WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93124 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

anti-virus popped this morning with a trojan... need a tune-up [Solved

Started by WynApse , Dec 08 2012 12:42 PM

This topic is locked

12 replies to this topic

#1 WynApse

Authentic Member

Authentic Member
39 posts

Posted 08 December 2012 - 12:42 PM

Got a trojan alert from Security essentials this morning, so went into "what's going on" mode about the same time that I had one of those "Your system is infected" false messages hit. I was finally able to get control of the system back by nuking some numerical named files in C:\ProgramFiles\<some numerical named folder> all associated with something called "System Progressive Security" or something like that.

Ran Stinger, it didn't find anything, looked in all the obvious places and found some files I didn't like in c:\users\dave\appdata\local\temp, so I nuked them, but came up against a couple named "credutou.dll" and "credutou64.dll" that wouldn't let me delete them. I unhid them, still couldn't delete them, but it did let me rename them to dave.dll and dave64.dll

I'm assuming those two files are part of whatever the heck hit at 8:27 AM

Things appear to be running, but I don't like this sort of thing, so I'm looking for a tune-up from the guys that know what they're doing.... YOU!

I've downloaded and ran OTL, HJT, and DDS... that's a lot of logs... so here goes... and thanks a bunch!

-Dave
Microsoft Silverlight MVP

OTL logfile created on: 12/8/2012 11:00:01 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dave\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

11.99 Gb Total Physical Memory | 8.77 Gb Available Physical Memory | 73.11% Memory free
23.98 Gb Paging File | 20.69 Gb Available in Paging File | 86.27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1863.01 Gb Total Space | 1671.70 Gb Free Space | 89.73% Space Free | Partition Type: NTFS
Drive D: | 2.90 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 1863.01 Gb Total Space | 1403.48 Gb Free Space | 75.33% Space Free | Partition Type: NTFS

Computer Name: WYNAPSE-2 | User Name: Dave | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Dave\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_110_ActiveX.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Fighters\PASSWORDfighter\stpass.exe (SPAMfighter)
PRC - C:\Program Files (x86)\Fighters\Tray\FightersTray.exe (SPAMfighter ApS)
PRC - C:\Program Files (x86)\Fighters\SPAMfighter\sfus.exe (SPAMfighter ApS)
PRC - C:\Program Files (x86)\Fighters\SPAMfighter\sfagent.exe (SPAMfighter ApS)
PRC - C:\Program Files (x86)\Fighters\FighterSuiteService.exe (SPAMfighter ApS)
PRC - C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\Xobni\XobniService.exe (Xobni Corporation)
PRC - C:\Program Files (x86)\Avaya\Avaya VPN Client\NvcSvcMgr.exe (Avaya)
PRC - C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\dyyno_launcher.exe ()
PRC - C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\launcherd.exe ()
PRC - C:\Program Files (x86)\USB Safely Remove\USBSafelyRemove.exe (Crystal Rich Ltd)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)

========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Fighters\SPAMfighter\sfse.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web\d35f253db74b5989f0987807738ec892\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\87032989d29b3a649092d9d458bc3461\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\dcf43acc57aee4bd50af87e12a2028d8\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\93068aedfe860fb0618cf7377f9e508c\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\4a16ac66b61893ca07bae0ad11055ea2\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\4d5c2d9662b00b0475ac20f52d4972d6\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\a4a9a08c33370b293bac4de35df5543d\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\0b5363b1e3a0f1cd089da81b88d29ea2\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\0c3b7877229088ad443647a8d913afd0\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\0a00073d5ba60ccf1fbe02803e92bbc3\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\f82dad169c524366301b2224fe123045\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\51e2934144ba15628ba5a31be2dae7dc\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Fighters\SPAMfighter\sfsg.dll ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\dyyno_launcher.exe ()
MOD - C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()

========== Services (SafeList) ==========

SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (ZuneWlanCfgSvc) -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe (Microsoft Corporation)
SRV:64bit: - (WMZuneComm) -- C:\Program Files\Zune\WMZuneComm.exe (Microsoft Corporation)
SRV:64bit: - (ZuneNetworkSvc) -- C:\Program Files\Zune\ZuneNss.exe (Microsoft Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (IISADMIN) -- C:\Windows\SysNative\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Te.Service) -- C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe (Microsoft Corporation)
SRV - (fussvc) -- C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SPAMfighter Update Service) -- C:\Program Files (x86)\Fighters\SPAMfighter\sfus.exe (SPAMfighter ApS)
SRV - (Suite Service) -- C:\Program Files (x86)\Fighters\FighterSuiteService.exe (SPAMfighter ApS)
SRV - (SamsungAllShareV2.0) -- C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe (Samsung Electronics Co., Ltd.)
SRV - (SimpleSlideShowServer) -- C:\Program Files (x86)\Samsung\AllShare\AllShareSlideShowService.exe (Samsung Electronics Co., Ltd.)
SRV - (XobniService) -- C:\Program Files (x86)\Xobni\XobniService.exe (Xobni Corporation)
SRV - (NvcSvcMgr) -- C:\Program Files (x86)\Avaya\Avaya VPN Client\NvcSvcMgr.exe (Avaya)
SRV - (Dyyno Launcher) -- C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\launcherd.exe ()
SRV - (USBSafelyRemoveService) -- C:\Program Files (x86)\USB Safely Remove\USBSRService.exe ()
SRV - (WAS) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (W3SVC) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (AppHostSvc) -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (dc3d) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (PCWinSoft) -- C:\Windows\SysNative\drivers\scrcamhrdrv_x64.sys (Windows ® Server 2003 DDK provider)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (nvcwfpco) -- C:\Windows\SysNative\drivers\nvcwfpco.sys (Avaya)
DRV:64bit: - (NT_NvcA) -- C:\Windows\SysNative\drivers\ntnvca.sys (Avaya)
DRV:64bit: - (RsFx0105) -- C:\Windows\SysNative\drivers\RsFx0105.sys (Microsoft Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (tsusbhub) -- C:\Windows\SysNative\drivers\tsusbhub.sys (Microsoft Corporation)
DRV:64bit: - (Synth3dVsc) -- C:\Windows\SysNative\drivers\Synth3dVsc.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (sscdmdm) -- C:\Windows\SysNative\drivers\sscdmdm.sys (MCCI Corporation)
DRV:64bit: - (sscdbus) -- C:\Windows\SysNative\drivers\sscdbus.sys (MCCI Corporation)
DRV:64bit: - (sscdmdfl) -- C:\Windows\SysNative\drivers\sscdmdfl.sys (MCCI Corporation)
DRV:64bit: - (CXPLRCAP) -- C:\Windows\SysNative\drivers\CxPlrCap.sys (Conexant Systems, Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (e1yexpress) -- C:\Windows\SysNative\drivers\e1y60x64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (VSPerfDrv110) -- C:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?...=EIE9HP&PC=UP50
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.wynapse.com/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...amp;FORM=IE8SRC
IE - HKCU\..\SearchScopes\{20E241F5-F99C-449D-9AA9-851CBA5DD676}: "URL" = http://search.yahoo....27,17118,0,18,0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B4DC70064-89E2-4a55-8FC6-E8CDEAE3618C%7D:0.7.7
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@spamfighter.com/PASSWORDfighter: C:\Program Files (x86)\Fighters\PASSWORDfighter\nppfAutofill.dll (SPAMfighter)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Dave\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Dave\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\LWAPlugin15.7: C:\Users\Dave\AppData\Roaming\Mozilla\Plugins\npLWAPlugin15.7.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/11/21 16:09:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/11/21 16:08:54 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{1b277a67-fc18-4c9b-81b8-6365302ef310}: C:\Users\Dave\AppData\Roaming\SPAMfighter\PASSWORDfighter\pfAutofill [2012/07/03 15:28:14 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/11/21 16:09:18 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/11/21 16:08:54 | 000,000,000 | ---D | M]

[2012/06/26 14:56:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dave\AppData\Roaming\Mozilla\Extensions
[2012/10/22 18:17:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\1hxi3bil.default\extensions
[2012/06/27 18:28:04 | 000,013,345 | ---- | M] () (No name found) -- C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\1hxi3bil.default\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi
[2012/11/21 16:08:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/11/21 16:09:18 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/09/28 20:39:04 | 000,031,872 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginAOC.dll
[2012/08/30 07:58:45 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/10/11 22:31:17 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.wynapse.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{g
oogle:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.wynapse.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Dave\AppData\Local\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Dave\AppData\Local\Google\Chrome\Application\23.0.1271.95\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Dave\AppData\Local\Google\Chrome\Application\23.0.1271.95\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
CHR - plugin: Java™ Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Dave\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: YouTube = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Search = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: PASSWORDfighter Autofill Engine = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\opelifikekicidippgpedoooihapliia\1.0.0.2\
CHR - Extension: Gmail = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Gmail = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Microsoft Web Test Recorder 10.0 Helper) - {876d9f09-c6d6-4324-a2cc-04dd9a4de12f} - C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft Device Center\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelliType Pro] c:\Program Files\Microsoft Device Center\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AllShareAgent] C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [AttendeeCommunicator] C:\Program Files (x86)\Microsoft Lync Attendee\AttendeeCommunicator.exe (Microsoft Corporation)
O4 - HKLM..\Run: [CommonToolkitTray] C:\Program Files (x86)\Fighters\Tray\FightersTray.exe (SPAMfighter ApS)
O4 - HKLM..\Run: [NVC] C:\Program Files (x86)\Avaya\Avaya VPN Client\Nvc.exe (Avaya)
O4 - HKLM..\Run: [sfagent] C:\Program Files (x86)\Fighters\SPAMfighter\sfagent.exe (SPAMfighter ApS)
O4 - HKCU..\Run: [choismon] rundll32 "C:\Users\Dave\AppData\Local\Temp\credutou64.dll",CreateProcessNotify File not found
O4 - HKCU..\Run: [Dismetsh] rundll32 "C:\Users\Dave\AppData\Local\Temp\credutou.dll",CreateProcessNotify File not found
O4 - HKCU..\Run: [Dyyno Launcher] C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\dyyno_launcher.exe ()
O4 - HKCU..\Run: [PASSWORDfighter] C:\Program Files (x86)\Fighters\PASSWORDfighter\stpass.exe (SPAMfighter)
O4 - HKCU..\Run: [USB Safely Remove] C:\Program Files (x86)\USB Safely Remove\USBSafelyRemove.exe (Crystal Rich Ltd)
O4 - HKCU..\Run: [Wisdom-soft ScreenHunter 5.1 Pro] 0 File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: PASSWORDfighter - C:\Program Files (x86)\Fighters\PASSWORDfighter\spIEBho.dll (SPAMfighter)
O8 - Extra context menu item: PASSWORDfighter - C:\Program Files (x86)\Fighters\PASSWORDfighter\spIEBho.dll (SPAMfighter)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.6.2.cab (DLM Control)
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds...ransferCtrl.cab (DLC Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{504A012E-2312-440A-8A15-02DB92054057}: NameServer = 169.10.8.4,169.10.8.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{91A09E67-80E1-4DCE-A96F-15DD82EC193E}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{209ff7d7-bf3a-11e1-810b-90fba6df34b3}\Shell - "" = AutoRun
O33 - MountPoints2\{209ff7d7-bf3a-11e1-810b-90fba6df34b3}\Shell\AutoRun\command - "" = N:\vs_ultimate.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.divxa32 - C:\Windows\SysWow64\msaud32_divx.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.MP42 - C:\Windows\SysWow64\MPG4c32.dll (Microsoft Corporation)
Drivers32: vidc.MP43 - C:\Windows\SysWow64\MPG4c32.dll (Microsoft Corporation)
Drivers32: vidc.MPG4 - C:\Windows\SysWow64\MPG4c32.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/12/08 11:01:02 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Dave\Desktop\HiJackThis.exe
[2012/12/08 10:58:14 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Dave\Desktop\OTL.exe
[2012/12/08 10:18:40 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Dave\Desktop\dds.scr
[2012/12/08 08:39:43 | 000,016,200 | ---- | C] (McAfee, Inc.) -- C:\Windows\stinger.sys
[2012/12/08 08:39:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\stinger
[2012/12/08 08:27:29 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Local\{74595829-FB57-4C21-AB72-444092F9F33A}
[2012/12/08 08:16:09 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Progressive Protection
[2012/12/08 08:15:59 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Local\{453EDB1F-0C8B-453C-B0E8-F55E785F5800}
[2012/12/07 20:15:47 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Local\{8A67AEAA-3C60-4F3D-97F3-DCC26D64DBFB}
[2012/12/07 08:15:35 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Local\{931972BF-2880-4E9B-A592-D01CE029B3DB}
[2012/12/06 20:15:24 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Local\{AF25635A-370A-4AF3-8858-B05119E8BAC9}
[2012/12/06 08:15:12 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Local\{9965C46A-618B-49B0-88DE-EC3FCD1D36FF}
[2012/12/05 20:15:01 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Local\{F8E99801-28A1-4F45-BE52-49BAA625E499}
[2012/12/05 08:14:49 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Local\{922DD87E-F6A7-4304-94D8-8736E92F7BB2}
[2012/12/04 20:14:37 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Local\{C0D855E1-E3CE-4A09-A01D-E9453DEFE43F}
[2012/12/04 08:14:25 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Local\{030C3226-F573-4A96-B8E0-2122DF7ECCA4}
[2012/12/03 20:14:14 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Local\{35EB70F8-529C-468A-B4F9-10E7836EA5B0}
[2012/12/03 08:14:02 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Local\{E1873B3C-47EB-4EED-ADEF-439A046F85DB}
[2012/12/02 20:13:50 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Local\{DC8C26CD-7F9B-4F1B-9754-C12F737B1261}
[2012/12/02 08:13:39 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Local\{6C92BC85-CC8E-4822-9C32-186D325672F6}
[2012/12/01 20:13:27 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Local\{E06AF99D-0467-4D64-AD75-3B9FE42CCA31}
[2012/12/01 19:02:02 | 006,747,416 | ---- | C] (A&R Online) -- C:\Users\Dave\Desktop\PWYH_free_lesson.exe
[2012/12/01 08:13:15 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Local\{560CF644-A216-42D3-B429-74CB8C262989}
[2012/11/30 20:13:04 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Local\{E5016082-0F2A-4134-9A22-51E283B4D33F}
[2012/11/30 08:12:52 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Local\{D4347A59-5BE1-4D02-B3F4-51C55DFEC361}
[2012/11/29 20:12:40 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Local\{F3601AB9-A8CD-4B8D-B85D-4440A092BAA1}
[2012/11/29 08:12:28 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Local\{AC50734F-DE48-4919-A51A-9A73C22B2066}
[2012/11/28 08:12:05 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Local\{6AB6D640-65A7-4D48-A894-9B2954A4DEF1}
[2012/11/27 20:11:41 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Local\{4C5DF831-FEDF-4A76-B9FF-8C227EB2D1BF}
[2012/11/27 08:11:30 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Local\{50045671-1698-40B1-BF4D-23C9AAD55FD0}
[2012/11/26 20:11:18 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Local\{7C33CEAB-4FD4-469E-8671-75A00312EA75}
[2012/11/26 08:11:06 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Local\{DFADB8A2-D4B4-4269-A9F0-19D89F371DF9}
[2012/11/25 20:10:55 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Local\{0B06A98B-40AD-4894-9D2E-0A7E9B2EF101}
[2012/11/25 08:10:43 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Local\{C6102B8F-E902-4F4A-B4E3-448EFBEF52E3}
[2012/11/24 20:10:31 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Local\{5D85E433-8D9E-495B-B483-1EB3D0796640}
[2012/11/24 08:10:19 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Local\{5FAEC0E1-2293-4BB0-AF9A-A751D591B5E6}
[2012/11/23 20:10:08 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Local\{37B4D6B6-C0CC-4D02-82CE-A20FF65C35CB}
[2012/11/23 13:15:49 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Roaming\SnippetDesigner
[2012/11/23 08:09:44 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Local\{18B984A3-3544-4E2B-A727-27D83490A57A}
[2012/11/22 20:09:32 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Local\{F2CA0311-33EB-4A70-8BA5-F5E3E9433BF5}
[2012/11/22 08:09:20 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Local\{C4317D06-1E93-4220-9EDE-F7D0010883A0}
[2012/11/21 20:09:08 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Local\{2E8D55C0-2194-4324-AD90-9D4A34261B34}
[2012/11/21 16:08:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/11/21 08:08:57 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Local\{49BA15EA-FC88-4D80-B951-B0BF0ECFDECE}
[2012/11/20 20:08:45 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Local\{3F45BBB1-FDEC-4C86-B3DE-CB6438A642F2}
[2012/11/20 08:08:34 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Local\{FE3459A1-DCE5-4966-ABD1-66B4A84761FF}
[2012/11/19 20:08:22 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Local\{30E5B435-DAD3-4C0A-B3C5-555F012161E8}
[2012/11/19 08:08:10 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Local\{1D8048C2-06B0-43DE-AF98-AC07BC9BF7E7}
[2012/11/17 20:24:21 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Local\HTML Executable
[2012/11/17 08:12:38 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Local\{78CE35E5-1EE6-4741-BED6-B9EEFFAEF10C}
[2012/11/16 20:12:26 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Local\{ADC84F23-D90D-4B1F-9AF2-179D4FECD6BF}
[2012/11/16 08:12:15 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Local\{5B70E7F7-181F-45EE-B756-D2258EB799E6}
[2012/11/16 07:55:02 | 000,000,000 | ---D | C] -- C:\Users\Dave\Documents\Payments
[2012/11/15 20:12:03 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Local\{34E2BED9-3FEC-4CC6-8CFF-377D61C71CB3}
[2012/11/15 10:21:56 | 000,000,000 | ---D | C] -- C:\Users\Dave\Desktop\Right-Side Links
[2012/11/15 10:20:58 | 000,000,000 | ---D | C] -- C:\Users\Dave\Desktop\Left-side links
[2012/11/15 08:11:39 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Local\{270DA158-44A9-4A43-8602-222C4E72720F}
[2012/11/15 03:08:27 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys
[2012/11/15 03:08:27 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll
[2012/11/15 03:06:49 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/11/15 03:06:49 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/11/15 03:06:48 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/11/15 03:06:48 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/11/15 03:06:48 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/11/15 03:06:48 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/11/15 03:06:48 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/11/15 03:06:48 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/11/15 03:06:47 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/11/15 03:06:47 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/11/15 03:06:47 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/11/15 03:06:47 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/11/15 03:06:45 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/11/15 03:06:45 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/11/15 03:06:45 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/11/15 03:03:28 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll
[2012/11/15 03:03:27 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll
[2012/11/15 03:03:27 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe
[2012/11/15 03:03:27 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll
[2012/11/14 21:05:07 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iisRtl.dll
[2012/11/14 21:05:07 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admwprox.dll
[2012/11/14 21:05:06 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iisRtl.dll
[2012/11/14 21:05:06 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ahadmin.dll
[2012/11/14 21:05:06 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admwprox.dll
[2012/11/14 21:05:06 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ahadmin.dll
[2012/11/14 21:05:06 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iisreset.exe
[2012/11/14 21:05:06 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iisreset.exe
[2012/11/14 21:05:06 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wamregps.dll
[2012/11/14 21:05:06 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iisrstap.dll
[2012/11/14 21:05:06 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wamregps.dll
[2012/11/14 21:05:06 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iisrstap.dll
[2012/11/14 21:05:03 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll
[2012/11/14 21:05:03 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll
[2012/11/14 21:05:03 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll
[2012/11/14 21:05:00 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll
[2012/11/14 21:05:00 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll
[2012/11/14 21:05:00 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll
[2012/11/14 21:05:00 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll
[2012/11/14 21:05:00 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll
[2012/11/14 21:05:00 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll
[2012/11/14 21:04:35 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll
[2012/11/14 21:04:35 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll
[2012/11/14 20:11:14 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Local\{800A771B-3D9A-4664-B9A6-52A648DA427D}
[2012/11/14 13:22:48 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Axialis Software
[2012/11/14 13:22:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Axialis Software
[2012/11/14 13:22:46 | 000,000,000 | R--D | C] -- C:\Users\Dave\Documents\Axialis Librarian
[2012/11/14 13:22:46 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Roaming\Axialis
[2012/11/14 13:22:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Axialis
[2012/11/14 13:22:30 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Local\Axialis
[2012/11/14 13:04:04 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU
[2012/11/14 13:04:02 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Roaming\AVS4YOU
[2012/11/14 13:03:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVSMedia
[2012/11/14 13:02:59 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3a.dll
[2012/11/14 13:02:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVS4YOU
[2012/11/14 12:53:57 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
[2012/11/14 12:53:57 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Roaming\IrfanView
[2012/11/14 12:53:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IrfanView
[2012/11/14 08:11:02 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Local\{28E2D231-28A0-4065-A32F-572BC777D58B}
[2012/11/13 20:10:50 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Local\{4467D612-771F-4676-BAB1-3ACE61912973}
[2012/11/13 08:10:38 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Local\{B14C96E1-DC16-4C01-ACDF-23B5345A57C7}
[2012/11/12 20:10:27 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Local\{88CD4102-26A2-414D-A97B-618FCFC700B0}
[2012/11/12 08:10:15 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Local\{BA228F49-C2A8-4F57-B94C-2C983982DF90}
[2012/11/11 20:10:03 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Local\{AB0C0955-1398-4FC7-8C15-585EB6366FBB}
[2012/11/11 08:09:52 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Local\{28F8FC8E-6AFB-45F9-ADCE-F6D571A6BD3B}
[2012/11/09 20:09:17 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Local\{5F31CDCC-CA72-4DB6-BB4E-D58BCB906F4E}
[2012/11/08 20:08:41 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Local\{CE509E49-3474-4E03-B6B7-BF5F16978621}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/12/08 11:01:02 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Dave\Desktop\HiJackThis.exe
[2012/12/08 10:58:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dave\Desktop\OTL.exe
[2012/12/08 10:54:01 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/12/08 10:54:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/12/08 10:18:40 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Dave\Desktop\dds.scr
[2012/12/08 10:17:01 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2542831737-1747378741-2595509408-1001UA.job
[2012/12/08 08:58:27 | 000,021,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/08 08:58:27 | 000,021,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/08 08:52:21 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/08 08:51:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/12/08 08:51:04 | 1066,799,102 | -HS- | M] () -- C:\hiberfil.sys
[2012/12/08 08:39:43 | 000,016,200 | ---- | M] (McAfee, Inc.) -- C:\Windows\stinger.sys
[2012/12/08 03:00:00 | 000,000,558 | ---- | M] () -- C:\Windows\tasks\b4a_Various Data.job
[2012/12/08 02:30:00 | 000,000,566 | ---- | M] () -- C:\Windows\tasks\b4a_SlickEdit Config.job
[2012/12/08 02:05:00 | 000,000,554 | ---- | M] () -- C:\Windows\tasks\b4a_VSProjects.job
[2012/12/08 02:00:00 | 000,000,552 | ---- | M] () -- C:\Windows\tasks\b4a_Favorites.job
[2012/12/08 01:45:00 | 000,000,544 | ---- | M] () -- C:\Windows\tasks\b4a_Magic.job
[2012/12/08 01:30:00 | 000,000,548 | ---- | M] () -- C:\Windows\tasks\b4a_OneNote.job
[2012/12/08 01:15:00 | 000,000,546 | ---- | M] () -- C:\Windows\tasks\b4a_eBooks.job
[2012/12/08 01:00:00 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\b4a_SoftwareIBought(1).job
[2012/12/08 00:45:00 | 000,000,552 | ---- | M] () -- C:\Windows\tasks\b4a_Minecraft.job
[2012/12/08 00:30:00 | 000,000,552 | ---- | M] () -- C:\Windows\tasks\b4a_Milestone.job
[2012/12/08 00:00:05 | 000,000,548 | ---- | M] () -- C:\Windows\tasks\b4a_Outlook.job
[2012/12/07 13:17:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2542831737-1747378741-2595509408-1001Core.job
[2012/12/07 08:14:27 | 000,000,533 | ---- | M] () -- C:\Users\Dave\Desktop\Amazon.com Appstore for Android.website
[2012/12/06 20:40:20 | 000,000,338 | ---- | M] () -- C:\Users\Dave\Desktop\Islands for Sale Worldwide - Private Islands Online.website
[2012/12/06 20:40:12 | 000,000,406 | ---- | M] () -- C:\Users\Dave\Desktop\Instant Eyedropper Identify HTML-color code of any pixel on the screen with single-click and auto paste it to the clipboard.website
[2012/12/05 16:53:50 | 000,001,296 | ---- | M] () -- C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2012/12/01 19:02:03 | 006,747,416 | ---- | M] (A&R Online) -- C:\Users\Dave\Desktop\PWYH_free_lesson.exe
[2012/11/30 07:28:47 | 000,967,098 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/11/30 07:28:47 | 000,794,472 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/11/30 07:28:47 | 000,170,142 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/11/28 07:09:16 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/11/28 07:09:16 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/11/23 15:23:47 | 001,472,219 | ---- | M] () -- C:\Users\Dave\AppData\Local\debuggee.mdmp
[2012/11/19 19:33:21 | 000,000,511 | ---- | M] () -- C:\Users\Dave\Desktop\Drag & Drop in WPF ... Explained end to end .. - Jaime Rodriguez - Site Home - MSDN Blogs.website
[2012/11/19 19:33:03 | 000,000,489 | ---- | M] () -- C:\Users\Dave\Desktop\Re Range.InsertXML - Change from 2003 to 2007 - WordprocessingML - Formats - OpenXML Developer.website
[2012/11/16 10:57:17 | 000,007,601 | ---- | M] () -- C:\Users\Dave\AppData\Local\Resmon.ResmonCfg
[2012/11/15 03:29:42 | 000,420,760 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/12/06 20:40:20 | 000,000,338 | ---- | C] () -- C:\Users\Dave\Desktop\Islands for Sale Worldwide - Private Islands Online.website
[2012/12/06 20:40:12 | 000,000,406 | ---- | C] () -- C:\Users\Dave\Desktop\Instant Eyedropper Identify HTML-color code of any pixel on the screen with single-click and auto paste it to the clipboard.website
[2012/11/19 19:33:21 | 000,000,511 | ---- | C] () -- C:\Users\Dave\Desktop\Drag & Drop in WPF ... Explained end to end .. - Jaime Rodriguez - Site Home - MSDN Blogs.website
[2012/11/19 19:33:03 | 000,000,489 | ---- | C] () -- C:\Users\Dave\Desktop\Re Range.InsertXML - Change from 2003 to 2007 - WordprocessingML - Formats - OpenXML Developer.website
[2012/11/16 10:57:17 | 000,007,601 | ---- | C] () -- C:\Users\Dave\AppData\Local\Resmon.ResmonCfg
[2012/11/15 03:08:29 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/11/15 03:03:27 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/09/28 07:28:10 | 000,380,928 | ---- | C] () -- C:\Windows\SysWow64\GTTunerCard.dll
[2012/09/28 07:28:10 | 000,175,104 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2012/09/28 07:28:10 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\ThumbExtract.dll
[2012/07/18 12:53:48 | 001,472,219 | ---- | C] () -- C:\Users\Dave\AppData\Local\debuggee.mdmp
[2012/06/25 20:28:16 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib
[2012/06/25 20:01:41 | 000,960,932 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/06/25 19:25:45 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/03/17 17:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/02/09 21:03:48 | 000,000,326 | ---- | C] () -- C:\Windows\primopdf.ini

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 22:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 21:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/11/29 19:24:22 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\.minecraft
[2012/10/15 16:28:27 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Awesome Addins Inc
[2012/11/14 13:22:46 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Axialis
[2012/09/29 16:45:47 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Babylon
[2012/06/25 23:10:52 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\CodeRush for VS .NET
[2012/10/11 15:21:24 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Default_Company
[2012/08/20 05:58:08 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Dropbox
[2012/09/28 07:28:51 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Dyyno
[2012/08/24 14:39:53 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\EntitySpaces, LLC
[2012/06/25 23:19:05 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Fighters
[2012/11/28 12:57:48 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\FileZilla
[2012/08/31 11:38:49 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Flash Video Capture Data
[2012/11/14 13:01:07 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\IrfanView
[2012/07/29 15:16:43 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Moyea
[2012/10/05 12:42:30 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\mts
[2012/06/25 23:14:07 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\NuGet
[2012/08/01 11:55:15 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Pavtube
[2012/11/29 19:33:28 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\PrimoPDF
[2012/10/13 18:56:39 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Samsung
[2012/10/08 08:56:23 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Sergey Vlasov
[2012/11/23 13:15:49 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\SnippetDesigner
[2012/06/29 09:45:35 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Softland
[2012/07/03 15:27:51 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\SPAMfighter
[2012/07/10 19:54:50 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Telerik
[2012/06/28 12:12:01 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\USBSafelyRemove
[2012/10/02 15:18:58 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\WynApse

========== Purity Check ==========

========== Custom Scans ==========

< %USERPROFILE%\..|smtmp;true;true;true /FP >

< %temp%\smtmp\*.* /s > >

< MD5 for: EXPLORER.ADML >
[2011/04/12 01:17:31 | 000,003,695 | ---- | M] () MD5=7A4C7F3CB156543113596988479CAFCE -- C:\Windows\PolicyDefinitions\en-US\Explorer.adml
[2011/04/12 01:17:31 | 000,003,695 | ---- | M] () MD5=7A4C7F3CB156543113596988479CAFCE -- C:\Windows\winsxs\amd64_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.1.7600.16385_en-us_7ef5713984067904\Explorer.adml

< MD5 for: EXPLORER.ADMX >
[2009/06/10 13:53:55 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\PolicyDefinitions\Explorer.admx
[2009/06/10 13:53:55 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\winsxs\amd64_microsoft-windows-shell-grouppolicy_31bf3856ad364e35_6.1.7600.16385_none_71af9b5b0a86e6b7\Explorer.admx

< MD5 for: EXPLORER.BMP >
[2009/08/31 03:59:28 | 000,000,246 | ---- | M] () MD5=EB73135E745C47670BF509ACF5E91698 -- C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\VCWizards\AppWiz\MFC\Application\templates\1028\explorer.bmp
[2009/08/31 03:59:28 | 000,000,246 | ---- | M] () MD5=EB73135E745C47670BF509ACF5E91698 -- C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\VCWizards\AppWiz\MFC\Application\templates\1031\explorer.bmp
[2009/08/31 03:59:28 | 000,000,246 | ---- | M] () MD5=EB73135E745C47670BF509ACF5E91698 -- C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\VCWizards\AppWiz\MFC\Application\templates\1033\explorer.bmp
[2009/08/31 03:59:28 | 000,000,246 | ---- | M] () MD5=EB73135E745C47670BF509ACF5E91698 -- C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\VCWizards\AppWiz\MFC\Application\templates\1036\explorer.bmp
[2009/08/31 03:59:28 | 000,000,246 | ---- | M] () MD5=EB73135E745C47670BF509ACF5E91698 -- C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\VCWizards\AppWiz\MFC\Application\templates\1040\explorer.bmp
[2009/08/31 03:59:28 | 000,000,246 | ---- | M] () MD5=EB73135E745C47670BF509ACF5E91698 -- C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\VCWizards\AppWiz\MFC\Application\templates\1041\explorer.bmp
[2009/08/31 03:59:28 | 000,000,246 | ---- | M] () MD5=EB73135E745C47670BF509ACF5E91698 -- C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\VCWizards\AppWiz\MFC\Application\templates\1042\explorer.bmp
[2009/08/31 03:59:28 | 000,000,246 | ---- | M] () MD5=EB73135E745C47670BF509ACF5E91698 -- C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\VCWizards\AppWiz\MFC\Application\templates\1049\explorer.bmp
[2009/08/31 03:59:28 | 000,000,246 | ---- | M] () MD5=EB73135E745C47670BF509ACF5E91698 -- C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\VCWizards\AppWiz\MFC\Application\templates\2052\explorer.bmp
[2009/08/31 03:59:28 | 000,000,246 | ---- | M] () MD5=EB73135E745C47670BF509ACF5E91698 -- C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\VCWizards\AppWiz\MFC\Application\templates\3082\explorer.bmp
[2011/12/12 13:29:50 | 000,000,246 | ---- | M] () MD5=EB73135E745C47670BF509ACF5E91698 -- C:\Program Files (x86)\Microsoft Visual Studio 11.0\VC\VCWizards\AppWiz\MFC\Application\templates\1028\explorer.bmp
[2011/12/12 13:29:50 | 000,000,246 | ---- | M] () MD5=EB73135E745C47670BF509ACF5E91698 -- C:\Program Files (x86)\Microsoft Visual Studio 11.0\VC\VCWizards\AppWiz\MFC\Application\templates\1031\explorer.bmp
[2011/12/12 13:29:50 | 000,000,246 | ---- | M] () MD5=EB73135E745C47670BF509ACF5E91698 -- C:\Program Files (x86)\Microsoft Visual Studio 11.0\VC\VCWizards\AppWiz\MFC\Application\templates\1033\explorer.bmp
[2011/12/12 13:29:50 | 000,000,246 | ---- | M] () MD5=EB73135E745C47670BF509ACF5E91698 -- C:\Program Files (x86)\Microsoft Visual Studio 11.0\VC\VCWizards\AppWiz\MFC\Application\templates\1036\explorer.bmp
[2011/12/12 13:29:50 | 000,000,246 | ---- | M] () MD5=EB73135E745C47670BF509ACF5E91698 -- C:\Program Files (x86)\Microsoft Visual Studio 11.0\VC\VCWizards\AppWiz\MFC\Application\templates\1040\explorer.bmp
[2011/12/12 13:29:50 | 000,000,246 | ---- | M] () MD5=EB73135E745C47670BF509ACF5E91698 -- C:\Program Files (x86)\Microsoft Visual Studio 11.0\VC\VCWizards\AppWiz\MFC\Application\templates\1041\explorer.bmp
[2011/12/12 13:29:50 | 000,000,246 | ---- | M] () MD5=EB73135E745C47670BF509ACF5E91698 -- C:\Program Files (x86)\Microsoft Visual Studio 11.0\VC\VCWizards\AppWiz\MFC\Application\templates\1042\explorer.bmp
[2011/12/12 13:29:50 | 000,000,246 | ---- | M] () MD5=EB73135E745C47670BF509ACF5E91698 -- C:\Program Files (x86)\Microsoft Visual Studio 11.0\VC\VCWizards\AppWiz\MFC\Application\templates\1049\explorer.bmp
[2011/12/12 13:29:50 | 000,000,246 | ---- | M] () MD5=EB73135E745C47670BF509ACF5E91698 -- C:\Program Files (x86)\Microsoft Visual Studio 11.0\VC\VCWizards\AppWiz\MFC\Application\templates\2052\explorer.bmp
[2011/12/12 13:29:50 | 000,000,246 | ---- | M] () MD5=EB73135E745C47670BF509ACF5E91698 -- C:\Program Files (x86)\Microsoft Visual Studio 11.0\VC\VCWizards\AppWiz\MFC\Application\templates\3082\explorer.bmp

< MD5 for: EXPLORER.CS >
[2012/06/25 23:03:00 | 000,012,987 | ---- | M] () MD5=C58D6A39CDBB84467922CB75ECBAE975 -- C:\Users\Public\Documents\DevExpress 2011.2 Demos\Components\WinForms\XtraTreeList\CS\TreeListMainDemo\Modules\Explorer.cs

< MD5 for: EXPLORER.DESIGNER.CS >
[2012/06/25 23:03:00 | 000,022,836 | ---- | M] () MD5=B05454C154575D7B50DFC0479E6BA41D -- C:\Users\Public\Documents\DevExpress 2011.2 Demos\Components\WinForms\XtraTreeList\CS\TreeListMainDemo\Modules\Explorer.Designer.cs

< MD5 for: EXPLORER.DESIGNER.VB >
[2010/03/18 20:22:58 | 000,036,545 | ---- | M] () MD5=0BFA552D19A4A7F9130A71DFBBCB1407 -- C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\ItemTemplatesCache\VisualBasic\Windows Forms\1033\Explorer.zip\explorer.designer.vb
[2011/12/12 13:52:40 | 000,036,545 | ---- | M] () MD5=0BFA552D19A4A7F9130A71DFBBCB1407 -- C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\ItemTemplates\VisualBasic\Windows Forms\1033\Explorer\explorer.designer.vb
[2011/12/12 13:52:40 | 000,036,545 | ---- | M] () MD5=0BFA552D19A4A7F9130A71DFBBCB1407 -- C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\ItemTemplatesCache\VisualBasic\Windows Forms\1033\Explorer\explorer.designer.vb
[2009/12/21 11:28:26 | 000,036,545 | ---- | M] () MD5=0BFA552D19A4A7F9130A71DFBBCB1407 -- C:\ProgramData\Microsoft\VSTAHost\SSIS_ScriptComponent\9.0\ItemTemplatesCache\VisualBasic\Windows Forms\1033\Explorer.zip\explorer.designer.vb
[2009/12/21 11:28:26 | 000,036,545 | ---- | M] () MD5=0BFA552D19A4A7F9130A71DFBBCB1407 -- C:\ProgramData\Microsoft\VSTAHost\SSIS_ScriptTask\9.0\ItemTemplatesCache\VisualBasic\Windows Forms\1033\Explorer.zip\explorer.designer.vb
[2009/12/21 11:28:26 | 000,036,545 | ---- | M] () MD5=0BFA552D19A4A7F9130A71DFBBCB1407 -- C:\Users\All Users\Microsoft\VSTAHost\SSIS_ScriptComponent\9.0\ItemTemplatesCache\VisualBasic\Windows Forms\1033\Explorer.zip\explorer.designer.vb
[2009/12/21 11:28:26 | 000,036,545 | ---- | M] () MD5=0BFA552D19A4A7F9130A71DFBBCB1407 -- C:\Users\All Users\Microsoft\VSTAHost\SSIS_ScriptTask\9.0\ItemTemplatesCache\VisualBasic\Windows Forms\1033\Explorer.zip\explorer.designer.vb
[2012/06/25 23:03:02 | 000,019,671 | ---- | M] () MD5=9707EFF49D5F41417A3846CE9326357E -- C:\Users\Public\Documents\DevExpress 2011.2 Demos\Components\WinForms\XtraTreeList\VB\TreeListMainDemo\Modules\Explorer.Designer.vb

< MD5 for: EXPLORER.EXE >
[2011/02/25 22:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/25 23:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 20:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 20:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: EXPLORER.EXE.MUI >
[2011/04/12 01:17:19 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=4B87EEFDC8E253F846A7DFB49A8E6C70 -- C:\Windows\en-US\explorer.exe.mui
[2011/04/12 01:17:19 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=4B87EEFDC8E253F846A7DFB49A8E6C70 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_61e778c48d52d19b\explorer.exe.mui
[2011/04/12 01:17:21 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\SysWOW64\en-US\explorer.exe.mui
[2011/04/12 01:17:21 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_6c3c2316c1b39396\explorer.exe.mui

< MD5 for: EXPLORER.EXE-7A3328DA.PF >
[2012/12/08 10:50:25 | 000,167,124 | ---- | M] () MD5=6EC7C7665DE454F7F1C3F74B21552F25 -- C:\Windows\Prefetch\EXPLORER.EXE-7A3328DA.pf

< MD5 for: EXPLORER.EXE-F6875474.PF >
[2012/12/06 14:09:16 | 000,039,176 | ---- | M] () MD5=15F2B62995AC58FD341C47ADF2A4A8BC -- C:\Windows\Prefetch\EXPLORER.EXE-F6875474.pf

< MD5 for: EXPLORER.GIF >
[2009/08/31 03:59:28 | 000,003,342 | ---- | M] () MD5=2C9E121C2DECEF61FED6EA977A30D90F -- C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\VCWizards\AppWiz\MFC\Application\images\Explorer.gif
[2012/06/24 21:45:02 | 000,001,483 | ---- | M] () MD5=4ABBABE57F99C84C4154DD289B766E5E -- C:\Program Files (x86)\Microsoft Visual Studio 11.0\VC\VCWizards\AppWiz\MFC\Application\images\Explorer.gif

< MD5 for: EXPLORER.PNG >
[2012/03/26 10:52:04 | 000,000,770 | ---- | M] () MD5=0C6B90E2D19A5EE128B63873B0193CCC -- C:\Program Files (x86)\Telerik\RadControls for Silverlight Q1 2012 SP1\Demos\Examples.Web\Examples\Images\TreeView\ContextMenu\explorer.png
[2012/03/26 10:52:04 | 000,000,770 | ---- | M] () MD5=0C6B90E2D19A5EE128B63873B0193CCC -- C:\Program Files (x86)\Telerik\RadControls for Silverlight Q1 2012 SP1\Demos\Examples\TreeView\Images\TreeView\ContextMenu\explorer.png

< MD5 for: EXPLORER.RESX >
[2012/06/25 23:01:17 | 000,036,838 | ---- | M] () MD5=2F54DBEF8581E07117E687DFB4045C96 -- C:\Users\Public\Documents\DevExpress 2011.2 Demos\Components\WinForms\XtraTreeList\CS\TreeListMainDemo\Modules\Explorer.resx
[2012/06/25 23:01:18 | 000,036,838 | ---- | M] () MD5=2F54DBEF8581E07117E687DFB4045C96 -- C:\Users\Public\Documents\DevExpress 2011.2 Demos\Components\WinForms\XtraTreeList\VB\TreeListMainDemo\Modules\Explorer.resx
[2010/03/18 20:22:58 | 000,040,049 | ---- | M] () MD5=B16D2C77324DE7222CB0EA55C7B32784 -- C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\ItemTemplatesCache\VisualBasic\Windows Forms\1033\Explorer.zip\explorer.resx
[2011/12/12 13:52:40 | 000,040,049 | ---- | M] () MD5=B16D2C77324DE7222CB0EA55C7B32784 -- C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\ItemTemplates\VisualBasic\Windows Forms\1033\Explorer\explorer.resx
[2011/12/12 13:52:40 | 000,040,049 | ---- | M] () MD5=B16D2C77324DE7222CB0EA55C7B32784 -- C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\ItemTemplatesCache\VisualBasic\Windows Forms\1033\Explorer\explorer.resx
[2009/12/21 11:28:26 | 000,040,049 | ---- | M] () MD5=B16D2C77324DE7222CB0EA55C7B32784 -- C:\ProgramData\Microsoft\VSTAHost\SSIS_ScriptComponent\9.0\ItemTemplatesCache\VisualBasic\Windows Forms\1033\Explorer.zip\explorer.resx
[2009/12/21 11:28:26 | 000,040,049 | ---- | M] () MD5=B16D2C77324DE7222CB0EA55C7B32784 -- C:\ProgramData\Microsoft\VSTAHost\SSIS_ScriptTask\9.0\ItemTemplatesCache\VisualBasic\Windows Forms\1033\Explorer.zip\explorer.resx
[2009/12/21 11:28:26 | 000,040,049 | ---- | M] () MD5=B16D2C77324DE7222CB0EA55C7B32784 -- C:\Users\All Users\Microsoft\VSTAHost\SSIS_ScriptComponent\9.0\ItemTemplatesCache\VisualBasic\Windows Forms\1033\Explorer.zip\explorer.resx
[2009/12/21 11:28:26 | 000,040,049 | ---- | M] () MD5=B16D2C77324DE7222CB0EA55C7B32784 -- C:\Users\All Users\Microsoft\VSTAHost\SSIS_ScriptTask\9.0\ItemTemplatesCache\VisualBasic\Windows Forms\1033\Explorer.zip\explorer.resx

< MD5 for: EXPLORER.VB >
[2010/03/18 20:22:58 | 000,008,501 | ---- | M] () MD5=55808E7AF87B5C18B97707BEF8EBDDEA -- C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\ItemTemplatesCache\VisualBasic\Windows Forms\1033\Explorer.zip\explorer.vb
[2011/12/12 13:52:40 | 000,008,501 | ---- | M] () MD5=55808E7AF87B5C18B97707BEF8EBDDEA -- C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\ItemTemplates\VisualBasic\Windows Forms\1033\Explorer\explorer.vb
[2011/12/12 13:52:40 | 000,008,501 | ---- | M] () MD5=55808E7AF87B5C18B97707BEF8EBDDEA -- C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\ItemTemplatesCache\VisualBasic\Windows Forms\1033\Explorer\explorer.vb
[2009/12/21 11:28:26 | 000,008,501 | ---- | M] () MD5=55808E7AF87B5C18B97707BEF8EBDDEA -- C:\ProgramData\Microsoft\VSTAHost\SSIS_ScriptComponent\9.0\ItemTemplatesCache\VisualBasic\Windows Forms\1033\Explorer.zip\explorer.vb
[2009/12/21 11:28:26 | 000,008,501 | ---- | M] () MD5=55808E7AF87B5C18B97707BEF8EBDDEA -- C:\ProgramData\Microsoft\VSTAHost\SSIS_ScriptTask\9.0\ItemTemplatesCache\VisualBasic\Windows Forms\1033\Explorer.zip\explorer.vb
[2009/12/21 11:28:26 | 000,008,501 | ---- | M] () MD5=55808E7AF87B5C18B97707BEF8EBDDEA -- C:\Users\All Users\Microsoft\VSTAHost\SSIS_ScriptComponent\9.0\ItemTemplatesCache\VisualBasic\Windows Forms\1033\Explorer.zip\explorer.vb
[2009/12/21 11:28:26 | 000,008,501 | ---- | M] () MD5=55808E7AF87B5C18B97707BEF8EBDDEA -- C:\Users\All Users\Microsoft\VSTAHost\SSIS_ScriptTask\9.0\ItemTemplatesCache\VisualBasic\Windows Forms\1033\Explorer.zip\explorer.vb
[2012/06/25 23:03:02 | 000,015,652 | ---- | M] () MD5=F44C7C6A6C64145FE3BBFF5417B50206 -- C:\Users\Public\Documents\DevExpress 2011.2 Demos\Components\WinForms\XtraTreeList\VB\TreeListMainDemo\Modules\Explorer.vb

< MD5 for: EXPLORER.VSTEMPLATE >
[2010/03/18 20:22:58 | 000,006,491 | ---- | M] () MD5=FB731348042E3356E2215A6747CE893C -- C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\ItemTemplatesCache\VisualBasic\Windows Forms\1033\Explorer.zip\explorer.vstemplate
[2011/12/12 13:52:40 | 000,006,491 | ---- | M] () MD5=FB731348042E3356E2215A6747CE893C -- C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\ItemTemplates\VisualBasic\Windows Forms\1033\Explorer\explorer.vstemplate
[2011/12/12 13:52:40 | 000,006,491 | ---- | M] () MD5=FB731348042E3356E2215A6747CE893C -- C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\ItemTemplatesCache\VisualBasic\Windows Forms\1033\Explorer\explorer.vstemplate
[2009/12/21 11:28:26 | 000,006,491 | ---- | M] () MD5=FB731348042E3356E2215A6747CE893C -- C:\ProgramData\Microsoft\VSTAHost\SSIS_ScriptComponent\9.0\ItemTemplatesCache\VisualBasic\Windows Forms\1033\Explorer.zip\explorer.vstemplate
[2009/12/21 11:28:26 | 000,006,491 | ---- | M] () MD5=FB731348042E3356E2215A6747CE893C -- C:\ProgramData\Microsoft\VSTAHost\SSIS_ScriptTask\9.0\ItemTemplatesCache\VisualBasic\Windows Forms\1033\Explorer.zip\explorer.vstemplate
[2009/12/21 11:28:26 | 000,006,491 | ---- | M] () MD5=FB731348042E3356E2215A6747CE893C -- C:\Users\All Users\Microsoft\VSTAHost\SSIS_ScriptComponent\9.0\ItemTemplatesCache\VisualBasic\Windows Forms\1033\Explorer.zip\explorer.vstemplate
[2009/12/21 11:28:26 | 000,006,491 | ---- | M] () MD5=FB731348042E3356E2215A6747CE893C -- C:\Users\All Users\Microsoft\VSTAHost\SSIS_ScriptTask\9.0\ItemTemplatesCache\VisualBasic\Windows Forms\1033\Explorer.zip\explorer.vstemplate

< MD5 for: EXPLORER.ZIP >
[2009/12/21 11:28:28 | 000,024,306 | ---- | M] () MD5=1EFEA00EC1042E059C5602E46DA33421 -- C:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\ItemTemplates\VisualBasic\Windows Forms\1033\Explorer.zip
[2009/06/03 21:15:06 | 000,020,394 | ---- | M] () MD5=B469409C2B2A33C542190B720E11BD79 -- C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Explorer.zip
[2010/03/18 20:23:00 | 000,024,306 | ---- | M] () MD5=E8E0F5E3C559D62C1A65CF2C5EB75A24 -- C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\ItemTemplates\VisualBasic\Windows Forms\1033\Explorer.zip

< MD5 for: IEXPLORE.EXE >
[2012/06/02 04:47:54 | 000,754,808 | ---- | M] (Microsoft Corporation) MD5=004640AB259C1572EBD5FB0A32F63686 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20553_none_0dbfc836999db0ca\iexplore.exe
[2012/06/25 19:50:45 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=0129BB16161C2FD9A6B19111AB047198 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16446_none_1798a687b4d6030f\iexplore.exe
[2012/06/28 22:02:52 | 000,754,784 | ---- | M] (Microsoft Corporation) MD5=1223ACBFC1093852DFF039E189599BBD -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16448_none_0d45fcc9807373c2\iexplore.exe
[2012/08/24 00:34:41 | 000,748,680 | ---- | M] (Microsoft Corporation) MD5=22CC6CDBA678790046693654C3B212E4 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16450_none_1787d4dfb4e386f6\iexplore.exe
[2012/10/08 01:37:24 | 000,748,704 | ---- | M] (Microsoft Corporation) MD5=270A1342BD5AF95CA25A586B4C2F1522 -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
[2012/10/08 01:37:24 | 000,748,704 | ---- | M] (Microsoft Corporation) MD5=270A1342BD5AF95CA25A586B4C2F1522 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16455_none_178cd651b4df05a9\iexplore.exe
[2012/08/24 04:23:44 | 000,754,824 | ---- | M] (Microsoft Corporation) MD5=2D53C5F71653EF94E7829846405D4ED2 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16450_none_0d332a8d8082c4fb\iexplore.exe
[2012/06/02 02:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=34B01BBD8F00B6B9C9248DC4F1E3CD01 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16447_none_1799a6d1b4d51c66\iexplore.exe
[2012/10/08 05:29:46 | 000,754,848 | ---- | M] (Microsoft Corporation) MD5=49442BA6DCE4B4E3C1CB0AB193FE29AD -- C:\Program Files\Internet Explorer\iexplore.exe
[2012/10/08 05:29:46 | 000,754,848 | ---- | M] (Microsoft Corporation) MD5=49442BA6DCE4B4E3C1CB0AB193FE29AD -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16455_none_0d382bff807e43ae\iexplore.exe
[2012/06/25 19:50:45 | 000,754,808 | ---- | M] (Microsoft Corporation) MD5=4E99F42504A99D5024C2EFA015001937 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16446_none_0d43fc3580754114\iexplore.exe
[2012/08/24 03:49:07 | 000,754,824 | ---- | M] (Microsoft Corporation) MD5=5A150AFABB25BEA50CEDC8650A7B8A9E -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20557_none_0dc3c95e999a1626\iexplore.exe
[2012/06/28 19:45:31 | 000,754,808 | ---- | M] (Microsoft Corporation) MD5=5D03518409F37D1483C98869D86E23FF -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20554_none_0dc0c880999cca21\iexplore.exe
[2012/06/02 05:52:21 | 000,754,808 | ---- | M] (Microsoft Corporation) MD5=610F6596921C4BAA8834ADBB9BE272EE -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16447_none_0d44fc7f80745a6b\iexplore.exe
[2012/08/24 00:49:25 | 000,748,680 | ---- | M] (Microsoft Corporation) MD5=62188720CE27B982B4285C03163C9FB3 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20557_none_181873b0cdfad821\iexplore.exe
[2010/11/20 20:24:43 | 000,695,056 | ---- | M] (Microsoft Corporation) MD5=86257731DDB311FBC283534CC0091634 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_1196a9003b674a92\iexplore.exe
[2012/06/28 18:00:47 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=93569D46D79F9756ED077156496AFE23 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16448_none_179aa71bb4d435bd\iexplore.exe
[2012/06/02 01:51:58 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=BE967C74B89577B78FB57C061E12B04C -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20553_none_18147288cdfe72c5\iexplore.exe
[2010/11/20 20:25:08 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=C613E69C3B191BB02C7A191741A1D024 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_1beb53526fc80c8d\iexplore.exe
[2012/10/08 01:22:05 | 000,748,704 | ---- | M] (Microsoft Corporation) MD5=CECB15F834FC2B4B150449717ADE18DD -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20562_none_1808a252ce07755f\iexplore.exe
[2012/06/28 16:35:27 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=EB4105348272018D096FEB655CD1608C -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20554_none_181572d2cdfd8c1c\iexplore.exe
[2012/10/08 04:09:10 | 000,754,824 | ---- | M] (Microsoft Corporation) MD5=F61714ABCF9BF0CEF0A6249AD4FD490B -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20562_none_0db3f80099a6b364\iexplore.exe

< MD5 for: IEXPLORE.EXE.MUI >
[2012/06/25 19:50:45 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=17FAE936C452188D05852DE8D1082013 -- C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui
[2012/06/25 19:50:45 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=17FAE936C452188D05852DE8D1082013 -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.4.8112.16421_en-us_07013012b816cb66\iexplore.exe.mui
[2012/06/25 19:50:45 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=4C71CCB3C8817185E67210856778831F -- C:\Program Files (x86)\Internet Explorer\en-US\iexplore.exe.mui
[2012/06/25 19:50:45 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=4C71CCB3C8817185E67210856778831F -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.4.8112.16421_en-us_1155da64ec778d61\iexplore.exe.mui
[2009/07/13 19:29:20 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=C29BCFB504E33FEADDFA2D0183CEF62F -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_en-us_0b433e7773148b79\iexplore.exe.mui
[2009/07/13 19:05:06 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=FBA4CD95930248053A2C3F43CA70B986 -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_en-us_1597e8c9a7754d74\iexplore.exe.mui

< MD5 for: IEXPLORE.EXE-F6A52C86.PF >
[2012/12/08 11:00:59 | 000,386,942 | ---- | M] () MD5=68B876BA37562BB6643D3BE78FE0AF57 -- C:\Windows\Prefetch\IEXPLORE.EXE-F6A52C86.pf

< MD5 for: SERVICES >
[2009/06/10 14:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

< MD5 for: SERVICES.CFG >
[2012/07/27 13:51:34 | 000,586,083 | ---- | M] () MD5=6DE4EA437EC1FE6DB27CADB0A7EA8DC2 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011/06/06 12:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg

< MD5 for: SERVICES.CS >
[2012/06/25 23:02:04 | 000,018,667 | ---- | M] () MD5=225CF14FB43ECDFE081AAF2E330C33C3 -- C:\Program Files (x86)\DevExpress 2011.2\Components\Sources\DevExpress.Utils\Serialization\Services.cs
[2012/06/25 23:02:33 | 000,008,158 | ---- | M] () MD5=4BF63E071E7A07A4CA34E9F219D1DCA4 -- C:\Program Files (x86)\DevExpress 2011.2\Components\Sources\DevExpress.XtraReports\DevExpress.XtraReports.Design\Services.cs
[2012/06/25 23:03:00 | 000,009,830 | ---- | M] () MD5=6FE1539F2FF904832935893D91BECF25 -- C:\Program Files (x86)\DevExpress 2011.2\Components\Sources\DevExpress.XtraScheduler\DevExpress.XtraScheduler\Services.cs
[2012/06/25 23:02:04 | 000,002,468 | ---- | M] () MD5=84088A0E3DA44548EF46B4BB89CFFF09 -- C:\Program Files (x86)\DevExpress 2011.2\Components\Sources\DevExpress.Utils\Services.cs
[2012/06/25 23:01:37 | 000,009,536 | ---- | M] () MD5=B5F4DEA21A08D33D983EEB4A14F5D3ED -- C:\Program Files (x86)\DevExpress 2011.2\Components\Sources\DevExpress.Web.ASPxScheduler\DevExpress.Web.ASPxScheduler\Services.cs
[2012/06/25 23:02:36 | 000,014,916 | ---- | M] () MD5=CBBB0E054FA476918FF7414D419229CF -- C:\Program Files (x86)\DevExpress 2011.2\Components\Sources\DevExpress.XtraReports\DevExpress.XtraReports.Extensions\Design\Services.cs
[2012/06/25 23:02:05 | 000,021,077 | ---- | M] () MD5=D238E87FE346F78BC9FAC1B3BF456764 -- C:\Program Files (x86)\DevExpress 2011.2\Components\Sources\DevExpress.Xpf.Scheduler.SL\DevExpress.XtraScheduler.Core.SL\Services.cs
[2012/06/25 23:03:01 | 000,021,077 | ---- | M] () MD5=D238E87FE346F78BC9FAC1B3BF456764 -- C:\Program Files (x86)\DevExpress 2011.2\Components\Sources\DevExpress.XtraScheduler\DevExpress.XtraScheduler.Core\Services.cs
[2012/06/25 23:02:12 | 000,005,531 | ---- | M] () MD5=F9A8797E659A3592F46C7A4E0C317E7E -- C:\Program Files (x86)\DevExpress 2011.2\Components\Sources\DevExpress.XtraBars\DevExpress.XtraBars\Docking2010\DragEngine\Interfaces\Services.cs
[2012/06/25 23:01:48 | 000,010,166 | ---- | M] () MD5=FE8C37C7CECFDA1DE02DD8DA05ACE7D9 -- C:\Program Files (x86)\DevExpress 2011.2\Components\Sources\DevExpress.Data.SL\Services.cs
[2012/06/25 23:01:49 | 000,010,166 | ---- | M] () MD5=FE8C37C7CECFDA1DE02DD8DA05ACE7D9 -- C:\Program Files (x86)\DevExpress 2011.2\Components\Sources\DevExpress.Data\Services.cs

< MD5 for: SERVICES.EXE >
[2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2011/04/12 01:17:17 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2011/04/12 01:17:17 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui

< MD5 for: SERVICES.ICO >
[2010/03/19 10:34:28 | 000,002,862 | ---- | M] () MD5=9F5BEF2F2471F098D1E5325498082142 -- C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\VS2010ImageLibrary\1033\VS2010ImageLibrary\Objects\ico_format\Office and VS\services.ico

< MD5 for: SERVICES.LNK >
[2009/07/13 21:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 21:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2009/06/10 13:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/10 13:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

< MD5 for: SERVICES.MSC >
[2011/04/12 01:17:16 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009/06/10 13:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2011/04/12 01:17:18 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 14:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2011/04/12 01:17:16 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 13:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2011/04/12 01:17:18 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 14:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PNG >
[2012/03/26 10:51:50 | 000,000,715 | ---- | M] () MD5=43F16E5D61C57E847F6E17C74EB0BB32 -- C:\Program Files (x86)\Telerik\RadControls for Silverlight Q1 2012 SP1\Demos\Examples.Web\Examples\Images\Docking\ServerExplorer\services.png
[2012/03/26 10:51:50 | 000,000,715 | ---- | M] () MD5=43F16E5D61C57E847F6E17C74EB0BB32 -- C:\Program Files (x86)\Telerik\RadControls for Silverlight Q1 2012 SP1\Demos\Examples\Docking\Images\Docking\ServerExplorer\services.png

< MD5 for: SERVICES.PTXML >
[2009/07/13 13:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 13:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

< MD5 for: SERVICES.RAR >
[2010/09/17 11:37:15 | 000,334,909 | ---- | M] () MD5=D34EEEEA98B4D65651BDF8C52C13C098 -- C:\Users\Dave\Documents\Visual Studio 2010\Projects\Milestone\Workbench - Copy\Services.rar
[2010/09/17 11:37:15 | 000,334,909 | ---- | M] () MD5=D34EEEEA98B4D65651BDF8C52C13C098 -- C:\Users\Dave\Documents\Visual Studio 2010\Projects\Milestone\Workbench.NewTelerik.Prism4\Services.rar
[2010/09/17 09:37:16 | 000,334,909 | ---- | M] () MD5=D34EEEEA98B4D65651BDF8C52C13C098 -- C:\Users\Dave\Documents\Visual Studio 2010\Projects\Milestone\Workbench\Services.rar

< MD5 for: WINLOGON.ADML >
[2011/04/12 01:17:31 | 000,008,013 | ---- | M] () MD5=CED0EAD8D152B3D0F114698DE2316C5E -- C:\Windows\PolicyDefinitions\en-US\WinLogon.adml
[2011/04/12 01:17:31 | 000,008,013 | ---- | M] () MD5=CED0EAD8D152B3D0F114698DE2316C5E -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_f0f9032ef6930070\WinLogon.adml

< MD5 for: WINLOGON.ADMX >
[2009/06/10 14:04:41 | 000,005,237 | ---- | M] () MD5=89D8F50E186A16C2CED3CF36DBBC0B2C -- C:\Windows\PolicyDefinitions\WinLogon.admx
[2009/06/10 14:04:41 | 000,005,237 | ---- | M] () MD5=89D8F50E186A16C2CED3CF36DBBC0B2C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-adm_31bf3856ad364e35_6.1.7600.16385_none_d7024e6992f3424d\WinLogon.admx

< MD5 for: WINLOGON.EXE >
[2010/11/20 20:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 20:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

< MD5 for: WINLOGON.EXE.MUI >
[2011/04/12 01:17:16 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=34C7D2E30868EDAFB191341D963ABA5F -- C:\Windows\SysNative\en-US\winlogon.exe.mui
[2011/04/12 01:17:16 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=34C7D2E30868EDAFB191341D963ABA5F -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7601.17514_en-us_291e96fa1ab5fc7b\winlogon.exe.mui

< MD5 for: WINLOGON.MFL >
[2011/04/12 01:17:17 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\SysNative\wbem\en-US\winlogon.mfl
[2011/04/12 01:17:17 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-mof.resources_31bf3856ad364e35_6.1.7600.16385_en-us_84afd4fd38ffd276\winlogon.mfl

< MD5 for: WINLOGON.MOF >
[2009/07/13 13:30:01 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\SysNative\wbem\winlogon.mof
[2009/07/13 13:30:01 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-mof_31bf3856ad364e35_6.1.7600.16385_none_dc2dbb778f98e40f\winlogon.mof

< %SYSTEMDRIVE%\*.* >
[2012/12/08 08:51:04 | 1066,799,102 | -HS- | M] () -- C:\hiberfil.sys
[2012/12/08 08:51:06 | 4285,710,334 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\Fonts\*.com >
[2009/07/13 22:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/13 22:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/13 22:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/13 22:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 13:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2012/03/08 18:37:20 | 000,302,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/13 21:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2012/06/25 19:56:24 | 000,000,221 | -HS- | M] () -- C:\Users\Dave\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2012/12/08 11:01:02 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Dave\Desktop\HiJackThis.exe
[2012/12/08 10:58:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dave\Desktop\OTL.exe
[2012/12/01 19:02:03 | 006,747,416 | ---- | M] (A&R Online) -- C:\Users\Dave\Desktop\PWYH_free_lesson.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >
[2012/05/29 09:35:38 | 000,001,422 | ---- | M] () -- C:\Windows\AppPatch\Custom\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 227 bytes -> C:\ProgramData\TEMP:820563D3
@Alternate Data Stream - 173 bytes -> C:\ProgramData\TEMP:21654C57

< End of report >

OTL Extras logfile created on: 12/8/2012 11:00:01 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dave\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

11.99 Gb Total Physical Memory | 8.77 Gb Available Physical Memory | 73.11% Memory free
23.98 Gb Paging File | 20.69 Gb Available in Paging File | 86.27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1863.01 Gb Total Space | 1671.70 Gb Free Space | 89.73% Space Free | Partition Type: NTFS
Drive D: | 2.90 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 1863.01 Gb Total Space | 1403.48 Gb Free Space | 75.33% Space Free | Partition Type: NTFS

Computer Name: WYNAPSE-2 | User Name: Dave | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B140B96-7770-496A-A05D-0EE0BB9BC896}" = lport=6918 | protocol=6 | dir=in | app=c:\program files (x86)\microsoft visual studio 11.0\common7\ide\devenv.exe |
"{15995AAC-6313-4A94-811D-098937CDB01C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{17755940-B54D-4E44-BEB0-D7D6E8054E85}" = lport=139 | protocol=6 | dir=in | app=system |
"{1B673154-7D3F-46B5-8085-BC293873FBF6}" = rport=137 | protocol=17 | dir=out | app=system |
"{1CD89B3F-40B3-4871-9565-534EB5CBAC6B}" = lport=3702 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft visual studio 11.0\common7\ide\devenv.exe |
"{2C050DD6-1391-447E-8E42-C69938D024D6}" = lport=10243 | protocol=6 | dir=in | app=system |
"{3B0CA7DA-C7FA-4110-9C6A-933E5F95D136}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{3EAF7314-72EA-41CE-BF71-F02E303D2327}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{496DEC5F-7683-42F4-B99D-05F4E278BF95}" = rport=10243 | protocol=6 | dir=out | app=system |
"{4DB8EA5F-11F6-490B-894A-333D662AA6E2}" = rport=139 | protocol=6 | dir=out | app=system |
"{5DD6FA49-F95D-4442-835C-D9F447EBF5CE}" = rport=138 | protocol=17 | dir=out | app=system |
"{5F024E08-9234-4ACC-85BD-A0A266C2580A}" = lport=6920 | protocol=6 | dir=in | app=c:\program files (x86)\microsoft visual studio 11.0\common7\ide\devenv.exe |
"{6A388C2F-EA71-4792-9FE7-4FD6EFB3A7CD}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{833BD48F-FD94-43C0-B347-745835DA6D49}" = rport=445 | protocol=6 | dir=out | app=system |
"{881503A6-9A56-43F1-A401-A764D35598A2}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{93743844-4ACE-4591-804F-3DDA564D5671}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9D7054B5-9AA8-4B95-B349-A57959B23B4E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AB89E31A-E25F-40EE-9F51-B08FF337580C}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{ADD14F1D-02F2-436E-8743-850D2644FEE6}" = lport=6916 | protocol=6 | dir=in | app=c:\program files (x86)\microsoft visual studio 11.0\common7\ide\devenv.exe |
"{BC837FA0-1BC1-4D9F-BB04-B313245AA8DC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BFA1D0C5-E71D-464F-A347-7B6BCCC8AC51}" = lport=6915 | protocol=6 | dir=in | app=c:\program files (x86)\microsoft visual studio 11.0\common7\ide\devenv.exe |
"{C189894C-2DA1-4B82-8915-663E8D89037F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CD300A22-4E09-4AB8-8E6C-3133EFDA7971}" = lport=137 | protocol=17 | dir=in | app=system |
"{DA8B0ADF-18EC-4230-A4D4-81D46AFDA01A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E6E177F1-84FF-4FDB-9C3E-B0C1BAE20230}" = lport=445 | protocol=6 | dir=in | app=system |
"{EA231C43-9266-427E-BDCF-8323AE45903C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{EB4E7C7A-58E2-4BEA-9742-03EFD0AE7E94}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{ED5CCC0B-2C23-4E35-875A-1CEAEE9A976E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EF8707EE-916A-4432-8995-0EC9FE03E675}" = lport=6919 | protocol=6 | dir=in | app=c:\program files (x86)\microsoft visual studio 11.0\common7\ide\devenv.exe |
"{EF8CFB88-49C6-45A7-A6BC-D14935E90417}" = lport=138 | protocol=17 | dir=in | app=system |
"{F66B1EEA-BAB7-405C-BB0B-6F480F1AF69D}" = lport=6917 | protocol=6 | dir=in | app=c:\program files (x86)\microsoft visual studio 11.0\common7\ide\devenv.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01137A65-80B1-4539-B9F3-CC4AF08109C4}" = protocol=17 | dir=in | app=c:\program files (x86)\dyyno\dyyno broadcaster\dppm_source.exe |
"{126048F8-8893-4B69-A2EA-FE4ACDA2D64A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{14EDFDBC-AA92-459A-B4FC-4A91DDE78647}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{14F95A60-D97E-4B65-BD5F-CB0B29E1F2BF}" = dir=in | app=c:\program files (x86)\samsung\allshare\allshareagent.exe |
"{20D95AD9-08DE-4A4B-A12C-08C2868AD7C5}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\live meeting 8\console\pwconsole.exe |
"{33966250-3A3F-4691-9A0C-7F396DA6BFF2}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{3519F8F9-DF33-4D04-A8BF-0C61FD39973F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{46BC650C-6447-4931-95B0-EE3E1819AA27}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{47C4C03E-F8A5-4CD5-83C8-5156D527DADE}" = dir=in | app=c:\program files (x86)\softland\backup4all professional 4\backup4all.exe |
"{4FCFF91B-38E7-4EDC-8A44-58C596627210}" = protocol=17 | dir=in | app=c:\program files (x86)\dyyno\dyyno broadcaster\dgcsrv.exe |
"{5003D141-1579-4B98-9BA9-6C2C0E5F16F9}" = protocol=6 | dir=out | app=system |
"{5204F960-D604-47EF-BCD0-DECDCF12A5A7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{5B46F71D-CE0F-4258-A295-0DA747008511}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{5EC90C7F-167C-4736-BDB0-DFC958D184ED}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{604F9287-FF4A-4EB1-881A-66900343A090}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{7467CBA5-3A1D-4552-ABEA-2E39DD07FE32}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7824604C-46D6-4707-B6A9-50E7124E6241}" = dir=in | app=c:\program files (x86)\microsoft lync attendee\attendeecommunicator.exe |
"{78C25388-AE5A-46BC-A598-AD856CD14D12}" = dir=in | app=c:\program files (x86)\samsung\allshare\allsharedms\allsharedms.exe |
"{7E3B448B-4396-46E7-9836-6749C957B414}" = protocol=6 | dir=in | app=c:\program files (x86)\dyyno\dyyno broadcaster\dppm_source.exe |
"{849E736B-DADD-454F-9247-949EF3B18B13}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{95040537-7357-48F3-A7CE-B8E7FC411EF7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9E0A5FA3-4154-468B-B7DE-861F684155A0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A329A7D4-78AA-4F89-AE55-F19BC9F10876}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{A926AF0F-945A-4748-82A9-16B4AA6F2CFB}" = dir=in | app=c:\program files (x86)\samsung\allshare\allshare.exe |
"{AB7821B9-4B41-4D5B-8125-6AEFAEC40264}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{ABF94DFF-27C7-49D0-8A28-09D2C59C3EE4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BB92AD01-C57D-4C52-B10C-868D5AD8FFB7}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{C71C4CEC-B389-4A9C-B83C-F3C0B32E1EE6}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{C9D761C8-F38A-4454-B390-18B385762EFD}" = dir=in | app=c:\program files (x86)\softland\backup4all professional 4\b4acmd.exe |
"{CD3CD8CE-A68A-4A1E-9E09-69C9B3893F83}" = protocol=6 | dir=in | app=c:\program files (x86)\dyyno\dyyno broadcaster\dgcsrv.exe |
"{CDFBA1E5-4D52-4CDC-B557-D346216C06B7}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{D4727DF8-1A68-43E9-BC3C-EE44E64C604F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D732A225-A227-4AFC-96E0-68A8695B793E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\live meeting 8\console\pwconsole.exe |
"{DA6A3B25-18D5-44FA-B48F-61B296CB5F08}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{DE826CBC-2158-4213-B6DA-58B737630616}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{DED15094-0BE4-4D39-95CF-122375A7B0C4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EF13676D-2EEE-4950-9485-9D16BE2B5ADB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F4B9022E-5639-4CBD-8A30-ACE1455D36B5}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{FCCAAA61-08F9-4126-825B-13359EE947EE}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\live meeting 8\console\pwconsole.exe |
"{FE553199-8E08-4428-B32F-4DF782032427}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\live meeting 8\console\pwconsole.exe |
"TCP Query User{08824861-0406-4061-8D6E-77C92D9E8FB5}C:\users\dave\appdata\local\microsoft\lwaplugin\x86\15.7\lwaplugin.exe" = protocol=6 | dir=in | app=c:\users\dave\appdata\local\microsoft\lwaplugin\x86\15.7\lwaplugin.exe |
"TCP Query User{2FA5949D-0FD4-4503-8BCC-CC94CF40EA72}C:\program files (x86)\telerik\radcontrols for silverlight q1 2012 sp1\demos\examples.web\startexamples.exe" = protocol=6 | dir=in | app=c:\program files (x86)\telerik\radcontrols for silverlight q1 2012 sp1\demos\examples.web\startexamples.exe |
"UDP Query User{908B7ED7-FF8D-4D2A-9AA7-C8E5C7BFBF78}C:\program files (x86)\telerik\radcontrols for silverlight q1 2012 sp1\demos\examples.web\startexamples.exe" = protocol=17 | dir=in | app=c:\program files (x86)\telerik\radcontrols for silverlight q1 2012 sp1\demos\examples.web\startexamples.exe |
"UDP Query User{D271D89B-660F-4EB4-A430-4C382BCB184C}C:\users\dave\appdata\local\microsoft\lwaplugin\x86\15.7\lwaplugin.exe" = protocol=17 | dir=in | app=c:\users\dave\appdata\local\microsoft\lwaplugin\x86\15.7\lwaplugin.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01078B88-2981-4F75-96B0-8B22E2D2DE03}" = Microsoft SQL Server 2008 R2 Setup (English)
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{034106B5-54B7-467F-B477-5B7DBB492624}" = Microsoft Sync Framework Services v1.0 SP1 (x64)
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{0826F9E4-787E-481D-83E0-BC6A57B056D5}" = Microsoft SQL Server VSS Writer
"{0E8670B8-3965-4930-ADA6-570348B67153}" = Microsoft SQL Server 2012 Transact-SQL ScriptDom
"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
"{13417784-A359-3CDD-8DE1-B7108707D647}" = Visual Studio 2012 Prerequisites - ENU Language Pack
"{13D558FE-A863-402C-B115-160007277033}" = Microsoft SQL Server 2012 Express LocalDB
"{1AB7EDC5-D891-34C5-9FF1-BE6A85ACC44B}" = Microsoft Team Foundation Server 2010 Object Model - ENU
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5
"{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219
"{1D1CEEF8-3741-45BD-8E77-963E1DEBDDD3}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x64)
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1E6ED082-E32D-4B2B-8B6A-70B094815135}" = Microsoft SQL Server System CLR Types (x64)
"{234F6B0D-10AE-4BB7-B2F3-E48D4861952D}" = SQL Server 2008 R2 SP1 Common Files
"{27EF252D-800C-ED42-9904-459FE0046225}" = Windows Software Development Kit for Windows Store Apps DirectX x64 Remote
"{28D85F24-B685-3364-BB7C-284C88C2FFE5}" = Microsoft Visual Studio Team Foundation Server 2012 Storyboarding
"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
"{2B997E80-3BEC-3222-9114-98DBE1182B2E}" = Microsoft Visual C++ 2012 x64 Debug Runtime - 11.0.50727
"{2D2601B6-157F-4F88-B66B-B52DB21EAB2D}" = SQL Server 2008 R2 SP1 Client Tools
"{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}" = Sql Server Customer Experience Improvement Program
"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
"{36E619BC-A234-4EC3-849B-779A7C865A45}" = Microsoft SQL Server 2012 Data-Tier App Framework
"{36F70DEE-1EBF-4707-AFA2-E035EEAEBAA1}" = SQL Server 2008 R2 SP1 Common Files
"{3FA063D7-EDC1-AFA8-54AF-0563C7DEE070}" = Windows App Certification Kit Native Components
"{471AAD2C-9078-4DAC-BD43-FA10FB7C3FCE}" = Microsoft SQL Server 2008 R2 Native Client
"{49D665A2-4C2A-476E-9AB8-FCC425F526FC}" = Microsoft SQL Server 2012 Native Client
"{4EC5CF64-2E59-411D-1122-220111005150}" = Avaya VPN Client
"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
"{51E5BC99-A087-4CFF-8D93-462903EA7E12}" = SQL Server 2008 R2 SP1 Management Studio
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{55EFD1A6-ED8E-3A4C-9581-5E1A1FF244CD}" = Microsoft Visual Studio Team Foundation Server 2012 Storyboarding Language Pack - ENU
"{572E796D-C52B-3797-A685-2FB6F895D4BE}" = Microsoft Visual Studio 2010 Office Developer Tools (x64)
"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
"{5FB4C443-6BD6-1514-2717-3827D65AE6FB}" = Windows Software Development Kit DirectX x64 Remote
"{61862D7C-CDBC-48D5-8AE1-3B8BD1E23BC5}" = Visual Studio 2012 Prerequisites
"{6292D514-17A4-403F-98F9-E150F10C043D}" = Microsoft SQL Server 2008 Setup Support Files
"{633AB014-DDE6-403E-A302-8920CC32C543}" = Microsoft Visual Studio 2012 Performance Collection Tools
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{662014D2-0450-37ED-ABAE-157C88127BEB}" = Visual Studio 2010 Prerequisites - English
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{68A48EF1-DF03-394F-AF40-1E4FE42BB8DD}" = Microsoft Visual Studio Team Foundation Server 2012 Object Model Language Pack - ENU
"{6AAF4427-3039-4C8A-BE53-D6F01C21AD46}" = Microsoft Visual Studio 2012 IntelliTrace Core amd64
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
"{6F07A6C2-9068-3673-A120-DC10012468C6}" = Microsoft Visual Studio Team Foundation Server 2012 Object Model
"{72AB7E6F-BC24-481E-8C45-1AB5B3DD795D}" = SQL Server 2008 R2 SP1 Management Studio
"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
"{78909610-D229-459C-A936-25D92283D3FD}" = Microsoft SQL Server Compact 4.0 SP1 x64 ENU
"{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}" = IIS 8.0 Express
"{7E587F58-50BE-3557-89F6-14D99CB5FB2A}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{81455DEB-FC7E-3EE5-85CA-2EBDD9FD61EB}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x64
"{8438EC02-B8A9-462D-AC72-1B521349C001}" = Microsoft Sync Framework Runtime v1.0 SP1 (x64)
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{88BAE373-00F4-3E33-828F-96E89E5E0CB9}" = Microsoft Visual Studio 2010 IntelliTrace Collection (x64)
"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
"{8FF0ACBD-17A5-3637-95F4-D7C69723E2BF}" = Microsoft Visual Studio 2010 Performance Collection Tools SP1 - ENU
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
"{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}" = Microsoft SQL Server 2012 Command Line Utilities
"{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb" = IIS Express Application Compatibility Database for x64
"{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
"{AA72C306-30BE-4BB1-9E42-59552BAD2CDF}" = Microsoft Web Deploy 3.0
"{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
"{ADBD6E65-46CB-4A97-9AFB-64963FEACC40}" = Microsoft SQL Server 2008 RsFx Driver
"{AEF6C676-D7A2-4487-BD4B-1BED17B229B5}" = Microsoft Mouse and Keyboard Center
"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
"{B5FE23CC-0151-4595-84C3-F1DE6F44FE9B}" = SQL Server 2008 R2 SP1 Client Tools
"{B6651C8C-5030-4FE1-B820-0604532C02A9}" = Microsoft Lync Web App Plug-in
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{BEB0F91E-F2EA-48A1-B938-7857ABF2A93D}" = Microsoft SQL Server 2012 Transact-SQL Compiler Service
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
"{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
"{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}" = Microsoft SQL Server 2008 Database Engine Shared
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{D57519D3-2E37-3E34-94AF-4D59BFAB87E6}" = Microsoft Visual Studio 2010 Office Developer Tools (x64)
"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
"{D9F3D00D-E946-3B3D-A4A6-93D5020DB9F7}" = Microsoft Visual C++ 2012 x64 Designtime - 11.0.50727
"{DB1FA72A-0667-40DF-A4F1-139FCB2131AB}" = EntitySpaces 2012 v2012.1.0229.0
"{DF167CE3-60E7-44EA-99EC-2507C51F37AE}" = Microsoft SQL Server 2008 Database Engine Shared
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E2B8249D-895C-4685-8C83-00F3B1A13028}" = Microsoft Web Platform Installer 4.0
"{E5748D30-7E6D-3A8E-BFE6-C1D02C6DDABB}" = Microsoft Help Viewer 1.1
"{EAEBF166-B06A-4D7F-BAF7-6615303D5C7C}" = Microsoft SQL Server 2008 R2 Management Objects (x64)
"{F1949145-EB64-4DE7-9D81-E6D27937146C}" = Microsoft System CLR Types for SQL Server 2012 (x64)
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{F5079164-1DB9-3BDA-853B-F78AF67CE071}" = Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319
"{FA0A244E-F3C2-4589-B42A-3D522DE79A42}" = Microsoft SQL Server 2012 Management Objects (x64)
"{FA7394B8-CE65-4F9E-AC99-F372AD365424}" = Microsoft SQL Server 2008 Database Engine Services
"{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = Microsoft SQL Server 2008 Database Engine Services
"{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb" = IIS Express Application Compatibility Database for x86
"{FE74AC04-F248-4641-B3A9-89C6AA4339CD}" = Microsoft Visual Studio 2012 Performance Collection Tools - ENU
"CCleaner" = CCleaner
"Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1
"Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 R2 (64-bit)
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit)
"Microsoft SQL Server 2008 R2" = Microsoft SQL Server 2008 R2 (64-bit)
"Microsoft Team Foundation Server 2010 Object Model - ENU" = Microsoft Team Foundation Server 2010 Object Model - ENU
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"Recuva" = Recuva
"WinRAR archiver" = WinRAR 4.20 (64-bit)
"Zune" = Zune

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00EC8ABC-3C5A-40F8-A8CB-E7DCD5ABFA05}" = Microsoft NuGet - Visual Studio 2012
"{02213A81-CB13-7262-5ABE-1FFA2C75559F}" = Windows App Certification Kit x64
"{046806D1-0A38-3FCA-AF84-F71C50A0C363}" = Microsoft Visual Studio Premium 2012
"{09335E49-1C8F-4973-9929-941BE9C6EF33}" = Microsoft Lync 2010 Attendee
"{09C52940-A4D1-4409-A7CC-1AAE630CF578}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
"{0A1A1D48-DB23-443A-BC7B-49255D138020}" = Entity Framework Designer for Visual Studio 2012 - enu
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0BCC836F-0B28-4090-B58A-64883BAA3B2F}" = WCF Data Services 5.0 (for OData v3) Primary Components
"{0BE273CD-AAB9-361B-8C32-D955EAC929E3}" = Microsoft Visual Studio 2010 SharePoint Developer Tools
"{0E3DFC64-CC49-4BE2-8C9C-58EF129675DB}" = Microsoft Sync Framework SDK v1.0 SP1
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
"{1172AC15-080E-30E3-85B0-FF59AD2E6315}" = Microsoft Visual Studio Ultimate 2012 - ENU
"{148878BD-A2A5-4CF1-A103-2BA632F41953}" = WCF Data Services Tools for Microsoft Visual Studio 2012
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{1690CE56-2231-4E59-9006-A0876D949EA8}" = Tools for .Net 3.5
"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{189AEA94-DAFB-487A-8CEE-F9D3DDE0A748}" = Microsoft Silverlight 4 SDK
"{1948E039-EC79-4591-951D-9867A8C14C90}" = Microsoft .NET Framework 4.5 SDK
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1AA5BD63-6614-44B2-88A7-605191EDB835}" = Dotfuscator Software Services - Community Edition
"{1B9BBB23-65CB-3AEE-BFC6-633E7CA299FD}" = Microsoft Visual Studio Team Foundation Server 2012 Team Explorer Language Pack - ENU
"{1C163D33-33B3-33EB-A617-0D4D852BE8E1}" = Microsoft Visual C++ 2012 x86 Debug Runtime - 11.0.50727
"{1DB43E5A-2F24-4F51-92B0-A2C0EBF5C742}" = Microsoft Report Viewer Add-On for Visual Studio 2012
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F8E06E2-BA93-40DC-B183-E024CBD853A8}" = Microsoft Visual C++ 2012 Compilers
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{23176E97-26CB-C72A-19EB-BFB21AC1D15A}" = Windows Software Development Kit DirectX x86 Remote
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{246B0F46-F84E-4857-8C47-F2A86B598BC5}" = Microsoft Visual Studio 2012 Preparation
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java™ 7 Update 5
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{29F259D7-C517-3EED-84B4-237573CFD39C}" = Microsoft Visual C++ 2012 Microsoft Foundation Class Libraries
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2C0CC01A-DDBC-3AED-AF18-E741242FD727}" = Microsoft Visual Studio Ultimate 2012 XAML UI Designer enu Resources
"{2C76E3DA-BA76-4FAD-B1B1-72B46D639028}" = PreEmptive Analytics Visual Studio Components
"{2F6CE32A-018D-4656-895B-9E5E20D7740A}" = Microsoft ASP.NET MVC 3 - Visual Studio 2012 Tools Update
"{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
"{2F8B731A-5F2D-3EA8-8B25-C3E5E43F4BDB}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x86
"{2FF43F5D-5729-4E02-A548-310E30A5F29B}" = Microsoft CAPICOM 2.1.0.2 SDK
"{330E5D98-20D2-4CA4-AE51-FCB8AA80F634}" = Microsoft Visual Studio 2012 Devenv
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{372D17F6-A54E-4A01-B264-1314890FFE61}" = Dotfuscator and Analytics Community Edition
"{38FC6E9A-F719-431A-A83D-4C86D5FD6555}" = Microsoft Visual Studio 2012 Shell (Minimum) Resources
"{3A523AF9-D32F-4C85-8388-0335731F3405}" = WCF RIA Services V1.0 SP2
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
"{42F61556-29ED-8122-F39E-6F04EA5FF279}" = Windows Software Development Kit for Windows Store Apps DirectX x86 Remote
"{472A7A38-D592-43EC-ACB4-9AE4BBA05BA0}" = Syncfusion Orubase Studio 1.1.0.27
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4ECF4BDC-8387-329A-ABE9-CF5798F84BB2}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{52C8311A-AE39-4AE5-A386-E66F9D48C665}" = Backup4all Professional 4
"{532DBCC8-9468-435C-AEF6-30B7F50735A2}" = Blend for Visual Studio 2012 ENU resources
"{574A2F47-9325-4ACC-ABB6-E0B1571F6F30}" = MyAddin2
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{57D782D7-49FD-48DE-AB47-A690A1519A2D}" = Microsoft ASP.NET Web Pages 2 - Visual Studio 2012 Tools
"{57F20F04-014D-453F-B6A3-AE9485C4DFAB}" = Blend for Visual Studio 2012
"{59D87F40-6C4B-4F80-A42B-FAA0E6EAFAB6}" = Microsoft ASP.NET MVC 4 - Visual Studio 2012 Tools
"{5CBFF3F3-2D40-34EE-BCA5-A95BC19E400D}" = Microsoft .NET Framework 4.5 Multi-Targeting Pack
"{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
"{60D5EF2A-4E0C-2C30-38F6-59C26E134F4A}" = Windows Software Development Kit
"{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}" = Microsoft ASP.NET Web Pages
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
"{6D6D43E5-218C-4B05-92D3-2240810F4760}" = Microsoft SQL Server 2012 T-SQL Language Service
"{6DAB46E3-D017-3E2B-85D8-F57A230384C0}" = Microsoft Visual Studio Team Foundation Server 2012 Team Explorer
"{6F066545-40A2-4C38-A8F7-78581CC5C442}" = Microsoft ASP.NET Web Pages - Visual Studio 2012 Tools
"{6FC3B79F-47C6-38AF-B9A9-67DE3C639598}" = Microsoft Visual Studio Premium 2012 - ENU
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{731C183B-86A0-3442-BE55-68A7C92581E9}" = Microsoft Visual C++ 2012 Extended Libraries
"{7437A4B9-314F-3B8F-827B-22909146E471}" = Microsoft LightSwitch for Visual Studio 2012 Core
"{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}" = Microsoft SQL Server 2008 R2 Management Objects
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{790E9425-8570-493F-9AE7-81AFC9E46930}" = Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20627.00)
"{7A56D81D-6406-40E7-9184-8AC1769C4D69}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
"{7C4196CA-CA41-4F34-9C08-7724E7705D52}" = Jasc Animation Shop 3
"{800F484E-9D69-492D-B656-7BAA32586142}" = Microsoft Visual Studio 2012 Shell (Minimum)
"{820C677A-41B2-48C3-8136-FEE35A052E73}" = Microsoft Visual Studio 2012 Shell (Minimum) Interop Assemblies
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84EDA6C9-6EF1-43BC-94BD-AA0619EC76DC}" = PASSWORDfighter
"{8543A572-5993-4101-BACC-C83884E183A4}" = EzGrabber
"{85467CBC-7A39-33C9-8940-D72D9269B84F}" = Microsoft Visual F# 2.0 Runtime
"{877B76B2-F83F-4F5A-B28D-3F398641ADB6}" = Microsoft SQL Server System CLR Types
"{89B4532E-19CE-4FA9-9692-10BFD5A38532}" = Visual Studio Extensions for Windows Library for JavaScript
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DC069E7-893C-41E1-9442-DE89FEC33371}" = Xobni Core
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9169C939-ED01-446A-BD0C-29873BAF4E48}" = Prerequisites for SSDT
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93489CA8-6656-33A0-A5AC-E0EDEDB17C3E}" = Microsoft Visual Studio Professional 2012
"{93933456-3466-4F28-AE84-EF0042EC6936}_is1" = Pavtube YouTube Converter version: 1.3.1.2376
"{942CC691-5B98-42A3-8BC5-A246BA69D983}" = Microsoft ASP.NET MVC 4 Runtime
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
"{95140000-0081-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D41D2EF-2D33-4CFD-8A3E-C7E6FCC3303B}" = ArcSoft ShowBiz
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A3A6D5EA-B6B5-3C05-BDA8-EAB99C09CDDC}" = Microsoft Visual Studio 2012 SharePoint Developer Tools
"{A4366F69-CE22-4DB7-9C8C-46A5845AF997}" = Microsoft Visual C++ 2012 Compilers - ENU Resources
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA107568-1B58-407E-9867-D51F71C9F446}" = Driver Install 64-Bit
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{ABFFBEA4-E915-42DA-98FB-335E007A3AE5}" = Tabs Studio
"{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{AD1AEE2A-D9C0-3FAC-8D6B-B5E07B47257B}" = Microsoft Visual C++ 2012 Core Libraries
"{AEBD79BC-C151-4184-BEB0-F8364435B800}" = Windows Phone
"{B1465D1D-6427-4CA1-AE29-8B699209E663}" = Microsoft Visual Studio 2012 Devenv Resources
"{B3533B84-A8DF-4A7A-8E95-B15F08B26E96}" = Microsoft Visual Studio 2012 IntelliTrace Core x86
"{B5DA9D49-9BD8-0F2F-52FC-C7E66BC8D944}" = LocalESPCui for en-us
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{B96FCD4F-6EDD-4258-8A6D-0FCEA8445E3E}" = Microsoft Web Developer Tools - Visual Studio 2012
"{B9F35D86-242E-3FA4-B9F8-A982E0DF918D}" = Microsoft Visual Studio 2012 SharePoint Developer Tools ENU Language Pack
"{BAD0254F-9BDB-3D14-A5AC-9C0EF51F3D09}" = Microsoft Portable Library Multi-Targeting Pack Language Pack - enu
"{BC0464FA-A0BA-3E38-85BF-DC5B3A401F48}" = Microsoft Visual Studio 2010 Ultimate - ENU
"{BC537AE0-88AF-47ED-B762-33B0D62B5188}" = Microsoft SQL Server 2008 R2 Data-Tier Application Framework
"{BDBE5D2A-AAB7-77BD-7A0E-5006665CE7C6}" = LocalESPC
"{BDFC949B-B66F-4E0A-887A-DE80E42FE73C}" = Telerik Control Panel
"{C1BE4600-7D15-3D1E-8AA2-B3241DB1D063}" = Microsoft Visual Studio Ultimate 2012 XAML UI Designer Core
"{C4CAD994-6EA2-3121-8352-DA593150B322}" = Microsoft Portable Library Multi-Targeting Pack
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{C7B78A87-AC8B-447D-9A9C-53C6F1B2C589}" = Telerik RadControls for Silverlight Q1 2012 SP1
"{C81452EB-CBCF-B8EB-3124-48C5B3D506B0}" = Windows Runtime Intellisense Content - en-us
"{CB3CB52F-6F12-42FD-A840-4C55EC2CA0B8}" = Add-in Express for Microsoft Office and .NET, Standard
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{CFFDC0EC-6924-3347-B047-13339EDBEC28}" = Microsoft Visual Studio Professional 2012 - ENU
"{D11F66FF-82B3-DDB8-1146-525370552BE1}" = Windows Software Development Kit for Windows Store Apps
"{D21BC5B2-CBAC-48FA-A701-B5A63C1CA7B8}" = Microsoft SQL Server 2008 R2 Policies
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D47A18EF-38BC-4951-A344-9800D3BF4D53}_is1" = ScreenCamera version 3.0.5.30
"{D971780F-A609-4F78-92AA-B56FBC3955B9}" = Microsoft Visual Studio 2012 IntelliTrace Front End x86
"{DA1C1761-5F4F-4332-AB9D-29EDF3F8EA0A}" = Microsoft SQL Server 2012 Management Objects
"{DCDEC776-BADD-48B9-8F9A-DFF513C3D7FA}" = Microsoft ASP.NET MVC 3
"{DD565A92-E150-497B-B343-938D701CF178}" = Telerik RadControls for WPF Q3 2012
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DDFD8348-058C-4F4B-85E5-6D740D4AB3FE}" = Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF2035BE-5820-4965-BD97-7FAF8D4A7879}" = Microsoft_VC90_CRT_x86
"{DF47ACA3-7C78-4C08-8007-AC682563C9F1}" = Samsung AllShare
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1FBB3D4-ADB0-4949-B101-855DA061C735}" = Microsoft Silverlight 5 SDK
"{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}" = Microsoft System CLR Types for SQL Server 2012
"{e238e1a0-7fbd-4146-a4ac-d48badcdf3ae}" = Microsoft Visual Studio Ultimate 2012
"{E30E7561-A466-4393-B8BF-FD93E733EF3C}" = Microsoft Office Live Meeting 2007
"{E3EFA93B-9FD7-461E-A166-8B621D3CAE6C}" = Syncfusion Metro Studio 1.0.1.2
"{E4ADE757-7FE9-322D-9CAE-C77D77A2D2BF}" = Microsoft LightSwitch for Visual Studio 2012 CoreRes - ENU
"{E4C33F5B-1B2F-466E-957E-B274F08151A0}" = Microsoft Web Deploy dbSqlPackage Provider - enu
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E818AE7C-244B-4A50-9C86-C0E4A8B69159}" = Microsoft Visual Studio 2012 Tools for SQL Server Compact 4.0 SP1 ENU
"{EC35EE8E-87D1-4E3E-B5CC-D8B1544615F5}" = Microsoft Silverlight 5 Toolkit December 2011
"{ECF0B9B4-8098-4BA2-9316-8A0C6A6F75CC}" = SPAMfighter
"{ED780CA9-0687-3C12-B439-3369F224941F}" = Microsoft Visual Studio 2010 Service Pack 1
"{EFA87714-E75A-3BFC-A698-A3AABA5A8A0C}" = Microsoft Visual Studio Ultimate 2012
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F843C6A3-224D-4615-94F8-3C461BD9AEA0}" = Jasc Paint Shop Pro 9
"{FA804794-2CCB-4301-954F-2C2894698876}" = Microsoft SQL Server Data Tools - enu (11.1.20627.00)
"{FBA6F90E-36EC-4FC9-9B25-3834E3BD46A8}" = Microsoft SQL Server 2012 Data-Tier App Framework
"{FBBC8076-BB21-4E06-9FA0-309AEF6E35EE}" = Microsoft ASP.NET Web Pages 2 Runtime
"{FD2EE96D-F1DE-4009-AE9D-DD8849FA3E5C}" = TweetDeck
"{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FEB375AB-6EEC-3929-8FAF-188ED81DD8B5}" = Microsoft Help Viewer 2.0
"1.0.1.2_is1" = Syncfusion Metro Studio 1.0.1.2
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"CursorWorkshop" = Axialis CursorWorkshop 6.33
"DevExpress 2011.2 Components" = DevExpress 2011.2 Components
"DevExpress 2011.2 eXpressApp Framework" = DevExpress 2011.2 eXpressApp Framework
"DevExpress 2011.2 IDETools" = DevExpress 2011.2 IDETools
"DVD Flick_is1" = DVD Flick 1.3.0.7
"DVDFab 8 Qt_is1" = DVDFab 8.2.1.3 (28/09/2012) Qt
"Dyyno Broadcaster" = Dyyno Broadcaster
"FileZilla Client" = FileZilla Client 3.5.3
"Flash Video Capture_is1" = Flash Video Capture 4.5.5 build 4900
"GOM Player" = GOM Player
"InstallShield_{AA107568-1B58-407E-9867-D51F71C9F446}" = Driver Install 64-Bit
"InstallShield_{DF47ACA3-7C78-4C08-8007-AC682563C9F1}" = Samsung AllShare
"IrfanView" = IrfanView (remove only)
"Microsoft Help Viewer 2.0" = Microsoft Help Viewer 2.0
"Microsoft Report Viewer Redistributable 2008 (KB971119)" = Microsoft Report Viewer Redistributable 2008 SP1
"Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1
"Microsoft Visual Studio 2010 Ultimate - ENU" = Microsoft Visual Studio 2010 Ultimate - ENU
"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
"Mozilla Firefox 17.0 (x86 en-US)" = Mozilla Firefox 17.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"PASSWORDfighter" = PASSWORDfighter
"PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software
"SendToKindle" = Amazon Send to Kindle
"SPAMfighter" = SPAMfighter
"USB Safely Remove_is1" = USB Safely Remove 4.4
"VirtualCloneDrive" = VirtualCloneDrive
"WinLiveSuite" = Windows Live Essentials
"Wisdom-soft Set up ScreenHunter 5.1 Pro" = Wisdom-soft Set up ScreenHunter 5.1 Pro
"XobniMain" = Xobni

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"0c5340e7bc61fad4" = Telerik WPF Demos - 1
"a62677970caebb9a" = Telerik WPF Demos
"Amazon Kindle" = Amazon Kindle
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 12/6/2012 8:00:15 PM | Computer Name = WynApse-2 | Source = Microsoft Office 14 | ID = 2001
Description = Microsoft Word: Rejected Safe Mode action : Word has detected that
you are holding down the CTRL key. Do you want to start Word in safe mode?.

Error - 12/7/2012 3:30:15 AM | Computer Name = WynApse-2 | Source = SideBySide | ID = 16842761
Description = Activation context generation failed for "C:\Users\Dave\AppData\Roaming\Awesome
Addins Inc\MyAddin2\adxloader.dll.Manifest".Error in manifest or policy file "C:\Users\Dave\AppData\Roaming\Awesome
Addins Inc\MyAddin2\adxloader.dll.Manifest" on line 2. The manifest file root element
must be assembly.

Error - 12/7/2012 4:15:57 PM | Computer Name = WynApse-2 | Source = .NET Runtime | ID = 1026
Description =

Error - 12/7/2012 4:16:00 PM | Computer Name = WynApse-2 | Source = Application Error | ID = 1000
Description = Faulting application name: MyWPFTreeControl.exe, version: 1.0.0.0,
time stamp: 0x50c24e7c Faulting module name: KERNELBASE.dll, version: 6.1.7601.17932,
time stamp: 0x50327672 Exception code: 0xe0434352 Fault offset: 0x0000c41f Faulting
process id: 0x1070 Faulting application start time: 0x01cdd4b7aaa07e0e Faulting application
path: C:\Users\Dave\Documents\Visual Studio 2010\Projects\Milestone\MyWPFTreeControl\MyWPFTreeControl\bin\Debug\MyWPFTreeControl.exe
Faulting
module path: C:\Windows\syswow64\KERNELBASE.dll Report Id: ea1423a1-40aa-11e2-a78a-90fba6df34b3

Error - 12/7/2012 4:19:52 PM | Computer Name = WynApse-2 | Source = .NET Runtime | ID = 1026
Description =

Error - 12/7/2012 4:19:53 PM | Computer Name = WynApse-2 | Source = Application Error | ID = 1000
Description = Faulting application name: MyWPFTreeControl.exe, version: 1.0.0.0,
time stamp: 0x50c24e7c Faulting module name: KERNELBASE.dll, version: 6.1.7601.17932,
time stamp: 0x50327672 Exception code: 0xe0434352 Fault offset: 0x0000c41f Faulting
process id: 0x47f8 Faulting application start time: 0x01cdd4b837139ce6 Faulting application
path: C:\Users\Dave\Documents\Visual Studio 2010\Projects\Milestone\MyWPFTreeControl\MyWPFTreeControl\bin\Debug\MyWPFTreeControl.exe
Faulting
module path: C:\Windows\syswow64\KERNELBASE.dll Report Id: 7520f67a-40ab-11e2-a78a-90fba6df34b3

Error - 12/8/2012 1:02:19 AM | Computer Name = WynApse-2 | Source = Application Error | ID = 1000
Description = Faulting application name: OUTLOOK.EXE, version: 14.0.6126.5003, time
stamp: 0x505b1685 Faulting module name: MSPST32.DLL, version: 14.0.6125.5000, time
stamp: 0x500a3040 Exception code: 0xc0000005 Fault offset: 0x0003e480 Faulting process
id: 0x2c40 Faulting application start time: 0x01cdd48b26fd6454 Faulting application
path: C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE Faulting module
path: C:\Program Files (x86)\Microsoft Office\Office14\MSPST32.DLL Report Id: 70cbbe9c-40f4-11e2-a78a-90fba6df34b3

Error - 12/8/2012 3:30:15 AM | Computer Name = WynApse-2 | Source = SideBySide | ID = 16842761
Description = Activation context generation failed for "C:\Users\Dave\AppData\Roaming\Awesome
Addins Inc\MyAddin2\adxloader.dll.Manifest".Error in manifest or policy file "C:\Users\Dave\AppData\Roaming\Awesome
Addins Inc\MyAddin2\adxloader.dll.Manifest" on line 2. The manifest file root element
must be assembly.

Error - 12/8/2012 11:06:42 AM | Computer Name = WynApse-2 | Source = Application Hang | ID = 1002
Description = The program YoutubeConverter.exe version 1.3.1.2376 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1bec Start
Time: 01cdd554957e6015 Termination Time: 9 Application Path: C:\Program Files (x86)\Pavtube\YouTube
Converter\YoutubeConverter.exe Report Id: dcffbae3-4148-11e2-a78a-90fba6df34b3

Error - 12/8/2012 11:22:21 AM | Computer Name = WynApse-2 | Source = WinMgmt | ID = 10
Description =

Error - 12/8/2012 11:31:16 AM | Computer Name = WynApse-2 | Source = WinMgmt | ID = 10
Description =

Error - 12/8/2012 11:52:47 AM | Computer Name = WynApse-2 | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 12/6/2012 4:50:11 PM | Computer Name = WynApse-2 | Source = bowser | ID = 8003
Description =

Error - 12/7/2012 7:51:25 PM | Computer Name = WynApse-2 | Source = bowser | ID = 8003
Description =

Error - 12/8/2012 3:54:30 AM | Computer Name = WynApse-2 | Source = DCOM | ID = 10010
Description =

Error - 12/8/2012 11:18:59 AM | Computer Name = WynApse-2 | Source = DCOM | ID = 10010
Description =

Error - 12/8/2012 11:23:52 AM | Computer Name = WynApse-2 | Source = DCOM | ID = 10010
Description =

Error - 12/8/2012 11:25:22 AM | Computer Name = WynApse-2 | Source = DCOM | ID = 10010
Description =

Error - 12/8/2012 11:28:12 AM | Computer Name = WynApse-2 | Source = DCOM | ID = 10010
Description =

Error - 12/8/2012 11:30:59 AM | Computer Name = WynApse-2 | Source = DCOM | ID = 10010
Description =

Error - 12/8/2012 11:39:48 AM | Computer Name = WynApse-2 | Source = Service Control Manager | ID = 7034
Description = The Adobe Acrobat Update Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 12/8/2012 11:50:00 AM | Computer Name = WynApse-2 | Source = DCOM | ID = 10010
Description =

< End of report >

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:28:33 AM, on 12/8/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16455)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\USB Safely Remove\USBSafelyRemove.exe
C:\Program Files (x86)\Fighters\PASSWORDfighter\stpass.exe
C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\dyyno_launcher.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\Fighters\Tray\FightersTray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Fighters\SPAMfighter\sfagent.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_110_ActiveX.exe
C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\devenv.exe
C:\Users\Dave\Documents\Visual Studio 2010\Projects\Milestone\MyWPFTreeControl\MyWPFTreeControl\bin\Debug\MyWPFTreeControl.vshost.exe
C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\TraceDebugger Tools\IntelliTrace.exe
C:\Users\Dave\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wynapse.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Microsoft Web Test Recorder 10.0 Helper - {876d9f09-c6d6-4324-a2cc-04dd9a4de12f} - C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O2 - BHO: Microsoft Web Test Recorder 10.0 Helper - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - c:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [CommonToolkitTray] C:\Program Files (x86)\Fighters\Tray\FightersTray.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NVC] "C:\Program Files (x86)\Avaya\Avaya VPN Client\Nvc.exe" -autostart
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [sfagent] C:\Program Files (x86)\Fighters\SPAMfighter\sfagent.exe
O4 - HKLM\..\Run: [AttendeeCommunicator] "C:\Program Files (x86)\Microsoft Lync Attendee\AttendeeCommunicator.exe" /fromrunkey
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [AllShareAgent] C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Dave\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Wisdom-soft ScreenHunter 5.1 Pro] 0
O4 - HKCU\..\Run: [USB Safely Remove] C:\Program Files (x86)\USB Safely Remove\USBSafelyRemove.exe /startup
O4 - HKCU\..\Run: [PASSWORDfighter] "C:\Program Files (x86)\Fighters\PASSWORDfighter\stpass.exe" /autorunned
O4 - HKCU\..\Run: [Dyyno Launcher] "C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\dyyno_launcher.exe" 30100 30101 30102 30103 30104
O4 - HKCU\..\Run: [Dismetsh] rundll32 "C:\Users\Dave\AppData\Local\Temp\credutou.dll",CreateProcessNotify
O4 - HKCU\..\Run: [choismon] rundll32 "C:\Users\Dave\AppData\Local\Temp\credutou64.dll",CreateProcessNotify
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: PASSWORDfighter - res://C:\Program Files (x86)\Fighters\PASSWORDfighter\spIEBho.dll/616
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.aka...vex-2.2.6.2.cab
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds...ransferCtrl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{504A012E-2312-440A-8A15-02DB92054057}: NameServer = 169.10.8.4,169.10.8.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{504A012E-2312-440A-8A15-02DB92054057}: NameServer = 169.10.8.4,169.10.8.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{504A012E-2312-440A-8A15-02DB92054057}: NameServer = 169.10.8.4,169.10.8.5
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Dyyno Service (Dyyno Launcher) - Unknown owner - C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\launcherd.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-30007 (IISADMIN) - Unknown owner - C:\Windows\system32\inetsrv\inetinfo.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Avaya VPN Client (NvcSvcMgr) - Avaya - C:\Program Files (x86)\Avaya\Avaya VPN Client\NvcSvcMgr.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Samsung AllShare PC (SamsungAllShareV2.0) - Samsung Electronics Co., Ltd. - C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
O23 - Service: SimpleSlideShowServer - Samsung Electronics Co., Ltd. - C:\Program Files (x86)\Samsung\AllShare\AllShareSlideShowService.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files (x86)\Fighters\SPAMfighter\sfus.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Suite Service - SPAMfighter ApS - C:\Program Files (x86)\Fighters\FighterSuiteService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: USB Safely Remove Assistant (USBSafelyRemoveService) - Unknown owner - C:\Program Files (x86)\USB Safely Remove\USBSRService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XobniService - Xobni Corporation - C:\Program Files (x86)\Xobni\XobniService.exe

--
End of file - 14813 bytes

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.5.1
Run by Dave at 11:29:36 on 2012-12-08
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.12279.7207 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\USB Safely Remove\USBSRService.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\launcherd.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\inetsrv\inetinfo.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\Avaya\Avaya VPN Client\NvcSvcMgr.exe
C:\Program Files (x86)\Fighters\SPAMfighter\sfus.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Fighters\FighterSuiteService.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Xobni\XobniService.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Microsoft Device Center\itype.exe
C:\Program Files\Microsoft Device Center\ipoint.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\DXPServer.exe
C:\Windows\system32\DeviceDisplayObjectProvider.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\USB Safely Remove\USBSafelyRemove.exe
C:\Program Files (x86)\Fighters\PASSWORDfighter\stpass.exe
C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\dyyno_launcher.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\Fighters\Tray\FightersTray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Fighters\SPAMfighter\sfagent.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_110_ActiveX.exe
C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\devenv.exe
C:\Users\Dave\Documents\Visual Studio 2010\Projects\Milestone\MyWPFTreeControl\MyWPFTreeControl\bin\Debug\MyWPFTreeControl.vshost.exe
C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\TraceDebugger Tools\IntelliTrace.exe
C:\Windows\notepad.exe
C:\Windows\notepad.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.wynapse.com/
uWindow Title = Internet Explorer, optimized for Bing and MSN
mWinlogon: Userinit = userinit.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Microsoft Web Test Recorder 10.0 Helper: {876d9f09-c6d6-4324-a2cc-04dd9a4de12f} - C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
BHO: Microsoft Web Test Recorder 10.0 Helper: {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - c:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB: Web Test Recorder 10.0: {3142c289-f319-47f5-a594-a827028714c9} -
EB: Web Test Recorder 10.0: {5802D092-1784-4908-8CDB-99B6842D353D} -
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Google Update] "C:\Users\Dave\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Wisdom-soft ScreenHunter 5.1 Pro] 0
uRun: [USB Safely Remove] C:\Program Files (x86)\USB Safely Remove\USBSafelyRemove.exe /startup
uRun: [PASSWORDfighter] "C:\Program Files (x86)\Fighters\PASSWORDfighter\stpass.exe" /autorunned
uRun: [Dyyno Launcher] "C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\dyyno_launcher.exe" 30100 30101 30102 30103 30104
uRun: [Dismetsh] rundll32 "C:\Users\Dave\AppData\Local\Temp\credutou.dll",CreateProcessNotify
uRun: [choismon] rundll32 "C:\Users\Dave\AppData\Local\Temp\credutou64.dll",CreateProcessNotify
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [CommonToolkitTray] C:\Program Files (x86)\Fighters\Tray\FightersTray.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [NVC] "C:\Program Files (x86)\Avaya\Avaya VPN Client\Nvc.exe" -autostart
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [sfagent] C:\Program Files (x86)\Fighters\SPAMfighter\sfagent.exe
mRun: [AttendeeCommunicator] "C:\Program Files (x86)\Microsoft Lync Attendee\AttendeeCommunicator.exe" /fromrunkey
mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun: [AllShareAgent] C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe
StartupFolder: C:\Users\Dave\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: PASSWORDfighter - C:\Program Files (x86)\Fighters\PASSWORDfighter\spIEBho.dll/616
IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab
DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} - hxxps://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{504A012E-2312-440A-8A15-02DB92054057} : NameServer = 169.10.8.4,169.10.8.5
TCP: Interfaces\{91A09E67-80E1-4DCE-A96F-15DD82EC193E} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
x64-Run: [IntelliType Pro] "c:\Program Files\Microsoft Device Center\itype.exe"
x64-Run: [IntelliPoint] "c:\Program Files\Microsoft Device Center\ipoint.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\1hxi3bil.default\
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Fighters\PASSWORDfighter\npPFAutofill.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginAOC.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Dave\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Users\Dave\AppData\Roaming\Mozilla\plugins\npLWAPlugin15.7.dll
FF - plugin: C:\Users\Dave\AppData\Roaming\Mozilla\Plugins\npLWAPlugin15.7.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-4-20 203776]
R2 Dyyno Launcher;Dyyno Service;C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\launcherd.exe [2011-1-20 415072]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-3-20 128456]
R2 NvcSvcMgr;Avaya VPN Client;C:\Program Files (x86)\Avaya\Avaya VPN Client\NvcSvcMgr.exe [2011-11-22 628056]
R2 nvcwfpco;nvcwfpco;C:\Windows\System32\drivers\nvcwfpco.sys [2011-11-22 80960]
R2 SamsungAllShareV2.0;Samsung AllShare PC;C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [2012-3-2 25504]
R2 SPAMfighter Update Service;SPAMfighter Update Service;C:\Program Files (x86)\Fighters\SPAMfighter\sfus.exe [2012-6-21 216168]
R2 Suite Service;Suite Service;C:\Program Files (x86)\Fighters\FighterSuiteService.exe [2012-5-28 1267304]
R2 USBSafelyRemoveService;USB Safely Remove Assistant;C:\Program Files (x86)\USB Safely Remove\USBSRService.exe [2012-6-28 531816]
R2 XobniService;XobniService;C:\Program Files (x86)\Xobni\XobniService.exe [2012-1-19 62184]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;C:\Windows\System32\drivers\e1y60x64.sys [2009-6-10 281088]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
R3 NT_NvcA;Avaya VPN Adapter;C:\Windows\System32\drivers\ntnvca.sys [2011-11-22 44096]
R3 PCWinSoft;ScreenCamera Video Camera;C:\Windows\System32\drivers\scrcamhrdrv_x64.sys [2012-10-12 241800]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]
S3 CXPLRCAP;Capture Device;C:\Windows\System32\drivers\CxPlrCap.sys [2010-1-6 235904]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 20992]
S3 SimpleSlideShowServer;SimpleSlideShowServer;C:\Program Files (x86)\Samsung\AllShare\AllShareSlideShowService.exe [2012-3-2 27584]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2011-4-12 88960]
S3 Te.Service;Te.Service;C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [2012-7-25 126976]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2011-4-12 34816]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2011-4-12 117248]
S3 VSPerfDrv100;Performance Tools Driver 10.0;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2011-1-18 68440]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-6-26 1255736]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
S4 RsFx0105;RsFx0105 Driver;C:\Windows\System32\drivers\RsFx0105.sys [2011-9-22 311144]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-9-22 431464]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files (x86)\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-12-08 15:53:58 76232 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8EDCDE5A-4174-49C9-918B-F02A89F98C41}\offreg.dll
2012-12-08 15:39:43 16200 ----a-w- C:\Windows\stinger.sys
2012-12-08 15:39:24 -------- d-----w- C:\Program Files (x86)\stinger
2012-12-08 15:27:29 -------- d-----w- C:\Users\Dave\AppData\Local\{74595829-FB57-4C21-AB72-444092F9F33A}
2012-12-08 15:15:59 -------- d-----w- C:\Users\Dave\AppData\Local\{453EDB1F-0C8B-453C-B0E8-F55E785F5800}
2012-12-08 10:28:56 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8EDCDE5A-4174-49C9-918B-F02A89F98C41}\mpengine.dll
2012-12-08 03:15:47 -------- d-----w- C:\Users\Dave\AppData\Local\{8A67AEAA-3C60-4F3D-97F3-DCC26D64DBFB}
2012-12-07 15:15:35 -------- d-----w- C:\Users\Dave\AppData\Local\{931972BF-2880-4E9B-A592-D01CE029B3DB}
2012-12-07 10:29:07 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-12-07 03:15:24 -------- d-----w- C:\Users\Dave\AppData\Local\{AF25635A-370A-4AF3-8858-B05119E8BAC9}
2012-12-06 15:15:12 -------- d-----w- C:\Users\Dave\AppData\Local\{9965C46A-618B-49B0-88DE-EC3FCD1D36FF}
2012-12-06 03:15:01 -------- d-----w- C:\Users\Dave\AppData\Local\{F8E99801-28A1-4F45-BE52-49BAA625E499}
2012-12-05 15:14:49 -------- d-----w- C:\Users\Dave\AppData\Local\{922DD87E-F6A7-4304-94D8-8736E92F7BB2}
2012-12-05 03:14:37 -------- d-----w- C:\Users\Dave\AppData\Local\{C0D855E1-E3CE-4A09-A01D-E9453DEFE43F}
2012-12-04 15:14:25 -------- d-----w- C:\Users\Dave\AppData\Local\{030C3226-F573-4A96-B8E0-2122DF7ECCA4}
2012-12-04 03:14:14 -------- d-----w- C:\Users\Dave\AppData\Local\{35EB70F8-529C-468A-B4F9-10E7836EA5B0}
2012-12-03 15:14:02 -------- d-----w- C:\Users\Dave\AppData\Local\{E1873B3C-47EB-4EED-ADEF-439A046F85DB}
2012-12-03 03:13:50 -------- d-----w- C:\Users\Dave\AppData\Local\{DC8C26CD-7F9B-4F1B-9754-C12F737B1261}
2012-12-02 15:13:39 -------- d-----w- C:\Users\Dave\AppData\Local\{6C92BC85-CC8E-4822-9C32-186D325672F6}
2012-12-02 03:13:27 -------- d-----w- C:\Users\Dave\AppData\Local\{E06AF99D-0467-4D64-AD75-3B9FE42CCA31}
2012-12-01 15:13:15 -------- d-----w- C:\Users\Dave\AppData\Local\{560CF644-A216-42D3-B429-74CB8C262989}
2012-12-01 03:13:04 -------- d-----w- C:\Users\Dave\AppData\Local\{E5016082-0F2A-4134-9A22-51E283B4D33F}
2012-11-30 15:12:52 -------- d-----w- C:\Users\Dave\AppData\Local\{D4347A59-5BE1-4D02-B3F4-51C55DFEC361}
2012-11-30 03:12:40 -------- d-----w- C:\Users\Dave\AppData\Local\{F3601AB9-A8CD-4B8D-B85D-4440A092BAA1}
2012-11-29 15:12:28 -------- d-----w- C:\Users\Dave\AppData\Local\{AC50734F-DE48-4919-A51A-9A73C22B2066}
2012-11-29 10:29:00 972264 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5D071AE6-3AF3-4591-B62D-BE396084B7BD}\gapaengine.dll
2012-11-28 15:12:05 -------- d-----w- C:\Users\Dave\AppData\Local\{6AB6D640-65A7-4D48-A894-9B2954A4DEF1}
2012-11-28 03:11:41 -------- d-----w- C:\Users\Dave\AppData\Local\{4C5DF831-FEDF-4A76-B9FF-8C227EB2D1BF}
2012-11-27 15:11:30 -------- d-----w- C:\Users\Dave\AppData\Local\{50045671-1698-40B1-BF4D-23C9AAD55FD0}
2012-11-27 03:11:18 -------- d-----w- C:\Users\Dave\AppData\Local\{7C33CEAB-4FD4-469E-8671-75A00312EA75}
2012-11-26 15:11:06 -------- d-----w- C:\Users\Dave\AppData\Local\{DFADB8A2-D4B4-4269-A9F0-19D89F371DF9}
2012-11-26 03:10:55 -------- d-----w- C:\Users\Dave\AppData\Local\{0B06A98B-40AD-4894-9D2E-0A7E9B2EF101}
2012-11-25 15:10:43 -------- d-----w- C:\Users\Dave\AppData\Local\{C6102B8F-E902-4F4A-B4E3-448EFBEF52E3}
2012-11-25 03:10:31 -------- d-----w- C:\Users\Dave\AppData\Local\{5D85E433-8D9E-495B-B483-1EB3D0796640}
2012-11-24 15:10:19 -------- d-----w- C:\Users\Dave\AppData\Local\{5FAEC0E1-2293-4BB0-AF9A-A751D591B5E6}
2012-11-24 03:10:08 -------- d-----w- C:\Users\Dave\AppData\Local\{37B4D6B6-C0CC-4D02-82CE-A20FF65C35CB}
2012-11-23 20:15:49 -------- d-----w- C:\Users\Dave\AppData\Roaming\SnippetDesigner
2012-11-23 15:09:44 -------- d-----w- C:\Users\Dave\AppData\Local\{18B984A3-3544-4E2B-A727-27D83490A57A}
2012-11-23 03:09:32 -------- d-----w- C:\Users\Dave\AppData\Local\{F2CA0311-33EB-4A70-8BA5-F5E3E9433BF5}
2012-11-22 15:09:20 -------- d-----w- C:\Users\Dave\AppData\Local\{C4317D06-1E93-4220-9EDE-F7D0010883A0}
2012-11-22 03:09:08 -------- d-----w- C:\Users\Dave\AppData\Local\{2E8D55C0-2194-4324-AD90-9D4A34261B34}
2012-11-21 15:08:57 -------- d-----w- C:\Users\Dave\AppData\Local\{49BA15EA-FC88-4D80-B951-B0BF0ECFDECE}
2012-11-21 03:08:45 -------- d-----w- C:\Users\Dave\AppData\Local\{3F45BBB1-FDEC-4C86-B3DE-CB6438A642F2}
2012-11-20 15:08:34 -------- d-----w- C:\Users\Dave\AppData\Local\{FE3459A1-DCE5-4966-ABD1-66B4A84761FF}
2012-11-20 03:08:22 -------- d-----w- C:\Users\Dave\AppData\Local\{30E5B435-DAD3-4C0A-B3C5-555F012161E8}
2012-11-19 15:08:10 -------- d-----w- C:\Users\Dave\AppData\Local\{1D8048C2-06B0-43DE-AF98-AC07BC9BF7E7}
2012-11-18 03:24:21 -------- d-----w- C:\Users\Dave\AppData\Local\HTML Executable
2012-11-17 15:12:38 -------- d-----w- C:\Users\Dave\AppData\Local\{78CE35E5-1EE6-4741-BED6-B9EEFFAEF10C}
2012-11-17 03:12:26 -------- d-----w- C:\Users\Dave\AppData\Local\{ADC84F23-D90D-4B1F-9AF2-179D4FECD6BF}
2012-11-16 15:12:15 -------- d-----w- C:\Users\Dave\AppData\Local\{5B70E7F7-181F-45EE-B756-D2258EB799E6}
2012-11-16 03:12:03 -------- d-----w- C:\Users\Dave\AppData\Local\{34E2BED9-3FEC-4CC6-8CFF-377D61C71CB3}
2012-11-15 15:11:39 -------- d-----w- C:\Users\Dave\AppData\Local\{270DA158-44A9-4A43-8602-222C4E72720F}
2012-11-15 10:08:27 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2012-11-15 10:08:27 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2012-11-15 10:08:27 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2012-11-15 10:08:27 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2012-11-15 10:03:29 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2012-11-15 10:03:29 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2012-11-15 10:03:28 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2012-11-15 10:03:28 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2012-11-15 10:03:27 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2012-11-15 10:03:27 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2012-11-15 10:03:27 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2012-11-15 04:04:35 95744 ----a-w- C:\Windows\System32\synceng.dll
2012-11-15 04:04:35 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
2012-11-15 03:11:14 -------- d-----w- C:\Users\Dave\AppData\Local\{800A771B-3D9A-4664-B9A6-52A648DA427D}
2012-11-14 20:22:46 -------- d-----w- C:\Users\Dave\AppData\Roaming\Axialis
2012-11-14 20:22:46 -------- d-----w- C:\Program Files (x86)\Axialis
2012-11-14 20:22:30 -------- d-----w- C:\Users\Dave\AppData\Local\Axialis
2012-11-14 20:04:04 -------- d-----w- C:\ProgramData\AVS4YOU
2012-11-14 20:04:02 -------- d-----w- C:\Users\Dave\AppData\Roaming\AVS4YOU
2012-11-14 20:03:36 -------- d-----w- C:\Program Files (x86)\Common Files\AVSMedia
2012-11-14 20:02:59 24576 ----a-w- C:\Windows\SysWow64\msxml3a.dll
2012-11-14 20:02:59 -------- d-----w- C:\Program Files (x86)\AVS4YOU
2012-11-14 19:53:57 -------- d-----w- C:\Users\Dave\AppData\Roaming\IrfanView
2012-11-14 19:53:57 -------- d-----w- C:\Program Files (x86)\IrfanView
2012-11-14 15:11:02 -------- d-----w- C:\Users\Dave\AppData\Local\{28E2D231-28A0-4065-A32F-572BC777D58B}
2012-11-14 03:10:50 -------- d-----w- C:\Users\Dave\AppData\Local\{4467D612-771F-4676-BAB1-3ACE61912973}
2012-11-13 15:10:38 -------- d-----w- C:\Users\Dave\AppData\Local\{B14C96E1-DC16-4C01-ACDF-23B5345A57C7}
2012-11-13 03:10:27 -------- d-----w- C:\Users\Dave\AppData\Local\{88CD4102-26A2-414D-A97B-618FCFC700B0}
2012-11-12 15:10:15 -------- d-----w- C:\Users\Dave\AppData\Local\{BA228F49-C2A8-4F57-B94C-2C983982DF90}
2012-11-12 03:10:03 -------- d-----w- C:\Users\Dave\AppData\Local\{AB0C0955-1398-4FC7-8C15-585EB6366FBB}
2012-11-11 15:09:52 -------- d-----w- C:\Users\Dave\AppData\Local\{28F8FC8E-6AFB-45F9-ADCE-F6D571A6BD3B}
2012-11-10 03:09:17 -------- d-----w- C:\Users\Dave\AppData\Local\{5F31CDCC-CA72-4DB6-BB4E-D58BCB906F4E}
2012-11-09 03:08:41 -------- d-----w- C:\Users\Dave\AppData\Local\{CE509E49-3474-4E03-B6B7-BF5F16978621}
.
==================== Find3M ====================
.
2012-11-28 14:09:16 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-28 14:09:16 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-10-18 18:25:58 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll
2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
2012-10-08 11:31:03 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-10-08 11:23:52 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-10-08 11:22:55 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-10-08 11:18:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-10-08 11:17:35 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-10-08 11:13:33 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-10-08 07:56:24 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-10-08 07:48:03 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-10-08 07:47:44 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-10-08 07:44:05 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-10-08 07:43:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-10-08 07:40:56 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll
2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll
2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll
2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll
2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll
2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll
2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll
2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll
2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys
2012-09-29 05:32:08 2177688 ----a-w- C:\Windows\System32\coin92.dll
2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
.
============= FINISH: 11:29:50.78 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume2
Install Date: 6/25/2012 7:11:14 PM
System Uptime: 12/8/2012 8:50:44 AM (3 hours ago)
.
Motherboard: Gateway | | FX6803
Processor: Intel® Core™ i7 CPU 930 @ 2.80GHz | CPU 1 | 2801/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 1863 GiB total, 1670.904 GiB free.
D: is CDROM (UDF)
E: is CDROM ()
F: is FIXED (NTFS) - 1863 GiB total, 1403.484 GiB free.
I: is Removable
J: is Removable
K: is Removable
L: is Removable
M: is Removable
N: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e96b-e325-11ce-bfc1-08002be10318}
Description: Standard PS/2 Keyboard
Device ID: ACPI\PNP0303\4&35B577FE&0
Manufacturer: (Standard keyboards)
Name: Standard PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&35B577FE&0
Service: i8042prt
.
Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
Description: Microsoft PS/2 Mouse
Device ID: ACPI\PNP0F03\4&35B577FE&0
Manufacturer: Microsoft
Name: Microsoft PS/2 Mouse
PNP Device ID: ACPI\PNP0F03\4&35B577FE&0
Service: i8042prt
.
==== System Restore Points ===================
.
RP133: 11/28/2012 12:50:38 PM - Installed Mmm.Ironwood.ReportWriter
RP134: 11/28/2012 12:52:34 PM - Removed Mmm.Ironwood.ReportWriter
RP135: 12/1/2012 3:28:38 AM - Windows Update
RP136: 12/5/2012 3:29:04 AM - Windows Update
RP137: 12/8/2012 11:01:52 AM - OTL Restore Point - 12/8/2012 11:01:50 AM
.
==== Installed Programs ======================
.
Tools for .Net 3.5
Add-in Express for Microsoft Office and .NET, Standard
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4)
Amazon Kindle
Amazon Send to Kindle
ArcSoft ShowBiz
Avaya VPN Client
Axialis CursorWorkshop 6.33
Backup4all Professional 4
Blend for Visual Studio 2012
Blend for Visual Studio 2012 ENU resources
CCleaner
Crystal Reports for Visual Studio
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DevExpress 2011.2 Components
DevExpress 2011.2 eXpressApp Framework
DevExpress 2011.2 IDETools
Dotfuscator and Analytics Community Edition
Dotfuscator Software Services - Community Edition
Driver Install 64-Bit
DVD Flick 1.3.0.7
DVDFab 8.2.1.3 (28/09/2012) Qt
Dyyno Broadcaster
Entity Framework Designer for Visual Studio 2012 - enu
EntitySpaces 2012 v2012.1.0229.0
EzGrabber
FileZilla Client 3.5.3
Flash Video Capture 4.5.5 build 4900
GOM Player
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft Team Foundation Server 2010 Object Model - ENU (KB2736182)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
Hotfix for Microsoft Visual Studio 2010 Ultimate - ENU (KB2529927)
Hotfix for Microsoft Visual Studio 2010 Ultimate - ENU (KB2542054)
Hotfix for Microsoft Visual Studio 2010 Ultimate - ENU (KB2548139)
Hotfix for Microsoft Visual Studio 2010 Ultimate - ENU (KB2549864)
Hotfix for Microsoft Visual Studio 2010 Ultimate - ENU (KB2615527)
Hotfix for Microsoft Visual Studio 2010 Ultimate - ENU (KB2635973)
Hotfix for Microsoft Visual Studio 2010 Ultimate - ENU (KB2736182)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2280741)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2284668)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2295689)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2420513)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2452649)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2455033)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2485545)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982517)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982721)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB983233)
IIS 8.0 Express
IIS Express Application Compatibility Database for x64
IIS Express Application Compatibility Database for x86
IrfanView (remove only)
Jasc Animation Shop 3
Jasc Paint Shop Pro 9
Java Auto Updater
Java™ 7 Update 5
JavaFX 2.1.1
LocalESPC
LocalESPCui for en-us
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft .NET Framework 4.5
Microsoft .NET Framework 4.5 Multi-Targeting Pack
Microsoft .NET Framework 4.5 SDK
Microsoft Application Error Reporting
Microsoft ASP.NET MVC 2
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
Microsoft ASP.NET MVC 3
Microsoft ASP.NET MVC 3 - Visual Studio 2012 Tools Update
Microsoft ASP.NET MVC 4 - Visual Studio 2012 Tools
Microsoft ASP.NET MVC 4 Runtime
Microsoft ASP.NET Web Pages
Microsoft ASP.NET Web Pages - Visual Studio 2012 Tools
Microsoft ASP.NET Web Pages 2 - Visual Studio 2012 Tools
Microsoft ASP.NET Web Pages 2 Runtime
Microsoft CAPICOM 2.1.0.2 SDK
Microsoft Help Viewer 1.1
Microsoft Help Viewer 2.0
Microsoft LightSwitch for Visual Studio 2012 Core
Microsoft LightSwitch for Visual Studio 2012 CoreRes - ENU
Microsoft Lync 2010 Attendee
Microsoft Lync Web App Plug-in
Microsoft Mouse and Keyboard Center
Microsoft NuGet - Visual Studio 2012
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Live Meeting 2007
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
Microsoft Portable Library Multi-Targeting Pack
Microsoft Portable Library Multi-Targeting Pack Language Pack - enu
Microsoft Report Viewer Add-On for Visual Studio 2012
Microsoft Report Viewer Redistributable 2008 (KB971119)
Microsoft Report Viewer Redistributable 2008 SP1
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Silverlight 4 SDK
Microsoft Silverlight 5 SDK
Microsoft Silverlight 5 Toolkit December 2011
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008 (64-bit)
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 R2 (64-bit)
Microsoft SQL Server 2008 R2 Data-Tier Application Framework
Microsoft SQL Server 2008 R2 Data-Tier Application Project
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server 2008 R2 Management Objects (x64)
Microsoft SQL Server 2008 R2 Native Client
Microsoft SQL Server 2008 R2 Policies
Microsoft SQL Server 2008 R2 Setup (English)
Microsoft SQL Server 2008 R2 Transact-SQL Language Service
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files
Microsoft SQL Server 2012 Command Line Utilities
Microsoft SQL Server 2012 Data-Tier App Framework
Microsoft SQL Server 2012 Express LocalDB
Microsoft SQL Server 2012 Management Objects
Microsoft SQL Server 2012 Management Objects (x64)
Microsoft SQL Server 2012 Native Client
Microsoft SQL Server 2012 T-SQL Language Service
Microsoft SQL Server 2012 Transact-SQL Compiler Service
Microsoft SQL Server 2012 Transact-SQL ScriptDom
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU
Microsoft SQL Server Compact 3.5 SP2 x64 ENU
Microsoft SQL Server Compact 4.0 SP1 x64 ENU
Microsoft SQL Server Data Tools - enu (11.1.20627.00)
Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20627.00)
Microsoft SQL Server Database Publishing Wizard 1.4
Microsoft SQL Server System CLR Types
Microsoft SQL Server System CLR Types (x64)
Microsoft SQL Server VSS Writer
Microsoft Sync Framework Runtime v1.0 SP1 (x64)
Microsoft Sync Framework SDK v1.0 SP1
Microsoft Sync Framework Services v1.0 SP1 (x64)
Microsoft Sync Services for ADO.NET v2.0 SP1 (x64)
Microsoft System CLR Types for SQL Server 2012
Microsoft System CLR Types for SQL Server 2012 (x64)
Microsoft Team Foundation Server 2010 Object Model - ENU
Microsoft Visual C++ Compilers 2010 Standard - enu - x64
Microsoft Visual C++ Compilers 2010 Standard - enu - x86
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
Microsoft Visual C++ 2012 x64 Designtime - 11.0.50727
Microsoft Visual C++ 2012 Compilers
Microsoft Visual C++ 2012 Compilers - ENU Resources
Microsoft Visual C++ 2012 Core Libraries
Microsoft Visual C++ 2012 Extended Libraries
Microsoft Visual C++ 2012 Microsoft Foundation Class Libraries
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
Microsoft Visual C++ 2012 x64 Debug Runtime - 11.0.50727
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
Microsoft Visual C++ 2012 x86 Debug Runtime - 11.0.50727
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
Microsoft Visual F# 2.0 Runtime
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft Visual Studio 2010 IntelliTrace Collection (x64)
Microsoft Visual Studio 2010 Office Developer Tools (x64)
Microsoft Visual Studio 2010 Performance Collection Tools SP1 - ENU
Microsoft Visual Studio 2010 Service Pack 1
Microsoft Visual Studio 2010 SharePoint Developer Tools
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
Microsoft Visual Studio 2010 Ultimate - ENU
Microsoft Visual Studio 2012 Devenv
Microsoft Visual Studio 2012 Devenv Resources
Microsoft Visual Studio 2012 IntelliTrace Core amd64
Microsoft Visual Studio 2012 IntelliTrace Core x86
Microsoft Visual Studio 2012 IntelliTrace Front End x86
Microsoft Visual Studio 2012 Performance Collection Tools
Microsoft Visual Studio 2012 Performance Collection Tools - ENU
Microsoft Visual Studio 2012 Preparation
Microsoft Visual Studio 2012 SharePoint Developer Tools
Microsoft Visual Studio 2012 SharePoint Developer Tools ENU Language Pack
Microsoft Visual Studio 2012 Shell (Minimum)
Microsoft Visual Studio 2012 Shell (Minimum) Interop Assemblies
Microsoft Visual Studio 2012 Shell (Minimum) Resources
Microsoft Visual Studio 2012 Tools for SQL Server Compact 4.0 SP1 ENU
Microsoft Visual Studio Macro Tools
Microsoft Visual Studio Premium 2012
Microsoft Visual Studio Premium 2012 - ENU
Microsoft Visual Studio Professional 2012
Microsoft Visual Studio Professional 2012 - ENU
Microsoft Visual Studio Team Foundation Server 2012 Object Model
Microsoft Visual Studio Team Foundation Server 2012 Object Model Language Pack - ENU
Microsoft Visual Studio Team Foundation Server 2012 Storyboarding
Microsoft Visual Studio Team Foundation Server 2012 Storyboarding Language Pack - ENU
Microsoft Visual Studio Team Foundation Server 2012 Team Explorer
Microsoft Visual Studio Team Foundation Server 2012 Team Explorer Language Pack - ENU
Microsoft Visual Studio Tools for Applications 2.0 - ENU
Microsoft Visual Studio Ultimate 2012
Microsoft Visual Studio Ultimate 2012 - ENU
Microsoft Visual Studio Ultimate 2012 XAML UI Designer Core
Microsoft Visual Studio Ultimate 2012 XAML UI Designer enu Resources
Microsoft Web Deploy 3.0
Microsoft Web Deploy dbSqlPackage Provider - enu
Microsoft Web Developer Tools - Visual Studio 2012
Microsoft Web Platform Installer 4.0
Microsoft_VC90_CRT_x86
Mozilla Firefox 17.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MyAddin2
Paint.NET v3.5.10
PASSWORDfighter
Pavtube YouTube Converter version: 1.3.1.2376
PreEmptive Analytics Visual Studio Components
Prerequisites for SSDT
PrimoPDF -- brought to you by Nitro PDF Software
Recuva
Samsung AllShare
ScreenCamera version 3.0.5.30
Security Update for Microsoft .NET Framework 4.5 (KB2729460)
Security Update for Microsoft .NET Framework 4.5 (KB2737083)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
Security Update for Microsoft Visual Studio 2010 Ultimate - ENU (KB2644980)
Security Update for Microsoft Visual Studio 2010 Ultimate - ENU (KB2645410)
Security Update for Microsoft Visual Studio Macro Tools (KB2669970)
Security Update for Microsoft Word 2010 (KB2553488) 32-Bit Edition
Service Pack 1 for SQL Server 2008 R2 (KB2528583) (64-bit)
Service Pack 3 for SQL Server 2008 (KB2546951) (64-bit)
SPAMfighter
SQL Server 2008 R2 SP1 Client Tools
SQL Server 2008 R2 SP1 Common Files
SQL Server 2008 R2 SP1 Management Studio
Sql Server Customer Experience Improvement Program
Syncfusion Metro Studio 1.0.1.2
Syncfusion Orubase Studio 1.1.0.27
Tabs Studio
Telerik Control Panel
Telerik RadControls for Silverlight Q1 2012 SP1
Telerik RadControls for WPF Q3 2012
Telerik WPF Demos
Telerik WPF Demos - 1
TweetDeck
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
USB Safely Remove 4.4
VirtualCloneDrive
Visual Studio 2010 Prerequisites - English
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
Visual Studio 2012 Prerequisites
Visual Studio 2012 Prerequisites - ENU Language Pack
Visual Studio Extensions for Windows Library for JavaScript
WCF Data Services 5.0 (for OData v3) Primary Components
WCF Data Services Tools for Microsoft Visual Studio 2012
WCF RIA Services V1.0 SP2
Web Deployment Tool
Windows App Certification Kit Native Components
Windows App Certification Kit x64
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Mobile Device Updater Component
Windows Phone
Windows Runtime Intellisense Content - en-us
Windows Software Development Kit
Windows Software Development Kit DirectX x64 Remote
Windows Software Development Kit DirectX x86 Remote
Windows Software Development Kit for Windows Store Apps
Windows Software Development Kit for Windows Store Apps DirectX x64 Remote
Windows Software Development Kit for Windows Store Apps DirectX x86 Remote
WinRAR 4.20 (64-bit)
Wisdom-soft Set up ScreenHunter 5.1 Pro
Xobni
Xobni Core
Zune
Zune Language Pack (CHS)
Zune Language Pack (CHT)
Zune Language Pack (CSY)
Zune Language Pack (DAN)
Zune Language Pack (DEU)
Zune Language Pack (ELL)
Zune Language Pack (ESP)
Zune Language Pack (FIN)
Zune Language Pack (FRA)
Zune Language Pack (HUN)
Zune Language Pack (IND)
Zune Language Pack (ITA)
Zune Language Pack (JPN)
Zune Language Pack (KOR)
Zune Language Pack (MSL)
Zune Language Pack (NLD)
Zune Language Pack (NOR)
Zune Language Pack (PLK)
Zune Language Pack (PTB)
Zune Language Pack (PTG)
Zune Language Pack (RUS)
Zune Language Pack (SVE)
.
==== Event Viewer Messages From Past Week ========
.
12/8/2012 8:39:48 AM, Error: Service Control Manager [7034] - The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).
12/7/2012 4:51:25 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer WDSHARESPACE that believes that it is the master browser for the domain on transport NetBT_Tcpip_{91A09E67-80E1-4DCE-A96F-15DD82EC193E}. The master browser is stopping or an election is being forced.
12/4/2012 3:31:10 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D3DCB472-7261-43CE-924B-0704BD730D5F} and APPID {D3DCB472-7261-43CE-924B-0704BD730D5F} to the user WynApse-2\Dave SID (S-1-5-21-2542831737-1747378741-2595509408-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
12/4/2012 3:31:10 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {145B4335-FE2A-4927-A040-7C35AD3180EF} and APPID {145B4335-FE2A-4927-A040-7C35AD3180EF} to the user WynApse-2\Dave SID (S-1-5-21-2542831737-1747378741-2595509408-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
12/3/2012 4:19:03 PM, Error: Microsoft-Windows-WAS [5002] - Application pool 'DefaultAppPool' is being automatically disabled due to a series of failures in the process(es) serving that application pool.
.
==== End Of File ===========================

Advertisements

Register to Remove

#2 patndoris

SuperMember

Malware Team
2,593 posts

Posted 08 December 2012 - 06:44 PM

Hello and

My name is patndoris. I will be glad to take a look at your log and help you with solving any malware problems. It will be very helpful if you follow these guidelines:

Malware logs are often lengthy and can take a lot of time to research and interpret. Please be patient while I review your logs.
Please note that there is no "Quick Fix" to modern malware infections and we may need to use several different approaches to get your system clean.
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
Please follow my instructions carefully and in the order they are posted. You may also find it helpful to print out the instructions you receive.
Please do not run any scans or install/uninstall any applications or delete anything without being directed to do so.
Remember, absence of symptoms does not mean the infection is all gone. Please stick with me till you're given the "all clear".
Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
Please reply within 3 days. If I do not hear back from you in that time frame, I will post a reminder for you. Topics with no reply in 4 days are closed!

Thank you for all the scans you ran, I'm looking at them now. If you don't mind, I do need to ask you for just one more scan before we go ahead and run some tools to be sure things are all cleaned up.

I need to make sure there are no rootkits hiding on the machine before we use any other tools.

Please read carefully and follow these steps. There is a difference between what you see in one of the images below and what I need you to do.
We are only creating a log - I do NOT want you to "cure" or try to fix anything in this step. It is very important that you don't choose Cure when presented with that option.

Download TDSSKiller and save it to your Desktop.
Extract its contents to your desktop.
Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure but I want you to choose SKIP instead , click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

~Doris~

Proud Graduate of the WTT Classroom
Member of UNITE

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online. http://www.whatthetech.com/donate

#3 WynApse

Authentic Member

Authentic Member
39 posts

Posted 08 December 2012 - 06:56 PM

Hi and thanks for taking this on... I ran TDSSKiller and it says "No threats found". Here's the report it generated: 17:52:43.0445 6244 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 17:52:43.0994 6244 ============================================================ 17:52:43.0994 6244 Current date / time: 2012/12/08 17:52:43.0994 17:52:43.0994 6244 SystemInfo: 17:52:43.0994 6244 17:52:43.0994 6244 OS Version: 6.1.7601 ServicePack: 1.0 17:52:43.0994 6244 Product type: Workstation 17:52:43.0994 6244 ComputerName: WYNAPSE-2 17:52:43.0995 6244 UserName: Dave 17:52:43.0995 6244 Windows directory: C:\Windows 17:52:43.0995 6244 System windows directory: C:\Windows 17:52:43.0995 6244 Running under WOW64 17:52:43.0995 6244 Processor architecture: Intel x64 17:52:43.0995 6244 Number of processors: 8 17:52:43.0995 6244 Page size: 0x1000 17:52:43.0995 6244 Boot type: Normal boot 17:52:43.0995 6244 ============================================================ 17:52:45.0301 6244 Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 17:52:45.0312 6244 Drive \Device\Harddisk1\DR1 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 17:52:45.0376 6244 ============================================================ 17:52:45.0377 6244 \Device\Harddisk0\DR0: 17:52:45.0377 6244 MBR partitions: 17:52:45.0377 6244 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07800 17:52:45.0377 6244 \Device\Harddisk1\DR1: 17:52:45.0377 6244 MBR partitions: 17:52:45.0377 6244 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x804, BlocksNum 0xE8E07620 17:52:45.0377 6244 ============================================================ 17:52:45.0390 6244 C: <-> \Device\Harddisk0\DR0\Partition1 17:52:45.0402 6244 F: <-> \Device\Harddisk1\DR1\Partition1 17:52:45.0402 6244 ============================================================ 17:52:45.0402 6244 Initialize success 17:52:45.0402 6244 ============================================================ 17:52:49.0985 3324 ============================================================ 17:52:49.0985 3324 Scan started 17:52:49.0985 3324 Mode: Manual; 17:52:49.0985 3324 ============================================================ 17:52:51.0332 3324 ================ Scan system memory ======================== 17:52:51.0332 3324 System memory - ok 17:52:51.0333 3324 ================ Scan services ============================= 17:52:51.0429 3324 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys 17:52:51.0432 3324 1394ohci - ok 17:52:51.0510 3324 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe 17:52:51.0512 3324 ACDaemon - ok 17:52:51.0528 3324 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 17:52:51.0532 3324 ACPI - ok 17:52:51.0553 3324 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 17:52:51.0554 3324 AcpiPmi - ok 17:52:51.0623 3324 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 17:52:51.0624 3324 AdobeARMservice - ok 17:52:51.0719 3324 [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 17:52:51.0722 3324 AdobeFlashPlayerUpdateSvc - ok 17:52:51.0751 3324 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 17:52:51.0757 3324 adp94xx - ok 17:52:51.0764 3324 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys 17:52:51.0769 3324 adpahci - ok 17:52:51.0786 3324 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 17:52:51.0789 3324 adpu320 - ok 17:52:51.0816 3324 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 17:52:51.0818 3324 AeLookupSvc - ok 17:52:51.0859 3324 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys 17:52:51.0865 3324 AFD - ok 17:52:51.0881 3324 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 17:52:51.0883 3324 agp440 - ok 17:52:51.0897 3324 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 17:52:51.0899 3324 ALG - ok 17:52:51.0916 3324 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys 17:52:51.0917 3324 aliide - ok 17:52:51.0945 3324 [ A359974EAAC83A435497C52F62A2E590 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe 17:52:51.0948 3324 AMD External Events Utility - ok 17:52:51.0961 3324 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys 17:52:51.0962 3324 amdide - ok 17:52:51.0979 3324 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 17:52:51.0981 3324 AmdK8 - ok 17:52:52.0136 3324 [ 60216B0E704584DE6D5A9F59E9C34C47 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys 17:52:52.0286 3324 amdkmdag - ok 17:52:52.0299 3324 [ 6B4E9261B613B047A9A145F328889968 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys 17:52:52.0302 3324 amdkmdap - ok 17:52:52.0305 3324 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys 17:52:52.0306 3324 AmdPPM - ok 17:52:52.0330 3324 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys 17:52:52.0332 3324 amdsata - ok 17:52:52.0352 3324 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys 17:52:52.0355 3324 amdsbs - ok 17:52:52.0372 3324 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys 17:52:52.0373 3324 amdxata - ok 17:52:52.0439 3324 [ 59D01FA91962C9C1E9B4022B2D3B46DB ] AppHostSvc C:\Windows\system32\inetsrv\apphostsvc.dll 17:52:52.0440 3324 AppHostSvc - ok 17:52:52.0458 3324 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys 17:52:52.0460 3324 AppID - ok 17:52:52.0471 3324 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 17:52:52.0472 3324 AppIDSvc - ok 17:52:52.0484 3324 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll 17:52:52.0486 3324 Appinfo - ok 17:52:52.0515 3324 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll 17:52:52.0518 3324 AppMgmt - ok 17:52:52.0537 3324 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys 17:52:52.0539 3324 arc - ok 17:52:52.0543 3324 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys 17:52:52.0545 3324 arcsas - ok 17:52:52.0621 3324 [ 108FB6DDB69E537A2EA53F425363FAE5 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 17:52:52.0622 3324 aspnet_state - ok 17:52:52.0639 3324 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 17:52:52.0640 3324 AsyncMac - ok 17:52:52.0650 3324 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys 17:52:52.0650 3324 atapi - ok 17:52:52.0697 3324 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 17:52:52.0704 3324 AudioEndpointBuilder - ok 17:52:52.0715 3324 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll 17:52:52.0720 3324 AudioSrv - ok 17:52:52.0736 3324 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll 17:52:52.0738 3324 AxInstSV - ok 17:52:52.0759 3324 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys 17:52:52.0765 3324 b06bdrv - ok 17:52:52.0787 3324 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 17:52:52.0792 3324 b57nd60a - ok 17:52:52.0805 3324 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 17:52:52.0807 3324 BDESVC - ok 17:52:52.0821 3324 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 17:52:52.0822 3324 Beep - ok 17:52:52.0858 3324 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll 17:52:52.0866 3324 BFE - ok 17:52:52.0902 3324 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll 17:52:52.0912 3324 BITS - ok 17:52:52.0928 3324 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 17:52:52.0929 3324 blbdrive - ok 17:52:52.0952 3324 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 17:52:52.0953 3324 bowser - ok 17:52:52.0961 3324 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys 17:52:52.0963 3324 BrFiltLo - ok 17:52:52.0974 3324 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys 17:52:52.0975 3324 BrFiltUp - ok 17:52:53.0009 3324 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll 17:52:53.0011 3324 Browser - ok 17:52:53.0025 3324 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 17:52:53.0029 3324 Brserid - ok 17:52:53.0043 3324 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 17:52:53.0044 3324 BrSerWdm - ok 17:52:53.0049 3324 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 17:52:53.0050 3324 BrUsbMdm - ok 17:52:53.0057 3324 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 17:52:53.0058 3324 BrUsbSer - ok 17:52:53.0062 3324 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 17:52:53.0064 3324 BTHMODEM - ok 17:52:53.0082 3324 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 17:52:53.0084 3324 bthserv - ok 17:52:53.0103 3324 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 17:52:53.0105 3324 cdfs - ok 17:52:53.0126 3324 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 17:52:53.0129 3324 cdrom - ok 17:52:53.0150 3324 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll 17:52:53.0152 3324 CertPropSvc - ok 17:52:53.0177 3324 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys 17:52:53.0179 3324 circlass - ok 17:52:53.0201 3324 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 17:52:53.0206 3324 CLFS - ok 17:52:53.0237 3324 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 17:52:53.0239 3324 clr_optimization_v2.0.50727_32 - ok 17:52:53.0283 3324 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 17:52:53.0285 3324 clr_optimization_v2.0.50727_64 - ok 17:52:53.0324 3324 [ 6D7C8A951AF6AD6835C029B3CB88D333 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 17:52:53.0326 3324 clr_optimization_v4.0.30319_32 - ok 17:52:53.0345 3324 [ 86329C35FF23CFEF0FB6C0023BA06BCE ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 17:52:53.0347 3324 clr_optimization_v4.0.30319_64 - ok 17:52:53.0364 3324 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys 17:52:53.0365 3324 CmBatt - ok 17:52:53.0369 3324 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys 17:52:53.0370 3324 cmdide - ok 17:52:53.0413 3324 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys 17:52:53.0418 3324 CNG - ok 17:52:53.0423 3324 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys 17:52:53.0424 3324 Compbatt - ok 17:52:53.0438 3324 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys 17:52:53.0439 3324 CompositeBus - ok 17:52:53.0442 3324 COMSysApp - ok 17:52:53.0455 3324 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 17:52:53.0456 3324 crcdisk - ok 17:52:53.0488 3324 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll 17:52:53.0490 3324 CryptSvc - ok 17:52:53.0535 3324 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys 17:52:53.0541 3324 CSC - ok 17:52:53.0565 3324 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll 17:52:53.0573 3324 CscService - ok 17:52:53.0619 3324 [ E0DA1A61814C330FDBE89DD15AF57FAE ] CXPLRCAP C:\Windows\system32\drivers\CxPlrCap.sys 17:52:53.0654 3324 CXPLRCAP - ok 17:52:53.0690 3324 [ C7259495924D21F1AFA26467D9F4DAE0 ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys 17:52:53.0692 3324 dc3d - ok 17:52:53.0716 3324 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll 17:52:53.0723 3324 DcomLaunch - ok 17:52:53.0742 3324 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 17:52:53.0746 3324 defragsvc - ok 17:52:53.0759 3324 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 17:52:53.0760 3324 DfsC - ok 17:52:53.0781 3324 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll 17:52:53.0785 3324 Dhcp - ok 17:52:53.0794 3324 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 17:52:53.0796 3324 discache - ok 17:52:53.0828 3324 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys 17:52:53.0829 3324 Disk - ok 17:52:53.0855 3324 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys 17:52:53.0856 3324 dmvsc - ok 17:52:53.0890 3324 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll 17:52:53.0893 3324 Dnscache - ok 17:52:53.0908 3324 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll 17:52:53.0912 3324 dot3svc - ok 17:52:53.0925 3324 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll 17:52:53.0928 3324 DPS - ok 17:52:53.0947 3324 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 17:52:53.0948 3324 drmkaud - ok 17:52:53.0973 3324 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 17:52:53.0984 3324 DXGKrnl - ok 17:52:54.0022 3324 [ 0826007B98815710666C217FDAE2AA6B ] Dyyno Launcher C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\launcherd.exe 17:52:54.0027 3324 Dyyno Launcher - ok 17:52:54.0054 3324 [ 50AD8FC1DC800FF36087994C8F7FDFF2 ] e1yexpress C:\Windows\system32\DRIVERS\e1y60x64.sys 17:52:54.0058 3324 e1yexpress - ok 17:52:54.0072 3324 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 17:52:54.0074 3324 EapHost - ok 17:52:54.0138 3324 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys 17:52:54.0199 3324 ebdrv - ok 17:52:54.0235 3324 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe 17:52:54.0236 3324 EFS - ok 17:52:54.0292 3324 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 17:52:54.0300 3324 ehRecvr - ok 17:52:54.0334 3324 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 17:52:54.0336 3324 ehSched - ok 17:52:54.0359 3324 [ A05FC7ECA0966EBB70E4D17B855A853B ] ElbyCDIO C:\Windows\system32\Drivers\ElbyCDIO.sys 17:52:54.0360 3324 ElbyCDIO - ok 17:52:54.0385 3324 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys 17:52:54.0392 3324 elxstor - ok 17:52:54.0439 3324 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys 17:52:54.0440 3324 ErrDev - ok 17:52:54.0463 3324 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 17:52:54.0468 3324 EventSystem - ok 17:52:54.0491 3324 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 17:52:54.0494 3324 exfat - ok 17:52:54.0511 3324 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 17:52:54.0514 3324 fastfat - ok 17:52:54.0540 3324 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe 17:52:54.0548 3324 Fax - ok 17:52:54.0557 3324 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys 17:52:54.0559 3324 fdc - ok 17:52:54.0576 3324 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 17:52:54.0577 3324 fdPHost - ok 17:52:54.0586 3324 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 17:52:54.0587 3324 FDResPub - ok 17:52:54.0603 3324 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 17:52:54.0604 3324 FileInfo - ok 17:52:54.0621 3324 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 17:52:54.0622 3324 Filetrace - ok 17:52:54.0626 3324 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys 17:52:54.0627 3324 flpydisk - ok 17:52:54.0645 3324 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 17:52:54.0649 3324 FltMgr - ok 17:52:54.0699 3324 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll 17:52:54.0712 3324 FontCache - ok 17:52:54.0746 3324 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 17:52:54.0747 3324 FontCache3.0.0.0 - ok 17:52:54.0762 3324 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 17:52:54.0763 3324 FsDepends - ok 17:52:54.0778 3324 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 17:52:54.0779 3324 Fs_Rec - ok 17:52:54.0883 3324 [ 895BA1CFF25E867CE5A52073E905C93B ] fussvc C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe 17:52:54.0885 3324 fussvc - ok 17:52:54.0899 3324 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 17:52:54.0902 3324 fvevol - ok 17:52:54.0920 3324 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 17:52:54.0922 3324 gagp30kx - ok 17:52:54.0950 3324 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll 17:52:54.0959 3324 gpsvc - ok 17:52:55.0044 3324 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 17:52:55.0046 3324 gupdate - ok 17:52:55.0051 3324 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 17:52:55.0052 3324 gupdatem - ok 17:52:55.0084 3324 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe 17:52:55.0087 3324 gusvc - ok 17:52:55.0097 3324 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 17:52:55.0098 3324 hcw85cir - ok 17:52:55.0122 3324 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 17:52:55.0127 3324 HdAudAddService - ok 17:52:55.0153 3324 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 17:52:55.0155 3324 HDAudBus - ok 17:52:55.0173 3324 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys 17:52:55.0175 3324 HidBatt - ok 17:52:55.0185 3324 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys 17:52:55.0187 3324 HidBth - ok 17:52:55.0194 3324 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys 17:52:55.0195 3324 HidIr - ok 17:52:55.0219 3324 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll 17:52:55.0220 3324 hidserv - ok 17:52:55.0238 3324 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 17:52:55.0239 3324 HidUsb - ok 17:52:55.0252 3324 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll 17:52:55.0254 3324 hkmsvc - ok 17:52:55.0272 3324 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll 17:52:55.0276 3324 HomeGroupListener - ok 17:52:55.0307 3324 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 17:52:55.0310 3324 HomeGroupProvider - ok 17:52:55.0321 3324 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 17:52:55.0323 3324 HpSAMD - ok 17:52:55.0353 3324 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys 17:52:55.0361 3324 HTTP - ok 17:52:55.0379 3324 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 17:52:55.0379 3324 hwpolicy - ok 17:52:55.0386 3324 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 17:52:55.0388 3324 i8042prt - ok 17:52:55.0416 3324 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 17:52:55.0422 3324 iaStorV - ok 17:52:55.0456 3324 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 17:52:55.0465 3324 idsvc - ok 17:52:55.0478 3324 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys 17:52:55.0479 3324 iirsp - ok 17:52:55.0508 3324 [ AB55B8A9B13130F638546881CE4425F8 ] IISADMIN C:\Windows\system32\inetsrv\inetinfo.exe 17:52:55.0509 3324 IISADMIN - ok 17:52:55.0535 3324 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll 17:52:55.0545 3324 IKEEXT - ok 17:52:55.0561 3324 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys 17:52:55.0563 3324 intelide - ok 17:52:55.0587 3324 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 17:52:55.0588 3324 intelppm - ok 17:52:55.0601 3324 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 17:52:55.0603 3324 IPBusEnum - ok 17:52:55.0616 3324 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 17:52:55.0618 3324 IpFilterDriver - ok 17:52:55.0660 3324 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 17:52:55.0667 3324 iphlpsvc - ok 17:52:55.0678 3324 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 17:52:55.0680 3324 IPMIDRV - ok 17:52:55.0689 3324 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 17:52:55.0691 3324 IPNAT - ok 17:52:55.0705 3324 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 17:52:55.0706 3324 IRENUM - ok 17:52:55.0717 3324 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 17:52:55.0718 3324 isapnp - ok 17:52:55.0730 3324 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 17:52:55.0733 3324 iScsiPrt - ok 17:52:55.0749 3324 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 17:52:55.0750 3324 kbdclass - ok 17:52:55.0767 3324 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 17:52:55.0768 3324 kbdhid - ok 17:52:55.0772 3324 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe 17:52:55.0773 3324 KeyIso - ok 17:52:55.0810 3324 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 17:52:55.0811 3324 KSecDD - ok 17:52:55.0823 3324 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 17:52:55.0825 3324 KSecPkg - ok 17:52:55.0832 3324 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 17:52:55.0834 3324 ksthunk - ok 17:52:55.0868 3324 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 17:52:55.0873 3324 KtmRm - ok 17:52:55.0893 3324 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll 17:52:55.0897 3324 LanmanServer - ok 17:52:55.0915 3324 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 17:52:55.0918 3324 LanmanWorkstation - ok 17:52:55.0949 3324 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 17:52:55.0951 3324 lltdio - ok 17:52:55.0967 3324 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 17:52:55.0972 3324 lltdsvc - ok 17:52:55.0988 3324 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 17:52:55.0990 3324 lmhosts - ok 17:52:56.0003 3324 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 17:52:56.0005 3324 LSI_FC - ok 17:52:56.0011 3324 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 17:52:56.0013 3324 LSI_SAS - ok 17:52:56.0017 3324 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys 17:52:56.0019 3324 LSI_SAS2 - ok 17:52:56.0035 3324 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 17:52:56.0037 3324 LSI_SCSI - ok 17:52:56.0053 3324 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 17:52:56.0054 3324 luafv - ok 17:52:56.0065 3324 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 17:52:56.0067 3324 Mcx2Svc - ok 17:52:56.0076 3324 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys 17:52:56.0077 3324 megasas - ok 17:52:56.0092 3324 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys 17:52:56.0095 3324 MegaSR - ok 17:52:56.0149 3324 Microsoft SharePoint Workspace Audit Service - ok 17:52:56.0161 3324 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 17:52:56.0163 3324 MMCSS - ok 17:52:56.0183 3324 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 17:52:56.0184 3324 Modem - ok 17:52:56.0202 3324 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 17:52:56.0203 3324 monitor - ok 17:52:56.0221 3324 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 17:52:56.0223 3324 mouclass - ok 17:52:56.0234 3324 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 17:52:56.0235 3324 mouhid - ok 17:52:56.0249 3324 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 17:52:56.0251 3324 mountmgr - ok 17:52:56.0317 3324 [ 313265CF4F5F02ED927774DA1DB3FE00 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 17:52:56.0319 3324 MozillaMaintenance - ok 17:52:56.0346 3324 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys 17:52:56.0348 3324 MpFilter - ok 17:52:56.0362 3324 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys 17:52:56.0365 3324 mpio - ok 17:52:56.0374 3324 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 17:52:56.0376 3324 mpsdrv - ok 17:52:56.0398 3324 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll 17:52:56.0408 3324 MpsSvc - ok 17:52:56.0439 3324 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 17:52:56.0441 3324 MRxDAV - ok 17:52:56.0468 3324 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 17:52:56.0470 3324 mrxsmb - ok 17:52:56.0485 3324 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 17:52:56.0488 3324 mrxsmb10 - ok 17:52:56.0500 3324 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 17:52:56.0502 3324 mrxsmb20 - ok 17:52:56.0512 3324 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys 17:52:56.0513 3324 msahci - ok 17:52:56.0529 3324 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys 17:52:56.0531 3324 msdsm - ok 17:52:56.0546 3324 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 17:52:56.0549 3324 MSDTC - ok 17:52:56.0569 3324 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 17:52:56.0569 3324 Msfs - ok 17:52:56.0586 3324 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 17:52:56.0587 3324 mshidkmdf - ok 17:52:56.0602 3324 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 17:52:56.0602 3324 msisadrv - ok 17:52:56.0630 3324 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 17:52:56.0633 3324 MSiSCSI - ok 17:52:56.0636 3324 msiserver - ok 17:52:56.0657 3324 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 17:52:56.0658 3324 MSKSSRV - ok 17:52:56.0735 3324 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe 17:52:56.0736 3324 MsMpSvc - ok 17:52:56.0747 3324 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 17:52:56.0748 3324 MSPCLOCK - ok 17:52:56.0766 3324 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 17:52:56.0767 3324 MSPQM - ok 17:52:56.0791 3324 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 17:52:56.0795 3324 MsRPC - ok 17:52:56.0804 3324 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys 17:52:56.0806 3324 mssmbios - ok 17:52:56.0868 3324 MSSQL$SQLEXPRESS - ok 17:52:56.0893 3324 [ 7A2A8C975356858EB38466A6B1592E8D ] MSSQLServerADHelper100 c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE 17:52:56.0894 3324 MSSQLServerADHelper100 - ok 17:52:56.0904 3324 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 17:52:56.0905 3324 MSTEE - ok 17:52:56.0921 3324 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys 17:52:56.0923 3324 MTConfig - ok 17:52:56.0941 3324 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 17:52:56.0942 3324 Mup - ok 17:52:56.0982 3324 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll 17:52:56.0989 3324 napagent - ok 17:52:57.0007 3324 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 17:52:57.0011 3324 NativeWifiP - ok 17:52:57.0052 3324 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys 17:52:57.0063 3324 NDIS - ok 17:52:57.0081 3324 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 17:52:57.0083 3324 NdisCap - ok 17:52:57.0091 3324 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 17:52:57.0092 3324 NdisTapi - ok 17:52:57.0102 3324 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 17:52:57.0104 3324 Ndisuio - ok 17:52:57.0124 3324 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 17:52:57.0126 3324 NdisWan - ok 17:52:57.0135 3324 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 17:52:57.0136 3324 NDProxy - ok 17:52:57.0141 3324 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 17:52:57.0141 3324 NetBIOS - ok 17:52:57.0155 3324 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 17:52:57.0159 3324 NetBT - ok 17:52:57.0174 3324 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe 17:52:57.0176 3324 Netlogon - ok 17:52:57.0197 3324 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 17:52:57.0202 3324 Netman - ok 17:52:57.0226 3324 [ E8B9164DA7701C1E595647C3A3AFA766 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 17:52:57.0229 3324 NetMsmqActivator - ok 17:52:57.0234 3324 [ E8B9164DA7701C1E595647C3A3AFA766 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 17:52:57.0235 3324 NetPipeActivator - ok 17:52:57.0258 3324 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 17:52:57.0264 3324 netprofm - ok 17:52:57.0269 3324 [ E8B9164DA7701C1E595647C3A3AFA766 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 17:52:57.0270 3324 NetTcpActivator - ok 17:52:57.0275 3324 [ E8B9164DA7701C1E595647C3A3AFA766 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 17:52:57.0277 3324 NetTcpPortSharing - ok 17:52:57.0295 3324 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 17:52:57.0297 3324 nfrd960 - ok 17:52:57.0325 3324 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys 17:52:57.0327 3324 NisDrv - ok 17:52:57.0351 3324 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe 17:52:57.0355 3324 NisSrv - ok 17:52:57.0381 3324 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll 17:52:57.0386 3324 NlaSvc - ok 17:52:57.0400 3324 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 17:52:57.0401 3324 Npfs - ok 17:52:57.0405 3324 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 17:52:57.0407 3324 nsi - ok 17:52:57.0412 3324 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 17:52:57.0413 3324 nsiproxy - ok 17:52:57.0471 3324 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 17:52:57.0506 3324 Ntfs - ok 17:52:57.0547 3324 [ 85ED9A335C81107CA2A9FC0F1C354B48 ] NT_NvcA C:\Windows\system32\DRIVERS\ntnvca.sys 17:52:57.0559 3324 NT_NvcA - ok 17:52:57.0570 3324 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 17:52:57.0571 3324 Null - ok 17:52:57.0625 3324 [ 299CE4E9B7D418F326D8E54D81C47464 ] NvcSvcMgr C:\Program Files (x86)\Avaya\Avaya VPN Client\NvcSvcMgr.exe 17:52:57.0633 3324 NvcSvcMgr - ok 17:52:57.0663 3324 [ D1D4B85564581B1F49A2118295657873 ] nvcwfpco C:\Windows\system32\DRIVERS\nvcwfpco.sys 17:52:57.0680 3324 nvcwfpco - ok 17:52:57.0710 3324 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys 17:52:57.0713 3324 nvraid - ok 17:52:57.0728 3324 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys 17:52:57.0731 3324 nvstor - ok 17:52:57.0753 3324 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 17:52:57.0756 3324 nv_agp - ok 17:52:57.0763 3324 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 17:52:57.0765 3324 ohci1394 - ok 17:52:57.0809 3324 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 17:52:57.0811 3324 ose - ok 17:52:57.0914 3324 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 17:52:58.0010 3324 osppsvc - ok 17:52:58.0047 3324 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 17:52:58.0050 3324 p2pimsvc - ok 17:52:58.0062 3324 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 17:52:58.0067 3324 p2psvc - ok 17:52:58.0081 3324 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys 17:52:58.0083 3324 Parport - ok 17:52:58.0111 3324 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys 17:52:58.0112 3324 partmgr - ok 17:52:58.0122 3324 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 17:52:58.0125 3324 PcaSvc - ok 17:52:58.0141 3324 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys 17:52:58.0143 3324 pci - ok 17:52:58.0161 3324 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys 17:52:58.0162 3324 pciide - ok 17:52:58.0183 3324 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 17:52:58.0187 3324 pcmcia - ok 17:52:58.0206 3324 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 17:52:58.0208 3324 pcw - ok 17:52:58.0239 3324 [ 8E441DC9CB1985EE60EA97C7AF9127F3 ] PCWinSoft C:\Windows\system32\DRIVERS\scrcamhrdrv_x64.sys 17:52:58.0280 3324 PCWinSoft - ok 17:52:58.0307 3324 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 17:52:58.0314 3324 PEAUTH - ok 17:52:58.0351 3324 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll 17:52:58.0370 3324 PeerDistSvc - ok 17:52:58.0465 3324 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 17:52:58.0467 3324 PerfHost - ok 17:52:58.0507 3324 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll 17:52:58.0532 3324 pla - ok 17:52:58.0574 3324 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 17:52:58.0580 3324 PlugPlay - ok 17:52:58.0590 3324 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 17:52:58.0592 3324 PNRPAutoReg - ok 17:52:58.0600 3324 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 17:52:58.0603 3324 PNRPsvc - ok 17:52:58.0643 3324 [ 32D374C60778253B81FA76C2FE19E155 ] Point64 C:\Windows\system32\DRIVERS\point64.sys 17:52:58.0644 3324 Point64 - ok 17:52:58.0671 3324 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 17:52:58.0677 3324 PolicyAgent - ok 17:52:58.0693 3324 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll 17:52:58.0697 3324 Power - ok 17:52:58.0721 3324 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 17:52:58.0723 3324 PptpMiniport - ok 17:52:58.0736 3324 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys 17:52:58.0738 3324 Processor - ok 17:52:58.0764 3324 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll 17:52:58.0768 3324 ProfSvc - ok 17:52:58.0782 3324 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe 17:52:58.0784 3324 ProtectedStorage - ok 17:52:58.0799 3324 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys 17:52:58.0801 3324 Psched - ok 17:52:58.0841 3324 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys 17:52:58.0857 3324 ql2300 - ok 17:52:58.0868 3324 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 17:52:58.0870 3324 ql40xx - ok 17:52:58.0891 3324 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 17:52:58.0896 3324 QWAVE - ok 17:52:58.0904 3324 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 17:52:58.0905 3324 QWAVEdrv - ok 17:52:58.0918 3324 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 17:52:58.0919 3324 RasAcd - ok 17:52:58.0932 3324 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 17:52:58.0933 3324 RasAgileVpn - ok 17:52:58.0949 3324 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 17:52:58.0952 3324 RasAuto - ok 17:52:58.0964 3324 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 17:52:58.0966 3324 Rasl2tp - ok 17:52:58.0991 3324 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll 17:52:58.0997 3324 RasMan - ok 17:52:59.0009 3324 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 17:52:59.0011 3324 RasPppoe - ok 17:52:59.0021 3324 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 17:52:59.0023 3324 RasSstp - ok 17:52:59.0045 3324 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 17:52:59.0048 3324 rdbss - ok 17:52:59.0055 3324 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 17:52:59.0057 3324 rdpbus - ok 17:52:59.0061 3324 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 17:52:59.0062 3324 RDPCDD - ok 17:52:59.0089 3324 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys 17:52:59.0092 3324 RDPDR - ok 17:52:59.0109 3324 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 17:52:59.0110 3324 RDPENCDD - ok 17:52:59.0117 3324 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 17:52:59.0118 3324 RDPREFMP - ok 17:52:59.0153 3324 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys 17:52:59.0154 3324 RdpVideoMiniport - ok 17:52:59.0183 3324 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 17:52:59.0186 3324 RDPWD - ok 17:52:59.0193 3324 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 17:52:59.0195 3324 rdyboost - ok 17:52:59.0225 3324 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 17:52:59.0227 3324 RemoteAccess - ok 17:52:59.0239 3324 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 17:52:59.0243 3324 RemoteRegistry - ok 17:52:59.0260 3324 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 17:52:59.0262 3324 RpcEptMapper - ok 17:52:59.0274 3324 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 17:52:59.0276 3324 RpcLocator - ok 17:52:59.0295 3324 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll 17:52:59.0301 3324 RpcSs - ok 17:52:59.0354 3324 [ C9FE05A63C500ABE3AFA5786504C4D36 ] RsFx0105 C:\Windows\system32\DRIVERS\RsFx0105.sys 17:52:59.0358 3324 RsFx0105 - ok 17:52:59.0372 3324 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 17:52:59.0373 3324 rspndr - ok 17:52:59.0394 3324 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys 17:52:59.0396 3324 s3cap - ok 17:52:59.0399 3324 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe 17:52:59.0401 3324 SamSs - ok 17:52:59.0507 3324 [ 328100AF2EFD951EAB657384EC361B6F ] SamsungAllShareV2.0 C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe 17:52:59.0507 3324 SamsungAllShareV2.0 - ok 17:52:59.0528 3324 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 17:52:59.0530 3324 sbp2port - ok 17:52:59.0536 3324 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 17:52:59.0540 3324 SCardSvr - ok 17:52:59.0559 3324 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 17:52:59.0560 3324 scfilter - ok 17:52:59.0585 3324 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll 17:52:59.0599 3324 Schedule - ok 17:52:59.0630 3324 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll 17:52:59.0631 3324 SCPolicySvc - ok 17:52:59.0650 3324 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll 17:52:59.0654 3324 SDRSVC - ok 17:52:59.0662 3324 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 17:52:59.0663 3324 secdrv - ok 17:52:59.0667 3324 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll 17:52:59.0669 3324 seclogon - ok 17:52:59.0682 3324 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll 17:52:59.0685 3324 SENS - ok 17:52:59.0693 3324 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 17:52:59.0695 3324 SensrSvc - ok 17:52:59.0718 3324 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 17:52:59.0719 3324 Serenum - ok 17:52:59.0729 3324 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys 17:52:59.0731 3324 Serial - ok 17:52:59.0745 3324 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys 17:52:59.0747 3324 sermouse - ok 17:52:59.0762 3324 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll 17:52:59.0765 3324 SessionEnv - ok 17:52:59.0779 3324 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 17:52:59.0780 3324 sffdisk - ok 17:52:59.0795 3324 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 17:52:59.0796 3324 sffp_mmc - ok 17:52:59.0803 3324 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 17:52:59.0804 3324 sffp_sd - ok 17:52:59.0817 3324 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 17:52:59.0818 3324 sfloppy - ok 17:52:59.0841 3324 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll 17:52:59.0846 3324 SharedAccess - ok 17:52:59.0868 3324 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll 17:52:59.0874 3324 ShellHWDetection - ok 17:52:59.0902 3324 [ 1980FE1F5A32067DAD1D8776B63C2669 ] SimpleSlideShowServer C:\Program Files (x86)\Samsung\AllShare\AllShareSlideShowService.exe 17:52:59.0903 3324 SimpleSlideShowServer - ok 17:52:59.0918 3324 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys 17:52:59.0919 3324 SiSRaid2 - ok 17:52:59.0937 3324 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 17:52:59.0939 3324 SiSRaid4 - ok 17:52:59.0947 3324 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 17:52:59.0949 3324 Smb - ok 17:52:59.0973 3324 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 17:52:59.0975 3324 SNMPTRAP - ok 17:53:00.0052 3324 [ C9CAD8B43FFDD5ADB7BCCFD1DBEC1E86 ] SPAMfighter Update Service C:\Program Files (x86)\Fighters\SPAMfighter\sfus.exe 17:53:00.0054 3324 SPAMfighter Update Service - ok 17:53:00.0059 3324 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 17:53:00.0059 3324 spldr - ok 17:53:00.0095 3324 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe 17:53:00.0103 3324 Spooler - ok 17:53:00.0174 3324 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe 17:53:00.0236 3324 sppsvc - ok 17:53:00.0262 3324 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 17:53:00.0265 3324 sppuinotify - ok 17:53:00.0289 3324 [ 45E65FB17A4CD5FACBD3CA16C8334C82 ] SQLAgent$SQLEXPRESS c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE 17:53:00.0294 3324 SQLAgent$SQLEXPRESS - ok 17:53:00.0365 3324 [ 10D936DCED9EACD1A1B3FCDDA6D7A4EB ] SQLBrowser c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe 17:53:00.0368 3324 SQLBrowser - ok 17:53:00.0430 3324 [ EAD5300C93946B0250A309E2BF2BE4CF ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe 17:53:00.0432 3324 SQLWriter - ok 17:53:00.0458 3324 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys 17:53:00.0464 3324 srv - ok 17:53:00.0480 3324 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 17:53:00.0485 3324 srv2 - ok 17:53:00.0503 3324 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 17:53:00.0506 3324 srvnet - ok 17:53:00.0534 3324 [ ED161B91FDF7EAA39469D72D463D5F4E ] sscdbus C:\Windows\system32\DRIVERS\sscdbus.sys 17:53:00.0537 3324 sscdbus - ok 17:53:00.0562 3324 [ 4CB09E77593DBD8D7AF33B37375CA715 ] sscdmdfl C:\Windows\system32\DRIVERS\sscdmdfl.sys 17:53:00.0564 3324 sscdmdfl - ok 17:53:00.0578 3324 [ C7B4CF53497A6E5363F3439427663882 ] sscdmdm C:\Windows\system32\DRIVERS\sscdmdm.sys 17:53:00.0581 3324 sscdmdm - ok 17:53:00.0598 3324 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 17:53:00.0602 3324 SSDPSRV - ok 17:53:00.0616 3324 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 17:53:00.0619 3324 SstpSvc - ok 17:53:00.0632 3324 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys 17:53:00.0633 3324 stexstor - ok 17:53:00.0659 3324 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll 17:53:00.0667 3324 stisvc - ok 17:53:00.0687 3324 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys 17:53:00.0688 3324 storflt - ok 17:53:00.0705 3324 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys 17:53:00.0706 3324 storvsc - ok 17:53:00.0747 3324 [ 01EA75C0160C4E0BE818E03AD7C0DF0F ] Suite Service C:\Program Files (x86)\Fighters\FighterSuiteService.exe 17:53:00.0761 3324 Suite Service - ok 17:53:00.0765 3324 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys 17:53:00.0766 3324 swenum - ok 17:53:00.0784 3324 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 17:53:00.0789 3324 swprv - ok 17:53:00.0809 3324 [ C3A39C4079305480972D29C44B868C78 ] Synth3dVsc C:\Windows\system32\drivers\synth3dvsc.sys 17:53:00.0810 3324 Synth3dVsc - ok 17:53:00.0844 3324 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll 17:53:00.0874 3324 SysMain - ok 17:53:00.0892 3324 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll 17:53:00.0894 3324 TabletInputService - ok 17:53:00.0908 3324 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll 17:53:00.0913 3324 TapiSrv - ok 17:53:00.0918 3324 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 17:53:00.0920 3324 TBS - ok 17:53:00.0975 3324 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 17:53:01.0004 3324 Tcpip - ok 17:53:01.0028 3324 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 17:53:01.0037 3324 TCPIP6 - ok 17:53:01.0075 3324 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 17:53:01.0076 3324 tcpipreg - ok 17:53:01.0094 3324 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 17:53:01.0096 3324 TDPIPE - ok 17:53:01.0125 3324 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 17:53:01.0126 3324 TDTCP - ok 17:53:01.0137 3324 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 17:53:01.0139 3324 tdx - ok 17:53:01.0191 3324 [ BB676D2C7AD5E7131D12417E4691F9B9 ] Te.Service C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe 17:53:01.0193 3324 Te.Service - ok 17:53:01.0208 3324 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys 17:53:01.0210 3324 TermDD - ok 17:53:01.0223 3324 [ 2B5BDFF688EC9871D7EC5837833374E9 ] terminpt C:\Windows\system32\drivers\terminpt.sys 17:53:01.0224 3324 terminpt - ok 17:53:01.0245 3324 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll 17:53:01.0253 3324 TermService - ok 17:53:01.0267 3324 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 17:53:01.0270 3324 Themes - ok 17:53:01.0297 3324 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 17:53:01.0298 3324 THREADORDER - ok 17:53:01.0308 3324 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 17:53:01.0311 3324 TrkWks - ok 17:53:01.0355 3324 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 17:53:01.0358 3324 TrustedInstaller - ok 17:53:01.0366 3324 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 17:53:01.0368 3324 tssecsrv - ok 17:53:01.0375 3324 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 17:53:01.0377 3324 TsUsbFlt - ok 17:53:01.0394 3324 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys 17:53:01.0395 3324 TsUsbGD - ok 17:53:01.0413 3324 [ E1748D04AE40118B62BC18AC86032192 ] tsusbhub C:\Windows\system32\drivers\tsusbhub.sys 17:53:01.0415 3324 tsusbhub - ok 17:53:01.0439 3324 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 17:53:01.0441 3324 tunnel - ok 17:53:01.0453 3324 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys 17:53:01.0455 3324 uagp35 - ok 17:53:01.0469 3324 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 17:53:01.0473 3324 udfs - ok 17:53:01.0490 3324 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 17:53:01.0493 3324 UI0Detect - ok 17:53:01.0510 3324 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 17:53:01.0511 3324 uliagpkx - ok 17:53:01.0527 3324 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 17:53:01.0529 3324 umbus - ok 17:53:01.0559 3324 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys 17:53:01.0560 3324 UmPass - ok 17:53:01.0578 3324 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll 17:53:01.0582 3324 UmRdpService - ok 17:53:01.0603 3324 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 17:53:01.0610 3324 upnphost - ok 17:53:01.0636 3324 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 17:53:01.0638 3324 usbccgp - ok 17:53:01.0658 3324 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys 17:53:01.0660 3324 usbcir - ok 17:53:01.0675 3324 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 17:53:01.0676 3324 usbehci - ok 17:53:01.0695 3324 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 17:53:01.0699 3324 usbhub - ok 17:53:01.0712 3324 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys 17:53:01.0713 3324 usbohci - ok 17:53:01.0720 3324 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys 17:53:01.0721 3324 usbprint - ok 17:53:01.0792 3324 [ 5848CBD68382C43BB859C4BAC544A803 ] USBSafelyRemoveService C:\Program Files (x86)\USB Safely Remove\USBSRService.exe 17:53:01.0798 3324 USBSafelyRemoveService - ok 17:53:01.0806 3324 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 17:53:01.0808 3324 USBSTOR - ok 17:53:01.0820 3324 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys 17:53:01.0822 3324 usbuhci - ok 17:53:01.0835 3324 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 17:53:01.0837 3324 UxSms - ok 17:53:01.0841 3324 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe 17:53:01.0842 3324 VaultSvc - ok 17:53:01.0863 3324 [ FD911873C0BB6945FA38C16E9A2B58F9 ] VClone C:\Windows\system32\DRIVERS\VClone.sys 17:53:01.0864 3324 VClone - ok 17:53:01.0871 3324 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 17:53:01.0872 3324 vdrvroot - ok 17:53:01.0890 3324 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe 17:53:01.0898 3324 vds - ok 17:53:01.0909 3324 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 17:53:01.0910 3324 vga - ok 17:53:01.0918 3324 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 17:53:01.0919 3324 VgaSave - ok 17:53:01.0922 3324 VGPU - ok 17:53:01.0945 3324 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 17:53:01.0949 3324 vhdmp - ok 17:53:01.0957 3324 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys 17:53:01.0958 3324 viaide - ok 17:53:01.0976 3324 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys 17:53:01.0979 3324 vmbus - ok 17:53:01.0992 3324 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys 17:53:01.0994 3324 VMBusHID - ok 17:53:02.0007 3324 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys 17:53:02.0008 3324 volmgr - ok 17:53:02.0024 3324 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 17:53:02.0028 3324 volmgrx - ok 17:53:02.0036 3324 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys 17:53:02.0040 3324 volsnap - ok 17:53:02.0054 3324 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 17:53:02.0057 3324 vsmraid - ok 17:53:02.0135 3324 [ CA64A8838B4674D14BDF88ABA2F253EA ] VSPerfDrv100 C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys 17:53:02.0137 3324 VSPerfDrv100 - ok 17:53:02.0235 3324 [ F972436B5ED08069A1E7D623B77C226A ] VSPerfDrv110 C:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys 17:53:02.0238 3324 VSPerfDrv110 - ok 17:53:02.0275 3324 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe 17:53:02.0309 3324 VSS - ok 17:53:02.0314 3324 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys 17:53:02.0315 3324 vwifibus - ok 17:53:02.0345 3324 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 17:53:02.0351 3324 W32Time - ok 17:53:02.0410 3324 [ B32009DB1972E7F2C227499289C4384A ] W3SVC C:\Windows\system32\inetsrv\iisw3adm.dll 17:53:02.0417 3324 W3SVC - ok 17:53:02.0431 3324 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys 17:53:02.0433 3324 WacomPen - ok 17:53:02.0454 3324 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 17:53:02.0455 3324 WANARP - ok 17:53:02.0459 3324 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 17:53:02.0460 3324 Wanarpv6 - ok 17:53:02.0469 3324 [ B32009DB1972E7F2C227499289C4384A ] WAS C:\Windows\system32\inetsrv\iisw3adm.dll 17:53:02.0472 3324 WAS - ok 17:53:02.0511 3324 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe 17:53:02.0526 3324 WatAdminSvc - ok 17:53:02.0563 3324 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe 17:53:02.0580 3324 wbengine - ok 17:53:02.0600 3324 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 17:53:02.0604 3324 WbioSrvc - ok 17:53:02.0619 3324 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll 17:53:02.0625 3324 wcncsvc - ok 17:53:02.0633 3324 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 17:53:02.0635 3324 WcsPlugInService - ok 17:53:02.0650 3324 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys 17:53:02.0651 3324 Wd - ok 17:53:02.0689 3324 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 17:53:02.0697 3324 Wdf01000 - ok 17:53:02.0707 3324 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 17:53:02.0710 3324 WdiServiceHost - ok 17:53:02.0714 3324 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 17:53:02.0717 3324 WdiSystemHost - ok 17:53:02.0737 3324 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll 17:53:02.0742 3324 WebClient - ok 17:53:02.0751 3324 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 17:53:02.0756 3324 Wecsvc - ok 17:53:02.0763 3324 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 17:53:02.0766 3324 wercplsupport - ok 17:53:02.0780 3324 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 17:53:02.0783 3324 WerSvc - ok 17:53:02.0794 3324 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 17:53:02.0795 3324 WfpLwf - ok 17:53:02.0800 3324 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 17:53:02.0801 3324 WIMMount - ok 17:53:02.0815 3324 WinDefend - ok 17:53:02.0822 3324 WinHttpAutoProxySvc - ok 17:53:02.0861 3324 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 17:53:02.0864 3324 Winmgmt - ok 17:53:02.0906 3324 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll 17:53:02.0951 3324 WinRM - ok 17:53:02.0986 3324 [ FE88B288356E7B47B74B13372ADD906D ] WinUSB C:\Windows\system32\DRIVERS\WinUSB.sys 17:53:02.0987 3324 WinUSB - ok 17:53:03.0016 3324 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 17:53:03.0027 3324 Wlansvc - ok 17:53:03.0091 3324 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files (x86)\Windows Live\Mesh\wlcrasvc.exe 17:53:03.0092 3324 wlcrasvc - ok 17:53:03.0182 3324 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 17:53:03.0229 3324 wlidsvc - ok 17:53:03.0248 3324 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys 17:53:03.0249 3324 WmiAcpi - ok 17:53:03.0267 3324 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 17:53:03.0270 3324 wmiApSrv - ok 17:53:03.0296 3324 WMPNetworkSvc - ok 17:53:03.0346 3324 [ 83B6CA03C846FCD47F9883D77D1EB27B ] WMZuneComm C:\Program Files\Zune\WMZuneComm.exe 17:53:03.0351 3324 WMZuneComm - ok 17:53:03.0371 3324 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 17:53:03.0374 3324 WPCSvc - ok 17:53:03.0387 3324 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 17:53:03.0391 3324 WPDBusEnum - ok 17:53:03.0406 3324 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 17:53:03.0408 3324 ws2ifsl - ok 17:53:03.0424 3324 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll 17:53:03.0427 3324 wscsvc - ok 17:53:03.0431 3324 WSearch - ok 17:53:03.0500 3324 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 17:53:03.0550 3324 wuauserv - ok 17:53:03.0580 3324 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 17:53:03.0582 3324 WudfPf - ok 17:53:03.0599 3324 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 17:53:03.0602 3324 WUDFRd - ok 17:53:03.0643 3324 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 17:53:03.0647 3324 wudfsvc - ok 17:53:03.0665 3324 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll 17:53:03.0670 3324 WwanSvc - ok 17:53:03.0724 3324 [ 12F9EAD58E8CA6C8377B0E61766C5A12 ] XobniService C:\Program Files (x86)\Xobni\XobniService.exe 17:53:03.0724 3324 XobniService - ok 17:53:03.0867 3324 [ 67B787C34FB2888D01B130AE007042D8 ] ZuneNetworkSvc C:\Program Files\Zune\ZuneNss.exe 17:53:03.0989 3324 ZuneNetworkSvc - ok 17:53:04.0012 3324 [ 4D89FC1C20CF655739EFAC5DA81A67BC ] ZuneWlanCfgSvc C:\Program Files\Zune\ZuneWlanCfgSvc.exe 17:53:04.0017 3324 ZuneWlanCfgSvc - ok 17:53:04.0020 3324 ================ Scan global =============================== 17:53:04.0044 3324 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 17:53:04.0074 3324 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll 17:53:04.0083 3324 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll 17:53:04.0090 3324 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 17:53:04.0110 3324 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 17:53:04.0114 3324 [Global] - ok 17:53:04.0114 3324 ================ Scan MBR ================================== 17:53:04.0128 3324 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 17:53:04.0134 3324 \Device\Harddisk0\DR0 - ok 17:53:04.0571 3324 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1 17:53:04.0770 3324 \Device\Harddisk1\DR1 - ok 17:53:04.0770 3324 ================ Scan VBR ================================== 17:53:04.0773 3324 [ BF4B395863A4998345208E86312E00D1 ] \Device\Harddisk0\DR0\Partition1 17:53:04.0775 3324 \Device\Harddisk0\DR0\Partition1 - ok 17:53:04.0779 3324 [ C27F37459236DD8C5C00E3D27F4F7958 ] \Device\Harddisk1\DR1\Partition1 17:53:04.0780 3324 \Device\Harddisk1\DR1\Partition1 - ok 17:53:04.0781 3324 ============================================================ 17:53:04.0781 3324 Scan finished 17:53:04.0781 3324 ============================================================ 17:53:04.0791 6740 Detected object count: 0 17:53:04.0792 6740 Actual detected object count: 0

#4 patndoris

SuperMember

Malware Team
2,593 posts

Posted 08 December 2012 - 07:10 PM

Fantastic! No rootkits so we can go ahead with our tools. Give the symptoms you described from the infection that was found I'd like to go ahead with the following instructions.

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Double click on ComboFix.exe & follow the prompts.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. 1. Do not mouse-click anywhere on the screen while it is running. That may cause it to stall. In fact, I suggest you do not do anything else on the computer while Combofix is running as it can cause it to stall. It may appear at times that it isn't doing anything but it is. Just let it run. It may also reboot the machine as a part of what it is doing and that is not unusual. (If your computer requires a login then you WILL need to fill in the login/password for it to continue. If your computer does not have a login then it will continue on it's own..) Then, just sit tight until it finishes. Sometimes it takes 10 minutes, sometimes it takes an hour. Just be patient until the log pops up. If it takes more than an hour and doesn't appear to be doing anything, you can stop it and come back and let me know.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

If you have a problem launching programs after running Combofix, please do not panic! Simply reboot the computer and all should be fine.

#5 WynApse

Authentic Member

Authentic Member
39 posts

Posted 08 December 2012 - 08:02 PM

okey dokey... that was pretty quick: ComboFix 12-12-07.01 - Dave 12/08/2012 18:39:06.1.8 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.12279.8190 [GMT -7:00] Running from: c:\users\Dave\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C} SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Dave\AppData\Local\assembly\tmp c:\windows\SysWow64\d2d1debug1.dll . . ((((((((((((((((((((((((( Files Created from 2012-11-09 to 2012-12-09 ))))))))))))))))))))))))))))))) . . 2012-12-09 01:45 . 2012-12-09 01:45 -------- d-----w- c:\users\SPServices\AppData\Local\temp 2012-12-08 20:17 . 2012-12-08 20:17 -------- d-----w- c:\users\Dave\AppData\Roaming\Malwarebytes 2012-12-08 20:17 . 2012-12-08 20:17 -------- d-----w- c:\programdata\Malwarebytes 2012-12-08 20:17 . 2012-12-08 20:17 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-12-08 20:17 . 2012-09-30 02:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-12-08 15:39 . 2012-12-08 15:39 16200 ----a-w- c:\windows\stinger.sys 2012-12-08 15:39 . 2012-12-08 15:49 -------- d-----w- c:\program files (x86)\stinger 2012-12-08 10:28 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8EDCDE5A-4174-49C9-918B-F02A89F98C41}\mpengine.dll 2012-12-07 10:29 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-11-29 10:29 . 2012-11-29 10:28 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5D071AE6-3AF3-4591-B62D-BE396084B7BD}\gapaengine.dll 2012-11-23 20:15 . 2012-11-23 20:15 -------- d-----w- c:\users\Dave\AppData\Roaming\SnippetDesigner 2012-11-18 03:24 . 2012-11-18 03:24 -------- d-----w- c:\users\Dave\AppData\Local\HTML Executable 2012-11-15 10:08 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2012-11-15 10:08 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2012-11-15 10:08 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui 2012-11-15 10:08 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll 2012-11-15 10:03 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys 2012-11-15 10:03 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys 2012-11-15 10:03 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll 2012-11-15 10:03 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll 2012-11-15 10:03 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe 2012-11-15 10:03 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll 2012-11-15 10:03 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll 2012-11-15 04:04 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll 2012-11-15 04:04 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll 2012-11-14 20:22 . 2012-11-14 20:22 -------- d-----w- c:\users\Dave\AppData\Roaming\Axialis 2012-11-14 20:22 . 2012-11-14 20:22 -------- d-----w- c:\program files (x86)\Axialis 2012-11-14 20:22 . 2012-11-21 19:50 -------- d-----w- c:\users\Dave\AppData\Local\Axialis 2012-11-14 20:04 . 2012-11-14 20:04 -------- d-----w- c:\programdata\AVS4YOU 2012-11-14 20:04 . 2012-11-14 20:04 -------- d-----w- c:\users\Dave\AppData\Roaming\AVS4YOU 2012-11-14 20:03 . 2012-11-14 20:03 -------- d-----w- c:\program files (x86)\Common Files\AVSMedia 2012-11-14 20:02 . 2012-11-14 20:10 -------- d-----w- c:\program files (x86)\AVS4YOU 2012-11-14 20:02 . 2012-04-20 19:08 24576 ----a-w- c:\windows\SysWow64\msxml3a.dll 2012-11-14 19:53 . 2012-11-14 20:01 -------- d-----w- c:\users\Dave\AppData\Roaming\IrfanView 2012-11-14 19:53 . 2012-11-14 19:53 -------- d-----w- c:\program files (x86)\IrfanView . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-11-28 14:09 . 2012-06-26 20:59 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-11-28 14:09 . 2012-06-26 20:59 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-11-15 10:03 . 2012-06-26 05:21 66395536 ----a-w- c:\windows\system32\MRT.exe 2012-10-16 08:38 . 2012-11-28 09:04 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 08:38 . 2012-11-28 09:04 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 07:39 . 2012-11-28 09:04 561664 ----a-w- c:\windows\apppatch\AcLayers.dll 2012-10-08 16:05 . 2012-08-17 15:36 2657120 ----a-w- c:\programdata\Microsoft\VisualStudio\11.0\1033\ResourceCache.dll 2012-10-08 16:02 . 2012-06-26 03:51 2575008 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll 2012-09-29 10:12 . 2012-07-03 14:45 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2012-09-29 05:32 . 2012-09-29 05:32 2177688 ----a-w- c:\windows\system32\coin92.dll 2012-09-14 19:19 . 2012-10-10 04:32 2048 ----a-w- c:\windows\system32\tzres.dll 2012-09-14 18:28 . 2012-10-10 04:32 2048 ----a-w- c:\windows\SysWow64\tzres.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Wisdom-soft ScreenHunter 5.1 Pro"="0" [X] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584] "USB Safely Remove"="c:\program files (x86)\USB Safely Remove\USBSafelyRemove.exe" [2010-12-25 1796952] "PASSWORDfighter"="c:\program files (x86)\Fighters\PASSWORDfighter\stpass.exe" [2012-07-02 4139624] "Dyyno Launcher"="c:\program files (x86)\Dyyno\Dyyno Broadcaster\dyyno_launcher.exe" [2011-01-20 2151776] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "CommonToolkitTray"="c:\program files (x86)\Fighters\Tray\FightersTray.exe" [2012-06-29 1454184] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "NVC"="c:\program files (x86)\Avaya\Avaya VPN Client\Nvc.exe" [2011-11-22 1717576] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296] "sfagent"="c:\program files (x86)\Fighters\SPAMfighter\sfagent.exe" [2012-06-21 1201256] "AttendeeCommunicator"="c:\program files (x86)\Microsoft Lync Attendee\AttendeeCommunicator.exe" [2012-09-29 11995280] "ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424] "AllShareAgent"="c:\program files (x86)\Samsung\AllShare\AllShareAgent.exe" [2012-03-02 285072] . c:\users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "wave2"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-07-09 123856] R3 CXPLRCAP;Capture Device;c:\windows\system32\drivers\CxPlrCap.sys [2010-01-07 235904] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992] R3 SimpleSlideShowServer;SimpleSlideShowServer;c:\program files (x86)\Samsung\AllShare\AllShareSlideShowService.exe [2012-03-03 27584] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960] R3 Te.Service;Te.Service;c:\program files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [2012-07-26 126976] R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2011-01-19 68440] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-06-26 1255736] R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976] R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys [2011-09-23 311144] R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-09-23 431464] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files (x86)\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-20 203776] S2 Dyyno Launcher;Dyyno Service;c:\program files (x86)\Dyyno\Dyyno Broadcaster\launcherd.exe [2011-01-20 415072] S2 NvcSvcMgr;Avaya VPN Client;c:\program files (x86)\Avaya\Avaya VPN Client\NvcSvcMgr.exe [2011-11-22 628056] S2 nvcwfpco;nvcwfpco;c:\windows\system32\DRIVERS\nvcwfpco.sys [2011-11-22 80960] S2 SamsungAllShareV2.0;Samsung AllShare PC;c:\program files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [2012-03-03 25504] S2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files (x86)\Fighters\SPAMfighter\sfus.exe [2012-06-21 216168] S2 Suite Service;Suite Service;c:\program files (x86)\Fighters\FighterSuiteService.exe [2012-05-28 1267304] S2 USBSafelyRemoveService;USB Safely Remove Assistant;c:\program files (x86)\USB Safely Remove\USBSRService.exe [2010-12-25 531816] S2 XobniService;XobniService;c:\program files (x86)\Xobni\XobniService.exe [2012-01-20 62184] S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2012-06-27 52320] S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [2009-06-10 281088] S3 NT_NvcA;Avaya VPN Adapter;c:\windows\system32\DRIVERS\ntnvca.sys [2011-11-22 44096] S3 PCWinSoft;ScreenCamera Video Camera;c:\windows\system32\DRIVERS\scrcamhrdrv_x64.sys [2012-05-09 241800] S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2012-06-27 46176] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - 59068304 *Deregistered* - 59068304 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] iissvcs REG_MULTI_SZ w3svc was apphost REG_MULTI_SZ apphostsvc . Contents of the 'Scheduled Tasks' folder . 2012-12-09 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-26 14:09] . 2012-12-08 c:\windows\Tasks\b4a_eBooks.job - c:\program files (x86)\Softland\Backup4all Professional 4\b4aSchedStarter.exe [2012-07-11 21:25] . 2012-12-08 c:\windows\Tasks\b4a_Favorites.job - c:\program files (x86)\Softland\Backup4all Professional 4\b4aSchedStarter.exe [2012-07-11 21:25] . 2012-12-08 c:\windows\Tasks\b4a_Magic.job - c:\program files (x86)\Softland\Backup4all Professional 4\b4aSchedStarter.exe [2012-07-11 21:25] . 2012-12-08 c:\windows\Tasks\b4a_Milestone.job - c:\program files (x86)\Softland\Backup4all Professional 4\b4aSchedStarter.exe [2012-07-11 21:25] . 2012-12-08 c:\windows\Tasks\b4a_Minecraft.job - c:\program files (x86)\Softland\Backup4all Professional 4\b4aSchedStarter.exe [2012-07-11 21:25] . 2012-12-08 c:\windows\Tasks\b4a_OneNote.job - c:\program files (x86)\Softland\Backup4all Professional 4\b4aSchedStarter.exe [2012-07-11 21:25] . 2012-12-08 c:\windows\Tasks\b4a_Outlook.job - c:\program files (x86)\Softland\Backup4all Professional 4\b4aSchedStarter.exe [2012-07-11 21:25] . 2012-12-08 c:\windows\Tasks\b4a_SlickEdit Config.job - c:\program files (x86)\Softland\Backup4all Professional 4\b4aSchedStarter.exe [2012-07-11 21:25] . 2012-12-08 c:\windows\Tasks\b4a_SoftwareIBought(1).job - c:\program files (x86)\Softland\Backup4all Professional 4\b4aSchedStarter.exe [2012-07-11 21:25] . 2012-12-08 c:\windows\Tasks\b4a_Various Data.job - c:\program files (x86)\Softland\Backup4all Professional 4\b4aSchedStarter.exe [2012-07-11 21:25] . 2012-12-08 c:\windows\Tasks\b4a_VSProjects.job - c:\program files (x86)\Softland\Backup4all Professional 4\b4aSchedStarter.exe [2012-07-11 21:25] . 2012-12-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-03 00:39] . 2012-12-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-03 00:39] . 2012-12-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2542831737-1747378741-2595509408-1001Core.job - c:\users\Dave\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-26 22:01] . 2012-12-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2542831737-1747378741-2595509408-1001UA.job - c:\users\Dave\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-26 22:01] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704] "Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552] "IntelliType Pro"="c:\program files\Microsoft Device Center\itype.exe" [2012-06-27 1464928] "IntelliPoint"="c:\program files\Microsoft Device Center\ipoint.exe" [2012-06-27 2004584] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.wynapse.com/ mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000 IE: PASSWORDfighter - c:\program files (x86)\Fighters\PASSWORDfighter\spIEBho.dll/616 IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{504A012E-2312-440A-8A15-02DB92054057}: NameServer = 169.10.8.4,169.10.8.5 FF - ProfilePath - c:\users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\1hxi3bil.default\ . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKLM-Run-<NO NAME> - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-12-08 18:46:40 ComboFix-quarantined-files.txt 2012-12-09 01:46 . Pre-Run: 1,794,502,217,728 bytes free Post-Run: 1,793,991,307,264 bytes free . - - End Of File - - 001B6FE9A7364DA52F42FEC1E387825E

#6 patndoris

SuperMember

Malware Team
2,593 posts

Posted 09 December 2012 - 07:31 AM

Combofix removed a couple other files that were hanging on, and things are looking pretty good. :thumbup:

I see you have installed Malwarebytes since your original scans, and I'm going to assume you have run it. If you have NOT, please let me know and we will do a scan.
It is a fantastic tool to have on your machine and to run on a regular basis (weekly or monthly) in conjunction with your antivirus to keep your machine running well.
I highly recommend keeping it updated and running it periodically. (A quick scan is all you need, full scans are unnecessary.)

The last scan I like to use is an online tool that will look in a few other locations just to ensure there is nothing we have missed. If this comes back looking good, we'll do a tool clean up and you will be good to go!
This scan make take awhile depending on how many items are on the computer. You may want to run it at a time you won't be needing the machine. It should be run from IE and I'd recommend not doing anything else while it's running.

Go here to run an online scannner from ESET.

Note: For browsers other than Internet Explorer, you will need to download and install esetsmartinstaller_enu.exe. Click on it and save the file to a convenient location. Double click on it to install and a new window will open.
Turn off the real time scanner of any existing antivirus program while performing the online scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
Click Scan
Wait for the scan to finish
Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
Copy and paste that log as a reply to this topic and also let me know how things are now.

If it doesn't find anything there will be no log to post.

#7 WynApse

Authentic Member

Authentic Member
39 posts

Posted 09 December 2012 - 07:11 PM

wow... that took a long time to run It says it found 7 'threats' ... but they are all pieces of software I've tierh downloaded myself from trusted sites, or have purchased from somewhere... for instance, the backup program that runs every night

Here's the list: F:\CBackup\UsersDave\Downloads\InternationalPrimoPDF.exe Win32/OpenCandy application cleaned by deleting - quarantined F:\CBackup\UsersDave\My Documents\Software\Setup_FreeBurner.exe Win32/Toolbar.Widgi application cleaned by deleting - quarantined F:\Data\Guitar\Purchased\ChickenPickin\cnet_powertab_zip.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined F:\Data\SoftwareIBought\Assorted-unfiled\Setup_FreeBurner.exe Win32/Toolbar.Widgi application cleaned by deleting - quarantined F:\Data\SoftwareIBought\Backup4All\b4asetup-3.2.exe probably a variant of Win32/Agent.HWFJAIY trojan cleaned by deleting - quarantined F:\Data\SoftwareIBought\Backup4All\b4asetup-3.6.exe probably a variant of Win32/Agent.EPCXDVJ trojan cleaned by deleting - quarantined F:\ToBoot\Used\InternationalPrimoPDF.exe Win32/OpenCandy application cleaned by deleting - quarantined and I'm restoring all 7 of these because I don't believe any of them are a problem. -Dave

#8 patndoris

SuperMember

Malware Team
2,593 posts

Posted 10 December 2012 - 06:22 AM

I understand you have downloaded and/or purchased these files from trusted sources, and in many cases, these do come back as false positives when we run the online scan. These scans look for files that have the same types of characteristics of malware - it doesn't mean they are malware. I would agree that since you know what the files are at least 5 of them are not ones I would worry about given that information.

However, of the 7 files, I would like to just run two of those to be doubly sure we don't have an issue. Just because they come from a trusted source doesn't mean they don't come packaged with something you don't expect along with the file that's good. I know it's your backup program and you've been using it without issue, but it would still be good just to be sure it didn't contain anything you didn't expect when you downloaded it.

They are most likely absolutely fine, but let's just scan the files online to be 100% sure. This scan won't remove anything. It will just run the files past a larger sampling of different virus scanners and give a larger picture of which ones detect it the same way, or say that it's perfectly ok. I suspect we'll see from the larger sampling that most of the scanners will show it's ok. More than likely, as a backup program is designed to access different areas than normal programs are, ESET simply detected this characteristic as the same as that of a trojan.

Please go to the following site:
http://www.virustotal.com/
Click on Choose File, and then upload the following file for analysis: (you will need to do them one at a time)

F:\Data\SoftwareIBought\Backup4All\b4asetup-3.2.exe
F:\Data\SoftwareIBought\Backup4All\b4asetup-3.6.exe

Then click Send File and allow the file to be scanned.

Please ensure the scan is complete and the results saved before submitting the next.
If a pop-up appears saying the file has been scanned already, please select the ReScan button.

Please copy and paste the links to each of the results here for me.

==================

In the mean time, we can go ahead and start our tools clean up because we won't be needing them any longer

The following will implement some cleanup procedures as well as reset System Restore points:

Click the Windows Key + R to open the Run box.
Now type Combofix /uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

If there are any remaining tools or logs on your desktop you can right-click and delete them.

#9 WynApse

Authentic Member

Authentic Member
39 posts

Posted 10 December 2012 - 09:10 AM

well... those are older versions of the backup software I use.. I'm currently running 4.8.275, so nuking a couple old 3.x versions won't kill me.

b4asetup-3.2 gave me this result:
https://www.virustot...sis/1355151311/

and b4asetup-3.6 gave me this:
https://www.virustot...sis/1355151696/

so ... delete those?

I did the uninstall of Combofix, and am rebooting...

Thanks!

-Dave

#10 patndoris

SuperMember

Malware Team
2,593 posts

Posted 10 December 2012 - 10:39 AM

No need to delete those. 8 out of 43 (and not 8 of the biggest detection agents either) isn't enough for me to cause a panic

I think you are just fine. Like I said, backup agents generally can access areas of your computer other programs can't, so they may be detected a little differently than the typical program. I think you are just fine leaving those programs right where they are.

It all looks good to me!

Great job! Your logs appear to be malware free and you do not appear to be experiencing any malware related problems.
Please follow these simple steps in order to keep your computer malware free and secure:

Use and Update your AntiVirus Software
It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

Use a Firewall
I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this. Simply using a Firewall in its default configuration can lower your risk greatly.

Use only one antivirus and one firewall on your machine
Having more than one anti-virus program and one firewall on your machine, even if only one is running, can cause conflicts and slowdowns in the performance of the machine.

If you need more information on free anti-virus or firewall options please let me know and I will give you some recommendations.

Make your Internet Explorer more secure
This can be done by following these simple instructions:
1. From within Internet Explorer click on the Tools menu and then click on Options.
2. Click once on the Security tab
3. Click once on the Internet icon so it becomes highlighted.
4. Click once on the Custom Level button.
5. Change the Download signed ActiveX controls to Prompt
6. Change the Download unsigned ActiveX controls to Disable
7. Change the Initialize and script ActiveX controls not marked as safe to Disable
8. Change the Installation of desktop items to Prompt
9. Change the Launching programs and files in an IFRAME to Prompt
10. Change the Navigate sub-frames across different domains to Prompt
11. When all these settings have been made, click on the OK button.
12. If it prompts you as to whether or not you want to save the settings, press the Yes button.
13. Next press the Apply button and then the OK to exit the Internet Properties page.

Keep your Java, Adobe Reader and Adobe Flash Up to Date
Older versions of these programs can contain security vulnerabilities. It is very important to keep them updated.

Update and Run Malwarebytes Anti-Malware
Scan your computer with this program on a regular basis just as you would an antivirus software making sure you update definitions each time you scan.

To simplify making sure you have the latest version of many of your security programs and applications, you may want to consider:
Secunia's Personal Software Inspector (PSI). It is a free utility that scans your computer for installed applications and checks to see if they have the latest security patches and updates. If it finds any applications with possible security issues, links and/or instructions are provided for the necessariy updates.

Filehippo's Update Checker. It is free utilitiy that scan your computer for installed software, checks the versions and then sends this information to see if there are any newer releases. Available software updates are displayed and you can decide which ones to download and install. Among many other types of programs, they includes a number of the Anti-Spyware, Firewall/Security and Anti-Virus programs that have been recommended (though not all of them). Note: Definition files should be updated from within the programs themselves. The Update Checker look for newer versions of the software program, not definition files.

I would suggest you read:
Tony Klein's excellent article: How I got Infected in the First Place
PC Safety and Security--What Do I Need?
How to Prevent Malware

Good luck & Happy surfing!

#11 WynApse

Authentic Member

Authentic Member
39 posts

Posted 10 December 2012 - 01:03 PM

Awesome, thanks! I decided to crank up SpyWareBlaster... this machine has enough horsepower to deal with it. Thanks for your help and your volunterring at WTT.. -Dave

#12 patndoris

SuperMember

Malware Team
2,593 posts

Posted 10 December 2012 - 01:29 PM

You are most welcome!

#13 patndoris

SuperMember

Malware Team
2,593 posts

Posted 10 December 2012 - 01:29 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please follow the instructions here http://forums.whatth...ed_t106388.html
and start a New Topic.

Body Background

skin color theme