 4580	fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
22:43:26.0188 4580	fdc - ok
22:43:26.0201 4580	fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
22:43:26.0208 4580	fdPHost - ok
22:43:26.0217 4580	FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
22:43:26.0219 4580	FDResPub - ok
22:43:26.0230 4580	FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
22:43:26.0231 4580	FileInfo - ok
22:43:26.0244 4580	Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
22:43:26.0271 4580	Filetrace - ok
22:43:26.0302 4580	flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
22:43:26.0336 4580	flpydisk - ok
22:43:26.0383 4580	FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
22:43:26.0386 4580	FltMgr - ok
22:43:26.0475 4580	FontCache (b4447f606bb19fd8ad0bafb59b90f5d9) C:\Windows\system32\FntCache.dll
22:43:26.0491 4580	FontCache - ok
22:43:26.0548 4580	FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:43:26.0572 4580	FontCache3.0.0.0 - ok
22:43:26.0704 4580	FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
22:43:26.0755 4580	FsDepends - ok
22:43:26.0781 4580	Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
22:43:26.0818 4580	Fs_Rec - ok
22:43:26.0889 4580	fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
22:43:26.0892 4580	fvevol - ok
22:43:26.0912 4580	gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
22:43:26.0915 4580	gagp30kx - ok
22:43:26.0931 4580	gdrv (f51fb25e1328fa14f446a8b24ac52709) C:\Windows\gdrv.sys
22:43:26.0933 4580	gdrv - ok
22:43:26.0970 4580	GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:43:26.0972 4580	GEARAspiWDM - ok
22:43:27.0036 4580	gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
22:43:27.0044 4580	gpsvc - ok
22:43:27.0135 4580	gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:43:27.0136 4580	gupdate - ok
22:43:27.0153 4580	gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:43:27.0154 4580	gupdatem - ok
22:43:27.0171 4580	hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
22:43:27.0203 4580	hcw85cir - ok
22:43:27.0248 4580	HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
22:43:27.0274 4580	HdAudAddService - ok
22:43:27.0316 4580	HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
22:43:27.0318 4580	HDAudBus - ok
22:43:27.0330 4580	HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
22:43:27.0332 4580	HidBatt - ok
22:43:27.0348 4580	HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
22:43:27.0373 4580	HidBth - ok
22:43:27.0403 4580	HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
22:43:27.0405 4580	HidIr - ok
22:43:27.0422 4580	hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
22:43:27.0425 4580	hidserv - ok
22:43:27.0474 4580	HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
22:43:27.0483 4580	HidUsb - ok
22:43:27.0530 4580	hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
22:43:27.0557 4580	hkmsvc - ok
22:43:27.0659 4580	HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
22:43:27.0687 4580	HomeGroupListener - ok
22:43:27.0732 4580	HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
22:43:27.0742 4580	HomeGroupProvider - ok
22:43:27.0778 4580	HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
22:43:27.0781 4580	HpSAMD - ok
22:43:27.0863 4580	HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
22:43:27.0878 4580	HTTP - ok
22:43:27.0913 4580	hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
22:43:27.0913 4580	hwpolicy - ok
22:43:27.0949 4580	i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
22:43:27.0978 4580	i8042prt - ok
22:43:28.0012 4580	iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
22:43:28.0026 4580	iaStorV - ok
22:43:28.0141 4580	IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
22:43:28.0145 4580	IDriverT - ok
22:43:28.0251 4580	idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:43:28.0284 4580	idsvc - ok
22:43:28.0368 4580	iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
22:43:28.0370 4580	iirsp - ok
22:43:28.0440 4580	IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
22:43:28.0481 4580	IKEEXT - ok
22:43:28.0669 4580	IntcAzAudAddService (b1cf774c00a5d466277fe0b45439c643) C:\Windows\system32\drivers\RTKVHD64.sys
22:43:28.0772 4580	IntcAzAudAddService - ok
22:43:28.0856 4580	intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
22:43:28.0897 4580	intelide - ok
22:43:28.0930 4580	intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
22:43:28.0931 4580	intelppm - ok
22:43:28.0960 4580	IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
22:43:28.0999 4580	IPBusEnum - ok
22:43:29.0037 4580	IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:43:29.0040 4580	IpFilterDriver - ok
22:43:29.0092 4580	iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
22:43:29.0123 4580	iphlpsvc - ok
22:43:29.0156 4580	IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
22:43:29.0159 4580	IPMIDRV - ok
22:43:29.0303 4580	IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
22:43:29.0355 4580	IPNAT - ok
22:43:29.0484 4580	iPod Service (dc115bd67a913f71a77c7c72c1e64c0a) C:\Program Files\iPod\bin\iPodService.exe
22:43:29.0497 4580	iPod Service - ok
22:43:29.0521 4580	IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
22:43:29.0551 4580	IRENUM - ok
22:43:29.0654 4580	isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
22:43:29.0656 4580	isapnp - ok
22:43:29.0718 4580	iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
22:43:29.0728 4580	iScsiPrt - ok
22:43:29.0748 4580	kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
22:43:29.0796 4580	kbdclass - ok
22:43:29.0839 4580	kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
22:43:29.0841 4580	kbdhid - ok
22:43:29.0868 4580	KeyIso (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
22:43:29.0870 4580	KeyIso - ok
22:43:29.0938 4580	KL1 (e656fe10d6d27794afa08136685a69e8) C:\Windows\system32\DRIVERS\kl1.sys
22:43:29.0942 4580	KL1 - ok
22:43:29.0965 4580	kl2 (d865dd8b0448e3f963d68c04c532858f) C:\Windows\system32\DRIVERS\kl2.sys
22:43:29.0990 4580	kl2 - ok
22:43:30.0064 4580	KLIF (c7d4f357c482dd37e2b05f34093b7b0c) C:\Windows\system32\DRIVERS\klif.sys
22:43:30.0067 4580	KLIF - ok
22:43:30.0083 4580	KLIM6 (89fb5a33d7171b6d84f5eb721d5055e1) C:\Windows\system32\DRIVERS\klim6.sys
22:43:30.0107 4580	KLIM6 - ok
22:43:30.0145 4580	klmouflt (9468d07e91ba136d82415f5dfc1fe168) C:\Windows\system32\DRIVERS\klmouflt.sys
22:43:30.0152 4580	klmouflt - ok
22:43:30.0187 4580	KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
22:43:30.0189 4580	KSecDD - ok
22:43:30.0224 4580	KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
22:43:30.0236 4580	KSecPkg - ok
22:43:30.0270 4580	ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
22:43:30.0272 4580	ksthunk - ok
22:43:30.0298 4580	KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
22:43:30.0353 4580	KtmRm - ok
22:43:30.0418 4580	LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
22:43:30.0436 4580	LanmanServer - ok
22:43:30.0481 4580	LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
22:43:30.0519 4580	LanmanWorkstation - ok
22:43:30.0565 4580	lirsgt (83ba097acaad0b00505634a62d90f93a) C:\Windows\system32\DRIVERS\lirsgt.sys
22:43:30.0567 4580	lirsgt - ok
22:43:30.0745 4580	LkCitadelServer (20cdb07017497c94a0bad253c4bafcbc) C:\Windows\SysWOW64\lkcitdl.exe
22:43:30.0814 4580	LkCitadelServer - ok
22:43:30.0860 4580	lkClassAds (c373079f8d6a3543faadb96c874cf06b) C:\Windows\SysWOW64\lkads.exe
22:43:30.0928 4580	lkClassAds - ok
22:43:30.0964 4580	lkTimeSync (ed1c2f1b9b7dedee5c6287211ac4422e) C:\Windows\SysWOW64\lktsrv.exe
22:43:30.0966 4580	lkTimeSync - ok
22:43:31.0049 4580	lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
22:43:31.0052 4580	lltdio - ok
22:43:31.0086 4580	lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
22:43:31.0117 4580	lltdsvc - ok
22:43:31.0134 4580	lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
22:43:31.0137 4580	lmhosts - ok
22:43:31.0168 4580	lmimirr (413ecdcfad9a82804d3674c8d7eec24e) C:\Windows\system32\DRIVERS\lmimirr.sys
22:43:31.0175 4580	lmimirr - ok
22:43:31.0195 4580	LMIRfsDriver (c57d3faa50e6f395759ffb7c709bd944) C:\Windows\system32\drivers\LMIRfsDriver.sys
22:43:31.0196 4580	LMIRfsDriver - ok
22:43:31.0231 4580	LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
22:43:31.0240 4580	LSI_FC - ok
22:43:31.0257 4580	LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
22:43:31.0260 4580	LSI_SAS - ok
22:43:31.0280 4580	LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:43:31.0290 4580	LSI_SAS2 - ok
22:43:31.0309 4580	LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:43:31.0312 4580	LSI_SCSI - ok
22:43:31.0334 4580	luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
22:43:31.0335 4580	luafv - ok
22:43:31.0374 4580	MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
22:43:31.0375 4580	MBAMProtector - ok
22:43:31.0469 4580	MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\a folder\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
22:43:31.0474 4580	MBAMService - ok
22:43:31.0496 4580	mcdbus (dd7376c4154a4b65962c47f21850bdad) C:\Windows\system32\DRIVERS\mcdbus.sys
22:43:31.0531 4580	mcdbus - ok
22:43:31.0564 4580	Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
22:43:31.0574 4580	Mcx2Svc - ok
22:43:31.0650 4580	megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
22:43:31.0679 4580	megasas - ok
22:43:31.0721 4580	MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
22:43:31.0758 4580	MegaSR - ok
22:43:31.0826 4580	Microsoft Office Groove Audit Service (7c4c76b39d5525c4a465e0be32528e19) C:\a folder\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
22:43:31.0854 4580	Microsoft Office Groove Audit Service - ok
22:43:31.0888 4580	MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
22:43:31.0890 4580	MMCSS - ok
22:43:31.0905 4580	Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
22:43:31.0914 4580	Modem - ok
22:43:31.0932 4580	monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
22:43:31.0933 4580	monitor - ok
22:43:31.0979 4580	mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
22:43:32.0008 4580	mouclass - ok
22:43:32.0053 4580	mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
22:43:32.0082 4580	mouhid - ok
22:43:32.0122 4580	mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
22:43:32.0124 4580	mountmgr - ok
22:43:32.0187 4580	MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:43:32.0191 4580	MozillaMaintenance - ok
22:43:32.0227 4580	mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
22:43:32.0240 4580	mpio - ok
22:43:32.0263 4580	mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
22:43:32.0293 4580	mpsdrv - ok
22:43:32.0372 4580	MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
22:43:32.0387 4580	MpsSvc - ok
22:43:32.0424 4580	MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
22:43:32.0437 4580	MRxDAV - ok
22:43:32.0464 4580	mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:43:32.0465 4580	mrxsmb - ok
22:43:32.0503 4580	mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:43:32.0505 4580	mrxsmb10 - ok
22:43:32.0521 4580	mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:43:32.0522 4580	mrxsmb20 - ok
22:43:32.0562 4580	msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
22:43:32.0571 4580	msahci - ok
22:43:32.0671 4580	msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
22:43:32.0692 4580	msdsm - ok
22:43:32.0736 4580	MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
22:43:32.0776 4580	MSDTC - ok
22:43:32.0829 4580	Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
22:43:32.0829 4580	Msfs - ok
22:43:32.0837 4580	mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
22:43:32.0860 4580	mshidkmdf - ok
22:43:32.0888 4580	msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
22:43:32.0889 4580	msisadrv - ok
22:43:32.0941 4580	MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
22:43:32.0952 4580	MSiSCSI - ok
22:43:32.0956 4580	msiserver - ok
22:43:32.0966 4580	MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
22:43:32.0991 4580	MSKSSRV - ok
22:43:33.0022 4580	MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
22:43:33.0031 4580	MSPCLOCK - ok
22:43:33.0043 4580	MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
22:43:33.0045 4580	MSPQM - ok
22:43:33.0094 4580	MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
22:43:33.0098 4580	MsRPC - ok
22:43:33.0135 4580	mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
22:43:33.0136 4580	mssmbios - ok
22:43:33.0163 4580	MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
22:43:33.0165 4580	MSTEE - ok
22:43:33.0179 4580	MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
22:43:33.0181 4580	MTConfig - ok
22:43:33.0209 4580	Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
22:43:33.0209 4580	Mup - ok
22:43:33.0261 4580	napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
22:43:33.0274 4580	napagent - ok
22:43:33.0311 4580	NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
22:43:33.0328 4580	NativeWifiP - ok
22:43:33.0397 4580	NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
22:43:33.0408 4580	NDIS - ok
22:43:33.0426 4580	NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
22:43:33.0460 4580	NdisCap - ok
22:43:33.0487 4580	NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
22:43:33.0489 4580	NdisTapi - ok
22:43:33.0517 4580	Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
22:43:33.0519 4580	Ndisuio - ok
22:43:33.0557 4580	NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
22:43:33.0569 4580	NdisWan - ok
22:43:33.0662 4580	NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
22:43:33.0672 4580	NDProxy - ok
22:43:33.0680 4580	NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
22:43:33.0680 4580	NetBIOS - ok
22:43:33.0726 4580	NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
22:43:33.0742 4580	NetBT - ok
22:43:33.0768 4580	Netlogon (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
22:43:33.0769 4580	Netlogon - ok
22:43:33.0820 4580	Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
22:43:33.0835 4580	Netman - ok
22:43:33.0953 4580	NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:43:33.0958 4580	NetMsmqActivator - ok
22:43:33.0961 4580	NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:43:33.0962 4580	NetPipeActivator - ok
22:43:34.0008 4580	netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
22:43:34.0047 4580	netprofm - ok
22:43:34.0051 4580	NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:43:34.0052 4580	NetTcpActivator - ok
22:43:34.0055 4580	NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:43:34.0056 4580	NetTcpPortSharing - ok
22:43:34.0119 4580	nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
22:43:34.0147 4580	nfrd960 - ok
22:43:34.0280 4580	NIDomainService (a36307747e7bb2dc015f9fe4350a4a08) C:\a folder\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
22:43:34.0323 4580	NIDomainService - ok
22:43:34.0677 4580	NILM License Manager (b17093b9a2c5f874975c732c1a8ba771) C:\a folder\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe
22:43:34.0719 4580	NILM License Manager - ok
22:43:34.0824 4580	niSvcLoc - ok
22:43:34.0907 4580	NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
22:43:34.0915 4580	NlaSvc - ok
22:43:34.0947 4580	Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
22:43:34.0948 4580	Npfs - ok
22:43:34.0974 4580	nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
22:43:34.0982 4580	nsi - ok
22:43:34.0990 4580	nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
22:43:34.0999 4580	nsiproxy - ok
22:43:35.0115 4580	Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
22:43:35.0133 4580	Ntfs - ok
22:43:35.0181 4580	Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
22:43:35.0183 4580	Null - ok
22:43:35.0218 4580	nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
22:43:35.0231 4580	nvraid - ok
22:43:35.0269 4580	nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
22:43:35.0281 4580	nvstor - ok
22:43:35.0334 4580	nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
22:43:35.0337 4580	nv_agp - ok
22:43:35.0531 4580	O&O Defrag (6ff0f6c590e92ff1dc559b3b1b3b1b11) C:\a folder\Program Files\OO Software\Defrag\oodag.exe
22:43:35.0581 4580	O&O Defrag - ok
22:43:35.0741 4580	odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:43:35.0853 4580	odserv - ok
22:43:35.0950 4580	ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
22:43:35.0961 4580	ohci1394 - ok
22:43:35.0986 4580	ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:43:36.0046 4580	ose - ok
22:43:36.0098 4580	p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
22:43:36.0109 4580	p2pimsvc - ok
22:43:36.0224 4580	p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
22:43:36.0235 4580	p2psvc - ok
22:43:36.0261 4580	Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
22:43:36.0272 4580	Parport - ok
22:43:36.0311 4580	partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
22:43:36.0312 4580	partmgr - ok
22:43:36.0332 4580	PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
22:43:36.0365 4580	PcaSvc - ok
22:43:36.0407 4580	pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
22:43:36.0409 4580	pci - ok
22:43:36.0421 4580	pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
22:43:36.0422 4580	pciide - ok
22:43:36.0445 4580	pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
22:43:36.0483 4580	pcmcia - ok
22:43:36.0518 4580	pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
22:43:36.0519 4580	pcw - ok
22:43:36.0554 4580	PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
22:43:36.0594 4580	PEAUTH - ok
22:43:36.0719 4580	PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
22:43:36.0762 4580	PeerDistSvc - ok
22:43:36.0822 4580	PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
22:43:36.0834 4580	PerfHost - ok
22:43:36.0983 4580	pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
22:43:37.0016 4580	pla - ok
22:43:37.0063 4580	PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
22:43:37.0077 4580	PlugPlay - ok
22:43:37.0098 4580	PnkBstrA - ok
22:43:37.0127 4580	PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
22:43:37.0170 4580	PNRPAutoReg - ok
22:43:37.0214 4580	PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
22:43:37.0217 4580	PNRPsvc - ok
22:43:37.0244 4580	PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
22:43:37.0263 4580	PolicyAgent - ok
22:43:37.0295 4580	Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
22:43:37.0334 4580	Power - ok
22:43:37.0424 4580	PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
22:43:37.0464 4580	PptpMiniport - ok
22:43:37.0506 4580	Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
22:43:37.0508 4580	Processor - ok
22:43:37.0535 4580	ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
22:43:37.0553 4580	ProfSvc - ok
22:43:37.0576 4580	ProtectedStorage (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
22:43:37.0577 4580	ProtectedStorage - ok
22:43:37.0689 4580	Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
22:43:37.0718 4580	Psched - ok
22:43:37.0815 4580	ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
22:43:37.0844 4580	ql2300 - ok
22:43:37.0921 4580	ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
22:43:37.0952 4580	ql40xx - ok
22:43:38.0000 4580	QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
22:43:38.0025 4580	QWAVE - ok
22:43:38.0038 4580	QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
22:43:38.0048 4580	QWAVEdrv - ok
22:43:38.0064 4580	RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
22:43:38.0086 4580	RasAcd - ok
22:43:38.0134 4580	RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
22:43:38.0144 4580	RasAgileVpn - ok
22:43:38.0159 4580	RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
22:43:38.0164 4580	RasAuto - ok
22:43:38.0208 4580	Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:43:38.0213 4580	Rasl2tp - ok
22:43:38.0265 4580	RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
22:43:38.0314 4580	RasMan - ok
22:43:38.0347 4580	RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
22:43:38.0357 4580	RasPppoe - ok
22:43:38.0384 4580	RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
22:43:38.0394 4580	RasSstp - ok
22:43:38.0444 4580	rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
22:43:38.0447 4580	rdbss - ok
22:43:38.0486 4580	RDID1053 (d22bd2c64e750013d23f97a50d183758) C:\Windows\system32\Drivers\rdwm1053.sys
22:43:38.0489 4580	RDID1053 - ok
22:43:38.0507 4580	rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
22:43:38.0509 4580	rdpbus - ok
22:43:38.0519 4580	RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:43:38.0528 4580	RDPCDD - ok
22:43:38.0564 4580	RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
22:43:38.0604 4580	RDPDR - ok
22:43:38.0716 4580	RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
22:43:38.0717 4580	RDPENCDD - ok
22:43:38.0727 4580	RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
22:43:38.0736 4580	RDPREFMP - ok
22:43:38.0780 4580	RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
22:43:38.0782 4580	RdpVideoMiniport - ok
22:43:38.0825 4580	RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
22:43:38.0861 4580	RDPWD - ok
22:43:38.0923 4580	rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
22:43:38.0933 4580	rdyboost - ok
22:43:38.0961 4580	RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
22:43:38.0970 4580	RemoteAccess - ok
22:43:39.0013 4580	RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
22:43:39.0032 4580	RemoteRegistry - ok
22:43:39.0068 4580	RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
22:43:39.0078 4580	RpcEptMapper - ok
22:43:39.0124 4580	RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
22:43:39.0126 4580	RpcLocator - ok
22:43:39.0176 4580	RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
22:43:39.0181 4580	RpcSs - ok
22:43:39.0205 4580	rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
22:43:39.0215 4580	rspndr - ok
22:43:39.0252 4580	RTL8169 (faeeed5a8949e6ba611a7b738ad28cee) C:\Windows\system32\DRIVERS\Rtlh64.sys
22:43:39.0275 4580	RTL8169 - ok
22:43:39.0311 4580	s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
22:43:39.0313 4580	s3cap - ok
22:43:39.0326 4580	SamSs (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
22:43:39.0327 4580	SamSs - ok
22:43:39.0426 4580	SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\a folder\Program Files\SuperAntiSpyware\SASDIFSV64.SYS
22:43:39.0433 4580	SASDIFSV - ok
22:43:39.0441 4580	SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\a folder\Program Files\SuperAntiSpyware\SASKUTIL64.SYS
22:43:39.0448 4580	SASKUTIL - ok
22:43:39.0479 4580	sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
22:43:39.0482 4580	sbp2port - ok
22:43:39.0518 4580	SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
22:43:39.0529 4580	SCardSvr - ok
22:43:39.0564 4580	scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
22:43:39.0566 4580	scfilter - ok
22:43:39.0713 4580	Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
22:43:39.0733 4580	Schedule - ok
22:43:39.0775 4580	SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
22:43:39.0776 4580	SCPolicySvc - ok
22:43:39.0817 4580	SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
22:43:39.0828 4580	SDRSVC - ok
22:43:39.0891 4580	secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
22:43:39.0898 4580	secdrv - ok
22:43:39.0930 4580	seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
22:43:39.0933 4580	seclogon - ok
22:43:39.0947 4580	SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
22:43:39.0950 4580	SENS - ok
22:43:39.0957 4580	SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
22:43:39.0960 4580	SensrSvc - ok
22:43:39.0972 4580	Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
22:43:39.0973 4580	Serenum - ok
22:43:39.0984 4580	Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
22:43:39.0994 4580	Serial - ok
22:43:40.0026 4580	sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
22:43:40.0035 4580	sermouse - ok
22:43:40.0072 4580	SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
22:43:40.0085 4580	SessionEnv - ok
22:43:40.0109 4580	sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
22:43:40.0118 4580	sffdisk - ok
22:43:40.0137 4580	sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
22:43:40.0143 4580	sffp_mmc - ok
22:43:40.0153 4580	sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
22:43:40.0181 4580	sffp_sd - ok
22:43:40.0208 4580	sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
22:43:40.0210 4580	sfloppy - ok
22:43:40.0249 4580	SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
22:43:40.0265 4580	SharedAccess - ok
22:43:40.0307 4580	ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
22:43:40.0330 4580	ShellHWDetection - ok
22:43:40.0358 4580	SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:43:40.0360 4580	SiSRaid2 - ok
22:43:40.0378 4580	SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
22:43:40.0387 4580	SiSRaid4 - ok
22:43:40.0417 4580	Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
22:43:40.0428 4580	Smb - ok
22:43:40.0459 4580	SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
22:43:40.0462 4580	SNMPTRAP - ok
22:43:40.0529 4580	speedfan (5f9785e7535f8f602cb294a54962c9e7) C:\Windows\syswow64\speedfan.sys
22:43:40.0532 4580	speedfan - ok
22:43:40.0544 4580	spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
22:43:40.0545 4580	spldr - ok
22:43:40.0702 4580	Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
22:43:40.0710 4580	Spooler - ok
22:43:40.0893 4580	sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
22:43:40.0982 4580	sppsvc - ok
22:43:41.0065 4580	sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
22:43:41.0069 4580	sppuinotify - ok
22:43:41.0144 4580	sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
22:43:41.0144 4580	Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
22:43:41.0156 4580	sptd ( LockedFile.Multi.Generic ) - warning
22:43:41.0156 4580	sptd - detected LockedFile.Multi.Generic (1)
22:43:41.0193 4580	srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
22:43:41.0196 4580	srv - ok
22:43:41.0240 4580	srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
22:43:41.0243 4580	srv2 - ok
22:43:41.0261 4580	srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
22:43:41.0263 4580	srvnet - ok
22:43:41.0291 4580	SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
22:43:41.0302 4580	SSDPSRV - ok
22:43:41.0313 4580	SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
22:43:41.0317 4580	SstpSvc - ok
22:43:41.0352 4580	Steam Client Service - ok
22:43:41.0380 4580	stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
22:43:41.0387 4580	stexstor - ok
22:43:41.0451 4580	stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
22:43:41.0468 4580	stisvc - ok
22:43:41.0511 4580	storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
22:43:41.0511 4580	storflt - ok
22:43:41.0557 4580	storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
22:43:41.0567 4580	storvsc - ok
22:43:41.0661 4580	swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
22:43:41.0672 4580	swenum - ok
22:43:41.0712 4580	swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
22:43:41.0729 4580	swprv - ok
22:43:41.0744 4580	Synth3dVsc - ok
22:43:41.0859 4580	SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
22:43:41.0889 4580	SysMain - ok
22:43:41.0990 4580	TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
22:43:41.0996 4580	TabletInputService - ok
22:43:42.0040 4580	TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
22:43:42.0048 4580	TapiSrv - ok
22:43:42.0061 4580	TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
22:43:42.0065 4580	TBS - ok
22:43:42.0178 4580	Tcpip (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys
22:43:42.0202 4580	Tcpip - ok
22:43:42.0337 4580	TCPIP6 (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys
22:43:42.0347 4580	TCPIP6 - ok
22:43:42.0413 4580	tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
22:43:42.0423 4580	tcpipreg - ok
22:43:42.0448 4580	TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
22:43:42.0470 4580	TDPIPE - ok
22:43:42.0498 4580	TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
22:43:42.0507 4580	TDTCP - ok
22:43:42.0550 4580	tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
22:43:42.0555 4580	tdx - ok
22:43:42.0645 4580	TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
22:43:42.0656 4580	TermDD - ok
22:43:42.0729 4580	TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
22:43:42.0744 4580	TermService - ok
22:43:42.0767 4580	Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
22:43:42.0775 4580	Themes - ok
22:43:42.0795 4580	THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
22:43:42.0797 4580	THREADORDER - ok
22:43:42.0817 4580	TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
22:43:42.0837 4580	TrkWks - ok
22:43:42.0880 4580	TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
22:43:42.0891 4580	TrustedInstaller - ok
22:43:42.0921 4580	tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:43:42.0923 4580	tssecsrv - ok
22:43:42.0973 4580	TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
22:43:42.0975 4580	TsUsbFlt - ok
22:43:42.0979 4580	tsusbhub - ok
22:43:43.0041 4580	tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
22:43:43.0054 4580	tunnel - ok
22:43:43.0085 4580	uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
22:43:43.0087 4580	uagp35 - ok
22:43:43.0125 4580	udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
22:43:43.0133 4580	udfs - ok
22:43:43.0155 4580	UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
22:43:43.0158 4580	UI0Detect - ok
22:43:43.0200 4580	uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
22:43:43.0203 4580	uliagpkx - ok
22:43:43.0242 4580	umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
22:43:43.0249 4580	umbus - ok
22:43:43.0267 4580	UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
22:43:43.0273 4580	UmPass - ok
22:43:43.0314 4580	UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
22:43:43.0324 4580	UmRdpService - ok
22:43:43.0351 4580	upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
22:43:43.0363 4580	upnphost - ok
22:43:43.0395 4580	usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\drivers\usbccgp.sys
22:43:43.0405 4580	usbccgp - ok
22:43:43.0441 4580	usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
22:43:43.0470 4580	usbcir - ok
22:43:43.0514 4580	usbehci (74ee782b1d9c241efe425565854c661c) C:\Windows\system32\drivers\usbehci.sys
22:43:43.0516 4580	usbehci - ok
22:43:43.0560 4580	usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\drivers\usbhub.sys
22:43:43.0577 4580	usbhub - ok
22:43:43.0650 4580	usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
22:43:43.0660 4580	usbohci - ok
22:43:43.0686 4580	usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
22:43:43.0688 4580	usbprint - ok
22:43:43.0707 4580	usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
22:43:43.0717 4580	usbscan - ok
22:43:43.0742 4580	USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:43:43.0752 4580	USBSTOR - ok
22:43:43.0783 4580	usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys
22:43:43.0792 4580	usbuhci - ok
22:43:43.0802 4580	UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
22:43:43.0824 4580	UxSms - ok
22:43:43.0851 4580	VaultSvc (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
22:43:43.0853 4580	VaultSvc - ok
22:43:43.0887 4580	vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
22:43:43.0887 4580	vdrvroot - ok
22:43:43.0940 4580	vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
22:43:43.0958 4580	vds - ok
22:43:43.0970 4580	vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
22:43:43.0972 4580	vga - ok
22:43:43.0983 4580	VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
22:43:43.0992 4580	VgaSave - ok
22:43:44.0013 4580	VGPU - ok
22:43:44.0037 4580	vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
22:43:44.0047 4580	vhdmp - ok
22:43:44.0066 4580	viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
22:43:44.0075 4580	viaide - ok
22:43:44.0118 4580	vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
22:43:44.0119 4580	vmbus - ok
22:43:44.0152 4580	VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
22:43:44.0177 4580	VMBusHID - ok
22:43:44.0211 4580	volmgr  (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
22:43:44.0212 4580	volmgr - ok
22:43:44.0254 4580	volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
22:43:44.0258 4580	volmgrx - ok
22:43:44.0283 4580	volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
22:43:44.0285 4580	volsnap - ok
22:43:44.0316 4580	vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
22:43:44.0335 4580	vsmraid - ok
22:43:44.0481 4580	VSPerfDrv100 (1928b9ca20f51bfbbad54d2c2c447b13) C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys
22:43:44.0483 4580	VSPerfDrv100 - ok
22:43:44.0659 4580	VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
22:43:44.0930 4580	VSS - ok
22:43:45.0020 4580	vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
22:43:45.0027 4580	vwifibus - ok
22:43:45.0060 4580	W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
22:43:45.0083 4580	W32Time - ok
22:43:45.0102 4580	WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
22:43:45.0105 4580	WacomPen - ok
22:43:45.0157 4580	WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
22:43:45.0168 4580	WANARP - ok
22:43:45.0179 4580	Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
22:43:45.0180 4580	Wanarpv6 - ok
22:43:45.0271 4580	WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
22:43:45.0299 4580	WatAdminSvc - ok
22:43:45.0401 4580	wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
22:43:45.0424 4580	wbengine - ok
22:43:45.0515 4580	WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
22:43:45.0533 4580	WbioSrvc - ok
22:43:45.0577 4580	wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
22:43:45.0582 4580	wcncsvc - ok
22:43:45.0648 4580	WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
22:43:45.0652 4580	WcsPlugInService - ok
22:43:45.0685 4580	Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
22:43:45.0687 4580	Wd - ok
22:43:45.0726 4580	Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
22:43:45.0730 4580	Wdf01000 - ok
22:43:45.0749 4580	WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
22:43:45.0780 4580	WdiServiceHost - ok
22:43:45.0783 4580	WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
22:43:45.0786 4580	WdiSystemHost - ok
22:43:45.0833 4580	WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
22:43:45.0842 4580	WebClient - ok
22:43:45.0863 4580	Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
22:43:45.0873 4580	Wecsvc - ok
22:43:45.0888 4580	wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
22:43:45.0897 4580	wercplsupport - ok
22:43:45.0917 4580	WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
22:43:45.0920 4580	WerSvc - ok
22:43:45.0941 4580	WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
22:43:45.0943 4580	WfpLwf - ok
22:43:45.0956 4580	WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
22:43:45.0958 4580	WIMMount - ok
22:43:45.0983 4580	WinDefend - ok
22:43:45.0991 4580	WinHttpAutoProxySvc - ok
22:43:46.0033 4580	Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
22:43:46.0051 4580	Winmgmt - ok
22:43:46.0175 4580	WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
22:43:46.0217 4580	WinRM - ok
22:43:46.0322 4580	WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
22:43:46.0329 4580	WinUsb - ok
22:43:46.0393 4580	Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
22:43:46.0409 4580	Wlansvc - ok
22:43:46.0651 4580	wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:43:46.0664 4580	wlidsvc - ok
22:43:46.0729 4580	WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
22:43:46.0738 4580	WmiAcpi - ok
22:43:46.0789 4580	wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
22:43:46.0800 4580	wmiApSrv - ok
22:43:46.0848 4580	WMPNetworkSvc - ok
22:43:46.0874 4580	WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
22:43:46.0882 4580	WPCSvc - ok
22:43:46.0919 4580	WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
22:43:46.0932 4580	WPDBusEnum - ok
22:43:46.0956 4580	ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
22:43:46.0964 4580	ws2ifsl - ok
22:43:46.0979 4580	wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
22:43:46.0982 4580	wscsvc - ok
22:43:46.0986 4580	WSearch - ok
22:43:47.0124 4580	wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
22:43:47.0154 4580	wuauserv - ok
22:43:47.0255 4580	WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
22:43:47.0266 4580	WudfPf - ok
22:43:47.0296 4580	WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:43:47.0307 4580	WUDFRd - ok
22:43:47.0342 4580	wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
22:43:47.0355 4580	wudfsvc - ok
22:43:47.0376 4580	WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
22:43:47.0393 4580	WwanSvc - ok
22:43:47.0404 4580	MBR (0x1B8) (4661f953f30d48fd76a9da73c4892179) \Device\Harddisk0\DR0
22:43:47.0775 4580	\Device\Harddisk0\DR0 - ok
22:43:47.0779 4580	MBR (0x1B8) (65e858a8a0293be11a920b0bc99d695e) \Device\Harddisk1\DR1
22:43:48.0217 4580	\Device\Harddisk1\DR1 - ok
22:43:48.0219 4580	Boot (0x1200) (b4f67d19b2b9cb025785cc00f8bccdfe) \Device\Harddisk0\DR0\Partition0
22:43:48.0220 4580	\Device\Harddisk0\DR0\Partition0 - ok
22:43:48.0241 4580	Boot (0x1200) (4d2cca53ef627626c7ad78ce199b81f7) \Device\Harddisk0\DR0\Partition1
22:43:48.0243 4580	\Device\Harddisk0\DR0\Partition1 - ok
22:43:48.0246 4580	Boot (0x1200) (b7328b645ded78ea7c684b6a94b76f87) \Device\Harddisk1\DR1\Partition0
22:43:48.0247 4580	\Device\Harddisk1\DR1\Partition0 - ok
22:43:48.0247 4580	============================================================
22:43:48.0248 4580	Scan finished
22:43:48.0248 4580	============================================================
22:43:48.0259 3700	Detected object count: 1
22:43:48.0259 3700	Actual detected object count: 1
22:44:40.0277 3700	sptd ( LockedFile.Multi.Generic ) - skipped by user
22:44:40.0277 3700	sptd ( LockedFile.Multi.Generic ) - User select action: Skip

COMBO FIX LOG

ComboFix 12-06-24.03 - PEP 06/24/2012 22:51:25.2.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1251.7.1033.18.4094.2645 [GMT -4:00]
Running from: c:\users\PEP\Desktop\ComboFix.exe
Command switches used :: c:\users\PEP\Desktop\CFScript.txt
AV: Kaspersky Internet Security *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-05-25 to 2012-06-25 )))))))))))))))))))))))))))))))
.
.
2012-06-25 02:58 . 2012-06-25 02:58	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-06-14 22:04 . 2012-06-14 22:04	--------	d-----w-	C:\_OTL
2012-06-07 01:15 . 2012-06-07 01:15	--------	d-----w-	c:\users\PEP\.swt
2012-06-07 01:11 . 2012-06-07 01:11	--------	d-----w-	c:\program files (x86)\Common Files\Java
2012-06-07 01:10 . 2012-06-07 01:10	--------	d-----w-	c:\program files (x86)\Oracle
2012-06-07 01:10 . 2012-04-04 22:47	772504	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2012-06-06 00:59 . 2012-06-18 15:01	--------	d-----w-	C:\SD
2012-06-06 00:18 . 2012-06-06 00:18	--------	d-----w-	c:\program files\Oracle
2012-06-06 00:17 . 2012-04-04 22:33	955800	----a-w-	c:\windows\system32\npDeployJava1.dll
2012-06-04 07:03 . 2012-06-13 21:25	--------	d-----w-	c:\users\PEP\AppData\Roaming\MonoDevelop-Unity-2.8
2012-06-04 07:03 . 2012-06-04 07:03	--------	d-----w-	c:\users\PEP\AppData\Local\MonoDevelop-Unity-2.8
2012-06-01 22:20 . 2012-06-01 22:20	--------	d-----w-	c:\program files (x86)\TexturePacker
2012-05-31 18:52 . 2012-05-31 18:52	--------	d-----w-	c:\programdata\regid.1986-12.com.adobe
2012-05-31 18:47 . 2012-05-31 18:47	--------	d-----w-	c:\programdata\ALM
2012-05-31 18:45 . 2012-05-31 18:45	--------	d-----w-	c:\program files (x86)\Adobe Media Player
2012-05-27 07:40 . 2012-05-27 07:40	--------	d-----w-	c:\users\PEP\AppData\Roaming\SUPERAntiSpyware.com
2012-05-27 07:37 . 2012-05-27 07:37	--------	d-----w-	c:\programdata\SUPERAntiSpyware.com
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-22 00:22 . 2008-11-15 02:33	202448	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2012-04-06 05:22 . 2012-04-06 05:22	11174400	----a-w-	c:\windows\system32\drivers\atikmdag.sys
2012-04-06 02:34 . 2012-04-06 02:34	187392	----a-w-	c:\windows\system32\clinfo.exe
2012-04-06 02:34 . 2012-04-06 02:34	74752	----a-w-	c:\windows\system32\OpenVideo64.dll
2012-04-06 02:34 . 2012-04-06 02:34	64512	----a-w-	c:\windows\SysWow64\OpenVideo.dll
2012-04-06 02:33 . 2012-04-06 02:33	63488	----a-w-	c:\windows\system32\OVDecode64.dll
2012-04-06 02:33 . 2012-04-06 02:33	56320	----a-w-	c:\windows\SysWow64\OVDecode.dll
2012-04-06 02:33 . 2012-04-06 02:33	16457216	----a-w-	c:\windows\system32\amdocl64.dll
2012-04-06 02:32 . 2012-04-06 02:32	13007872	----a-w-	c:\windows\SysWow64\amdocl.dll
2012-04-06 02:22 . 2012-04-06 02:22	159744	----a-w-	c:\windows\system32\atiapfxx.exe
2012-04-06 02:21 . 2011-04-20 02:09	909312	----a-w-	c:\windows\SysWow64\aticfx32.dll
2012-04-06 02:20 . 2010-05-05 02:18	1067520	----a-w-	c:\windows\system32\aticfx64.dll
2012-04-06 02:16 . 2011-12-06 03:12	442368	----a-w-	c:\windows\system32\ATIDEMGX.dll
2012-04-06 02:16 . 2012-04-06 02:16	503808	----a-w-	c:\windows\system32\atieclxx.exe
2012-04-06 02:16 . 2012-04-06 02:16	236544	----a-w-	c:\windows\system32\atiesrxx.exe
2012-04-06 02:14 . 2012-04-06 02:14	120320	----a-w-	c:\windows\system32\atitmm64.dll
2012-04-06 02:14 . 2012-04-06 02:14	21504	----a-w-	c:\windows\system32\atimuixx.dll
2012-04-06 02:14 . 2012-04-06 02:14	59392	----a-w-	c:\windows\system32\atiedu64.dll
2012-04-06 02:14 . 2012-04-06 02:14	43520	----a-w-	c:\windows\SysWow64\ati2edxx.dll
2012-04-06 02:13 . 2011-04-20 01:59	6800896	----a-w-	c:\windows\SysWow64\atidxx32.dll
2012-04-06 02:10 . 2012-04-06 02:10	26181632	----a-w-	c:\windows\system32\atio6axx.dll
2012-04-06 02:00 . 2010-05-05 01:35	64000	----a-w-	c:\windows\system32\coinst.dll
2012-04-06 01:54 . 2009-08-14 02:03	7479296	----a-w-	c:\windows\system32\atidxx64.dll
2012-04-06 01:50 . 2012-04-06 01:50	19753984	----a-w-	c:\windows\SysWow64\atioglxx.dll
2012-04-06 01:35 . 2012-04-06 01:35	1120768	----a-w-	c:\windows\system32\atiumd6v.dll
2012-04-06 01:34 . 2012-04-06 01:34	1831424 ----a-w-	c:\windows\SysWow64\atiumdmv.dll
2012-04-06 01:34 . 2011-12-06 02:39	4731904	----a-w-	c:\windows\system32\atiumd6a.dll
2012-04-06 01:34 . 2012-04-06 01:34	6203392	----a-w-	c:\windows\SysWow64\atiumdag.dll
2012-04-06 01:30 . 2012-04-06 01:30	51200	----a-w-	c:\windows\system32\aticalrt64.dll
2012-04-06 01:30 . 2012-04-06 01:30	46080	----a-w-	c:\windows\SysWow64\aticalrt.dll
2012-04-06 01:30 . 2012-04-06 01:30	44544	----a-w-	c:\windows\system32\aticalcl64.dll
2012-04-06 01:30 . 2012-04-06 01:30	44032	----a-w-	c:\windows\SysWow64\aticalcl.dll
2012-04-06 01:29 . 2012-04-06 01:29	16090624	----a-w-	c:\windows\system32\aticaldd64.dll
2012-04-06 01:25 . 2012-04-06 01:25	13764096	----a-w-	c:\windows\SysWow64\aticaldd.dll
2012-04-06 01:23 . 2011-12-06 02:24	7431680	----a-w-	c:\windows\system32\atiumd64.dll
2012-04-06 01:22 . 2012-04-06 01:22	4795904	----a-w-	c:\windows\SysWow64\atiumdva.dll
2012-04-06 01:11 . 2011-12-06 02:13	514560	----a-w-	c:\windows\system32\atiadlxx.dll
2012-04-06 01:11 . 2012-04-06 01:11	360448	----a-w-	c:\windows\SysWow64\atiadlxy.dll
2012-04-06 01:11 . 2012-04-06 01:11	17408	----a-w-	c:\windows\system32\atig6pxx.dll
2012-04-06 01:11 . 2012-04-06 01:11	14848	----a-w-	c:\windows\SysWow64\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11	14848	----a-w-	c:\windows\system32\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11	41984	----a-w-	c:\windows\system32\atig6txx.dll
2012-04-06 01:10 . 2012-04-06 01:10	33280	----a-w-	c:\windows\SysWow64\atigktxx.dll
2012-04-06 01:10 . 2012-04-06 01:10	343040	----a-w-	c:\windows\system32\drivers\atikmpag.sys
2012-04-06 01:09 . 2010-05-05 01:22	54784	----a-w-	c:\windows\system32\atiuxp64.dll
2012-04-06 01:09 . 2011-04-20 01:21	41984	----a-w-	c:\windows\SysWow64\atiuxpag.dll
2012-04-06 01:09 . 2011-12-06 02:11	44544	----a-w-	c:\windows\system32\atiu9p64.dll
2012-04-06 01:09 . 2011-05-25 02:24	32256	----a-w-	c:\windows\SysWow64\atiu9pag.dll
2012-04-06 01:09 . 2012-04-06 01:09	53248	----a-w-	c:\windows\system32\drivers\ati2erec.dll
2012-04-06 01:06 . 2012-04-06 01:06	54784	----a-w-	c:\windows\system32\atimpc64.dll
2012-04-06 01:06 . 2012-04-06 01:06	54784	----a-w-	c:\windows\system32\amdpcom64.dll
2012-04-06 01:06 . 2012-04-06 01:06	53760	----a-w-	c:\windows\SysWow64\atimpc32.dll
2012-04-06 01:06 . 2012-04-06 01:06	53760	----a-w-	c:\windows\SysWow64\amdpcom32.dll
2012-04-04 22:47 . 2010-08-12 22:21	687504	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-04-04 22:33 . 2011-03-30 16:58	839056	----a-w-	c:\windows\system32\deployJava1.dll
2012-04-04 19:56 . 2012-05-25 10:57	24904	----a-w-	c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((( [email protected]_11.51.58 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-25 12:51 . 2012-06-21 10:12	43334 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-25 03:02	28404 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-12-25 11:59 . 2012-06-25 03:02	20064 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3924556204-3487639632-2258398569-1000_UserData.bin
+ 2009-12-25 11:12 . 2012-06-25 02:06	16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-25 11:12 . 2012-06-03 09:11	16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-06-14 22:12 . 2012-06-25 02:06	32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-12-25 11:12 . 2012-06-03 09:11	32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-25 02:06	16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-03 09:11	16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2012-06-18 23:13	88528 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2011-08-09 22:20 . 2011-10-14 07:08	49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2011-08-09 22:20 . 2012-06-18 23:14	49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
- 2012-06-03 11:50 . 2012-06-03 11:50	2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-25 03:00 . 2012-06-25 03:00	2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-25 03:00 . 2012-06-25 03:00	2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-06-03 11:50 . 2012-06-03 11:50	2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-06-07 01:10 . 2012-04-04 22:47	227720 c:\windows\SysWOW64\javaws.exe
+ 2012-06-07 01:09 . 2012-06-07 01:09	174024 c:\windows\SysWOW64\javaw.exe
+ 2012-06-07 01:09 . 2012-06-07 01:09	174024 c:\windows\SysWOW64\java.exe
+ 2011-09-26 23:12 . 2012-06-23 19:19	295514 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 02:36 . 2012-06-13 18:29	697542 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-05-09 04:05	697542 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-05-09 04:05	141740 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-06-13 18:29	141740 c:\windows\system32\perfc009.dat
+ 2012-06-06 00:17 . 2012-06-06 00:16	268744 c:\windows\system32\javaws.exe
+ 2012-06-06 00:17 . 2012-06-06 00:16	189384 c:\windows\system32\javaw.exe
+ 2012-06-06 00:17 . 2012-06-06 00:16	188872 c:\windows\system32\java.exe
+ 2012-06-19 07:13 . 2012-06-25 02:59	284864 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-07-14 05:01 . 2012-06-25 02:59	500824 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-06-06 00:18 . 2012-06-06 00:18	514048 c:\windows\Installer\1ae0ef9.msi
+ 2012-06-06 00:17 . 2012-06-06 00:17	440832 c:\windows\Installer\1ae0ef5.msi
+ 2012-06-06 00:14 . 2012-06-06 00:14	471040 c:\windows\Installer\1ae0eea.msi
+ 2012-06-07 01:11 . 2012-06-07 01:11	179200 c:\windows\Installer\19789b8.msi
+ 2012-06-07 01:10 . 2012-06-07 01:10	461312 c:\windows\Installer\19789a8.msi
+ 2009-07-14 04:45 . 2012-06-07 11:29	5007800 c:\windows\system32\FNTCACHE.DAT
+ 2010-04-30 08:01 . 2012-06-25 02:59	31175380 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3924556204-3487639632-2258398569-1000-12288.dat
+ 2012-06-18 23:14 . 2012-06-18 23:14	20343808 c:\windows\Installer\257c27a.msp
+ 2012-05-03 04:32 . 2012-05-03 04:32	20036096 c:\windows\Installer\1ae0ef1.msi
+ 2012-06-07 01:08 . 2012-06-07 01:08	17379840 c:\windows\Installer\19789a4.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2010-11-20 163328]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"Adobe Reader Speed Launcher"="c:\a folder\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"NI Background Service"="c:\a folder\Program Files (x86)\National Instruments\Shared\Update Service\BackgroundService.exe" [2009-08-25 77824]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-06 641664]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-15 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-15 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-21 129976]
R3 RDID1053;PC-50;c:\windows\system32\Drivers\rdwm1053.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2010-03-18 68440]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 CSHelper;CopySafe Helper Service;c:\windows\SysWOW64\CSHelper.exe [2010-01-30 266240]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
S1 SASDIFSV;SASDIFSV;c:\a folder\Program Files\SuperAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\a folder\Program Files\SuperAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\a folder\Program Files\SuperAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 MBAMService;MBAMService;c:\a folder\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-15 04:40]
.
2012-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-15 04:40]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-02-17 7037984]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-02-17 1833504]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\system32\blank.htm
Trusted Zone: facebook.com\www
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
FF - ProfilePath - c:\users\PEP\AppData\Roaming\Mozilla\Firefox\Profiles\pv2z0nyu.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3924556204-3487639632-2258398569-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:1d,95,30,5e,fb,dd,83,9b,84,5e,8e,f2,cf,37,94,bd,67,71,52,46,33,ac,86,
a5,7f,93,2f,da,ad,0c,a6,db,a1,06,d2,c4,a2,1d,d2,f4,2d,69,bf,ce,54,ca,fd,b0,\
"??"=hex:64,c7,47,3c,b1,46,dc,87,ee,75,dd,19,bc,bf,1a,4f
.
[HKEY_USERS\S-1-5-21-3924556204-3487639632-2258398569-1000\Software\SecuROM\License information*]
"datasecu"=hex:3f,f8,70,63,d7,18,a4,68,54,86,a6,9c,b8,9a,25,32,22,4e,74,8f,d1,
b2,44,f5,49,9d,dc,54,0b,c7,d1,6a,bc,c9,08,7e,56,52,32,e4,43,b9,92,a5,79,74,\
"rkeysecu"=hex:d4,46,73,92,b3,86,58,32,28,6b,1f,b9,40,5a,eb,cb
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG12.00.00.01PROFESSIONAL"="C19BBF812550E14CD03A90C28F2637EDA1F57C2BB11DE4999DA059DB378BDB3193EF9BABF4DD9780E375FA431D72887F41601C840BC8955E7816DAC0137B9DE9D7939BC46C8D183E179FAB2EA8873D3ED8D635983961C06E3A773F0F81C49C10EB0DC4590792EB8F675F53969D44D3CB2A3BBF1FB694FEA10204664230812B4BF01A01CCBF13BC94180DFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3DA9C6AECB7A5D1407A6A0AC4980AC79331EFD33BB0154EE9DAF084DCFE9C0FA3972F6691FE9D4566CF3F503C21BA0B0F7722CEED8D01E54E333C73D56ADDE90315DD6369F548ABDDA726A5C761D3646B14E1605B7E4FDCBF8B9B4FC6861F74D618F013F0B14F4EBCA6A7D40D53C12385669B0BA2B679510500727A16488A48A5E73D48CEE25BFFB0C0E33453B8C93811562C159F7A69B1C13404DC51DC890666DD903274A272ACD9E776107F1C831E1493AE6ACD714D8B31C71A6065AEE7AC48575139E12DE0B83BAA232263C4B735D89578F85F8472E597D070805D66835C9D65CDC06AD334885CAEEA5C6CE97793D1C017F387EF78B58FBD399E741C7A95F428C8FF279B05FFC6DA20E8ED2D0F10E7CE54E1EFC0678BD8F0F5A58BCC4D0B5DB632C01C58660DA74E4122B64C0A31EDA9866137F718D5964D31984E0BABBBDEE25894ED5896F51E6C22DCA1554E703998B89788361FB41DA9E7B9D38A70CADF779507C62B0445800ABAD22EA9A2C15511BCAB37B9F834E8853F958C2AEFAFEA9EAFDB417982D2BABF4B5E75D4B70EECD82922BCC197C9D35B6E1F0729653F167696520138108C78F56BCD85B3ECA710DE49BCCD1E0CE105D7553A1ADCA7385CDC7ABEC6D4EC97201EC8D3444EFE541C3C5F50AD8AC7ACB319CC2AF50D9CE83A73E4BCE2A87FA318A38C63D6D01FCC6D99005D5A3569039969DF95E2A766D73F7E891FB4858B850E99E5B3C20B6E0ACE91202AA695B398526D015777D77692473459FAEB691B1DD9265917B99F979E443FA770452DD2DA22AEF85C98159F3A70437ECA5D9A6AC2E2B3C84CC0AD8BD22E9E04662FCA3BA442519102660B84E554708412588AFFE588DB023819782BB5D16BD20CAFA97C4644ACECB623A5AD0C50FDFBB71116895364839B0F2DACC955232ED8FC6D3C5C14004772758222366D7DF514D57B0B072E79EAC43FC60AF7F815F34ED6180E0BAD86CDD62E41E200F2D744EBC241E8DA75086C8C4FDA9C9C3AFEEB46CAC7040CFF2D6B013EAA97EDC2DB92D23A97FA46017AAAD75592CDABDE3E9F98D3C825BB198C48021CE3592F800D0AB6EC0F044D5A7E95E68F8CFC6616A8A712B298F51A79671C449FA21521C168FE76043045A5A2F554502C5729831D342EA6F1061E48A"
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
c:\windows\SysWOW64\lkads.exe
c:\windows\SysWOW64\lktsrv.exe
c:\a folder\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
c:\windows\SysWOW64\nisvcloc.exe
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Completion time: 2012-06-24 23:10:01 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-25 03:10
ComboFix2.txt 2012-06-03 11:59
.
Pre-Run: 69,650,292,736 bytes free
Post-Run: 69,436,702,720 bytes free
.
- - End Of File - - 5F6CFF57E1F25517C113DFE7F871AA81


----------



## eddie5659 (Mar 19, 2001)

Thanks 

Can you re-run aswMBR again, exactly as you did before, as I want to see if the same issues are being spotted, and post the log.

-----------

Download *CKScanner* from *here*

*Important :* Save it to your desktop. 

Doubleclick CKScanner.exe and click *Search For Files*. 
After a very short time, when the cursor hourglass disappears, click *Save List To File*. 
A message box will verify that the file is saved. 
Double-click the *CKFiles.txt* icon on your desktop and copy/paste the contents in your next reply.

----------

Save these instructions so you can have access to them while in Safe Mode.

Please click *here* to download AVP Tool by Kaspersky. 

Save it to your desktop. 
Reboot your computer into SafeMode. 
_You can do this by restarting your computer and continually tapping the *F8* key until a menu appears. 
Use your up arrow key to highlight SafeMode then hit *enter*_*.*​
Double click the setup file to run it. 
Click Next to continue. 
Accept the Licence agreement and click on next 
It will by default install it to your desktop folder.Click Next. 
It will then open a box There will be a tab that says Automatic scan. 
Under Automatic scan make sure these are checked. 

Hidden Startup Objects 
System Memory 
Disk Boot Sectors. 
My Computer. 
Also any other drives (Removable that you may have) 

Leave the rest of the settings as they appear as default.


Then click on Scan at the to right hand Corner. 
It will automatically Neutralize any objects found. 
If some objects are left un-neutralized then click the button that says Neutralize all 
If it says it cannot be Neutralized then chooose The delete option when prompted. 
After that is done click on the reports button at the bottom and save it to file name it *Kas*. 
Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under *Detected* post those results in your next reply.

*Note: This tool will self uninstall when you close it so please save the log before closing it. ​*
*​*


----------



## valis (Sep 24, 2004)

reopening per request. Due to the time that has elapsed, you should probably start at the beginning and post the requested logs again.

thanks, 

v


----------



## eddie5659 (Mar 19, 2001)

Hi

I think the majority was removed, from what I can remember. However, as it has been a while, can you delete the copy of OTL you have, and download a fresh one as follows. Also, only the one log will be produced 

Download *OTL* to your Desktop 

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. 
Select *All Users*
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long. 
When the scan completes, it will open one notepad window. *OTL.Txt*. This is saved in the same location as OTL. 
Please copy *(Edit->Select All, Edit->Copy)* the contents of this file and post them in your topic


----------



## PEP (Mar 1, 2006)

Hey thanks man for continuing, i kinda lost my free time for a while there.

Just in case, heres the stuff you requested from last time:
The kaspersky scan said no threats were detected.
The OTL log is on the bottom

ASWMBR LOG

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-28 09:46:59
-----------------------------
09:46:59.530 OS Version: Windows x64 6.1.7601 Service Pack 1
09:46:59.530 Number of processors: 4 586 0xF0B
09:46:59.531 ComputerName: PEPBOBA UserName: PEP
09:47:02.618 Initialize success
09:47:48.622 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
09:47:48.624 Disk 0 Vendor: WDC_WD5000AAKS-07A7B0 01.03B01 Size: 476938MB BusType: 3
09:47:48.635 Disk 0 MBR read successfully
09:47:48.637 Disk 0 MBR scan
09:47:48.639 Disk 0 unknown MBR code
09:47:48.645 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 297000 MB offset 2048
09:47:48.664 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 179935 MB offset 608258048
09:47:48.708 Disk 0 scanning C:\Windows\system32\drivers
09:47:55.963 Service scanning
09:48:01.498 Service KL1 C:\Windows\system32\DRIVERS\kl1.sys **LOCKED** 5
09:48:01.521 Service kl2 C:\Windows\system32\DRIVERS\kl2.sys **LOCKED** 5
09:48:01.571 Service KLIM6 C:\Windows\system32\DRIVERS\klim6.sys **LOCKED** 5
09:48:01.584 Service klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys **LOCKED** 5
09:48:07.058 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
09:48:10.811 Modules scanning
09:48:10.820 Disk 0 trace - called modules:
09:48:10.835 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80046ef2c0]<<spbv.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys 
09:48:10.840 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004b38060]
09:48:10.844 3 CLASSPNP.SYS[fffff8800235f43f] -> nt!IofCallDriver -> [0xfffffa80048d3520]
09:48:10.849 5 ACPI.sys[fffff880010aa7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa80047d5680]
09:48:10.854 \Driver\atapi[0xfffffa80048798a0] -> IRP_MJ_CREATE -> 0xfffffa80046ef2c0
09:48:10.859 Scan finished successfully
09:48:47.235 Disk 0 MBR has been saved successfully to "C:\Users\PEP\Desktop\MBR.dat"
09:48:47.241 The log file has been saved successfully to "C:\Users\PEP\Desktop\aswMBR.txt"

CKFILES LOG

CKScanner - Additional Security Risks - These are not necessarily bad
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze.rar
c:\a folder\files\downloads\amr\crack\serials.txt
c:\a folder\files\downloads\amr\crack\game\alice2\binaries\win32\alicemadnessreturns.exe
c:\a folder\files\downloads\amr\crack\game\alice2\binaries\win32\awc.dll
c:\a folder\files\downloads\amr\crack\game\alice2\binaries\win32\awc.org
c:\a folder\files\downloads\amr\crack\game\alice2\binaries\win32\core\awc.dll
c:\a folder\files\downloads\amr\crack\game\alice2\binaries\win32\core\awc.org
c:\a folder\files\downloads\games\crimsonland198\gametr.biz\crack\daha fazlas? icin tikla.url
c:\a folder\files\downloads\games\freespace 2\fs2nocdcrack.zip
c:\a folder\files\downloads\games\microsoft windows 7 ultimate retail(final) x86 (32 bit) and x64 (64 bit)\cracks for x64 + x86\windows 7 serials (x86-x64).txt
c:\a folder\files\downloads\games\microsoft windows 7 ultimate retail(final) x86 (32 bit) and x64 (64 bit)\cracks for x64 + x86\all working activators\thank you.txt
c:\a folder\files\downloads\games\microsoft windows 7 ultimate retail(final) x86 (32 bit) and x64 (64 bit)\cracks for x64 + x86\all working activators\7loader by hazar 1.5 (old one, but still works)\7loader v1.5.exe
c:\a folder\files\downloads\games\microsoft windows 7 ultimate retail(final) x86 (32 bit) and x64 (64 bit)\cracks for x64 + x86\all working activators\7loader by hazar 1.5 (old one, but still works)\windows 7 activator read me.txt
c:\a folder\files\downloads\games\microsoft windows 7 ultimate retail(final) x86 (32 bit) and x64 (64 bit)\cracks for x64 + x86\all working activators\7loader by hazar 1.6\loader.exe
c:\a folder\files\downloads\games\microsoft windows 7 ultimate retail(final) x86 (32 bit) and x64 (64 bit)\cracks for x64 + x86\all working activators\windows 7 loader 1.6.9 by daz\keys.ini
c:\a folder\files\downloads\games\microsoft windows 7 ultimate retail(final) x86 (32 bit) and x64 (64 bit)\cracks for x64 + x86\all working activators\windows 7 loader 1.6.9 by daz\windows 7 loader.exe
c:\a folder\files\downloads\games\microsoft windows 7 ultimate retail(final) x86 (32 bit) and x64 (64 bit)\cracks for x64 + x86\all working activators\windows 7 loader 1.6.9 by daz\certificates\acer.xrm-ms
c:\a folder\files\downloads\games\microsoft windows 7 ultimate retail(final) x86 (32 bit) and x64 (64 bit)\cracks for x64 + x86\all working activators\windows 7 loader 1.6.9 by daz\certificates\alienware.xrm-ms
c:\a folder\files\downloads\games\microsoft windows 7 ultimate retail(final) x86 (32 bit) and x64 (64 bit)\cracks for x64 + x86\all working activators\windows 7 loader 1.6.9 by daz\certificates\asus.xrm-ms
c:\a folder\files\downloads\games\microsoft windows 7 ultimate retail(final) x86 (32 bit) and x64 (64 bit)\cracks for x64 + x86\all working activators\windows 7 loader 1.6.9 by daz\certificates\dell.xrm-ms
c:\a folder\files\downloads\games\microsoft windows 7 ultimate retail(final) x86 (32 bit) and x64 (64 bit)\cracks for x64 + x86\all working activators\windows 7 loader 1.6.9 by daz\certificates\founder.xrm-ms
c:\a folder\files\downloads\games\microsoft windows 7 ultimate retail(final) x86 (32 bit) and x64 (64 bit)\cracks for x64 + x86\all working activators\windows 7 loader 1.6.9 by daz\certificates\fujitsu.xrm-ms
c:\a folder\files\downloads\games\microsoft windows 7 ultimate retail(final) x86 (32 bit) and x64 (64 bit)\cracks for x64 + x86\all working activators\windows 7 loader 1.6.9 by daz\certificates\hp.xrm-ms
c:\a folder\files\downloads\games\microsoft windows 7 ultimate retail(final) x86 (32 bit) and x64 (64 bit)\cracks for x64 + x86\all working activators\windows 7 loader 1.6.9 by daz\certificates\lenovo.xrm-ms
c:\a folder\files\downloads\games\microsoft windows 7 ultimate retail(final) x86 (32 bit) and x64 (64 bit)\cracks for x64 + x86\all working activators\windows 7 loader 1.6.9 by daz\certificates\msi.xrm-ms
c:\a folder\files\downloads\games\microsoft windows 7 ultimate retail(final) x86 (32 bit) and x64 (64 bit)\cracks for x64 + x86\all working activators\windows 7 loader 1.6.9 by daz\certificates\note.txt
c:\a folder\files\downloads\games\microsoft windows 7 ultimate retail(final) x86 (32 bit) and x64 (64 bit)\cracks for x64 + x86\all working activators\windows 7 loader 1.6.9 by daz\certificates\toshiba.xrm-ms
c:\a folder\files\downloads\games\microsoft windows 7 ultimate retail(final) x86 (32 bit) and x64 (64 bit)\cracks for x64 + x86\all working activators\windows 7 loader 1.6.9 by daz\notes\arguments.txt
c:\a folder\files\downloads\games\microsoft windows 7 ultimate retail(final) x86 (32 bit) and x64 (64 bit)\cracks for x64 + x86\all working activators\windows 7 loader 1.6.9 by daz\notes\beta loader changelog.txt
c:\a folder\files\downloads\games\microsoft windows 7 ultimate retail(final) x86 (32 bit) and x64 (64 bit)\cracks for x64 + x86\all working activators\windows 7 loader 1.6.9 by daz\notes\checksums.txt
c:\a folder\files\downloads\games\microsoft windows 7 ultimate retail(final) x86 (32 bit) and x64 (64 bit)\cracks for x64 + x86\all working activators\windows 7 loader 1.6.9 by daz\notes\how to recover windows.txt
c:\a folder\files\downloads\games\microsoft windows 7 ultimate retail(final) x86 (32 bit) and x64 (64 bit)\cracks for x64 + x86\all working activators\windows 7 loader 1.6.9 by daz\notes\how to restore tokens.txt
c:\a folder\files\downloads\games\microsoft windows 7 ultimate retail(final) x86 (32 bit) and x64 (64 bit)\cracks for x64 + x86\all working activators\windows 7 loader 1.6.9 by daz\notes\version history.txt
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\minecraft.exe
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\instructions.txt
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\options.txt
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\servers.dat
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\bin\jinput.jar
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\bin\lwjgl.jar
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\bin\lwjgl_util.jar
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\bin\md5s
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\bin\minecraft.jar
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\bin\version
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\bin\natives\jinput-dx8.dll
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\bin\natives\jinput-dx8_64.dll
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\bin\natives\jinput-raw.dll
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\bin\natives\jinput-raw_64.dll
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\bin\natives\lwjgl.dll
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\bin\natives\lwjgl64.dll
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\bin\natives\openal32.dll
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\bin\natives\openal64.dll
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\music\calm1.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\music\calm2.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\music\calm3.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newmusic\hal1.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newmusic\hal2.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newmusic\hal3.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newmusic\hal4.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newmusic\nuance1.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newmusic\nuance2.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newmusic\piano1.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newmusic\piano2.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newmusic\piano3.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\ambient\cave\cave1.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\ambient\cave\cave10.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\ambient\cave\cave11.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\ambient\cave\cave12.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\ambient\cave\cave13.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\ambient\cave\cave2.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\ambient\cave\cave3.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\ambient\cave\cave4.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\ambient\cave\cave5.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\ambient\cave\cave6.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\ambient\cave\cave7.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\ambient\cave\cave8.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\ambient\cave\cave9.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\ambient\weather\rain1.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\ambient\weather\rain2.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\ambient\weather\rain3.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\ambient\weather\rain4.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\ambient\weather\thunder1.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\ambient\weather\thunder2.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\ambient\weather\thunder3.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\damage\fallbig1.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\damage\fallbig2.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\damage\fallsmall.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\damage\hurtflesh1.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\damage\hurtflesh2.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\damage\hurtflesh3.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\fire\fire.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\fire\ignite.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\liquid\lava.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\liquid\lavapop.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\liquid\splash.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\liquid\water.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\chicken1.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\chicken2.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\chicken3.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\chickenhurt1.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\chickenhurt2.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\chickenplop.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\cow1.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\cow2.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\cow3.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\cow4.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\cowhurt1.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\cowhurt2.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\cowhurt3.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\creeper1.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\creeper2.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\creeper3.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\creeper4.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\creeperdeath.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\pig1.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\pig2.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\pig3.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\pigdeath.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\sheep1.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\sheep2.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\sheep3.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\skeleton1.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\skeleton2.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\skeleton3.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\skeletondeath.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\skeletonhurt1.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\skeletonhurt2.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\skeletonhurt3.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\skeletonhurt4.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\slime1.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\slime2.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\slime3.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\slime4.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\slime5.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\slimeattack1.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\slimeattack2.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\spider1.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\spider2.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\spider3.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\spider4.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\spiderdeath.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\zombie1.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\zombie2.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\zombie3.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\zombiedeath.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\zombiehurt1.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\zombiehurt2.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\blaze\breathe1.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\blaze\breathe2.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\blaze\breathe3.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\blaze\breathe4.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\blaze\death.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\blaze\hit1.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\blaze\hit2.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\blaze\hit3.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\blaze\hit4.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\endermen\death.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\endermen\hit1.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\endermen\hit2.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\endermen\hit3.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\endermen\hit4.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\endermen\idle1.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\endermen\idle2.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\endermen\idle3.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\endermen\idle4.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\endermen\idle5.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\endermen\portal.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\endermen\portal2.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\endermen\scream1.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\endermen\scream2.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\endermen\scream3.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\endermen\scream4.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\endermen\stare.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\ghast\affectionate scream.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\ghast\charge.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\ghast\death.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\ghast\fireball4.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\ghast\moan1.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\ghast\moan2.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\ghast\moan3.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\ghast\moan4.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\ghast\moan5.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\ghast\moan6.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\ghast\moan7.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\ghast\scream1.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\ghast\scream2.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\ghast\scream3.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\ghast\scream4.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\ghast\scream5.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\magmacube\big1.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\magmacube\big2.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\magmacube\big3.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\magmacube\big4.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\magmacube\jump1.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\magmacube\jump2.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\magmacube\jump3.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\magmacube\jump4.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\magmacube\small1.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\magmacube\small2.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\magmacube\small3.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\magmacube\small4.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\magmacube\small5.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\silverfish\hit1.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\silverfish\hit2.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\silverfish\hit3.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\silverfish\kill.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\silverfish\say1.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\silverfish\say2.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\silverfish\say3.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\silverfish\say4.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\silverfish\step1.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\silverfish\step2.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\silverfish\step3.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\silverfish\step4.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\wolf\bark1.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\wolf\bark2.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\wolf\bark3.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\wolf\death.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\wolf\growl1.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\wolf\growl2.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\wolf\growl3.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\wolf\howl1.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\wolf\howl2.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\wolf\hurt1.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\wolf\hurt2.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\wolf\hurt3.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\wolf\panting.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\wolf\shake.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\wolf\whine.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\zombiepig\zpig1.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\zombiepig\zpig2.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\zombiepig\zpig3.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\zombiepig\zpig4.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\zombiepig\zpigangry1.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\zombiepig\zpigangry2.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\zombiepig\zpigangry3.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\zombiepig\zpigangry4.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\zombiepig\zpigdeath.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\zombiepig\zpighurt1.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\mob\zombiepig\zpighurt2.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\note\bass.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\note\bassattack.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\note\bd.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\note\harp.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\note\hat.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\note\pling.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\note\snare.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\portal\portal.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\portal\travel.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\portal\trigger.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\random\bow.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\random\bowhit1.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\random\bowhit2.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\random\bowhit3.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\random\bowhit4.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\random\break.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\random\breath.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\random\burp.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\random\chestclosed.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\random\chestopen.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\random\click.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\random\door_close.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\random\door_open.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\random\drink.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\random\drr.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\random\eat1.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\random\eat2.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\random\eat3.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\random\explode.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\random\explode1.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\random\explode2.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\random\explode3.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\random\explode4.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\random\fizz.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\random\fuse.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\random\glass1.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\random\glass2.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\random\glass3.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\random\hurt.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\random\levelup.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\random\old_explode.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\random\orb.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\random\pop.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\random\splash.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\random\wood click.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\step\cloth1.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\step\cloth2.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\step\cloth3.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\step\cloth4.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\step\grass1.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\step\grass2.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\step\grass3.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\step\grass4.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\step\gravel1.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\step\gravel2.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\step\gravel3.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\step\gravel4.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\step\sand1.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\step\sand2.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\step\sand3.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\step\sand4.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\step\snow1.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\step\snow2.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\step\snow3.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\step\snow4.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\step\stone1.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\step\stone2.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\step\stone3.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\step\stone4.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\step\wood1.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\step\wood2.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\step\wood3.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\step\wood4.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\tile\piston\in.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\newsound\tile\piston\out.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\sound\loops\birds screaming loop.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\sound\loops\cave chimes.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\sound\loops\ocean.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\sound\loops\waterfall.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\sound\random\wood click.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\sound\step\grass1.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\sound\step\grass2.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\sound\step\grass3.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\sound\step\grass4.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\sound\step\gravel1.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\sound\step\gravel2.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\sound\step\gravel3.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\sound\step\gravel4.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\sound\step\stone1.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\sound\step\stone2.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\sound\step\stone3.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\sound\step\stone4.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\sound\step\wood1.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\sound\step\wood2.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\sound\step\wood3.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\sound\step\wood4.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\streaming\11.mus
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\streaming\13.mus
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\streaming\13.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\streaming\blocks.mus
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\streaming\cat.mus
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\streaming\cat.ogg
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\streaming\chirp.mus
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\streaming\far.mus
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\streaming\mall.mus
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\streaming\mellohi.mus
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\streaming\stal.mus
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\streaming\strad.mus
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\streaming\ward.mus
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\resources\streaming\where are we now.mus
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\saves\new world\level.dat
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\saves\new world\level.dat_old
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\saves\new world\session.lock
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\saves\new world\region\r.-1.-1.mcr
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\saves\new world\region\r.-1.-2.mcr
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\saves\new world\region\r.-1.0.mcr
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\saves\new world\region\r.-2.-1.mcr
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\saves\new world\region\r.-2.-2.mcr
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\saves\new world\region\r.0.-1.mcr
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\saves\new world\region\r.0.-2.mcr
c:\a folder\files\downloads\minecraft.v1.0.0_cracked_elze\minecraft.v1.0.0.cracked-p2p\pc\.minecraft\saves\new world\region\r.0.0.mcr
c:\a folder\files\downloads\multisim\ni_kg_v1100\keygen_unpack_v110000.exe
c:\a folder\files\downloads\multisim\ni_kg_v1100\keygen_unpack_v110000.md5
c:\a folder\files\downloads\setups\cracks\powerarchiver.exe
c:\a folder\files\downloads\setups\fl studio 9\cracks\plugin cracks (vsti)\hardcore.dll
c:\a folder\files\downloads\setups\fl studio 9\cracks\plugin cracks (vsti)\poizone.dll
c:\a folder\files\downloads\setups\fl studio 9\cracks\plugin cracks (vsti)\sawer.dll
c:\a folder\files\downloads\setups\fl studio 9\cracks\plugin cracks (vsti)\toxic biohazard.dll
c:\a folder\files\downloads\setups\fl studio 9\cracks\program crack\flengine.dll
c:\a folder\files\downloads\setups\naturalmotion endorphin v2.0\crack\endorphin.exe
c:\a folder\files\downloads\setups\naturalmotion endorphin v2.0\crack\install.txt
c:\a folder\files\downloads\setups\naturalmotion endorphin v2.0\crack\endorphin2-crack\endorphin.exe
c:\a folder\files\downloads\torrents\assassins_creed_2_multi9_crack_only.5481230.tpb.torrent
c:\a folder\files\downloads\torrents\assassins_creed_2_[multi9]_[pcdvd9][with_crack].5412697.tpb.torrent
c:\a folder\files\downloads\torrents\crysis_2-flt-crackonly.6269026.tpb.torrent
c:\a folder\files\downloads\torrents\dead.rising.2.crack.only-skidrow-[tracker.btarena.org].5851833.tpb.torrent
c:\a folder\files\downloads\torrents\fruity_loops_studio_producer_edition_9-cracks_incl.5131046.tpb.torrent
c:\a folder\files\downloads\torrents\halo 2 [pc][crack incl]_kayz 2008 [mininova].torrent
c:\a folder\files\downloads\torrents\portal_2_crack_fix-skidrow.6331751.tpb.torrent
c:\a folder\files\downloads\torrents\riddick._assault_on_dark_athena_patch___crack-darkcoder.4881044.tpb.torrent
c:\a folder\files\downloads\torrents\rign_roll_crack.5241322.tpb.torrent
c:\a folder\files\downloads\torrents\rosetta_stone_v.3.2_app_crack._plus_11_languages_.iso_[deified].4453776.tpb.torrent
c:\a folder\files\downloads\torrents\sid.meiers.civilization.v-skidrow-crackonly.5850241.tpb.torrent
c:\a folder\files\downloads\torrents\spider-man_web_of_shadows_v1.1_crack.4573732.tpb.torrent
c:\a folder\files\downloads\torrents\stalker clear sky 1.5.07 crack (multi lang and russian ) by lolote.rar [mininova].torrent
c:\a folder\files\downloads\torrents\stalker.clear.sky.with.crack-maverick.iso [mininova].torrent
c:\a folder\files\downloads\torrents\super.meat.boy.v1.0.cracked.read.nfo-theta.6001616.tpb.torrent
c:\a folder\files\downloads\torrents\total_war_shogun_2_update_crack-flt_dibya.6258022.tpb.torrent
c:\a folder\files\downloads\torrents\tropico.3.v1.09.update.crackfix-skidrow.rar.5228566.tpb.torrent
c:\a folder\files\downloads\torrents\[ftl3]_borderlands_crack_-_working_100__razor1911.5142268.tpb.torrent
c:\a folder\files\downloads\torrents\[ftl3]_saboteur_crack.5196263.tpb.torrent
c:\a folder\files\downloads\torrents\[isohunt] mount_and_blade_1.003___crack.4406785.tpb.torrent
c:\a folder\files\downloads\torrents\^dem^mirrors.edge.crackfix-reloaded [mininova].torrent
c:\a folder\files\downloads\torrents\_[ftl3]_saboteur_crack.5196263.tpb.torrent
c:\a folder\files\downloads\unitystuff\procedural_cityengine_v2010.3_win64-xforce\celwin64\crack-win64\celicd.exe
c:\a folder\files\downloads\unitystuff\procedural_cityengine_v2010.3_win64-xforce\celwin64\crack-win64\install.txt
c:\a folder\files\downloads\unitystuff\procedural_cityengine_v2010.3_win64-xforce\celwin64\crack-win64\instructions.txt
c:\a folder\files\downloads\unitystuff\procedural_cityengine_v2010.3_win64-xforce\celwin64\crack-win64\xf-ce2010_x64.exe
c:\a folder\files\downloads\unitystuff\procedural_cityengine_v2010.3_win64-xforce\celwin64\crack-win64\xf-citye_win64bits\celicd.exe
c:\a folder\files\downloads\unitystuff\procedural_cityengine_v2010.3_win64-xforce\celwin64\crack-win64\xf-citye_win64bits\instructions.txt
c:\a folder\files\downloads\unitystuff\procedural_cityengine_v2010.3_win64-xforce\celwin64\crack-win64\xf-citye_win64bits\xf-ce2010_x64.exe
c:\a folder\program files\matlab\r2009b\toolbox\pde\crackb.m
c:\a folder\program files\matlab\r2009b\toolbox\pde\crackg.m
c:\a folder\program files\matlab\r2009b\toolbox\pde\ja\crackb.m
c:\a folder\program files\matlab\r2009b\toolbox\pde\ja\crackg.m
c:\a folder\program files (x86)\image-line\fl studio 10\plugins\fruity\effects\hardcore\presets\i cracked my tube!.hdprg
c:\a folder\program files (x86)\image-line\fl studio 10\plugins\fruity\generators\drumaxx\drum patches\sound fx\crack.dmpatch
c:\a folder\program files (x86)\image-line\fl studio 10\plugins\fruity\generators\drumpad\drum patches\sound fx\crack.dmpatch
c:\a folder\program files (x86)\steam\steamapps\common\magicka\content\levels\textures\surface\nature\ground\dirt01_cracked_0.xnb
c:\a folder\program files (x86)\steam\steamapps\common\magicka\content\levels\textures\surface\nature\ground\dirt01_cracked_nrm_0.xnb
c:\a folder\program files (x86)\steam\steamapps\common\magicka\content\levels\textures\surface\structure\stone\pillar_cracked00_0.xnb
c:\a folder\program files (x86)\steam\steamapps\common\magicka\content\levels\textures\surface\structure\stone\pillar_cracked00_nrm02_0.xnb
c:\a folder\program files (x86)\steam\steamapps\common\magicka\content\levels\textures\surface\structure\stone\wall_cracked00_0.xnb
c:\a folder\program files (x86)\steam\steamapps\common\magicka\content\levels\textures\surface\structure\stone\wall_cracked01_0.xnb
c:\a folder\program files (x86)\steam\steamapps\common\magicka\content\levels\textures\surface\structure\stone\wall_cracked_nrm_0.xnb
c:\a folder\program files (x86)\steam\steamapps\common\mountblade warband\sounds\fire_small_crackle_slick_op.ogg
c:\program files (x86)\android\android-sdk\docs\reference\java\security\spec\rsakeygenparameterspec.html
c:\program files (x86)\android\android-sdk\docs\reference\javax\crypto\keygenerator.html
c:\program files (x86)\android\android-sdk\docs\reference\javax\crypto\keygeneratorspi.html
c:\users\pep\android-sdks\sources\android-15\java\security\spec\rsakeygenparameterspec.java
c:\users\pep\android-sdks\sources\android-15\javax\crypto\keygenerator.java
c:\users\pep\android-sdks\sources\android-15\javax\crypto\keygeneratorspi.java
c:\users\pep\android-sdks\sources\android-15\org\apache\harmony\crypto\tests\javax\crypto\keygeneratorspitest.java
c:\users\pep\android-sdks\sources\android-15\org\apache\harmony\crypto\tests\javax\crypto\keygeneratortest.java
c:\users\pep\android-sdks\sources\android-15\org\apache\harmony\crypto\tests\javax\crypto\func\keygeneratorfunctionaltest.java
c:\users\pep\android-sdks\sources\android-15\org\apache\harmony\crypto\tests\javax\crypto\func\keygeneratorthread.java
c:\users\pep\android-sdks\sources\android-15\org\apache\harmony\crypto\tests\support\mykeygeneratorspi.java
c:\users\pep\desktop\work\article marketing robot with crack.rar
scanner sequence 3.ZZ.11.RTNAUP
----- EOF -----

OTL LOG:
OTL logfile created on: 9/27/2012 8:54:25 PM - Run 3
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\PEP\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.39 Gb Available Physical Memory | 59.88% Memory free
9.99 Gb Paging File | 8.01 Gb Available in Paging File | 80.16% Paging File free
Paging file location(s): c:\pagefile.sys 6141 6141 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 290.04 Gb Total Space | 85.32 Gb Free Space | 29.42% Space Free | Partition Type: NTFS
Drive P: | 175.72 Gb Total Space | 77.25 Gb Free Space | 43.96% Space Free | Partition Type: NTFS

Computer Name: PEPBOBA | User Name: PEP | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/07 01:04:30 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/06/10 02:21:50 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\PEP\Desktop\OTL.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\a folder\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/01/17 11:07:58 | 000,505,736 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2011/04/25 00:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
PRC - [2011/03/20 21:26:10 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2009/06/18 07:01:50 | 000,356,912 | ---- | M] (National Instruments Corporation) -- C:\a folder\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
PRC - [2009/06/18 06:57:28 | 000,042,544 | ---- | M] (National Instruments Corporation) -- C:\Windows\SysWOW64\lkads.exe
PRC - [2009/06/18 06:56:32 | 000,053,296 | ---- | M] (National Instruments Corporation) -- C:\Windows\SysWOW64\lktsrv.exe
PRC - [2009/06/04 04:14:28 | 000,013,896 | ---- | M] (National Instruments Corporation) -- C:\Windows\SysWOW64\nisvcloc.exe

========== Modules (No Company Name) ==========

MOD - [2012/09/07 01:04:30 | 002,244,064 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/04/25 00:13:30 | 007,008,656 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtgui4.dll
MOD - [2011/04/25 00:13:28 | 000,192,912 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtsql4.dll
MOD - [2011/04/25 00:13:26 | 001,270,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtscript4.dll
MOD - [2011/04/25 00:13:26 | 000,758,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtnetwork4.dll
MOD - [2011/04/25 00:13:24 | 002,118,032 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtcore4.dll
MOD - [2011/04/25 00:13:24 | 002,089,360 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtdeclarative4.dll
MOD - [2011/04/20 20:56:28 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll

========== Win32 Services (SafeList) ==========

SRV:*64bit:* - [2012/07/04 02:20:54 | 000,238,080 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:*64bit:* - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:*64bit:* - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:*64bit:* - [2007/02/07 16:27:02 | 000,566,768 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\dlbccoms.exe -- (dlbc_device)
SRV - [2012/09/07 01:04:30 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/03 13:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/06/01 13:18:16 | 000,736,104 | ---- | M] (Tunngle.net GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\a folder\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/11 19:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\a folder\Program Files\SuperAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV - [2011/04/25 00:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP)
SRV - [2011/03/20 21:26:10 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/11/18 23:25:46 | 000,403,240 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/30 18:24:23 | 000,266,240 | ---- | M] () [Disabled | Stopped] -- C:\Windows\SysWOW64\CSHelper.exe -- (CSHelper)
SRV - [2009/09/18 10:10:28 | 001,007,616 | ---- | M] (Macrovision Corporation) [Disabled | Stopped] -- C:\a folder\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe -- (NILM License Manager)
SRV - [2009/09/12 01:40:22 | 002,287,360 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\a folder\Program Files\OO Software\Defrag\oodag.exe -- (O&O Defrag)
SRV - [2009/06/18 07:01:50 | 000,356,912 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\a folder\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe -- (NIDomainService)
SRV - [2009/06/18 06:57:28 | 000,042,544 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Windows\SysWOW64\lkads.exe -- (lkClassAds)
SRV - [2009/06/18 06:56:32 | 000,053,296 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Windows\SysWOW64\lktsrv.exe -- (lkTimeSync)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 04:14:28 | 000,013,896 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Windows\SysWOW64\nisvcloc.exe -- (niSvcLoc)
SRV - [2008/10/31 14:52:54 | 000,695,136 | ---- | M] (National Instruments, Inc.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\lkcitdl.exe -- (LkCitadelServer)
SRV - [2008/10/25 11:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\a folder\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2007/02/07 16:26:52 | 000,538,096 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\dlbccoms.exe -- (dlbc_device)

========== Driver Services (SafeList) ==========

DRV:*64bit:* - [2012/07/04 02:59:32 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:*64bit:* - [2012/07/04 02:59:32 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:*64bit:* - [2012/07/04 01:10:56 | 000,359,936 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:*64bit:* - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:*64bit:* - [2012/02/23 15:28:08 | 000,615,728 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:*64bit:* - [2012/02/23 08:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:*64bit:* - [2011/03/10 19:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:*64bit:* - [2011/03/04 14:23:28 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)
DRV:*64bit:* - [2011/03/04 14:23:24 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:*64bit:* - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:*64bit:* - [2010/11/20 09:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:*64bit:* - [2010/11/20 09:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:*64bit:* - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:*64bit:* - [2010/11/20 07:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:*64bit:* - [2009/12/27 22:57:46 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:*64bit:* - [2009/11/02 21:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:*64bit:* - [2009/09/18 02:08:00 | 000,081,792 | ---- | M] (Roland Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rdwm1053.sys -- (RDID1053)
DRV:*64bit:* - [2009/09/16 08:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t) TAP-Win32 Adapter V9 (Tunngle)
DRV:*64bit:* - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:*64bit:* - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:*64bit:* - [2009/07/13 21:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:*64bit:* - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:*64bit:* - [2009/06/12 22:35:20 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:*64bit:* - [2009/06/12 22:35:20 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:*64bit:* - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:*64bit:* - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:*64bit:* - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:*64bit:* - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:*64bit:* - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:*64bit:* - [2008/07/24 19:46:08 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:*64bit:* - [2008/07/24 19:45:20 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
DRV:*64bit:* - [2007/08/13 23:08:34 | 000,202,176 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV:*64bit:* - [2007/06/25 06:37:14 | 000,108,032 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rtlh64.sys -- (RTL8169)
DRV - [2011/07/22 12:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\a folder\Program Files\SuperAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV - [2011/07/12 17:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\a folder\Program Files\SuperAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008/12/20 17:54:14 | 000,020,544 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:*64bit:* - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:*64bit:* - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3924556204-3487639632-2258398569-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3924556204-3487639632-2258398569-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FE 43 99 C7 CF 0A CD 01 [binary data]
IE - HKU\S-1-5-21-3924556204-3487639632-2258398569-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3924556204-3487639632-2258398569-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3924556204-3487639632-2258398569-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:*64bit:* - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:*64bit:* - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\a folder\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@artistscope.com/ArtistScope DRM plugin 1,version=1.1.0.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npArtistScopeDRM11.dll (ArtistScope)
FF - HKLM\Software\MozillaPlugins\@artistscope.com/ArtistScope plugin 42,version=4.2.0.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npArtistScope42.dll (ArtistScope)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\a folder\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\a folder\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@artistscope.com/ArtistScope DRM plugin 1,version=1.1.0.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npArtistScopeDRM11.dll (ArtistScope)
FF - HKCU\Software\MozillaPlugins\@artistscope.com/ArtistScope plugin 42,version=4.2.0.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npArtistScope42.dll (ArtistScope)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\PEP\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\[email protected] [2012/09/03 08:36:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\[email protected] [2012/09/03 08:36:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected].ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\[email protected] [2012/09/03 08:36:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/07 01:04:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/09/07 01:04:28 | 000,000,000 | ---D | M]

[2009/12/25 07:22:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PEP\AppData\Roaming\Mozilla\Extensions
[2012/09/16 19:45:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PEP\AppData\Roaming\Mozilla\Firefox\Profiles\pv2z0nyu.default\extensions
[2012/09/16 19:45:33 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\PEP\AppData\Roaming\Mozilla\Firefox\Profiles\pv2z0nyu.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/09/07 01:04:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/09/07 01:04:27 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]_bak
[2012/09/07 01:04:27 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]_bak
[2012/09/07 01:04:30 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2009/01/15 14:53:03 | 000,616,448 | ---- | M] (ArtistScope) -- C:\Program Files (x86)\mozilla firefox\plugins\npArtistScope42.dll
[2009/02/02 02:06:56 | 000,211,456 | ---- | M] (ArtistScope) -- C:\Program Files (x86)\mozilla firefox\plugins\npArtistScopeDRM11.dll
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2008/12/10 14:49:34 | 000,023,040 | ---- | M] (National Instruments) -- C:\Program Files (x86)\mozilla firefox\plugins\nplv86win32.dll
[2009/10/07 16:11:28 | 000,025,088 | ---- | M] (National Instruments) -- C:\Program Files (x86)\mozilla firefox\plugins\nplv90win32.dll
[2012/08/30 17:35:24 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/08/30 17:35:24 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/06/24 23:01:34 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:*64bit:* - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:*64bit:* - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\a folder\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O4:*64bit:* - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:*64bit:* - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:*64bit:* - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avp] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [NI Background Service] C:\a folder\Program Files (x86)\National Instruments\Shared\Update Service\BackgroundService.exe (National Instruments)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3924556204-3487639632-2258398569-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3924556204-3487639632-2258398569-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3924556204-3487639632-2258398569-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:*64bit:* - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O9:*64bit:* - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O9:*64bit:* - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\a folder\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\a folder\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\a folder\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\a folder\Program Files (x86)\AIM\aim.exe (America Online, Inc.)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O15 - HKU\S-1-5-21-3924556204-3487639632-2258398569-1000\..Trusted Domains: facebook.com ([www] http in Trusted sites)
O16:*64bit:* - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 10.4.0)
O16:*64bit:* - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 1.7.0_04)
O16:*64bit:* - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 1.7.0_04)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/betapit/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{659D3C6A-9AF6-47A6-8D43-C5166F4A3B63}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ECCBC47D-9E84-4A72-B0B7-DCAC7831F23D}: DhcpNameServer = 7.254.254.254
O18:*64bit:* - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:*64bit:* - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: VMApplet - (systempropertiesperformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:*64bit:* - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\a folder\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (OODBS)
O35:*64bit:* - HKLM\..comfile [open] -- "%1" %*
O35:*64bit:* - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:*64bit:* - HKLM\...com [@ = ComFile] -- "%1" %*
O37:*64bit:* - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/24 16:46:41 | 000,000,000 | ---D | C] -- C:\Users\PEP\AppData\Roaming\.techniclauncher
[2012/09/14 15:50:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SSC Service Utility
[2012/09/12 00:25:00 | 000,000,000 | ---D | C] -- C:\Users\PEP\Desktop\flashdrivedenis
[2012/09/11 23:58:32 | 000,000,000 | ---D | C] -- C:\Program Files\Dell Photo Printer 720
[2012/09/11 23:58:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Printers
[2012/09/11 23:58:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dell Photo Printer 720
[2012/09/11 23:58:26 | 000,131,072 | ---- | C] (Dell ) -- C:\Windows\SysWow64\dlbcins.dll
[2012/09/11 23:58:26 | 000,086,016 | ---- | C] (Dell ) -- C:\Windows\SysWow64\dlbcinsr.dll
[2012/09/11 23:58:14 | 000,072,192 | ---- | C] (Dell ) -- C:\Windows\SysNative\dlbcinsr.dll
[2012/09/11 23:58:13 | 000,177,664 | ---- | C] (Dell ) -- C:\Windows\SysNative\dlbcins.dll
[2012/09/11 23:57:02 | 000,000,000 | ---D | C] -- C:\dell
[2012/09/07 01:04:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/09/01 12:50:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sleeping Dogs
[2012/08/31 12:57:04 | 000,000,000 | ---D | C] -- C:\Users\PEP\AppData\Roaming\.minecraft
[2012/08/28 22:24:35 | 000,000,000 | ---D | C] -- C:\Users\PEP\Desktop\WebPlayer
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/09/27 20:45:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/27 20:21:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/27 11:32:42 | 000,020,704 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/27 11:32:42 | 000,020,704 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/27 11:29:51 | 000,847,692 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/09/27 11:29:51 | 000,697,542 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/09/27 11:29:51 | 000,141,740 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/09/27 11:25:31 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/27 11:25:12 | 003,390,553 | ---- | M] () -- C:\Windows\SysNative\oodbs.lor
[2012/09/27 00:32:44 | 000,000,382 | ---- | M] () -- C:\Windows\dellstat.ini
[2012/09/25 16:00:24 | 137,139,632 | ---- | M] () -- C:\Users\PEP\Desktop\setup_11.0.0.1245.x01_2012_09_25_22_52.exe
[2012/09/25 15:52:19 | 000,000,193 | ---- | M] () -- C:\Windows\WORDPAD.INI
[2012/09/18 15:58:39 | 000,018,432 | ---- | M] () -- C:\Users\PEP\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/09/14 15:50:30 | 000,000,918 | ---- | M] () -- C:\Users\PEP\Desktop\SSC Service Utility.lnk
[2012/09/12 01:59:27 | 093,410,847 | ---- | M] () -- C:\Users\PEP\Desktop\Those Relaxing Sounds of Waves - Full HD Film, 1080p, 1h long movie.mp3
[2012/09/12 01:51:45 | 002,560,735 | ---- | M] () -- C:\Users\PEP\Desktop\World of Goo OST Jelly.mp3
[2012/09/11 23:59:19 | 000,004,452 | ---- | M] () -- C:\Windows\SysNative\LexFiles.ulf
[2012/09/11 23:39:50 | 071,011,161 | ---- | M] () -- C:\Users\PEP\Desktop\Steve Roach - Darkest Before Dawn.mp3
[2012/08/31 13:08:39 | 000,139,783 | ---- | M] () -- C:\Users\PEP\Desktop\MinecraftSP.jar
[2012/08/29 23:20:15 | 000,162,508 | ---- | M] () -- C:\Users\PEP\Documents\puzzleball.mdl
[2012/08/29 22:52:29 | 000,002,006 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/25 15:54:02 | 137,139,632 | ---- | C] () -- C:\Users\PEP\Desktop\setup_11.0.0.1245.x01_2012_09_25_22_52.exe
[2012/09/14 15:50:30 | 000,000,918 | ---- | C] () -- C:\Users\PEP\Desktop\SSC Service Utility.lnk
[2012/09/12 01:51:23 | 002,560,735 | ---- | C] () -- C:\Users\PEP\Desktop\World of Goo OST Jelly.mp3
[2012/09/12 01:48:59 | 093,410,847 | ---- | C] () -- C:\Users\PEP\Desktop\Those Relaxing Sounds of Waves - Full HD Film, 1080p, 1h long movie.mp3
[2012/09/11 23:58:49 | 000,000,382 | ---- | C] () -- C:\Windows\dellstat.ini
[2012/09/11 23:58:26 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\dlbcserv.dll
[2012/09/11 23:58:26 | 000,991,232 | ---- | C] ( ) -- C:\Windows\SysWow64\dlbcusb1.dll
[2012/09/11 23:58:26 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\dlbchbn3.dll
[2012/09/11 23:58:26 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\dlbccomc.dll
[2012/09/11 23:58:26 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\dlbcpmui.dll
[2012/09/11 23:58:26 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\dlbclmpm.dll
[2012/09/11 23:58:26 | 000,538,096 | ---- | C] ( ) -- C:\Windows\SysWow64\dlbccoms.exe
[2012/09/11 23:58:26 | 000,483,328 | ---- | C] ( ) -- C:\Windows\SysWow64\dlbcjswr.dll
[2012/09/11 23:58:26 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\dlbccomm.dll
[2012/09/11 23:58:26 | 000,413,696 | ---- | C] () -- C:\Windows\SysWow64\dlbcutil.dll
[2012/09/11 23:58:26 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\dlbcinpa.dll
[2012/09/11 23:58:26 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\dlbciesc.dll
[2012/09/11 23:58:26 | 000,386,544 | ---- | C] ( ) -- C:\Windows\SysWow64\dlbcih.exe
[2012/09/11 23:58:26 | 000,382,448 | ---- | C] ( ) -- C:\Windows\SysWow64\dlbccfg.exe
[2012/09/11 23:58:26 | 000,323,584 | ---- | C] ( ) -- C:\Windows\SysWow64\DLBChcp.dll
[2012/09/11 23:58:26 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\DLBCinst.dll
[2012/09/11 23:58:26 | 000,181,744 | ---- | C] ( ) -- C:\Windows\SysWow64\dlbcppls.exe
[2012/09/11 23:58:26 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\dlbcprox.dll
[2012/09/11 23:58:26 | 000,155,648 | ---- | C] () -- C:\Windows\SysWow64\dlbcinsb.dll
[2012/09/11 23:58:26 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\dlbcpplc.dll
[2012/09/11 23:58:26 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\dlbccur.dll
[2012/09/11 23:58:26 | 000,073,728 | ---- | C] ( ) -- C:\Windows\SysWow64\dlbccu.dll
[2012/09/11 23:58:26 | 000,001,973 | ---- | C] () -- C:\Windows\SysWow64\dlbc.loc
[2012/09/11 23:58:14 | 001,417,728 | ---- | C] ( ) -- C:\Windows\SysNative\dlbcserv.dll
[2012/09/11 23:58:14 | 001,099,264 | ---- | C] ( ) -- C:\Windows\SysNative\dlbcusb1.dll
[2012/09/11 23:58:14 | 000,568,832 | ---- | C] () -- C:\Windows\SysNative\dlbcutil.dll
[2012/09/11 23:58:14 | 000,487,424 | ---- | C] ( ) -- C:\Windows\SysNative\dlbclmpm.dll
[2012/09/11 23:58:14 | 000,468,480 | ---- | C] ( ) -- C:\Windows\SysNative\dlbcjswr.dll
[2012/09/11 23:58:14 | 000,409,600 | ---- | C] ( ) -- C:\Windows\SysNative\dlbcpmui.dll
[2012/09/11 23:58:14 | 000,305,152 | ---- | C] ( ) -- C:\Windows\SysNative\DLBChcp.dll
[2012/09/11 23:58:14 | 000,238,592 | ---- | C] ( ) -- C:\Windows\SysNative\dlbcinpa.dll
[2012/09/11 23:58:14 | 000,226,816 | ---- | C] ( ) -- C:\Windows\SysNative\dlbciesc.dll
[2012/09/11 23:58:14 | 000,194,048 | ---- | C] () -- C:\Windows\SysNative\DLBCinst.dll
[2012/09/11 23:58:14 | 000,135,168 | ---- | C] () -- C:\Windows\SysNative\dlbcinsb.dll
[2012/09/11 23:58:14 | 000,035,328 | ---- | C] ( ) -- C:\Windows\SysNative\dlbcprox.dll
[2012/09/11 23:58:14 | 000,010,752 | ---- | C] ( ) -- C:\Windows\SysNative\dlbcpplc.dll
[2012/09/11 23:58:14 | 000,004,452 | ---- | C] () -- C:\Windows\SysNative\LexFiles.ulf
[2012/09/11 23:58:13 | 000,695,808 | ---- | C] ( ) -- C:\Windows\SysNative\dlbccomc.dll
[2012/09/11 23:58:13 | 000,659,456 | ---- | C] ( ) -- C:\Windows\SysNative\dlbchbn3.dll
[2012/09/11 23:58:13 | 000,566,768 | ---- | C] ( ) -- C:\Windows\SysNative\dlbccoms.exe
[2012/09/11 23:58:13 | 000,249,856 | ---- | C] ( ) -- C:\Windows\SysNative\dlbccomm.dll
[2012/09/11 23:58:13 | 000,236,528 | ---- | C] ( ) -- C:\Windows\SysNative\dlbccfg.exe
[2012/09/11 23:58:13 | 000,233,968 | ---- | C] ( ) -- C:\Windows\SysNative\dlbcih.exe
[2012/09/11 23:58:13 | 000,078,848 | ---- | C] ( ) -- C:\Windows\SysNative\dlbccu.dll
[2012/09/11 23:58:13 | 000,071,168 | ---- | C] () -- C:\Windows\SysNative\dlbccur.dll
[2012/09/11 23:58:13 | 000,001,973 | ---- | C] () -- C:\Windows\SysNative\dlbc.loc
[2012/09/11 23:57:03 | 000,417,792 | ---- | C] () -- C:\Windows\SysNative\dlbccoin.dll
[2012/09/11 23:57:03 | 000,109,056 | ---- | C] () -- C:\Windows\SysNative\dlbcvs.dll
[2012/09/11 23:34:58 | 071,011,161 | ---- | C] () -- C:\Users\PEP\Desktop\Steve Roach - Darkest Before Dawn.mp3
[2012/08/31 13:08:35 | 000,139,783 | ---- | C] () -- C:\Users\PEP\Desktop\MinecraftSP.jar
[2012/08/29 22:52:29 | 000,002,006 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/08/01 22:43:10 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/07/15 22:01:39 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012/07/15 21:58:38 | 000,033,019 | ---- | C] () -- C:\Windows\SysWow64\CoreAAC-uninstall.exe
[2012/07/04 01:34:16 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/07/04 01:34:16 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/06/03 07:35:44 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/06/03 07:35:44 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/06/03 07:35:44 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/06/03 07:35:44 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/06/03 07:35:44 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/05/31 07:39:26 | 000,027,136 | ---- | C] () -- C:\Windows\setrestore.exe
[2012/05/31 07:38:52 | 000,027,136 | ---- | C] () -- C:\Windows\sysrestore.exe
[2012/05/13 22:11:49 | 000,006,784 | ---- | C] () -- C:\Users\PEP\AppData\Local\recently-used.xbel
[2012/04/18 19:39:10 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/03/28 11:17:16 | 000,000,101 | ---- | C] () -- C:\Windows\TheMatrix.ini
[2012/03/25 14:26:58 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2012/03/20 15:36:37 | 000,004,696 | ---- | C] () -- C:\Windows\scad3.INI
[2012/03/05 15:16:52 | 000,000,000 | ---- | C] () -- C:\Windows\lmtools.INI
[2012/03/05 14:55:23 | 000,000,527 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2012/02/23 15:31:30 | 000,017,408 | ---- | C] () -- C:\Users\PEP\AppData\Local\WebpageIcons.db
[2012/01/13 15:29:45 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2012/01/13 00:03:49 | 000,000,564 | ---- | C] () -- C:\Users\PEP\AppData\Roaming\AutoGK.ini
[2011/10/25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011/09/12 18:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/05/18 16:36:37 | 000,000,033 | ---- | C] () -- C:\ProgramData\{081230F8-EA50-42A9-983C-D22ABC2EED3B}.ini
[2011/01/26 19:52:26 | 000,007,605 | ---- | C] () -- C:\Users\PEP\AppData\Local\Resmon.ResmonCfg
[2010/10/22 23:42:28 | 000,000,604 | -H-- | C] () -- C:\Program Files (x86)\STLL Notifier
[2010/10/22 23:27:11 | 000,000,482 | ---- | C] () -- C:\Windows\{17FE44E2-D21A-4F0C-BE49-798A8FBC374E}_WiseFW.ini

========== LOP Check ==========

[2012/09/05 12:56:31 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\.minecraft
[2012/09/24 16:46:42 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\.techniclauncher
[2009/12/25 07:21:55 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\Aim
[2011/11/12 08:50:07 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\Amvud
[2012/08/01 22:19:43 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\Atmanun
[2012/01/22 14:21:03 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\Audacity
[2012/09/01 12:16:15 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\Azureus
[2011/01/13 20:56:39 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\Bioshock2
[2012/01/01 18:03:47 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\Canneverbe Limited
[2012/05/23 21:22:48 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\DAEMON Tools Lite
[2011/06/21 21:21:19 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\Deckadance16
[2009/12/25 07:21:58 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\DeepBurner
[2011/05/13 04:41:19 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\Dev-Cpp
[2010/03/29 22:17:59 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\EMCO
[2011/01/16 19:46:53 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\Filter Forge 2
[2009/12/25 07:21:58 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\FreeImageConverter
[2009/12/25 07:21:58 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\Games
[2012/01/24 14:00:08 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\GetRightToGo
[2012/06/24 16:28:11 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\gtk-2.0
[2010/09/17 23:09:04 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\Helios
[2011/08/28 16:27:31 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\hte
[2011/06/21 22:18:16 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\Image-Line
[2012/01/12 21:35:32 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\ImgBurn
[2009/12/25 07:21:58 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\Leadertech
[2010/04/07 19:41:21 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\Lionhead Studios
[2012/01/13 15:30:07 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\MinMaxGames
[2012/06/01 18:26:15 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\MonoDevelop-Unity
[2012/06/13 17:25:26 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\MonoDevelop-Unity-2.8
[2009/12/25 07:22:24 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\Mount&Blade
[2010/04/13 00:33:38 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\Mount&Blade Warband
[2011/05/09 18:17:49 | 000,000,000 | -HSD | M] -- C:\Users\PEP\AppData\Roaming\ms-drivers
[2009/12/25 07:22:26 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\MuPAD
[2010/10/12 22:29:34 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\MusE
[2012/03/25 22:42:09 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\National Instruments
[2011/08/27 17:01:58 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\Notepad++
[2010/12/27 15:11:21 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\PACE Anti-Piracy
[2011/07/30 21:37:10 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\Picsoft
[2009/12/31 13:33:50 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\PlayFirst
[2011/03/20 21:26:07 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\PunkBuster
[2012/03/11 23:03:57 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\Rational
[2011/05/18 18:30:58 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\ScripterRon
[2010/01/25 19:39:46 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\ScummVM
[2011/06/21 21:21:19 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\SongManager
[2010/03/20 20:31:08 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\SprillRichiEng
[2011/08/08 21:38:45 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\stetic
[2011/02/22 00:22:08 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\System
[2011/11/06 19:15:27 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\SystemRequirementsLab
[2011/04/18 19:07:45 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\The Creative Assembly
[2009/12/25 07:22:27 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\Thinstall
[2010/05/28 22:27:48 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\Tropico 3
[2012/07/01 23:50:59 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\Tunngle
[2010/04/16 00:42:08 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\Ubisoft
[2012/06/01 19:16:10 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\Unity
[2011/11/11 17:02:23 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\Uppae
[2012/01/12 19:38:07 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\windows-dvd-maker
[2011/05/09 17:42:04 | 000,000,000 | -HSD | M] -- C:\Users\PEP\AppData\Roaming\wyUpdate AU
[2009/12/25 07:22:28 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\XRay Engine
[2012/08/15 07:01:54 | 000,032,578 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 1293 bytes -> C:\Users\PEP\AppData\Local\Temp:tIEBoLDxzfOncxhAJhlsx70nBLpy
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:8CE646EE
@Alternate Data Stream - 1201 bytes -> C:\ProgramData\Microsoft:vnCmNOPrayl7udt8VOTRBar
@Alternate Data Stream - 1103 bytes -> C:\ProgramData\Microsoft:Z5kZgN54EEOKemOeSDKHWY4jiDH

< End of report >


----------



## eddie5659 (Mar 19, 2001)

Please run the MGA Diagnostic Tool and post back the report it shall produce:

Download *MGADiag* to your desktop.
Double-click on MGADiag.exe to launch the program
Click "Continue"
Ensure that the "Windows" tab is selected (it should be by default).
Click the "Copy" button to copy the MGA Diagnostic Report to the Windows clipboard.
Paste the MGA Diagnostic Report back here in your next reply.

---------

Then, run the following:

Please download and run *WVCheck*.

Double-click WVCheck.exe.
As indicated by the prompt, this program can take a while depending on your hard drive space. 
Once the program is done, copy the contents of the Notepad file as a reply.

eddie


----------



## PEP (Mar 1, 2006)

MGADIAG:

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-GJY49-VJBQ7-HYRR2
Windows Product Key Hash: W5/6nm6F2UPXrCkY5xUhXb/+21g=
Windows Product ID: 00426-OEM-8992662-00006
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010100.1.0.001
ID: {5C1A1CD3-3295-40DE-A55B-7E5F8AD475D8}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Ultimate
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.110622-1506
TTS Error: 
Validation Diagnostic: 
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 100 Genuine
Microsoft Office Enterprise 2007 - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005_E2AD56EA-765-8009_E2AD56EA-766-2ee2_E2AD56EA-148-80004005_16E0B333-89-80004005_B4D0AA8B-1029-80004005

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{5C1A1CD3-3295-40DE-A55B-7E5F8AD475D8}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.001</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-HYRR2</PKey><PID>00426-OEM-8992662-00006</PID><PIDType>2</PIDType><SID>S-1-5-21-3924556204-3487639632-2258398569</SID><SYSTEM><Manufacturer>Gigabyte Technology Co., Ltd.</Manufacturer><Model>EP45-DS3L</Model></SYSTEM><BIOS><Manufacturer>Award Software International, Inc.</Manufacturer><Version>F10</Version><SMBIOSVersion major="2" minor="4"/><Date>20081107000000.000000+000</Date></BIOS><HWID>912B3707018400FA</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>GBT </OEMID><OEMTableID>GBTUACPI</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90120000-0030-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>94436407C3F2586</Val><Hash>Nh+O7p+E5Ha5+8Lxn9JfFULj9GM=</Hash><Pid>89388-707-9845457-65775</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/><App Id="BA" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7601.17514

Name: Windows(R) 7, Ultimate edition
Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
Activation ID: 7cfd4696-69a9-4af7-af36-ff3d12b6b6c8
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00426-00178-926-600006-02-1049-7601.0000-2922011
Installation ID: 013571700616061561791202633803026900747140301132157555
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: HYRR2
License Status: Licensed
Remaining Windows rearm count: 5
Trusted time: 10/7/2012 9:07:45 PM

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x00000000
HealthStatus: 0x0000000000000000
Event Time Stamp: 9:12:2012 02:25
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:

HWID Data-->
HWID Hash Current: PgAAAAIABgABAAIAAQACAAAAAgABAAEA6GHSlxMS/OFGvAw1hDTkv+JfmLLONaIFznCN75qIZPPO6gzjzDE=

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information: 
ACPI Table Name	OEMID Value	OEMTableID Value
APIC GBT GBTUACPI
FACP GBT GBTUACPI
HPET GBT GBTUACPI
MCFG GBT GBTUACPI
EUDS GBT 
SSDT PmRef CpuPm
SLIC GBT GBTUACPI

WVCHECK:

Windows Validation Check
Version: 1.9.12.5
Log Created On: 2125_07-10-2012
-----------------------

Windows Information
-----------------------
Windows Version: Windows 7 Service Pack 1 
Windows Mode: Normal
Systemroot Path: C:\Windows

WVCheck's Auto Update Check
-----------------------
Auto-Update Option: Do not download or install updates automatically.
-----------------------
Last Success Time for Update Detection: 2011-10-19 16:44:58
Last Success Time for Update Download: 2011-10-19 14:07:07
Last Success Time for Update Installation: 2011-10-19 14:11:54

WVCheck's Registry Check Check
-----------------------
Antiwpa: Not Found
-----------------------
Chew7Hale: Not Found
-----------------------

WVCheck's File Dump
-----------------------
C:\Windows\System32\slwga.dll
Size: 14336 bytes
Creation; 12/4/2011 22:10:6
Modification; 20/11/2010 7:21:24
MD5; 19f75d71e4256f5113d64ce2bb66b838
Matched: slwga.dll
-----------------------
C:\Windows\SysWOW64\slwga.dll
Size: 14336 bytes
Creation; 12/4/2011 22:10:6
Modification; 20/11/2010 7:21:24
MD5; 19f75d71e4256f5113d64ce2bb66b838
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\amd64_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7600.16385_none_5b467ba9bd0679bb\slwga.dll
Size: 14848 bytes
Creation; 13/7/2009 19:52:11
Modification; 13/7/2009 21:41:54
MD5; cc03cf9f24946dcbd70acb3e1b2f05bf
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\amd64_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7601.17514_none_5d778f71b9f4fd55\slwga.dll
Size: 15360 bytes
Creation; 12/4/2011 22:10:10
Modification; 20/11/2010 8:27:26
MD5; b6d6886149573278cba6abd44c4317f5
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\x86_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7600.16385_none_ff27e02604a90885\slwga.dll
Size: 13824 bytes
Creation; 13/7/2009 19:36:22
Modification; 13/7/2009 21:16:15
MD5; 01fe4bdd0b47a7d8bf34d78d2bc23ddb
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\x86_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7601.17514_none_0158f3ee01978c1f\slwga.dll
Size: 14336 bytes
Creation; 12/4/2011 22:10:6
Modification; 20/11/2010 7:21:24
MD5; 19f75d71e4256f5113d64ce2bb66b838
Matched: slwga.dll
-----------------------

WVCheck's Dir Dump
-----------------------
WVCheck found no known bad directories.

WVCheck's Missing File Check
-----------------------
WVCheck found no missing Windows files.

WVCheck's MBAM Quarantine Check
-----------------------
There were no bad files quarantined by MBAM.

WVCheck's HOSTS File Check
-----------------------
WVCheck found no bad lines in the hosts file.

WVCheck's MD5 Check
EXPERIMENTAL!!
-----------------------
user32.dll - 5e0db2d8b2750543cd2ebb9ea8e6cdd3

-------- End of File, program close at 2139_07-10-2012 --------


----------



## eddie5659 (Mar 19, 2001)

Sorry, but according to your scans, you have a pirated copy of Windows 7 

Closing thread due to this, as we do not assist with pirated software.


----------

