Open Side Menu Go to the Top
Urgent security problem
$25m Guaranteed WPM on CoinPoker
Join the action now
Urgent security problem
FAQ Today's Posts Search Twitter Discord
Urgent security problem
$25m Guaranteed WPM on CoinPoker
Join the action now
Urgent security problem
Register
Urgent security problem Urgent security problem
Closed Subscribe
...
02-27-2013 , 08:30 AM
#1
IsaacAsimov's Avatar
IsaacAsimov
View Profile Send Message Find Posts By IsaacAsimov Find Threads By IsaacAsimov
old hand
Join Date: Oct 2006 Posts: 1,704
This problem is likely related to my previous issue, which can be found here:

http://forumserver.twoplustwo.com/48...stion-1298569/

Basically I just received a call from an Indian guy at Windows tech support that claimed that there has been dangerous behaviour on my computer. He went over some things with me and asked me to open "eventvwr" in the run program. He then pointed out that yellow and red warnings were very bad and a sign that a hacker has installed something on my computer. He then confirmed my CLSID (he read it out to me), I then questioned how I could be sure he was even for MS and he said only they know my CLSID (so I guess I should also contact MS support to verify some of his claims).

I'm going to go ahead and check all of my accounts and change passowords (again) and then probably reinstall Windows. My knowledge of computers is that deep, which is why this is my standard response to solving problems. I would have done this at first, but was told it wasn't necessary. This should fix all my issues right?

Please don't be mad at me if there was some sticky I should have followed, however I think this problem is unique enough that it warrants a thread. Thanks for any input.
Urgent security problem
$25m Guaranteed WPM on CoinPoker
Join the action now
Daily Rewards • Splash Pots • CoinRaces
Urgent security problem
02-27-2013 , 08:51 AM
#2
Malfunction
View Profile Send Message Find Posts By Malfunction Find Threads By Malfunction
old hand
Join Date: Jul 2008 Posts: 1,719
This is unfortunately a very common scam and the nitwits usually fall for it. The fact he has your CLSID might be evidence of a trojan so yes, I suggest you go ahead and reinstall Windows (or (have someone) do a thorough sweep).
He does NOT work for MS. Why the **** would they call you with this info, they really couldn't care less. Your eventviewer is bound to have so yellow/red marks, nothing really you can do about it and has nothing to do with whether you are infected.
02-27-2013 , 08:51 AM
#3
Malfunction
View Profile Send Message Find Posts By Malfunction Find Threads By Malfunction
old hand
Join Date: Jul 2008 Posts: 1,719
Sorry I called you a nitwit.
02-27-2013 , 09:04 AM
#4
IsaacAsimov's Avatar
IsaacAsimov
View Profile Send Message Find Posts By IsaacAsimov Find Threads By IsaacAsimov
old hand
Join Date: Oct 2006 Posts: 1,704
Well I'm not offended as I don't think I fell for it. I didn't give him any information. He wanted to connect me to a technician that would then remotely deal with the problem... at which point I brought the conversation to an end. I don't think checking eventvwr could be considered giving away anything right? I didn't tell him anything besides that I did have warning messages.
MS was great in this regard though... they are impossible to reach. They clearly have compromised my security in some way though, likely with a Trojan as you say.

edit: Does my CLSID change or is it constant?
02-27-2013 , 09:20 AM
#5
Gabethebabe's Avatar
Gabethebabe
View Profile Send Message Find Posts By Gabethebabe Find Threads By Gabethebabe
Malware Jedi
Join Date: Oct 2007 Posts: 27,725
oh wow I see in your previous topic that you posted logs and I never got back to you. Failaments from my part. Sorry for that. I am usually more effective.

Please read the malware sticky and provide OTL and TDSSKiller logs.
02-27-2013 , 09:25 AM
#6
IsaacAsimov's Avatar
IsaacAsimov
View Profile Send Message Find Posts By IsaacAsimov Find Threads By IsaacAsimov
old hand
Join Date: Oct 2006 Posts: 1,704
Quote:
Originally Posted by Gabethebabe
oh wow I see in your previous topic that you posted logs and I never got back to you. Failaments from my part. Sorry for that. I am usually more effective.

Please read the malware sticky and provide OTL and TDSSKiller logs.
Ok, I was already in "safe mode" trying to backup my poker database and anything else I might need. I ran "hijackthis" from trend micro and it found some files that were running "outside of sys32" or something like that. Gimme a sec though I'll get you the logs you are asking for.
02-27-2013 , 09:30 AM
#7
IsaacAsimov's Avatar
IsaacAsimov
View Profile Send Message Find Posts By IsaacAsimov Find Threads By IsaacAsimov
old hand
Join Date: Oct 2006 Posts: 1,704
TDSSKiller:

13:38:50.0826 7192 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
13:38:50.0826 7192 UEFI system
13:38:51.0033 7192 ================================================== ==========
13:38:51.0033 7192 Current date / time: 2013/02/27 13:38:51.0033
13:38:51.0033 7192 SystemInfo:
13:38:51.0033 7192
13:38:51.0033 7192 OS Version: 6.2.9200 ServicePack: 0.0
13:38:51.0033 7192 Product type: Workstation
13:38:51.0033 7192 ComputerName: IDEAPAD_GTX
13:38:51.0034 7192 UserName: Danny
13:38:51.0034 7192 Windows directory: C:\WINDOWS
13:38:51.0034 7192 System windows directory: C:\WINDOWS
13:38:51.0034 7192 Running under WOW64
13:38:51.0034 7192 Processor architecture: Intel x64
13:38:51.0034 7192 Number of processors: 8
13:38:51.0034 7192 Page size: 0x1000
13:38:51.0034 7192 Boot type: Normal boot
13:38:51.0034 7192 ================================================== ==========
13:38:51.0483 7192 Drive \Device\Harddisk0\DR0 - Size: 0x3B9E656000 (238.47 Gb), SectorSize: 0x200, Cylinders: 0x799A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:38:51.0850 7192 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:38:51.0858 7192 ================================================== ==========
13:38:51.0858 7192 \Device\Harddisk0\DR0:
13:38:51.0859 7192 GPT partitions:
13:38:51.0860 7192 \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {22102AE3-2748-4A6A-BC7A-7E92A2A59D34}, Name: EFI system partition, StartLBA 0x800, BlocksNum 0x32000
13:38:51.0860 7192 \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {D9093F5C-5C15-4140-84DC-A8DD7D88861D}, Name: Microsoft reserved partition, StartLBA 0x32800, BlocksNum 0x40000
13:38:51.0860 7192 \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {EC1E4E10-E9E0-42D6-B58B-61DF82E154EB}, Name: Basic data partition, StartLBA 0x72800, BlocksNum 0x1DC80800
13:38:51.0860 7192 MBR partitions:
13:38:51.0860 7192 \Device\Harddisk1\DR1:
13:38:51.0860 7192 MBR partitions:
13:38:51.0868 7192 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705000
13:38:51.0868 7192 ================================================== ==========
13:38:51.0870 7192 C: <-> \Device\Harddisk0\DR0\Partition3
13:38:51.0876 7192 E: <-> \Device\Harddisk1\DR1\Partition1
13:38:51.0876 7192 ================================================== ==========
13:38:51.0876 7192 Initialize success
13:38:51.0876 7192 ================================================== ==========
13:39:00.0174 7248 ================================================== ==========
13:39:00.0174 7248 Scan started
13:39:00.0174 7248 Mode: Manual; SigCheck; TDLFS;
13:39:00.0174 7248 ================================================== ==========
13:39:00.0498 7248 ================ Scan system memory ========================
13:39:00.0498 7248 System memory - ok
13:39:00.0499 7248 ================ Scan services =============================
13:39:00.0554 7248 [ E890C46E4754F0DF51BAFCC8D2E07498 ] 1394ohci C:\WINDOWS\System32\drivers\1394ohci.sys
13:39:00.0624 7248 1394ohci - ok
13:39:00.0632 7248 [ 4F18D4C7EA14F11A7211F60D553C03DB ] 3ware C:\WINDOWS\system32\drivers\3ware.sys
13:39:00.0655 7248 3ware - ok
13:39:00.0666 7248 [ 975AABEB243B800C23626D6B652C5A9C ] ACPI C:\WINDOWS\system32\drivers\ACPI.sys
13:39:00.0699 7248 ACPI - ok
13:39:00.0706 7248 [ DC968C37822117E576B933F34A2D130C ] acpiex C:\WINDOWS\system32\Drivers\acpiex.sys
13:39:00.0725 7248 acpiex - ok
13:39:00.0731 7248 [ 0CA9F7C3A78227C21A0A7854E245CFB2 ] acpipagr C:\WINDOWS\System32\drivers\acpipagr.sys
13:39:00.0752 7248 acpipagr - ok
13:39:00.0758 7248 [ 8EB8DA03B142D3DD1EB9ED8107A76C43 ] AcpiPmi C:\WINDOWS\System32\drivers\acpipmi.sys
13:39:00.0779 7248 AcpiPmi - ok
13:39:00.0785 7248 [ CBCE725C5D86ABA7D2604E22951AA9B8 ] acpitime C:\WINDOWS\System32\drivers\acpitime.sys
13:39:00.0806 7248 acpitime - ok
13:39:00.0814 7248 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
13:39:00.0830 7248 AdobeARMservice - ok
13:39:00.0842 7248 [ 93C6388592B99925C1D1576E465BC80F ] adp94xx C:\WINDOWS\system32\drivers\adp94xx.sys
13:39:00.0876 7248 adp94xx - ok
13:39:00.0887 7248 [ D27763E0247292654E7F7D16444C7C72 ] adpahci C:\WINDOWS\system32\drivers\adpahci.sys
13:39:00.0917 7248 adpahci - ok
13:39:00.0925 7248 [ 67B90070FF48F794AF19F9FCF0080D75 ] adpu320 C:\WINDOWS\system32\drivers\adpu320.sys
13:39:00.0949 7248 adpu320 - ok
13:39:00.0961 7248 [ 974AE60BF5B90E31412D93596C968E5B ] AeLookupSvc C:\WINDOWS\System32\aelupsvc.dll
13:39:00.0986 7248 AeLookupSvc - ok
13:39:00.0998 7248 [ 9E975BDC89C83900B2C534C4E1B018F8 ] AFD C:\WINDOWS\system32\drivers\afd.sys
13:39:01.0031 7248 AFD - ok
13:39:01.0037 7248 [ 01590377A5AB19E792528C628A2A68F9 ] agp440 C:\WINDOWS\system32\drivers\agp440.sys
13:39:01.0056 7248 agp440 - ok
13:39:01.0064 7248 [ D1BE8E6E5B3AF23A4393AF1BF867977A ] ALG C:\WINDOWS\System32\alg.exe
13:39:01.0094 7248 ALG - ok
13:39:01.0102 7248 [ 025E8C755BE293E50854D26D1BBE5133 ] AllUserInstallAgent C:\WINDOWS\system32\AUInstallAgent.dll
13:39:01.0125 7248 AllUserInstallAgent - ok
13:39:01.0131 7248 [ FB88D16B55F788EEB7590584FE2D8F1A ] AmdK8 C:\WINDOWS\System32\drivers\amdk8.sys
13:39:01.0153 7248 AmdK8 - ok
13:39:01.0160 7248 [ 81402FF3373CE4DF77D5C874E369A985 ] AmdPPM C:\WINDOWS\System32\drivers\amdppm.sys
13:39:01.0181 7248 AmdPPM - ok
13:39:01.0188 7248 [ 35A0EB5AECB0FA3C41A2FB514A562304 ] amdsata C:\WINDOWS\system32\drivers\amdsata.sys
13:39:01.0208 7248 amdsata - ok
13:39:01.0217 7248 [ 00452671904F5EE94B50BF0219C97164 ] amdsbs C:\WINDOWS\system32\drivers\amdsbs.sys
13:39:01.0244 7248 amdsbs - ok
13:39:01.0250 7248 [ EA3FFE53E92E59C87E3ECA9BEB20D9B7 ] amdxata C:\WINDOWS\system32\drivers\amdxata.sys
13:39:01.0268 7248 amdxata - ok
13:39:01.0276 7248 [ FB88245C1815EB1588DBC364A8D24522 ] AMPPAL C:\WINDOWS\System32\drivers\AMPPAL.sys
13:39:01.0307 7248 AMPPAL - ok
13:39:01.0317 7248 [ FB88245C1815EB1588DBC364A8D24522 ] AMPPALP C:\WINDOWS\system32\DRIVERS\amppal.sys
13:39:01.0332 7248 AMPPALP - ok
13:39:01.0348 7248 [ A73CEA1B1B0A4F6D10BFD3B9AD9DC5F9 ] AMPPALR3 C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
13:39:01.0377 7248 AMPPALR3 - ok
13:39:01.0384 7248 [ 83B3682CE922FB0F415734B26D9D6233 ] AppID C:\WINDOWS\system32\drivers\appid.sys
13:39:01.0415 7248 AppID - ok
13:39:01.0421 7248 [ CE2BEAD7F31816FF0AC490D048C969F9 ] AppIDSvc C:\WINDOWS\System32\appidsvc.dll
13:39:01.0448 7248 AppIDSvc - ok
13:39:01.0454 7248 [ D64C4AFEE8277F35EF729A2B924666B0 ] Appinfo C:\WINDOWS\System32\appinfo.dll
13:39:01.0479 7248 Appinfo - ok
13:39:01.0487 7248 [ 2D14788C5D0836292BEB27BBE109BE56 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
13:39:01.0510 7248 AppMgmt - ok
13:39:01.0518 7248 [ E933401B392387F4BE34DE8BAF1722A7 ] arc C:\WINDOWS\system32\drivers\arc.sys
13:39:01.0539 7248 arc - ok
13:39:01.0546 7248 [ 07CA323EF2E8247A568AB0F3662AD644 ] arcsas C:\WINDOWS\system32\drivers\arcsas.sys
13:39:01.0566 7248 arcsas - ok
13:39:01.0572 7248 [ 74DBAEC35366C4EE7670428808715A6A ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:39:01.0597 7248 AsyncMac - ok
13:39:01.0603 7248 [ A721FF570C2387E383BDDEA9632863C9 ] atapi C:\WINDOWS\system32\drivers\atapi.sys
13:39:01.0621 7248 atapi - ok
13:39:01.0628 7248 [ 832DAE6F2C29CBA8573D99B9746FB2AD ] AudioEndpointBuilder C:\WINDOWS\System32\AudioEndpointBuilder.dll
13:39:01.0652 7248 AudioEndpointBuilder - ok
13:39:01.0667 7248 [ 14497E7A0F6E2BF952E20ACA64F7FB78 ] Audiosrv C:\WINDOWS\System32\Audiosrv.dll
13:39:01.0702 7248 Audiosrv - ok
13:39:01.0709 7248 [ 89491EF71D5EA011127832C588002853 ] AxInstSV C:\WINDOWS\System32\AxInstSV.dll
13:39:01.0732 7248 AxInstSV - ok
13:39:01.0745 7248 [ 87AB5BB072A3F128541D5B815F82FFDD ] b06bdrv C:\WINDOWS\system32\drivers\bxvbda.sys
13:39:01.0781 7248 b06bdrv - ok
13:39:01.0788 7248 [ 81703BC5D68DEDBB086C2368FBE7B334 ] BasicDisplay C:\WINDOWS\System32\drivers\BasicDisplay.sys
13:39:01.0808 7248 BasicDisplay - ok
13:39:01.0816 7248 [ 5EC68164E14D25675C98BBB5F09E8606 ] BasicRender C:\WINDOWS\System32\drivers\BasicRender.sys
13:39:01.0835 7248 BasicRender - ok
13:39:01.0845 7248 [ BC9E4469FE2CE605902D4C8BB09E8236 ] bcbtums C:\WINDOWS\system32\drivers\bcbtums.sys
13:39:01.0861 7248 bcbtums - ok
13:39:01.0894 7248 [ 988D01E8AE8C80B413C5E01C89A1886E ] BcmBtRSupport C:\WINDOWS\system32\BtwRSupportService.exe
13:39:01.0963 7248 BcmBtRSupport - ok
13:39:01.0974 7248 [ 89143A7BA7850F5C7E61B43BB44B6418 ] BDESVC C:\WINDOWS\System32\bdesvc.dll
13:39:01.0998 7248 BDESVC - ok
13:39:02.0004 7248 [ 9E7AEA59776D904607985AFFE7E5E183 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
13:39:02.0025 7248 Beep - ok
13:39:02.0038 7248 [ 407F85D5387EDBB665A7969DF4D4712B ] BFE C:\WINDOWS\System32\bfe.dll
13:39:02.0077 7248 BFE - ok
13:39:02.0105 7248 [ 866335C9C0E6733C753FB472C539A6B9 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\BASHDefs\2 0130208.001\BHDrvx64.sys
13:39:02.0153 7248 BHDrvx64 - ok
13:39:02.0170 7248 [ D598C44A7072D3108D8D8102EC5E07F7 ] BITS C:\WINDOWS\System32\qmgr.dll
13:39:02.0229 7248 BITS - ok
13:39:02.0236 7248 [ B17AC10B47C7FCB44D22A1F06415840E ] bowser C:\WINDOWS\system32\DRIVERS\bowser.sys
13:39:02.0258 7248 bowser - ok
13:39:02.0265 7248 [ 975398A3D2C1FEA73FC93931978DF354 ] BrokerInfrastructure C:\WINDOWS\System32\bisrv.dll
13:39:02.0287 7248 BrokerInfrastructure - ok
13:39:02.0296 7248 [ 310068BDA80B1D55C36580FD8A873FAF ] Browser C:\WINDOWS\System32\browser.dll
13:39:02.0321 7248 Browser - ok
13:39:02.0327 7248 [ FC79BE6D8FBC8699E9980F657D281BE9 ] BthAvrcpTg C:\WINDOWS\System32\drivers\BthAvrcpTg.sys
13:39:02.0347 7248 BthAvrcpTg - ok
13:39:02.0354 7248 [ D05CC97509A983E5E47FE7CA05A93490 ] BthEnum C:\WINDOWS\System32\drivers\BthEnum.sys
13:39:02.0374 7248 BthEnum - ok
13:39:02.0380 7248 [ 616EB8748C988AEE98D93DA141C3D3B4 ] BthHFEnum C:\WINDOWS\System32\drivers\bthhfenum.sys
13:39:02.0437 7248 BthHFEnum - ok
13:39:02.0442 7248 [ 6F7368071FCDDB96C0527A6E5D7C1906 ] bthhfhid C:\WINDOWS\System32\drivers\BthHFHid.sys
13:39:02.0462 7248 bthhfhid - ok
13:39:02.0472 7248 [ 42201C346F0B8C458E1E9CDE04D68A2C ] BthLEEnum C:\WINDOWS\system32\DRIVERS\BthLEEnum.sys
13:39:02.0513 7248 BthLEEnum - ok
13:39:02.0519 7248 [ 033916CE8784A848B9A3D686B7F66D97 ] BTHMODEM C:\WINDOWS\System32\drivers\bthmodem.sys
13:39:02.0557 7248 BTHMODEM - ok
13:39:02.0566 7248 [ 091BB978E9504D0AD14586929431A957 ] BthPan C:\WINDOWS\system32\DRIVERS\bthpan.sys
13:39:02.0588 7248 BthPan - ok
13:39:02.0608 7248 [ 0F8817323F2CAC52165793105123D728 ] BTHPORT C:\WINDOWS\System32\Drivers\BTHport.sys
13:39:02.0648 7248 BTHPORT - ok
13:39:02.0655 7248 [ A4387C3D271959313E2577DB7BE8BA7A ] bthserv C:\WINDOWS\system32\bthserv.dll
13:39:02.0676 7248 bthserv - ok
13:39:02.0682 7248 [ 9310C81BE4D5EA33798A99355BB53E94 ] BTHSSecurityMgr C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
13:39:02.0696 7248 BTHSSecurityMgr - ok
13:39:02.0703 7248 [ 58B24291C6E5BEE116ABD8CB6B2C3D9F ] BTHUSB C:\WINDOWS\System32\Drivers\BTHUSB.sys
13:39:02.0724 7248 BTHUSB - ok
13:39:02.0733 7248 [ 248C952C82DF1E23775432774CBB20F1 ] ccSet_NIS C:\WINDOWS\system32\drivers\NISx64\1402010.016\ccS etx64.sys
13:39:02.0748 7248 ccSet_NIS - ok
13:39:02.0756 7248 [ 990B1BABE6E81FB18E65A87EBEFB1772 ] cdfs C:\WINDOWS\system32\DRIVERS\cdfs.sys
13:39:02.0780 7248 cdfs - ok
13:39:02.0788 7248 [ 339BFF85D788268752DA8C9644B188EE ] cdrom C:\WINDOWS\System32\drivers\cdrom.sys
13:39:02.0811 7248 cdrom - ok
13:39:02.0818 7248 [ BAF8F0F55BC300E5F882E521F054E345 ] CertPropSvc C:\WINDOWS\System32\certprop.dll
13:39:02.0847 7248 CertPropSvc - ok
13:39:02.0854 7248 [ F64B7D1A37CC1D5F421D5359EEC81E2E ] circlass C:\WINDOWS\System32\drivers\circlass.sys
13:39:02.0892 7248 circlass - ok
13:39:02.0903 7248 [ 9905168708DB68849B879B5548F68AB3 ] CLFS C:\WINDOWS\system32\drivers\CLFS.sys
13:39:02.0934 7248 CLFS - ok
13:39:02.0953 7248 [ 2DC8538A2260647484A6C921CA837313 ] CmBatt C:\WINDOWS\System32\drivers\CmBatt.sys
13:39:02.0973 7248 CmBatt - ok
13:39:02.0985 7248 [ E708BFF0473EC6B271EA46B65B16CA56 ] CNG C:\WINDOWS\system32\Drivers\cng.sys
13:39:03.0023 7248 CNG - ok
13:39:03.0033 7248 [ 0E5B1E9E7122EDAAF1F6CE047965CA92 ] CompositeBus C:\WINDOWS\System32\drivers\CompositeBus.sys
13:39:03.0071 7248 CompositeBus - ok
13:39:03.0078 7248 COMSysApp - ok
13:39:03.0085 7248 [ D9CB0782AF819548072AA45B70F8B22D ] condrv C:\WINDOWS\system32\drivers\condrv.sys
13:39:03.0106 7248 condrv - ok
13:39:03.0134 7248 [ 78AF1C499BF02F9814DF959A04A4F9C9 ] cphs C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
13:39:03.0154 7248 cphs - ok
13:39:03.0163 7248 [ F0E78B119D12BA81F163D48C0FF30B9A ] CryptSvc C:\WINDOWS\system32\cryptsvc.dll
13:39:03.0185 7248 CryptSvc - ok
13:39:03.0197 7248 [ F2C69C3D98249DE14D4B2832516D4FD5 ] CSC C:\WINDOWS\system32\drivers\csc.sys
13:39:03.0227 7248 CSC - ok
13:39:03.0243 7248 [ 22CCB6AFF617AAC6121DF6CDA5ABF3F4 ] CscService C:\WINDOWS\System32\cscsvc.dll
13:39:03.0277 7248 CscService - ok
13:39:03.0284 7248 [ C4D01BD86D6B207275FC143EEA951D75 ] dam C:\WINDOWS\system32\drivers\dam.sys
13:39:03.0303 7248 dam - ok
13:39:03.0322 7248 [ 1EC6E533C954BDDF2A37E7851A7E58FD ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
13:39:03.0360 7248 DcomLaunch - ok
13:39:03.0370 7248 [ C8650D1F61149AA546BDBC99172EBBC1 ] defragsvc C:\WINDOWS\System32\defragsvc.dll
13:39:03.0413 7248 defragsvc - ok
13:39:03.0424 7248 [ 5EAEF67AE2AF4D2DC664B649DB7B2E16 ] DeviceAssociationService C:\WINDOWS\system32\das.dll
13:39:03.0461 7248 DeviceAssociationService - ok
13:39:03.0468 7248 [ 799BE46D45D486704CE0F37CA5385262 ] DeviceInstall C:\WINDOWS\system32\umpnpmgr.dll
13:39:03.0492 7248 DeviceInstall - ok
13:39:03.0498 7248 [ 09D9EB9E7898F8E6561473A20CC808B9 ] Dfsc C:\WINDOWS\system32\Drivers\dfsc.sys
13:39:03.0520 7248 Dfsc - ok
13:39:03.0529 7248 [ 9E0E72222264745ADEB0E5AC680B0ED6 ] Dhcp C:\WINDOWS\system32\dhcpcore.dll
13:39:03.0556 7248 Dhcp - ok
13:39:03.0563 7248 [ 3C736FAE17BA6F91BA37594AAB139CD0 ] discache C:\WINDOWS\system32\drivers\discache.sys
13:39:03.0594 7248 discache - ok
13:39:03.0601 7248 [ 560495FF4CA22E1D9B1972FA18F43B6F ] disk C:\WINDOWS\system32\drivers\disk.sys
13:39:03.0621 7248 disk - ok
13:39:03.0628 7248 [ 82A7C72593793FE1EADA7A305BD1567A ] dmvsc C:\WINDOWS\System32\drivers\dmvsc.sys
13:39:03.0646 7248 dmvsc - ok
13:39:03.0655 7248 [ 066B9710B36AB550E01EEFCA52155968 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
13:39:03.0680 7248 Dnscache - ok
13:39:03.0689 7248 [ 9949AD2ABA168A618D46C799D6CC898C ] dot3svc C:\WINDOWS\System32\dot3svc.dll
13:39:03.0719 7248 dot3svc - ok
13:39:03.0728 7248 [ 109FC3F80BF4F4DC5A071058074F13C1 ] DPS C:\WINDOWS\system32\dps.dll
13:39:03.0761 7248 DPS - ok
13:39:03.0767 7248 [ 9C7C183F937951AE17C5B8B3259CF3FF ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
13:39:03.0787 7248 drmkaud - ok
13:39:03.0795 7248 [ BF48F32EE248C3D371DA5DC93BBEADA7 ] DsmSvc C:\WINDOWS\System32\DeviceSetupManager.dll
13:39:03.0824 7248 DsmSvc - ok
13:39:03.0833 7248 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\WINDOWS\System32\drivers\dtsoftbus01.sys
13:39:03.0852 7248 dtsoftbus01 - ok
13:39:03.0875 7248 [ 898BF1647BBF012B38EF45C7F9F7A67E ] DXGKrnl C:\WINDOWS\System32\drivers\dxgkrnl.sys
13:39:03.0942 7248 DXGKrnl - ok
13:39:03.0949 7248 [ 58BA473DD88F5FC1932282BA683AA03E ] Eaphost C:\WINDOWS\System32\eapsvc.dll
13:39:03.0976 7248 Eaphost - ok
13:39:04.0022 7248 [ 5AB97B3282D7D6114949D1EB5C8598E4 ] ebdrv C:\WINDOWS\system32\drivers\evbda.sys
13:39:04.0149 7248 ebdrv - ok
13:39:04.0162 7248 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
13:39:04.0186 7248 eeCtrl - ok
13:39:04.0193 7248 [ F702AB6181513303AB0FC8D59E52708B ] EFS C:\WINDOWS\System32\lsass.exe
13:39:04.0216 7248 EFS - ok
13:39:04.0223 7248 [ 66D60BD9A4C05616ABECA2A901475098 ] EhStorClass C:\WINDOWS\system32\drivers\EhStorClass.sys
13:39:04.0242 7248 EhStorClass - ok
13:39:04.0249 7248 [ A61D0F543024E458C0FE32352E1978E2 ] EhStorTcgDrv C:\WINDOWS\system32\drivers\EhStorTcgDrv.sys
13:39:04.0271 7248 EhStorTcgDrv - ok
13:39:04.0277 7248 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
13:39:04.0293 7248 EraserUtilRebootDrv - ok
13:39:04.0298 7248 [ D790D058D67582DB9C84C2D33695FE6B ] ErrDev C:\WINDOWS\System32\drivers\errdev.sys
13:39:04.0322 7248 ErrDev - ok
13:39:04.0339 7248 [ F9E01C2D9F8BC049E04CF5DC24A5F638 ] EventSystem C:\WINDOWS\system32\es.dll
13:39:04.0371 7248 EventSystem - ok
13:39:04.0379 7248 [ 7A4D6FEB8C52B3FE855E4DCDF9107E03 ] exfat C:\WINDOWS\system32\drivers\exfat.sys
13:39:04.0412 7248 exfat - ok
13:39:04.0421 7248 [ 60996602A7111FD2D086E803F33E4282 ] fastfat C:\WINDOWS\system32\drivers\fastfat.sys
13:39:04.0444 7248 fastfat - ok
13:39:04.0459 7248 [ F0E7F8382ED5E138B0DFA4CB5058BCFE ] Fax C:\WINDOWS\system32\fxssvc.exe
13:39:04.0492 7248 Fax - ok
13:39:04.0500 7248 [ 73B2D11DF0B6E03A0CB0323218ACB3E4 ] fdc C:\WINDOWS\System32\drivers\fdc.sys
13:39:04.0521 7248 fdc - ok
13:39:04.0526 7248 [ 0828E3E7BD77C89149EAD3232BFD38DB ] fdPHost C:\WINDOWS\system32\fdPHost.dll
13:39:04.0556 7248 fdPHost - ok
13:39:04.0562 7248 [ 872506AAB591E8908DF4461475AF92DF ] FDResPub C:\WINDOWS\system32\fdrespub.dll
13:39:04.0592 7248 FDResPub - ok
13:39:04.0598 7248 [ 0588950D93A426F97C7AAADB1A9B0458 ] fhsvc C:\WINDOWS\system32\fhsvc.dll
13:39:04.0620 7248 fhsvc - ok
13:39:04.0626 7248 [ 88A9EBACD1058ABB237A6B4E96E7F397 ] FileInfo C:\WINDOWS\system32\drivers\fileinfo.sys
13:39:04.0646 7248 FileInfo - ok
13:39:04.0652 7248 [ 9E4EE3A0B00FF7D5F42A4AF9744CBA02 ] Filetrace C:\WINDOWS\system32\drivers\filetrace.sys
13:39:04.0682 7248 Filetrace - ok
13:39:04.0690 7248 [ B1D4C168FF7B8579E3745888658FFB1D ] flpydisk C:\WINDOWS\System32\drivers\flpydisk.sys
13:39:04.0710 7248 flpydisk - ok
13:39:04.0720 7248 [ B33EC133AE4E6C1881D2302D93D2467D ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
13:39:04.0751 7248 FltMgr - ok
13:39:04.0772 7248 [ 0BCDC0FF11B984162B0CF0FF6E9E0146 ] FontCache C:\WINDOWS\system32\FntCache.dll
13:39:04.0815 7248 FontCache - ok
13:39:04.0822 7248 [ 0B56259F5611787222A04A8F254E51D4 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\Pres entationFontCache.exe
13:39:04.0842 7248 FontCache3.0.0.0 - ok
13:39:04.0848 7248 [ A5F7873A39E4E9FAAAE59B7E9E36B705 ] FsDepends C:\WINDOWS\system32\drivers\FsDepends.sys
13:39:04.0867 7248 FsDepends - ok
13:39:04.0873 7248 [ A6DD7D491F587F4BC13FB972977DC8E8 ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:39:04.0890 7248 Fs_Rec - ok
13:39:04.0902 7248 [ FA228F4BB10DC7ED7E7D131C034E2331 ] fvevol C:\WINDOWS\system32\DRIVERS\fvevol.sys
13:39:04.0935 7248 fvevol - ok
13:39:04.0943 7248 [ 3EF3FCCC0E70EEC5C2AD996F32BBA642 ] FxPPM C:\WINDOWS\System32\drivers\fxppm.sys
13:39:04.0962 7248 FxPPM - ok
13:39:04.0969 7248 [ 52BC441E07A827EBAB70CDC7EAEDB28D ] gagp30kx C:\WINDOWS\system32\drivers\gagp30kx.sys
13:39:04.0989 7248 gagp30kx - ok
13:39:04.0994 7248 [ 721F8EEF5E9747F32670DEFF7FB92541 ] gencounter C:\WINDOWS\System32\drivers\vmgencounter.sys
13:39:05.0013 7248 gencounter - ok
13:39:05.0020 7248 [ CA18ECFCFFDD638ECE80799A9056B238 ] GPIOClx0101 C:\WINDOWS\system32\Drivers\msgpioclx.sys
13:39:05.0041 7248 GPIOClx0101 - ok
13:39:05.0064 7248 [ 5358678C6370F2ADC5291849F6503262 ] gpsvc C:\WINDOWS\System32\gpsvc.dll
13:39:05.0114 7248 gpsvc - ok
13:39:05.0121 7248 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:39:05.0134 7248 gupdate - ok
13:39:05.0140 7248 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:39:05.0152 7248 gupdatem - ok
13:39:05.0161 7248 [ 9FC1F11D4D19F61DFE5CC878B4557D3A ] HdAudAddService C:\WINDOWS\system32\drivers\HdAudio.sys
13:39:05.0205 7248 HdAudAddService - ok
13:39:05.0212 7248 [ 7D87B5B6C7188D553E11B59DC7F0B111 ] HDAudBus C:\WINDOWS\System32\drivers\HDAudBus.sys
13:39:05.0234 7248 HDAudBus - ok
13:39:05.0244 7248 [ 3F76BBA53D65E85A7F53E7A71082082C ] HidBatt C:\WINDOWS\System32\drivers\HidBatt.sys
13:39:05.0263 7248 HidBatt - ok
13:39:05.0269 7248 [ A25BAE8C1F2830C8E5625EC7E4E968BE ] HidBth C:\WINDOWS\System32\drivers\hidbth.sys
13:39:05.0312 7248 HidBth - ok
13:39:05.0318 7248 [ AC0526C4E3A7954F750B8F8D95EFB340 ] hidi2c C:\WINDOWS\System32\drivers\hidi2c.sys
13:39:05.0356 7248 hidi2c - ok
13:39:05.0362 7248 [ DC96F7DACB777CDEAEF9958A50BFDA06 ] HidIr C:\WINDOWS\System32\drivers\hidir.sys
13:39:05.0401 7248 HidIr - ok
13:39:05.0406 7248 [ FAC37D7B3D6354A5A5E19A45B50B4008 ] hidserv C:\WINDOWS\system32\hidserv.dll
13:39:05.0428 7248 hidserv - ok
13:39:05.0433 7248 [ 590B6F71BCDA4368B4BF7D8DF22B60F7 ] HidUsb C:\WINDOWS\System32\drivers\hidusb.sys
13:39:05.0454 7248 HidUsb - ok
13:39:05.0461 7248 [ 43F884B61A24377567CD0FEB35236334 ] hkmsvc C:\WINDOWS\system32\kmsvc.dll
13:39:05.0488 7248 hkmsvc - ok
13:39:05.0497 7248 [ 33DFC14DFDCCFA7AA10E392F6A8EC1CF ] HomeGroupListener C:\WINDOWS\system32\ListSvc.dll
13:39:05.0522 7248 HomeGroupListener - ok
13:39:05.0532 7248 [ E0D9F6FE18FA7F53ADD29AF719CE2B7E ] HomeGroupProvider C:\WINDOWS\system32\provsvc.dll
13:39:05.0561 7248 HomeGroupProvider - ok
13:39:05.0569 7248 [ 64DB7A8D97CA53DCCF93D0A1E08342CF ] HpSAMD C:\WINDOWS\system32\drivers\HpSAMD.sys
13:39:05.0589 7248 HpSAMD - ok
13:39:05.0607 7248 [ 47DBBF38E00C3F7404B71F6509241EF1 ] HTTP C:\WINDOWS\system32\drivers\HTTP.sys
13:39:05.0643 7248 HTTP - ok
13:39:05.0649 7248 [ 2A98301068801700906C06649860FE94 ] hwpolicy C:\WINDOWS\system32\drivers\hwpolicy.sys
13:39:05.0667 7248 hwpolicy - ok
13:39:05.0674 7248 [ DC76901D82097C9E297F20C287CB9A27 ] hyperkbd C:\WINDOWS\System32\drivers\hyperkbd.sys
13:39:05.0693 7248 hyperkbd - ok
13:39:05.0700 7248 [ 716413AB3CA12DE0A7222D28C1C9352C ] HyperVideo C:\WINDOWS\system32\DRIVERS\HyperVideo.sys
13:39:05.0720 7248 HyperVideo - ok
13:39:05.0726 7248 [ C9E9CBF73AFFBFE3E801EFB516787BA3 ] i8042prt C:\WINDOWS\System32\drivers\i8042prt.sys
13:39:05.0749 7248 i8042prt - ok
13:39:05.0763 7248 [ 5E394EBD26FD68AA9300332C46BEDD62 ] iaStorV C:\WINDOWS\system32\drivers\iaStorV.sys
13:39:05.0795 7248 iaStorV - ok
13:39:05.0808 7248 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\IPSDefs\20 130226.001\IDSvia64.sys
13:39:05.0834 7248 IDSVia64 - ok
13:39:05.0905 7248 [ A1CF07D24EDCDC6870535471654D957C ] igfx C:\WINDOWS\system32\DRIVERS\igdkmd64.sys
13:39:06.0027 7248 igfx - ok
13:39:06.0035 7248 [ 24847A06B84339FEEDE5CABF3D27D320 ] iirsp C:\WINDOWS\system32\drivers\iirsp.sys
13:39:06.0055 7248 iirsp - ok
13:39:06.0073 7248 [ 45EACE8D94B9CEC746A85154892C4FDC ] IKEEXT C:\WINDOWS\System32\ikeext.dll
13:39:06.0118 7248 IKEEXT - ok
13:39:06.0127 7248 [ 4F37726CF764CA18A8A84F85EF3A7F24 ] intelide C:\WINDOWS\system32\drivers\intelide.sys
13:39:06.0145 7248 intelide - ok
13:39:06.0151 7248 [ F9E126AA767E2E6E3128434A43C9F713 ] intelppm C:\WINDOWS\System32\drivers\intelppm.sys
13:39:06.0171 7248 intelppm - ok
13:39:06.0178 7248 [ 8FCA66234A0933D796BB780B7953BAB9 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:39:06.0205 7248 IpFilterDriver - ok
13:39:06.0221 7248 [ CAC5202757EF68C4849B0DFFA75F6D3C ] iphlpsvc C:\WINDOWS\System32\iphlpsvc.dll
13:39:06.0263 7248 iphlpsvc - ok
13:39:06.0269 7248 [ 6E98A046A12AA113F8898AA5D612BD6E ] IPMIDRV C:\WINDOWS\System32\drivers\IPMIDrv.sys
13:39:06.0291 7248 IPMIDRV - ok
13:39:06.0300 7248 [ 3969B9C218DD3FAA9F4ED2FFC3651C02 ] IPNAT C:\WINDOWS\system32\drivers\ipnat.sys
13:39:06.0328 7248 IPNAT - ok
13:39:06.0333 7248 [ 25CD7C4BB2863FFC2B0B311F0AEBF77C ] IRENUM C:\WINDOWS\system32\drivers\irenum.sys
13:39:06.0356 7248 IRENUM - ok
13:39:06.0362 7248 [ D940C5BB9DC92E588533C19ABCC3D2C2 ] isapnp C:\WINDOWS\system32\drivers\isapnp.sys
13:39:06.0380 7248 isapnp - ok
13:39:06.0390 7248 [ F5F0DE1B7F256997501EECECE9648108 ] iScsiPrt C:\WINDOWS\System32\drivers\msiscsi.sys
13:39:06.0417 7248 iScsiPrt - ok
13:39:06.0423 7248 [ 8FBD94B69D6423E20ABCD59D86368B21 ] kbdclass C:\WINDOWS\System32\drivers\kbdclass.sys
13:39:06.0443 7248 kbdclass - ok
13:39:06.0449 7248 [ E88C932ABDF8185A62C8F2FC7B051FB6 ] kbdhid C:\WINDOWS\System32\drivers\kbdhid.sys
13:39:06.0470 7248 kbdhid - ok
13:39:06.0475 7248 [ FB6C185092E18011EF49989425C2AA87 ] kdnic C:\WINDOWS\system32\DRIVERS\kdnic.sys
13:39:06.0496 7248 kdnic - ok
13:39:06.0501 7248 [ F702AB6181513303AB0FC8D59E52708B ] KeyIso C:\WINDOWS\system32\lsass.exe
13:39:06.0522 7248 KeyIso - ok
13:39:06.0529 7248 [ DFA480F6DED551464F3A5B959F437800 ] KSecDD C:\WINDOWS\system32\Drivers\ksecdd.sys
13:39:06.0549 7248 KSecDD - ok
13:39:06.0557 7248 [ 127FB0AAD232BAAD2C9BBACD374F4FC5 ] KSecPkg C:\WINDOWS\system32\Drivers\ksecpkg.sys
13:39:06.0580 7248 KSecPkg - ok
13:39:06.0585 7248 [ 81492FEEBF2F26455B00EE8DBAE8A1B0 ] ksthunk C:\WINDOWS\system32\drivers\ksthunk.sys
13:39:06.0606 7248 ksthunk - ok
13:39:06.0616 7248 [ 5825DBACEDC3812B5CF8D40B997BF210 ] KtmRm C:\WINDOWS\system32\msdtckrm.dll
13:39:06.0645 7248 KtmRm - ok
13:39:06.0651 7248 [ 8412D334F6B18F655BFF430E9DB1ABC6 ] L1C C:\WINDOWS\system32\DRIVERS\L1C63x64.sys
13:39:06.0673 7248 L1C - ok
13:39:06.0683 7248 [ 256EE31588257E8A555DBFAA13F1908E ] LanmanServer C:\WINDOWS\system32\srvsvc.dll
13:39:06.0711 7248 LanmanServer - ok
13:39:06.0719 7248 [ 16650912BE5A94B40E0B3B4C39652B56 ] LanmanWorkstation C:\WINDOWS\System32\wkssvc.dll
13:39:06.0744 7248 LanmanWorkstation - ok
13:39:06.0754 7248 [ CEEFD29FC551F289810B0B9381B321DC ] lltdio C:\WINDOWS\system32\DRIVERS\lltdio.sys
13:39:06.0780 7248 lltdio - ok
13:39:06.0789 7248 [ BCF53485E0A94722CDE3C4A93CD8EB8C ] lltdsvc C:\WINDOWS\System32\lltdsvc.dll
13:39:06.0819 7248 lltdsvc - ok
13:39:06.0825 7248 [ 5A2F7F1CBC2E631A497DAD16164E06D2 ] lmhosts C:\WINDOWS\System32\lmhsvc.dll
13:39:06.0846 7248 lmhosts - ok
13:39:06.0854 7248 [ 022CDD12161B063D7852B1075BF3FFF2 ] LSI_SAS C:\WINDOWS\system32\drivers\lsi_sas.sys
13:39:06.0876 7248 LSI_SAS - ok
13:39:06.0883 7248 [ 07AD59D669B996F29F91817F0ECFA34F ] LSI_SAS2 C:\WINDOWS\system32\drivers\lsi_sas2.sys
13:39:06.0904 7248 LSI_SAS2 - ok
13:39:06.0912 7248 [ 216FB796AA4E252ACCE93B1BCB80B5EC ] LSI_SCSI C:\WINDOWS\system32\drivers\lsi_scsi.sys
13:39:06.0933 7248 LSI_SCSI - ok
13:39:06.0940 7248 [ 5E80530AF37102488EE980B4A92AF99F ] LSI_SSS C:\WINDOWS\system32\drivers\lsi_sss.sys
13:39:06.0961 7248 LSI_SSS - ok
13:39:06.0972 7248 [ 8FEFDCEE40B75FD23B4BC60DA6576113 ] LSM C:\WINDOWS\System32\lsm.dll
13:39:07.0001 7248 LSM - ok
13:39:07.0008 7248 [ 2BDC5D711FA61307CE6190D47C956368 ] luafv C:\WINDOWS\system32\drivers\luafv.sys
13:39:07.0041 7248 luafv - ok
13:39:07.0047 7248 [ 9B0D829C3BE4E7472DB9DD2B79908E3C ] megasas C:\WINDOWS\system32\drivers\megasas.sys
13:39:07.0066 7248 megasas - ok
13:39:07.0076 7248 [ ECC3F54C7AFC318271C4F0B4606D8DB0 ] MegaSR C:\WINDOWS\system32\drivers\MegaSR.sys
13:39:07.0105 7248 MegaSR - ok
13:39:07.0111 7248 [ 772A1DEEDFDBC244183B5C805D1B7D85 ] MEIx64 C:\WINDOWS\System32\drivers\HECIx64.sys
13:39:07.0125 7248 MEIx64 - ok
13:39:07.0133 7248 Microsoft SharePoint Workspace Audit Service - ok
13:39:07.0139 7248 [ EEE908BE7143FCA48CF0CB87214E2AB8 ] MMCSS C:\WINDOWS\system32\mmcss.dll
13:39:07.0160 7248 MMCSS - ok
13:39:07.0166 7248 [ 780098AD5DA8A4822E2563984C85EF7B ] Modem C:\WINDOWS\system32\drivers\modem.sys
13:39:07.0192 7248 Modem - ok
13:39:07.0197 7248 [ 83EB0BF7E6EBD5B1AAC97F9DBD5EB935 ] monitor C:\WINDOWS\system32\DRIVERS\monitor.sys
13:39:07.0217 7248 monitor - ok
13:39:07.0223 7248 [ 618446B98C79776654340CE27C73485E ] mouclass C:\WINDOWS\System32\drivers\mouclass.sys
13:39:07.0243 7248 mouclass - ok
13:39:07.0249 7248 [ CB2527B8B87D83E56FBF3944BBB6F606 ] mouhid C:\WINDOWS\System32\drivers\mouhid.sys
13:39:07.0268 7248 mouhid - ok
13:39:07.0275 7248 [ 89D263DBF08119CE16273991C120D6DD ] mountmgr C:\WINDOWS\system32\drivers\mountmgr.sys
13:39:07.0295 7248 mountmgr - ok
13:39:07.0302 7248 [ 0D1609DD82C7440F5D5BF21A9D4D5C0C ] mpsdrv C:\WINDOWS\system32\drivers\mpsdrv.sys
13:39:07.0324 7248 mpsdrv - ok
13:39:07.0342 7248 [ 3031573A739DBEE8923851929D0AF423 ] MpsSvc C:\WINDOWS\system32\mpssvc.dll
13:39:07.0378 7248 MpsSvc - ok
13:39:07.0386 7248 [ 3D70147F55F1EC84EB9139ED7FFE48BC ] MRxDAV C:\WINDOWS\system32\drivers\mrxdav.sys
13:39:07.0411 7248 MRxDAV - ok
13:39:07.0421 7248 [ 75C633892ADA5D48DAEAF0315E08AAFF ] mrxsmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:39:07.0448 7248 mrxsmb - ok
13:39:07.0458 7248 [ 06D5F2FA3C61E8EA91648EA8E9F99FD3 ] mrxsmb10 C:\WINDOWS\system32\DRIVERS\mrxsmb10.sys
13:39:07.0483 7248 mrxsmb10 - ok
13:39:07.0491 7248 [ E9C47B374DB1E9752F525F59FB6B73B3 ] mrxsmb20 C:\WINDOWS\system32\DRIVERS\mrxsmb20.sys
13:39:07.0514 7248 mrxsmb20 - ok
13:39:07.0520 7248 [ 98487487D6B3797CA927E9D7B030AE13 ] MsBridge C:\WINDOWS\system32\DRIVERS\bridge.sys
13:39:07.0547 7248 MsBridge - ok
13:39:07.0555 7248 [ 4A07458EB4F17573BD39F22029A991C1 ] MSDTC C:\WINDOWS\System32\msdtc.exe
13:39:07.0579 7248 MSDTC - ok
13:39:07.0590 7248 [ 3886F1F2A4D2900ABAA7E4486BEEE6A2 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
13:39:07.0610 7248 Msfs - ok
13:39:07.0615 7248 [ C9BFB0353099B071E70299549C18C8AE ] msgpiowin32 C:\WINDOWS\System32\drivers\msgpiowin32.sys
13:39:07.0634 7248 msgpiowin32 - ok
13:39:07.0641 7248 [ D3857A767B91A061B408CCAB02DA4F40 ] mshidkmdf C:\WINDOWS\System32\drivers\mshidkmdf.sys
13:39:07.0660 7248 mshidkmdf - ok
13:39:07.0666 7248 [ 839B48910FB1E887635C48F3EC11A05E ] mshidumdf C:\WINDOWS\System32\drivers\mshidumdf.sys
13:39:07.0685 7248 mshidumdf - ok
13:39:07.0692 7248 [ 55C0DB741E3AB7463242B185B1C2997C ] msisadrv C:\WINDOWS\system32\drivers\msisadrv.sys
13:39:07.0709 7248 msisadrv - ok
13:39:07.0717 7248 [ 216C6B035A4BA5560E1255BD8E5BB89F ] MSiSCSI C:\WINDOWS\system32\iscsiexe.dll
13:39:07.0741 7248 MSiSCSI - ok
13:39:07.0746 7248 msiserver - ok
13:39:07.0752 7248 [ 509809566E49F4411055864EA8D437CD ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:39:07.0772 7248 MSKSSRV - ok
13:39:07.0778 7248 [ 63145201D6458E4958E572E7D6FC2604 ] MsLldp C:\WINDOWS\system32\DRIVERS\mslldp.sys
13:39:07.0800 7248 MsLldp - ok
13:39:07.0806 7248 [ 99D526E803DB6D7FF290FD98B6204641 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:39:07.0825 7248 MSPCLOCK - ok
13:39:07.0831 7248 [ 06FA77C3E2A491ADCD704C5E73006269 ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
13:39:07.0850 7248 MSPQM - ok
13:39:07.0861 7248 [ E134EC4DE11CF78CB01432D180710D84 ] MsRPC C:\WINDOWS\system32\drivers\MsRPC.sys
13:39:07.0891 7248 MsRPC - ok
13:39:07.0900 7248 [ B5AECF12F09DEE97C9FCAA5BA016CE1E ] mssmbios C:\WINDOWS\System32\drivers\mssmbios.sys
13:39:07.0919 7248 mssmbios - ok
13:39:07.0924 7248 [ 72D66A05E0F99F2528F6C6204FD22AA1 ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
13:39:07.0943 7248 MSTEE - ok
13:39:07.0949 7248 [ 8AAAE399FC255FA105D4158CBA289001 ] MTConfig C:\WINDOWS\System32\drivers\MTConfig.sys
13:39:07.0969 7248 MTConfig - ok
13:39:07.0975 7248 [ 3BCB702F3E6CC622DCAFCAA45D7CDE0A ] Mup C:\WINDOWS\system32\Drivers\mup.sys
13:39:07.0996 7248 Mup - ok
13:39:08.0003 7248 [ 3A1E095277BBD406CEA8EA6B76950664 ] mvumis C:\WINDOWS\system32\drivers\mvumis.sys
13:39:08.0023 7248 mvumis - ok
13:39:08.0035 7248 [ 4B18840511D720BA118D3017E8165875 ] napagent C:\WINDOWS\system32\qagentRT.dll
13:39:08.0069 7248 napagent - ok
13:39:08.0081 7248 [ 43D7388A90A4C6EA346A4D6FF0377479 ] NativeWifiP C:\WINDOWS\system32\DRIVERS\nwifi.sys
13:39:08.0109 7248 NativeWifiP - ok
13:39:08.0117 7248 [ 88A2F45CE66B904285978D6BB13AFEB2 ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\VirusDefs\ 20130226.025\ENG64.SYS
13:39:08.0133 7248 NAVENG - ok
13:39:08.0163 7248 [ D2A545DA3A90BBFA40E020C23F1B7A48 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\VirusDefs\ 20130226.025\EX64.SYS
13:39:08.0229 7248 NAVEX15 - ok
13:39:08.0238 7248 [ 6A0C3996DA7DAE6D6939676D786EEEC4 ] NcaSvc C:\WINDOWS\System32\ncasvc.dll
13:39:08.0262 7248 NcaSvc - ok
13:39:08.0268 7248 [ C982FE4CC91DECE2259F494FCEB4030F ] NcdAutoSetup C:\WINDOWS\System32\NcdAutoSetup.dll
13:39:08.0291 7248 NcdAutoSetup - ok
13:39:08.0316 7248 [ 0F89AE618DBA5D8AB7A2DFCC375F4159 ] NDIS C:\WINDOWS\system32\drivers\ndis.sys
13:39:08.0366 7248 NDIS - ok
13:39:08.0373 7248 [ 39C8A1D9D46F5E83A016BCAB72455284 ] NdisCap C:\WINDOWS\system32\DRIVERS\ndiscap.sys
13:39:08.0398 7248 NdisCap - ok
13:39:08.0404 7248 [ 762941932B7E4C588E48A577BA9D6440 ] NdisImPlatform C:\WINDOWS\system32\DRIVERS\NdisImPlatform.sys
13:39:08.0431 7248 NdisImPlatform - ok
13:39:08.0439 7248 [ 7A6F8A6D0E01432EBA294EF29CDD0FA7 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:39:08.0459 7248 NdisTapi - ok
13:39:08.0465 7248 [ 79AB68BB3FFF974AD4F41FA559F4EC67 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:39:08.0485 7248 Ndisuio - ok
13:39:08.0494 7248 [ 62C7DBF4F9301F76CF87D4B9D8F57BF8 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:39:08.0521 7248 NdisWan - ok
13:39:08.0529 7248 [ 62C7DBF4F9301F76CF87D4B9D8F57BF8 ] NDISWANLEGACY C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:39:08.0555 7248 NDISWANLEGACY - ok
13:39:08.0561 7248 [ CE6EBC0AD38CC6482D8FBB744FF15CE2 ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
13:39:08.0581 7248 NDProxy - ok
13:39:08.0589 7248 [ D3F60A4345FCA9C1BE68AD7D0D6DE770 ] Ndu C:\WINDOWS\system32\drivers\Ndu.sys
13:39:08.0612 7248 Ndu - ok
13:39:08.0618 7248 [ 7C203A76394F9AE68F69EEE5F9612C4A ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
13:39:08.0643 7248 NetBIOS - ok
13:39:08.0653 7248 [ 7CEC25C682D319D484630B3952C31A11 ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
13:39:08.0679 7248 NetBT - ok
13:39:08.0685 7248 [ F702AB6181513303AB0FC8D59E52708B ] Netlogon C:\WINDOWS\system32\lsass.exe
13:39:08.0705 7248 Netlogon - ok
13:39:08.0716 7248 [ 89519D29CBEC2121CA65CC29C4D345E0 ] Netman C:\WINDOWS\System32\netman.dll
13:39:08.0747 7248 Netman - ok
13:39:08.0759 7248 [ 20F6FD63E6D456114BC8056D62792786 ] netprofm C:\WINDOWS\System32\netprofmsvc.dll
13:39:08.0793 7248 netprofm - ok
13:39:08.0805 7248 [ 5243CFC2E7161C91C2B355240035B9E4 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SM SvcHost.exe
13:39:08.0832 7248 NetTcpPortSharing - ok
13:39:08.0975 7248 [ 220CB593468EDF943E1CAD9952D257F0 ] NETwNe64 C:\WINDOWS\system32\DRIVERS\NETwNe64.sys
13:39:09.0223 7248 NETwNe64 - ok
13:39:09.0233 7248 [ 12DD2800E4EEA37DC9AE256AD62423B4 ] nfrd960 C:\WINDOWS\system32\drivers\nfrd960.sys
13:39:09.0252 7248 nfrd960 - ok
13:39:09.0262 7248 [ 4BA84C832E0741A294C4444556DFE993 ] NIS C:\Program Files (x86)\Norton Internet Security\Engine\20.2.1.22\ccSvcHst.exe
13:39:09.0277 7248 NIS - ok
13:39:09.0287 7248 [ 80ABCD4C2DE9FD832477303AE0CA3BE5 ] NlaSvc C:\WINDOWS\System32\nlasvc.dll
13:39:09.0313 7248 NlaSvc - ok
13:39:09.0326 7248 [ 17E19A742FB30C002F8B43575451DBE1 ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
13:39:09.0346 7248 Npfs - ok
13:39:09.0351 7248 [ 8ED299C30792544264E558BEA79F0947 ] npsvctrig C:\WINDOWS\System32\drivers\npsvctrig.sys
13:39:09.0382 7248 npsvctrig - ok
13:39:09.0387 7248 [ 832B5FDF0B5577713FD7F2465FCD0ACE ] nsi C:\WINDOWS\system32\nsisvc.dll
13:39:09.0409 7248 nsi - ok
13:39:09.0415 7248 [ 689B3B1E95C70ABF7AFF29F9406EF1E0 ] nsiproxy C:\WINDOWS\system32\drivers\nsiproxy.sys
13:39:09.0436 7248 nsiproxy - ok
13:39:09.0466 7248 [ 4A7EEA9C4AD5CBFDA3C0E5B821C99CAD ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
13:39:09.0547 7248 Ntfs - ok
13:39:09.0554 7248 [ 4163ADE07DB51843AE31F65B94F5398D ] Null C:\WINDOWS\system32\drivers\Null.sys
13:39:09.0574 7248 Null - ok
13:39:09.0738 7248 [ FE2909F7DFB12B9A20AD207FE23B7E96 ] nvlddmkm C:\WINDOWS\system32\DRIVERS\nvlddmkm.sys
13:39:10.0040 7248 nvlddmkm - ok
13:39:10.0050 7248 [ 54C7D4E3A31888FA4BE822F506FE905B ] nvpciflt C:\WINDOWS\system32\DRIVERS\nvpciflt.sys
13:39:10.0063 7248 nvpciflt - ok
13:39:10.0070 7248 [ D6D34118263412D3AAA8348A9572B7F2 ] nvraid C:\WINDOWS\system32\drivers\nvraid.sys
13:39:10.0094 7248 nvraid - ok
13:39:10.0103 7248 [ 27AFC428D1D32ABD04A86763A4EDDEA9 ] nvstor C:\WINDOWS\system32\drivers\nvstor.sys
13:39:10.0126 7248 nvstor - ok
13:39:10.0143 7248 [ 3341D2C91989BC87C3C0BAA97C27253B ] nvsvc C:\WINDOWS\system32\nvvsvc.exe
13:39:10.0180 7248 nvsvc - ok
13:39:10.0202 7248 [ 551CE34DAD2DFF0A480781E68B286E4D ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
13:39:10.0247 7248 nvUpdatusService - ok
13:39:10.0255 7248 [ 051CFB5107BAAE510419BDC41F8C4036 ] nv_agp C:\WINDOWS\system32\drivers\nv_agp.sys
13:39:10.0277 7248 nv_agp - ok
13:39:10.0284 7248 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:39:10.0301 7248 ose - ok
13:39:10.0368 7248 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EX E
13:39:10.0507 7248 osppsvc - ok
13:39:10.0523 7248 [ AB76700D764A342D7475FB8F47CAB18C ] p2pimsvc C:\WINDOWS\system32\pnrpsvc.dll
13:39:10.0549 7248 p2pimsvc - ok
13:39:10.0560 7248 [ 4319FD931DCD796435ECB5DB4A04FBA5 ] p2psvc C:\WINDOWS\system32\p2psvc.dll
13:39:10.0589 7248 p2psvc - ok
13:39:10.0596 7248 [ 4563DAF8C6A740AD7F501E219BD10766 ] Parport C:\WINDOWS\System32\drivers\parport.sys
13:39:10.0618 7248 Parport - ok
13:39:10.0623 7248 [ C1D7BA7F0DE487DFEEB51BF8D3EC5562 ] partmgr C:\WINDOWS\system32\drivers\partmgr.sys
13:39:10.0644 7248 partmgr - ok
13:39:10.0654 7248 [ 4811D9EC53649105A5A8BEA661B0F936 ] PcaSvc C:\WINDOWS\System32\pcasvc.dll
13:39:10.0682 7248 PcaSvc - ok
13:39:10.0691 7248 [ 4A003E8F718C1E6A2050CA98CD53E3E2 ] pci C:\WINDOWS\system32\drivers\pci.sys
13:39:10.0716 7248 pci - ok
13:39:10.0722 7248 [ F9908D274D458220F91E89B54D78D837 ] pciide C:\WINDOWS\system32\drivers\pciide.sys
13:39:10.0740 7248 pciide - ok
13:39:10.0749 7248 [ 84D19CB6102627932DCB5DFDF89FE269 ] pcmcia C:\WINDOWS\system32\drivers\pcmcia.sys
13:39:10.0775 7248 pcmcia - ok
13:39:10.0782 7248 [ CEBBAD5391C2644560C55628A40BFD27 ] pcw C:\WINDOWS\system32\drivers\pcw.sys
13:39:10.0801 7248 pcw - ok
13:39:10.0807 7248 [ 668168D499F7A16ABD0AD7ADA6563577 ] pdc C:\WINDOWS\system32\drivers\pdc.sys
13:39:10.0826 7248 pdc - ok
13:39:10.0841 7248 [ 70DBB6A8B52B3830922F1C5789E1BEEB ] PEAUTH C:\WINDOWS\system32\drivers\peauth.sys
13:39:10.0881 7248 PEAUTH - ok
13:39:10.0917 7248 [ DF0D9BDCB600913F40FF125BF8CE1979 ] PeerDistSvc C:\WINDOWS\system32\peerdistsvc.dll
13:39:10.0983 7248 PeerDistSvc - ok
13:39:11.0015 7248 [ EB88FA19F0EA05DD04BE9C5FFEEFFE1A ] PerfHost C:\WINDOWS\SysWow64\perfhost.exe
13:39:11.0035 7248 PerfHost - ok
13:39:11.0050 7248 [ ACC93675D78D1C07DAD09D7837F2397A ] pgsql-8.3 C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe
13:39:11.0058 7248 pgsql-8.3 ( UnsignedFile****lti.Generic ) - warning
13:39:11.0058 7248 pgsql-8.3 - detected UnsignedFile****lti.Generic (1)
13:39:11.0082 7248 [ 6E84BFF58F7643499277F29DFA2F8C8D ] pla C:\WINDOWS\system32\pla.dll
13:39:11.0139 7248 pla - ok
13:39:11.0147 7248 [ 799BE46D45D486704CE0F37CA5385262 ] PlugPlay C:\WINDOWS\system32\umpnpmgr.dll
13:39:11.0171 7248 PlugPlay - ok
13:39:11.0177 7248 [ 8E2414E818C26C4A9C70CB2B8567F04F ] PNRPAutoReg C:\WINDOWS\system32\pnrpauto.dll
13:39:11.0198 7248 PNRPAutoReg - ok
13:39:11.0208 7248 [ AB76700D764A342D7475FB8F47CAB18C ] PNRPsvc C:\WINDOWS\system32\pnrpsvc.dll
13:39:11.0233 7248 PNRPsvc - ok
13:39:11.0245 7248 [ 0108C8E5176D590F242701EF5A62CC26 ] PolicyAgent C:\WINDOWS\System32\ipsecsvc.dll
13:39:11.0280 7248 PolicyAgent - ok
13:39:11.0292 7248 [ F1E067F56373F11EA4B785CAE823740A ] Power C:\WINDOWS\system32\umpo.dll
13:39:11.0314 7248 Power - ok
13:39:11.0321 7248 [ 362D47E5B4D67270DE4B8606036F4ADD ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:39:11.0348 7248 PptpMiniport - ok
13:39:11.0391 7248 [ CC0B8655E4B2A5BBB215CDA8FC3BE4DE ] PrintNotify C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfi g.dll
13:39:11.0467 7248 PrintNotify - ok
13:39:11.0477 7248 [ 8DA167F8967AB35A2487095CB1B879A0 ] Processor C:\WINDOWS\System32\drivers\processr.sys
13:39:11.0497 7248 Processor - ok
13:39:11.0505 7248 [ 429E8502AD2227CF88F8840FC5BD590D ] ProfSvc C:\WINDOWS\system32\profsvc.dll
13:39:11.0529 7248 ProfSvc - ok
13:39:11.0537 7248 [ EB8034147D4820CD31BFCB11A2A652DF ] Psched C:\WINDOWS\system32\DRIVERS\pacer.sys
13:39:11.0563 7248 Psched - ok
13:39:11.0571 7248 [ DEFD557D9B8C0FA3CEA6CC576400114E ] pwdrvio C:\WINDOWS\system32\pwdrvio.sys
13:39:11.0588 7248 pwdrvio - ok
13:39:11.0593 7248 [ A2EE3B70A9E05F651B888078726C2787 ] pwdspio C:\WINDOWS\system32\pwdspio.sys
13:39:11.0608 7248 pwdspio - ok
13:39:11.0617 7248 [ 0AFBF333B6F87A2F598EAB379AF100B8 ] QWAVE C:\WINDOWS\system32\qwave.dll
13:39:11.0644 7248 QWAVE - ok
13:39:11.0651 7248 [ 13D47BB0CCA2FC51BD15F8E85C6A078E ] QWAVEdrv C:\WINDOWS\system32\drivers\qwavedrv.sys
13:39:11.0672 7248 QWAVEdrv - ok
13:39:11.0677 7248 [ 873C60F8178100557740A832FCE10B5F ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:39:11.0702 7248 RasAcd - ok
13:39:11.0709 7248 [ 69B93F623B130976243ECA3D84CC99CA ] RasAgileVpn C:\WINDOWS\system32\DRIVERS\AgileVpn.sys
13:39:11.0734 7248 RasAgileVpn - ok
13:39:11.0741 7248 [ 005F6E54C4A2DA4EBF68FB0392CE8BB0 ] RasAuto C:\WINDOWS\System32\rasauto.dll
13:39:11.0769 7248 RasAuto - ok
13:39:11.0776 7248 [ A14D625C5AEE5FFE0F47D1A1D419FAAE ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:39:11.0802 7248 Rasl2tp - ok
13:39:11.0814 7248 [ C923C785A2DE0B396AD6D13ACAFF2DE9 ] RasMan C:\WINDOWS\System32\rasmans.dll
13:39:11.0848 7248 RasMan - ok
13:39:11.0854 7248 [ 00695B9C2DB6111064499C529E90C042 ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:39:11.0880 7248 RasPppoe - ok
13:39:11.0886 7248 [ A7F24D8CD1956B0A1FDCB86CC5114DE4 ] RasSstp C:\WINDOWS\system32\DRIVERS\rassstp.sys
13:39:11.0912 7248 RasSstp - ok
13:39:11.0922 7248 [ B72C33DBD5326B3864CF2091AF8B906B ] rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:39:11.0949 7248 rdbss - ok
13:39:11.0957 7248 [ CA7DF5EC95D8DE0DD24BE7FF97369F68 ] rdpbus C:\WINDOWS\System32\drivers\rdpbus.sys
13:39:11.0979 7248 rdpbus - ok
13:39:11.0987 7248 [ B2A3AD74FF2E2FFA73AF2567108231B3 ] RDPDR C:\WINDOWS\system32\drivers\rdpdr.sys
13:39:12.0009 7248 RDPDR - ok
13:39:12.0021 7248 [ 57F4787E4602A3FCA719C0A33137C6DA ] RdpVideoMiniport C:\WINDOWS\system32\drivers\rdpvideominiport.sys
13:39:12.0039 7248 RdpVideoMiniport - ok
13:39:12.0048 7248 [ B3CB0721E81E30419CE7D837EF4EA151 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
13:39:12.0072 7248 RDPWD - ok
13:39:12.0080 7248 [ 62C1F8A0685FE07E998AA296C4F697C4 ] rdyboost C:\WINDOWS\system32\drivers\rdyboost.sys
13:39:12.0104 7248 rdyboost - ok
13:39:12.0111 7248 [ 3663CCF243EE0C04E9F6F91ED1737273 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
13:39:12.0139 7248 RemoteAccess - ok
13:39:12.0146 7248 [ E80DD61E52EDFFF9DA1ED7260A68855B ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
13:39:12.0181 7248 RemoteRegistry - ok
13:39:12.0188 7248 [ 17EF582CBC4809F96B9E6D0543480763 ] RFCOMM C:\WINDOWS\system32\DRIVERS\rfcomm.sys
13:39:12.0229 7248 RFCOMM - ok
13:39:12.0236 7248 [ 73F2E030B5C24E4E41401B5F0D59E6FD ] RpcEptMapper C:\WINDOWS\System32\RpcEpMap.dll
13:39:12.0258 7248 RpcEptMapper - ok
13:39:12.0264 7248 [ 10B21284B3D964AB3DC45490E57D422E ] RpcLocator C:\WINDOWS\system32\locator.exe
13:39:12.0285 7248 RpcLocator - ok
13:39:12.0302 7248 [ 1EC6E533C954BDDF2A37E7851A7E58FD ] RpcSs C:\WINDOWS\system32\rpcss.dll
13:39:12.0336 7248 RpcSs - ok
13:39:12.0342 7248 [ E04E770DD198B9399640717145E79EBF ] rspndr C:\WINDOWS\system32\DRIVERS\rspndr.sys
13:39:12.0368 7248 rspndr - ok
13:39:12.0374 7248 [ 752EC7DCD2F96871A3857EEE6AFE965A ] s3cap C:\WINDOWS\System32\drivers\vms3cap.sys
13:39:12.0393 7248 s3cap - ok
13:39:12.0399 7248 [ F702AB6181513303AB0FC8D59E52708B ] SamSs C:\WINDOWS\system32\lsass.exe
13:39:12.0418 7248 SamSs - ok
13:39:12.0426 7248 [ 9C7B28CE0D136DB226E24DB3BC817F92 ] sbp2port C:\WINDOWS\system32\drivers\sbp2port.sys
13:39:12.0447 7248 sbp2port - ok
13:39:12.0455 7248 [ 14316954FCE79C9DE5A0AFF9D42C83AA ] SCardSvr C:\WINDOWS\System32\SCardSvr.dll
13:39:12.0485 7248 SCardSvr - ok
13:39:12.0492 7248 [ 5D7733A12756B267FCA021672B26BC9E ] scfilter C:\WINDOWS\system32\DRIVERS\scfilter.sys
13:39:12.0518 7248 scfilter - ok
13:39:12.0539 7248 [ EDCDF4DB82EF825B94B190D544C8C58B ] Schedule C:\WINDOWS\system32\schedsvc.dll
13:39:12.0586 7248 Schedule - ok
13:39:12.0595 7248 [ BAF8F0F55BC300E5F882E521F054E345 ] SCPolicySvc C:\WINDOWS\System32\certprop.dll
13:39:12.0622 7248 SCPolicySvc - ok
13:39:12.0631 7248 [ 008E4F21A9F5B8847E166C7119799754 ] sdbus C:\WINDOWS\System32\drivers\sdbus.sys
13:39:12.0655 7248 sdbus - ok
13:39:12.0663 7248 [ 92968277ED491E4B3DDA361E3952361E ] SDRSVC C:\WINDOWS\System32\SDRSVC.dll
13:39:12.0687 7248 SDRSVC - ok
13:39:12.0706 7248 [ 206387AB881E93A1A6EB89966C8651F1 ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
13:39:12.0745 7248 SDScannerService - ok
13:39:12.0753 7248 [ BB107AA9980B0DA4E19A3A90C3BD4460 ] sdstor C:\WINDOWS\System32\drivers\sdstor.sys
13:39:12.0772 7248 sdstor - ok
13:39:12.0795 7248 [ A529CFE32565C0B145578FFB2B32C9A5 ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
13:39:12.0838 7248 SDUpdateService - ok
13:39:12.0846 7248 [ CB63BDB77BB86549FC3303C2F11EDC18 ] SDWSCService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
13:39:12.0862 7248 SDWSCService - ok
13:39:12.0868 7248 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\WINDOWS\system32\drivers\secdrv.sys
13:39:12.0888 7248 secdrv - ok
13:39:12.0894 7248 [ CD282626738B6BC92B6E7CD0AAE95B63 ] seclogon C:\WINDOWS\system32\seclogon.dll
13:39:12.0921 7248 seclogon - ok
13:39:12.0927 7248 [ 9C51620998F0763039DFA6BF68E475ED ] SENS C:\WINDOWS\System32\sens.dll
13:39:12.0959 7248 SENS - ok
13:39:12.0967 7248 [ 0D50B4B860DAB65241628D04CD33ACAE ] SensrSvc C:\WINDOWS\system32\sensrsvc.dll
13:39:12.0990 7248 SensrSvc - ok
13:39:12.0997 7248 [ 87C46B239A7EEF30FDFDD5E9BD46130C ] SerCx C:\WINDOWS\system32\drivers\SerCx.sys
13:39:13.0018 7248 SerCx - ok
13:39:13.0024 7248 [ 7A1F9347C85FD55E39B8A76B3A25C5AD ] Serenum C:\WINDOWS\System32\drivers\serenum.sys
13:39:13.0044 7248 Serenum - ok
13:39:13.0050 7248 [ F640A0A218BBF857F1D04A15D7D939F6 ] Serial C:\WINDOWS\System32\drivers\serial.sys
13:39:13.0072 7248 Serial - ok
13:39:13.0079 7248 [ F1A5F56B2620B862CC28FF96A0A6DAAB ] sermouse C:\WINDOWS\System32\drivers\sermouse.sys
13:39:13.0099 7248 sermouse - ok
13:39:13.0117 7248 [ CB60A60340788C8D6DE2A269D28086AB ] SessionEnv C:\WINDOWS\system32\sessenv.dll
13:39:13.0143 7248 SessionEnv - ok
13:39:13.0148 7248 [ 7EE65419B29302C795714FF8073969A1 ] sfloppy C:\WINDOWS\System32\drivers\sfloppy.sys
13:39:13.0169 7248 sfloppy - ok
13:39:13.0180 7248 [ 090AE16F79C8EAD04E6031F863DA85F3 ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
13:39:13.0215 7248 SharedAccess - ok
13:39:13.0230 7248 [ A77F3ABE13FCC698511E5DEC7ACEBD5F ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
13:39:13.0282 7248 ShellHWDetection - ok
13:39:13.0288 7248 [ 2560721D6F16D5B611C36A3A9D28C1B2 ] SiSRaid2 C:\WINDOWS\system32\drivers\SiSRaid2.sys
13:39:13.0307 7248 SiSRaid2 - ok
13:39:13.0315 7248 [ 3AA8FDE1DBF65BB8B88B053529554A0D ] SiSRaid4 C:\WINDOWS\system32\drivers\sisraid4.sys
13:39:13.0336 7248 SiSRaid4 - ok
13:39:13.0343 7248 [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
13:39:13.0358 7248 SkypeUpdate - ok
13:39:13.0371 7248 [ E660156A4588A84305CB772FD2C0DB21 ] SNMPTRAP C:\WINDOWS\System32\snmptrap.exe
13:39:13.0398 7248 SNMPTRAP - ok
13:39:13.0409 7248 [ 465F3C355CE5ED2779B8F460F14C5A78 ] spaceport C:\WINDOWS\system32\drivers\spaceport.sys
13:39:13.0436 7248 spaceport - ok
13:39:13.0443 7248 [ 3D8679C8DF52EB26EB7583A4E0A29202 ] SpbCx C:\WINDOWS\system32\drivers\SpbCx.sys
13:39:13.0464 7248 SpbCx - ok
13:39:13.0482 7248 [ 3F215BF2D4D8D6756298B25B579772C2 ] Spooler C:\WINDOWS\System32\spoolsv.exe
13:39:13.0521 7248 Spooler - ok
13:39:13.0586 7248 [ EC84D961501054F87A6878EC5D53388F ] sppsvc C:\WINDOWS\system32\sppsvc.exe
13:39:13.0702 7248 sppsvc - ok
13:39:13.0720 7248 [ 3510E7021D2637A67FBCB5105EAE945D ] SRTSP C:\WINDOWS\System32\Drivers\NISx64\1402010.016\SRT SP64.SYS
13:39:13.0751 7248 SRTSP - ok
13:39:13.0757 7248 [ 1B884D876E87EABF5A3356BBD7321412 ] SRTSPX C:\WINDOWS\system32\drivers\NISx64\1402010.016\SRT SPX64.SYS
13:39:13.0769 7248 SRTSPX - ok
13:39:13.0779 7248 [ 0F1FCD575A03ABDE13FCA9D0ADE4DDA6 ] srv C:\WINDOWS\system32\DRIVERS\srv.sys
13:39:13.0806 7248 srv - ok
13:39:13.0820 7248 [ C2106BB710AA34A046126AED7BCA6964 ] srv2 C:\WINDOWS\system32\DRIVERS\srv2.sys
13:39:13.0851 7248 srv2 - ok
13:39:13.0860 7248 [ 9400C71F5A1A380B494B6922F007D485 ] srvnet C:\WINDOWS\system32\DRIVERS\srvnet.sys
13:39:13.0883 7248 srvnet - ok
13:39:13.0893 7248 [ 7A20882D76D4A78240A5AC9F2C2EBA21 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
13:39:13.0925 7248 SSDPSRV - ok
13:39:13.0933 7248 [ D233B16999A8E626F6004BD7814C57EC ] SstpSvc C:\WINDOWS\system32\sstpsvc.dll
13:39:13.0960 7248 SstpSvc - ok
13:39:13.0965 7248 Steam Client Service - ok
13:39:13.0974 7248 [ 4E85355B94CFCB67C135F6521A4895A7 ] stexstor C:\WINDOWS\system32\drivers\stexstor.sys
13:39:13.0992 7248 stexstor - ok
13:39:14.0006 7248 [ BAC8A721736AECC55A4F71523AEAB65F ] stisvc C:\WINDOWS\System32\wiaservc.dll
13:39:14.0039 7248 stisvc - ok
13:39:14.0045 7248 [ C588BBD37B432CE3204E5765B459E6B2 ] storahci C:\WINDOWS\system32\drivers\storahci.sys
13:39:14.0064 7248 storahci - ok
13:39:14.0070 7248 [ F74DBC95A57B1EE866D3732EB5F79BE2 ] storflt C:\WINDOWS\system32\DRIVERS\vmstorfl.sys
13:39:14.0088 7248 storflt - ok
13:39:14.0094 7248 [ 5337E138B49ED1F44CCBA4073BC35C20 ] StorSvc C:\WINDOWS\system32\storsvc.dll
13:39:14.0116 7248 StorSvc - ok
13:39:14.0122 7248 [ 543CD3CC0E05B8D8815E0D4F040B6F59 ] storvsc C:\WINDOWS\system32\drivers\storvsc.sys
13:39:14.0141 7248 storvsc - ok
13:39:14.0146 7248 [ 1A36AC469140F87CDE62D7F8524E270C ] storvsp C:\WINDOWS\System32\drivers\storvsp.sys
13:39:14.0167 7248 storvsp - ok
13:39:14.0174 7248 [ 8BC1C1ED6EF9C985A3FAA6A72F41679A ] svsvc C:\WINDOWS\system32\svsvc.dll
13:39:14.0206 7248 svsvc - ok
13:39:14.0211 7248 [ 4AFD66AAE74FFB5986BC240744DC5FC9 ] swenum C:\WINDOWS\System32\drivers\swenum.sys
13:39:14.0229 7248 swenum - ok
13:39:14.0243 7248 [ 502F9488540051F3E6C39889ECFA76BB ] swprv C:\WINDOWS\System32\swprv.dll
13:39:14.0284 7248 swprv - ok
13:39:14.0296 7248 [ 777217682DA76337E8E6EC8AC4412B9B ] SymDS C:\WINDOWS\system32\drivers\NISx64\1402010.016\SYM DS64.SYS
13:39:14.0320 7248 SymDS - ok
13:39:14.0340 7248 [ 64D1AF3D04E70A681154FFF1893848F6 ] SymEFA C:\WINDOWS\system32\drivers\NISx64\1402010.016\SYM EFA64.SYS
13:39:14.0380 7248 SymEFA - ok
13:39:14.0387 7248 [ 42947647F71E9EF2167B42B372F1DDB7 ] SymELAM C:\WINDOWS\system32\drivers\NISx64\1402010.016\Sym ELAM.sys
13:39:14.0405 7248 SymELAM - ok
13:39:14.0414 7248 [ F5D6D3B7468C46EA2DDC1D19D2A6DA0F ] SymEvent C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS
13:39:14.0430 7248 SymEvent - ok
13:39:14.0440 7248 [ ADF37F1A715D6C56C8E065FD8569A9A4 ] SymIRON C:\WINDOWS\system32\drivers\NISx64\1402010.016\Iro nx64.SYS
13:39:14.0456 7248 SymIRON - ok
13:39:14.0468 7248 [ 1605EBD8CB86AFC4430116065995279A ] SymNetS C:\WINDOWS\System32\Drivers\NISx64\1402010.016\SYM NETS.SYS
13:39:14.0492 7248 SymNetS - ok
13:39:14.0515 7248 [ DC21E1F06343773D7E24362DCEF7944B ] SysMain C:\WINDOWS\system32\sysmain.dll
13:39:14.0563 7248 SysMain - ok
13:39:14.0571 7248 [ 079244F281621FEDCC161D3923E858FE ] SystemEventsBroker C:\WINDOWS\System32\SystemEventsBrokerServer.dll
13:39:14.0595 7248 SystemEventsBroker - ok
13:39:14.0603 7248 [ A6C06C45C44AD06C70AF8899AEC15BDC ] TabletInputService C:\WINDOWS\System32\TabSvc.dll
13:39:14.0626 7248 TabletInputService - ok
13:39:14.0636 7248 [ 88B7721AB551C4325036B25A34A2BF7B ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
13:39:14.0663 7248 TapiSrv - ok
13:39:14.0695 7248 [ D192288CE5FB395F0BBAFDD1A8B5285D ] Tcpip C:\WINDOWS\system32\drivers\tcpip.sys
13:39:14.0790 7248 Tcpip - ok
13:39:14.0823 7248 [ D192288CE5FB395F0BBAFDD1A8B5285D ] TCPIP6 C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:39:14.0919 7248 TCPIP6 - ok
13:39:14.0934 7248 [ 8F2A13A5DF99D72FDDE87F502A66F989 ] tcpipreg C:\WINDOWS\system32\drivers\tcpipreg.sys
13:39:14.0960 7248 tcpipreg - ok
13:39:14.0969 7248 [ 73DC722CE5DF26D7638CE2446F2655C7 ] tdx C:\WINDOWS\system32\DRIVERS\tdx.sys
13:39:14.0992 7248 tdx - ok
13:39:15.0040 7248 [ 9F3E7CABE86BBDECA009DE291DB6D9E2 ] TeamViewer8 C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
13:39:15.0148 7248 TeamViewer8 - ok
13:39:15.0156 7248 [ F7C8AB5D8AFFAA318D6A21093D139BF4 ] terminpt C:\WINDOWS\System32\drivers\terminpt.sys
13:39:15.0174 7248 terminpt - ok
13:39:15.0188 7248 [ 541EE228D0DEF392F7B2DFD885DD021B ] TermService C:\WINDOWS\System32\termsrv.dll
13:39:15.0224 7248 TermService - ok
13:39:15.0230 7248 [ 519A6F672FFF56B7D8EE8C730CEC8ECD ] Themes C:\WINDOWS\system32\themeservice.dll
13:39:15.0264 7248 Themes - ok
13:39:15.0271 7248 [ EEE908BE7143FCA48CF0CB87214E2AB8 ] THREADORDER C:\WINDOWS\system32\mmcss.dll
13:39:15.0291 7248 THREADORDER - ok
13:39:15.0299 7248 [ 52066C139CC189468845D5BE557B25EB ] TimeBroker C:\WINDOWS\System32\TimeBrokerServer.dll
13:39:15.0321 7248 TimeBroker - ok
13:39:15.0329 7248 [ B44EFE254C0B3719E4037088D24FE4B5 ] TPM C:\WINDOWS\system32\drivers\tpm.sys
13:39:15.0352 7248 TPM - ok
13:39:15.0361 7248 [ 8C8CF3041B27E7657ADD0EE17F6DBFCA ] TrkWks C:\WINDOWS\System32\trkwks.dll
13:39:15.0384 7248 TrkWks - ok
13:39:15.0391 7248 [ 8D516AEF3C1DF980664CF17BB1FF6093 ] TrustedInstaller C:\WINDOWS\servicing\TrustedInstaller.exe
13:39:15.0412 7248 TrustedInstaller - ok
13:39:15.0421 7248 [ 4E7C5FB10A50435523DE0CAA37DE2BD3 ] TsUsbFlt C:\WINDOWS\system32\drivers\tsusbflt.sys
13:39:15.0441 7248 TsUsbFlt - ok
13:39:15.0448 7248 [ 16D684A820872EE54F6370703AC0B513 ] TsUsbGD C:\WINDOWS\System32\drivers\TsUsbGD.sys
13:39:15.0469 7248 TsUsbGD - ok
13:39:15.0478 7248 [ 78C9EE193AC2B4CBDBC48B620314D740 ] tunnel C:\WINDOWS\system32\DRIVERS\tunnel.sys
13:39:15.0506 7248 tunnel - ok
13:39:15.0512 7248 [ 6D4F67CA56ACA2085DFA2CD89EAFBC1A ] uagp35 C:\WINDOWS\system32\drivers\uagp35.sys
13:39:15.0531 7248 uagp35 - ok
13:39:15.0539 7248 [ 6FD6D03B7752C78712E5CFF29A305026 ] UASPStor C:\WINDOWS\System32\drivers\uaspstor.sys
13:39:15.0560 7248 UASPStor - ok
13:39:15.0568 7248 [ 1ED222DFE6C13DA50FE081ABF90CAFE1 ] UCX01000 C:\WINDOWS\System32\drivers\ucx01000.sys
13:39:15.0592 7248 UCX01000 - ok
13:39:15.0603 7248 [ DC5A461591C71AF7F19DC048A81E3F88 ] udfs C:\WINDOWS\system32\DRIVERS\udfs.sys
13:39:15.0638 7248 udfs - ok
13:39:15.0649 7248 [ FB3475FEA1CCB0DAEA1EBE44D0E3BB7D ] UI0Detect C:\WINDOWS\system32\UI0Detect.exe
13:39:15.0677 7248 UI0Detect - ok
13:39:15.0683 7248 [ 07FEBCDF24FABA0D47B635D85A0FFB7A ] uliagpkx C:\WINDOWS\system32\drivers\uliagpkx.sys
13:39:15.0703 7248 uliagpkx - ok
13:39:15.0709 7248 [ 02CEB3FE6152668A7BA420B93B664860 ] umbus C:\WINDOWS\System32\drivers\umbus.sys
13:39:15.0730 7248 umbus - ok
13:39:15.0735 7248 [ 991EE6B5FC41EAEF99C8AF5B92F2CA09 ] UmPass C:\WINDOWS\System32\drivers\umpass.sys
13:39:15.0755 7248 UmPass - ok
13:39:15.0764 7248 [ 43FEFB040A0CC30F795FBF544169594D ] UmRdpService C:\WINDOWS\System32\umrdp.dll
13:39:15.0789 7248 UmRdpService - ok
13:39:15.0802 7248 [ 14D22C411854AA2560AFC94CD2D5E61F ] upnphost C:\WINDOWS\System32\upnphost.dll
13:39:15.0837 7248 upnphost - ok
13:39:15.0843 7248 [ 3FBE0784E42E7BA93FCC5201D2BAFE23 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
13:39:15.0882 7248 usbaudio - ok
13:39:15.0890 7248 [ 2AF9F0E16D75B8F783A1ACE74EF51C9B ] usbccgp C:\WINDOWS\System32\drivers\usbccgp.sys
13:39:15.0912 7248 usbccgp - ok
13:39:15.0919 7248 [ B395B62B62F28106218FA6FB17F4C797 ] usbcir C:\WINDOWS\System32\drivers\usbcir.sys
13:39:15.0957 7248 usbcir - ok
13:39:15.0964 7248 [ 52F267AEE8CA5AA5CEB88C6A71EE1E86 ] usbehci C:\WINDOWS\System32\drivers\usbehci.sys
13:39:15.0984 7248 usbehci - ok
13:39:15.0996 7248 [ FBB6794E3BBAD92D66D59D206C1F849F ] usbhub C:\WINDOWS\System32\drivers\usbhub.sys
13:39:16.0031 7248 usbhub - ok
13:39:16.0042 7248 [ 7B886003CEEBF3C8E4FDF3586DCB3787 ] USBHUB3 C:\WINDOWS\System32\drivers\UsbHub3.sys
13:39:16.0075 7248 USBHUB3 - ok
13:39:16.0081 7248 [ EC1303E3DBF312B846377A84C0D15F27 ] usbohci C:\WINDOWS\System32\drivers\usbohci.sys
13:39:16.0102 7248 usbohci - ok
13:39:16.0109 7248 [ BA3ABE0CD1C14B3295BAD0F076B84CAC ] usbprint C:\WINDOWS\System32\drivers\usbprint.sys
13:39:16.0131 7248 usbprint - ok
13:39:16.0138 7248 [ F77177F6C95B2116EE7AD23B5EF57007 ] USBSTOR C:\WINDOWS\System32\drivers\USBSTOR.SYS
13:39:16.0159 7248 USBSTOR - ok
13:39:16.0165 7248 [ D25EF4A6EC244C5DE85D88A05B7C149D ] usbuhci C:\WINDOWS\System32\drivers\usbuhci.sys
13:39:16.0184 7248 usbuhci - ok
13:39:16.0192 7248 [ 09799E701B4327097E9F63D3FE221083 ] usbvideo C:\WINDOWS\System32\Drivers\usbvideo.sys
13:39:16.0217 7248 usbvideo - ok
13:39:16.0227 7248 [ 9CD4259AD15F84DE27B94A956C978D6C ] USBXHCI C:\WINDOWS\System32\drivers\USBXHCI.SYS
13:39:16.0257 7248 USBXHCI - ok
13:39:16.0262 7248 [ F702AB6181513303AB0FC8D59E52708B ] VaultSvc C:\WINDOWS\system32\lsass.exe
13:39:16.0283 7248 VaultSvc - ok
13:39:16.0289 7248 [ BACECBFF9C97F7627A60B0E0F1FE7EE8 ] vdrvroot C:\WINDOWS\system32\drivers\vdrvroot.sys
13:39:16.0307 7248 vdrvroot - ok
13:39:16.0323 7248 [ 00FBA165A1167738802DA5D0EE78EF10 ] vds C:\WINDOWS\System32\vds.exe
13:39:16.0357 7248 vds - ok
13:39:16.0364 7248 [ 74FA2D4368DE6F6CE14393EDF1F342BE ] VerifierExt C:\WINDOWS\system32\drivers\VerifierExt.sys
13:39:16.0385 7248 VerifierExt - ok
13:39:16.0397 7248 [ 8628FA679F0EC4B709CCD1F6B6A3233B ] vhdmp C:\WINDOWS\System32\drivers\vhdmp.sys
13:39:16.0431 7248 vhdmp - ok
13:39:16.0437 7248 [ F5B4A14B00E89250C50982AC762DDD1D ] viaide C:\WINDOWS\system32\drivers\viaide.sys
13:39:16.0455 7248 viaide - ok
13:39:16.0465 7248 [ 0E43886F01C85B47BA0A3157274BCF59 ] Vid C:\WINDOWS\System32\drivers\Vid.sys
13:39:16.0488 7248 Vid - ok
13:39:16.0496 7248 [ 78DB50F7329F6D1311658DABFFFC8BE0 ] vmbus C:\WINDOWS\system32\drivers\vmbus.sys
13:39:16.0517 7248 vmbus - ok
13:39:16.0523 7248 [ ECFEE2F2BA3932C7880D1A8F67D68F91 ] VMBusHID C:\WINDOWS\System32\drivers\VMBusHID.sys
13:39:16.0542 7248 VMBusHID - ok
13:39:16.0548 7248 [ B4F432A51826FFC66F4DF72A83E8E4B1 ] vmbusr C:\WINDOWS\System32\drivers\vmbusr.sys
13:39:16.0569 7248 vmbusr - ok
13:39:16.0579 7248 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicheartbeat C:\WINDOWS\System32\ICSvc.dll
13:39:16.0606 7248 vmicheartbeat - ok
13:39:16.0615 7248 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmickvpexchange C:\WINDOWS\System32\ICSvc.dll
13:39:16.0639 7248 vmickvpexchange - ok
13:39:16.0647 7248 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicrdv C:\WINDOWS\System32\ICSvc.dll
13:39:16.0671 7248 vmicrdv - ok
13:39:16.0679 7248 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicshutdown C:\WINDOWS\System32\ICSvc.dll
13:39:16.0703 7248 vmicshutdown - ok
13:39:16.0711 7248 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmictimesync C:\WINDOWS\System32\ICSvc.dll
13:39:16.0735 7248 vmictimesync - ok
13:39:16.0745 7248 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicvss C:\WINDOWS\System32\ICSvc.dll
13:39:16.0769 7248 vmicvss - ok
13:39:16.0776 7248 [ CB60FAAED8B49B812EBBF77EB87D9B18 ] volmgr C:\WINDOWS\system32\drivers\volmgr.sys
13:39:16.0797 7248 volmgr - ok
13:39:16.0807 7248 [ A74101DA9809251BCD0E5A26BAE0F824 ] volmgrx C:\WINDOWS\system32\drivers\volmgrx.sys
13:39:16.0838 7248 volmgrx - ok
13:39:16.0848 7248 [ 2FB3CDFD5EAF4CD9D4AFAF96877D13AE ] volsnap C:\WINDOWS\system32\drivers\volsnap.sys
13:39:16.0876 7248 volsnap - ok
13:39:16.0883 7248 [ A8DA1C1B52ECEA3726DEBED4FF1B700D ] vpci C:\WINDOWS\System32\drivers\vpci.sys
13:39:16.0903 7248 vpci - ok
13:39:16.0909 7248 [ 0190AFFF28F600461C0164353CC7EE27 ] vpcivsp C:\WINDOWS\System32\drivers\vpcivsp.sys
13:39:16.0930 7248 vpcivsp - ok
13:39:16.0938 7248 [ 38A60CD9C009C55C6D3B5586F8E6A353 ] vsmraid C:\WINDOWS\system32\drivers\vsmraid.sys
13:39:16.0962 7248 vsmraid - ok
13:39:16.0986 7248 [ EA658570314042C914964FC72AB50E6B ] VSS C:\WINDOWS\system32\vssvc.exe
13:39:17.0045 7248 VSS - ok
13:39:17.0058 7248 [ A0F6FE0FC2F647C22BBFD6BD4249DBCC ] VSTXRAID C:\WINDOWS\system32\drivers\vstxraid.sys
13:39:17.0089 7248 VSTXRAID - ok
13:39:17.0095 7248 [ 62460A45435A26A334907E3F2EA45611 ] vwifibus C:\WINDOWS\System32\drivers\vwifibus.sys
13:39:17.0115 7248 vwifibus - ok
13:39:17.0121 7248 [ 095E943D27025E4D588AF0A72CC2318F ] vwififlt C:\WINDOWS\system32\DRIVERS\vwififlt.sys
13:39:17.0143 7248 vwififlt - ok
13:39:17.0149 7248 [ 73FA1A41A97A5C34ADC03B3577FF1A86 ] vwifimp C:\WINDOWS\system32\DRIVERS\vwifimp.sys
13:39:17.0171 7248 vwifimp - ok
13:39:17.0183 7248 [ F690B6EEAA94576727B24376D7ED3601 ] W32Time C:\WINDOWS\system32\w32time.dll
13:39:17.0219 7248 W32Time - ok
13:39:17.0226 7248 [ 6B806E893714019969E2B50D7EF6A4D9 ] WacomPen C:\WINDOWS\System32\drivers\wacompen.sys
13:39:17.0248 7248 WacomPen - ok
13:39:17.0255 7248 [ 6081CEC9EF9EB145D8B46655C7708D51 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:39:17.0278 7248 Wanarp - ok
13:39:17.0285 7248 [ 6081CEC9EF9EB145D8B46655C7708D51 ] Wanarpv6 C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:39:17.0305 7248 Wanarpv6 - ok
13:39:17.0331 7248 [ 42DF22F8C448E7CD219F6D63743505E2 ] wbengine C:\WINDOWS\system32\wbengine.exe
13:39:17.0383 7248 wbengine - ok
13:39:17.0393 7248 [ 31D37B2F6069C631EF0557D322924812 ] WbioSrvc C:\WINDOWS\System32\wbiosrvc.dll
13:39:17.0422 7248 WbioSrvc - ok
13:39:17.0432 7248 [ D9C1E82651BF19C6FF69CEC6FD400124 ] Wcmsvc C:\WINDOWS\System32\wcmsvc.dll
13:39:17.0459 7248 Wcmsvc - ok
13:39:17.0472 7248 [ 4507D89FA9E4283100948C91E867D130 ] wcncsvc C:\WINDOWS\System32\wcncsvc.dll
13:39:17.0503 7248 wcncsvc - ok
13:39:17.0510 7248 [ E19556D414332E2BEBA1F368229006B4 ] WcsPlugInService C:\WINDOWS\System32\WcsPlugInService.dll
13:39:17.0533 7248 WcsPlugInService - ok
13:39:17.0539 7248 [ B3A4D918DAB90505B6BC7B70632913CB ] Wd C:\WINDOWS\system32\drivers\wd.sys
13:39:17.0558 7248 Wd - ok
13:39:17.0565 7248 [ 260F8DFC4D5748F4CCB9B19CFB0E58EA ] WdBoot C:\WINDOWS\system32\drivers\WdBoot.sys
13:39:17.0584 7248 WdBoot - ok
13:39:17.0600 7248 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\WINDOWS\system32\drivers\Wdf01000.sys
13:39:17.0636 7248 Wdf01000 - ok
13:39:17.0646 7248 [ 880FFFC4D5BBBB4187B6B04AB2E8C32A ] WdFilter C:\WINDOWS\system32\drivers\WdFilter.sys
13:39:17.0672 7248 WdFilter - ok
13:39:17.0679 7248 [ 240FC332484572227CD1DF82407F33E5 ] WdiServiceHost C:\WINDOWS\system32\wdi.dll
13:39:17.0711 7248 WdiServiceHost - ok
13:39:17.0717 7248 [ 240FC332484572227CD1DF82407F33E5 ] WdiSystemHost C:\WINDOWS\system32\wdi.dll
13:39:17.0750 7248 WdiSystemHost - ok
13:39:17.0758 7248 [ F2002DA5E6B78C15B2CD48CFF8F0FBB6 ] WebClient C:\WINDOWS\System32\webclnt.dll
13:39:17.0787 7248 WebClient - ok
13:39:17.0796 7248 [ 35FD720943D4FCD75C3275BF062FF140 ] Wecsvc C:\WINDOWS\system32\wecsvc.dll
13:39:17.0824 7248 Wecsvc - ok
13:39:17.0831 7248 [ 4D2612E3C462B68F499D840B1133263E ] wercplsupport C:\WINDOWS\System32\wercplsupport.dll
13:39:17.0884 7248 wercplsupport - ok
13:39:17.0892 7248 [ 8E2426162ED6749A127B35D235F21E11 ] WerSvc C:\WINDOWS\System32\WerSvc.dll
13:39:17.0932 7248 WerSvc - ok
13:39:17.0939 7248 [ FE762D3498719C3A23471BBA62F747B4 ] WFPLWFS C:\WINDOWS\system32\DRIVERS\wfplwfs.sys
13:39:17.0959 7248 WFPLWFS - ok
13:39:17.0965 7248 [ 60E0C220593DA4F7C289CB909D2DBAE0 ] WiaRpc C:\WINDOWS\System32\wiarpc.dll
13:39:17.0988 7248 WiaRpc - ok
13:39:17.0995 7248 [ A3C7624A42A3447EF5EDD1ED37FE4E60 ] WIMMount C:\WINDOWS\system32\drivers\wimmount.sys
13:39:18.0014 7248 WIMMount - ok
13:39:18.0018 7248 WinDefend - ok
13:39:18.0040 7248 [ 1369928779943B5C7AABA263E6E2BBC1 ] WinHttpAutoProxySvc C:\WINDOWS\system32\winhttp.dll
13:39:18.0075 7248 WinHttpAutoProxySvc - ok
13:39:18.0086 7248 [ 3D6B518B71C75C8FA4115A33615C107A ] Winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
13:39:18.0112 7248 Winmgmt - ok
13:39:18.0152 7248 [ 8E212A627F33F6FC3B5F3BB47212F66E ] WinRM C:\WINDOWS\system32\WsmSvc.dll
13:39:18.0228 7248 WinRM - ok
13:39:18.0259 7248 [ EE83FBF4B9802983A3F980862CDA46BE ] WlanSvc C:\WINDOWS\System32\wlansvc.dll
13:39:18.0305 7248 WlanSvc - ok
13:39:18.0335 7248 [ 08EFA13A2234C8C3B8A99E4B88BE7E9B ] wlidsvc C:\WINDOWS\system32\wlidsvc.dll
13:39:18.0395 7248 wlidsvc - ok
13:39:18.0402 7248 [ E2A596CACFC6504306CDB7B593B90084 ] WmiAcpi C:\WINDOWS\System32\drivers\wmiacpi.sys
13:39:18.0422 7248 WmiAcpi - ok
13:39:18.0434 7248 [ D113499052C5E541906B727779F0F959 ] wmiApSrv C:\WINDOWS\system32\wbem\WmiApSrv.exe
13:39:18.0461 7248 wmiApSrv - ok
13:39:18.0466 7248 WMPNetworkSvc - ok
13:39:18.0477 7248 [ C6FF953D5D6F2EAE3B8883474D5076B3 ] wpcfltr C:\WINDOWS\system32\DRIVERS\wpcfltr.sys
13:39:18.0499 7248 wpcfltr - ok
13:39:18.0506 7248 [ A6ED163169876BFD2437E872FE2F1509 ] WPCSvc C:\WINDOWS\System32\wpcsvc.dll
13:39:18.0529 7248 WPCSvc - ok
13:39:18.0536 7248 [ 94AA5150E35B3ABB7191FE641E3C2473 ] WPDBusEnum C:\WINDOWS\system32\wpdbusenum.dll
13:39:18.0559 7248 WPDBusEnum - ok
13:39:18.0564 7248 [ 0346CAFC181C91C6E2330332EB332ED6 ] WpdUpFltr C:\WINDOWS\system32\drivers\WpdUpFltr.sys
13:39:18.0585 7248 WpdUpFltr - ok
13:39:18.0590 7248 [ BC8B5CB336E63BB25EAD1CE8EDD34B81 ] ws2ifsl C:\WINDOWS\system32\drivers\ws2ifsl.sys
13:39:18.0610 7248 ws2ifsl - ok
13:39:18.0618 7248 [ FB0C1B7F94FA08E72F19F6F2CE7210E1 ] wscsvc C:\WINDOWS\System32\wscsvc.dll
13:39:18.0643 7248 wscsvc - ok
13:39:18.0650 7248 WSearch - ok
13:39:18.0690 7248 [ C10BFFEE7E0D7A1366E84F251796C51D ] WSService C:\WINDOWS\System32\WSService.dll
13:39:18.0797 7248 WSService - ok
13:39:18.0843 7248 [ 270282F9357AB356300AD9DB9F0FD665 ] wuauserv C:\WINDOWS\system32\wuaueng.dll
13:39:18.0927 7248 wuauserv - ok
13:39:18.0936 7248 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\WINDOWS\system32\drivers\WudfPf.sys
13:39:18.0958 7248 WudfPf - ok
13:39:18.0966 7248 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\WINDOWS\System32\WUDFSvc.dll
13:39:18.0990 7248 wudfsvc - ok
13:39:18.0999 7248 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFWpdFs C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
13:39:19.0022 7248 WUDFWpdFs - ok
13:39:19.0034 7248 [ F9D8D2E6ECE08B278621D5BF3A7240A6 ] WwanSvc C:\WINDOWS\System32\wwansvc.dll
13:39:19.0067 7248 WwanSvc - ok
13:39:19.0088 7248 ================ Scan global ===============================
13:39:19.0095 7248 [ DDC1AFBF9DDF880CE9BD3896114D8DED ] C:\WINDOWS\system32\basesrv.dll
13:39:19.0103 7248 [ E9343076AE704D20BB0D01F3AF3EFFEF ] C:\WINDOWS\system32\winsrv.dll
13:39:19.0112 7248 [ BD7C6949984D19AAA609896B675E7357 ] C:\WINDOWS\system32\sxssrv.dll
13:39:19.0124 7248 [ 8F226143046435C75C033B0C52E90FFE ] C:\WINDOWS\system32\services.exe
13:39:19.0132 7248 [Global] - ok
13:39:19.0134 7248 ================ Scan MBR ==================================
13:39:19.0137 7248 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
13:39:19.0187 7248 \Device\Harddisk0\DR0 - ok
13:39:19.0192 7248 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
13:39:19.0618 7248 \Device\Harddisk1\DR1 - ok
13:39:19.0619 7248 ================ Scan VBR ==================================
13:39:19.0623 7248 [ 0A863E668D3C3E9567533828ED83E3D1 ] \Device\Harddisk0\DR0\Partition1
13:39:19.0624 7248 \Device\Harddisk0\DR0\Partition1 - ok
13:39:19.0629 7248 [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk0\DR0\Partition2
13:39:19.0629 7248 \Device\Harddisk0\DR0\Partition2 - ok
13:39:19.0634 7248 [ CB9CF71C8AB2DBACA1A0D23F091568A1 ] \Device\Harddisk0\DR0\Partition3
13:39:19.0637 7248 \Device\Harddisk0\DR0\Partition3 - ok
13:39:19.0641 7248 [ 00920C50D68A5B697552150941980CA2 ] \Device\Harddisk1\DR1\Partition1
13:39:19.0644 7248 \Device\Harddisk1\DR1\Partition1 - ok
13:39:19.0644 7248 ================================================== ==========
13:39:19.0644 7248 Scan finished
13:39:19.0644 7248 ================================================== ==========
13:39:19.0662 4376 Detected object count: 1
13:39:19.0662 4376 Actual detected object count: 1
13:40:12.0023 4376 pgsql-8.3 ( UnsignedFile****lti.Generic ) - skipped by user
13:40:12.0024 4376 pgsql-8.3 ( UnsignedFile****lti.Generic ) - User select action: Skip
Last edited by IsaacAsimov; 02-27-2013 at 09:41 AM. Reason: wrong settings
02-27-2013 , 10:03 AM
#8
GFXDude2010
View Profile Send Message Find Posts By GFXDude2010 Find Threads By GFXDude2010
enthusiast
Join Date: Feb 2013 Posts: 83
I wish one of those scammers would give me a call one day. I get about a call a week from someone who's received a similar call wanting me to verify what they said, and it's always BS. I'd let them connect to me and, well... what comes next isn't legal. But, do not give in to these guys! Stick with us here and I'm sure between the tech support you have available to you we can resolve it!

Have you ran MBAM at all?
02-27-2013 , 10:12 AM
#9
IsaacAsimov's Avatar
IsaacAsimov
View Profile Send Message Find Posts By IsaacAsimov Find Threads By IsaacAsimov
old hand
Join Date: Oct 2006 Posts: 1,704
@ GabeTheBabe

I'm trying to post the OTL text files, but the server keeps timing out. The messages are short enough according to the 100k characters limit. I will try again in a litte while unless you have another solution.

@ GFXDude2010

No, I haven't ran MBAM. I have NIS (Norton Internet Security) running constantly, but I've lost a lot of faith in them, they consistently fail to detect anything.
02-27-2013 , 10:13 AM
#10
IsaacAsimov's Avatar
IsaacAsimov
View Profile Send Message Find Posts By IsaacAsimov Find Threads By IsaacAsimov
old hand
Join Date: Oct 2006 Posts: 1,704
OTL OTL.txt part1:

OTL logfile created on: 27.02.2013 13:46:15 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = E:\Downloads\Chrome
64bit- Professional (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16484)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

7,90 Gb Total Physical Memory | 5,02 Gb Available Physical Memory | 63,59% Memory free
9,34 Gb Paging File | 4,92 Gb Available in Paging File | 52,72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 238,25 Gb Total Space | 165,57 Gb Free Space | 69,50% Space Free | Partition Type: NTFS
Drive E: | 931,51 Gb Total Space | 670,54 Gb Free Space | 71,98% Space Free | Partition Type: NTFS

Computer Name: IDEAPAD_GTX | User Name: Danny | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.02.27 13:30:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- E:\Downloads\Chrome\OTL.exe
PRC - [2013.02.27 13:28:55 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- E:\Downloads\Chrome\tdsskiller.exe
PRC - [2013.02.21 05:23:46 | 001,274,320 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013.02.15 10:05:03 | 004,484,504 | ---- | M] (Spotify Ltd) -- C:\Users\Danny\AppData\Roaming\Spotify\spotify.exe
PRC - [2013.02.15 10:05:03 | 001,103,768 | ---- | M] (Spotify Ltd) -- C:\Users\Danny\AppData\Roaming\Spotify\Data\Spotif yWebHelper.exe
PRC - [2013.01.29 22:32:58 | 001,078,624 | ---- | M] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) -- C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
PRC - [2013.01.29 22:23:06 | 011,802,464 | ---- | M] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) -- C:\Program Files (x86)\Evernote\Evernote\Evernote.exe
PRC - [2013.01.29 22:23:06 | 000,395,616 | ---- | M] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) -- C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe
PRC - [2013.01.20 19:29:18 | 028,539,272 | ---- | M] (Dropbox, Inc.) -- C:\Users\Danny\AppData\Roaming\Dropbox\bin\Dropbox .exe
PRC - [2013.01.09 14:28:59 | 000,977,920 | ---- | M] (Microsoft Corporation) -- C:\Users\Danny\AppData\Roaming\Microsoft\firewall. exe
PRC - [2012.12.18 19:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.12.14 09:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2012.12.05 22:41:22 | 002,930,288 | ---- | M] (AOL Inc.) -- C:\Users\Danny\AppData\Local\AOL\AIM\aim.exe
PRC - [2012.12.05 01:40:03 | 000,143,928 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\20.2.1.22\ccSvcHst.exe
PRC - [2012.11.27 01:30:56 | 003,093,624 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
PRC - [2012.11.13 14:08:08 | 003,825,176 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2012.11.13 14:07:24 | 000,168,384 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2012.11.13 14:07:20 | 001,369,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2012.11.13 14:07:16 | 001,103,392 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2012.10.09 10:53:36 | 004,441,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Danny\AppData\Local\Akamai\netsession_win .exe
PRC - [2012.07.03 09:04:58 | 000,507,312 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2009.12.10 02:39:04 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe
PRC - [2009.12.10 02:37:16 | 003,690,496 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
PRC - [2009.08.29 06:00:12 | 000,966,656 | ---- | M] () -- C:\Users\Danny\Local Settings\Apps\F.lux\flux.exe


========== Modules (No Company Name) ==========

MOD - [2013.02.21 05:23:44 | 000,459,728 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\ppGoo gleNaClPluginChrome.dll
MOD - [2013.02.21 05:23:43 | 012,637,136 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\Peppe rFlash\pepflashplayer.dll
MOD - [2013.02.21 05:23:42 | 004,050,896 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\pdf.d ll
MOD - [2013.02.21 05:22:51 | 000,596,944 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\libgl esv2.dll
MOD - [2013.02.21 05:22:50 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\libeg l.dll
MOD - [2013.02.21 05:22:48 | 001,552,848 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\ffmpe gsumo.dll
MOD - [2013.02.15 10:05:03 | 021,938,072 | ---- | M] () -- C:\Users\Danny\AppData\Roaming\Spotify\Data\libcef .dll
MOD - [2013.01.10 22:00:49 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Sys tem.Configuration\253546cd467b0fd7e57623921595182d \System.Configuration.ni.dll
MOD - [2013.01.09 17:29:39 | 005,453,312 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Sys tem.Xml\d981792ebf85627e57c7d95594aa7092\System.Xm l.ni.dll
MOD - [2013.01.09 17:29:13 | 007,989,248 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Sys tem\0b80769ba127fce3221c1fd47e87c4a7\System.ni.dll
MOD - [2013.01.09 17:29:10 | 011,494,912 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\msc orlib\8d2929ad589e1092eb62a43424361465\mscorlib.ni .dll
MOD - [2012.12.05 22:40:02 | 023,752,304 | ---- | M] () -- C:\Users\Danny\AppData\Local\AOL\AIM\libcef.dll
MOD - [2012.11.27 01:30:56 | 003,093,624 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
MOD - [2012.11.13 19:31:16 | 014,586,808 | ---- | M] () -- C:\Users\Danny\AppData\Local\AOL\AIM\npswf32.dll
MOD - [2012.11.13 14:06:32 | 000,158,624 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
MOD - [2012.11.13 14:06:30 | 000,108,960 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2012.11.13 14:06:28 | 000,554,400 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl
MOD - [2012.11.13 14:06:28 | 000,528,288 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl
MOD - [2012.11.13 14:06:28 | 000,416,160 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2012.09.13 22:04:06 | 000,315,392 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2. 0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2012.09.13 22:04:06 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.resources\2.0. 0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2012.09.08 12:16:30 | 000,433,664 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
MOD - [2012.09.08 12:16:20 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
MOD - [2012.08.29 06:50:42 | 021,009,920 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libcef.dll
MOD - [2012.08.29 06:50:28 | 000,133,134 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\avutil-51.dll
MOD - [2012.08.29 06:50:26 | 000,189,454 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\avformat-54.dll
MOD - [2012.08.29 06:50:24 | 000,983,054 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\avcodec-54.dll
MOD - [2012.05.30 06:51:08 | 000,699,280 | R--- | M] () -- C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.2.1.22\wincfi39.dll
MOD - [2009.08.29 06:00:12 | 000,966,656 | ---- | M] () -- C:\Users\Danny\Local Settings\Apps\F.lux\flux.exe


========== Services (SafeList) ==========

SRV:64bit: - [2012.10.29 03:20:49 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2012.09.20 09:10:47 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2012.09.20 08:18:03 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConf ig.dll -- (PrintNotify)
SRV:64bit: - [2012.09.20 06:32:59 | 000,169,984 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2012.09.20 06:32:58 | 000,178,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2012.09.20 06:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2012.09.20 06:30:41 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2012.07.26 03:08:04 | 001,968,128 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2012.07.26 03:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012.07.26 03:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2012.07.26 03:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012.07.26 03:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012.07.26 03:06:36 | 000,463,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2012.07.26 03:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012.07.26 03:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012.07.26 03:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012.07.26 03:06:00 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2012.07.26 03:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012.07.26 03:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012.07.26 03:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2012.07.26 03:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012.07.26 03:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012.07.26 03:05:04 | 000,187,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2012.07.26 00:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012.07.26 00:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012.07.26 00:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012.07.26 00:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012.07.26 00:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012.07.26 00:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2011.12.15 19:23:46 | 002,246,184 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Windows\SysNative\BtwRSupportService.exe -- (BcmBtRSupport)
SRV - [2013.02.25 07:39:32 | 000,543,144 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.01.08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.12.18 19:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.12.14 09:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2012.12.05 01:40:03 | 000,143,928 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\20.2.1.22\ccSvcHst.exe -- (NIS)
SRV - [2012.12.03 15:47:14 | 001,259,880 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.10.10 01:22:26 | 000,277,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012.09.20 08:18:03 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfi g.dll -- (PrintNotify)
SRV - [2012.07.26 03:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2012.07.17 00:38:26 | 000,731,688 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\BluetoothHS\BTHSAmpPalService.e xe -- (AMPPALR3)
SRV - [2012.05.02 13:49:44 | 000,135,952 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EX E -- (osppsvc)
SRV - [2009.12.10 02:39:04 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe -- (pgsql-8.3)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013.01.28 18:04:43 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012.12.03 15:47:14 | 000,030,056 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2012.12.02 16:54:52 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.10.18 06:17:18 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2012.10.12 08:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.10.11 07:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2012.10.11 07:13:54 | 000,194,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2012.10.11 07:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2012.10.10 01:22:28 | 005,343,584 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012.10.09 01:00:02 | 000,776,864 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NISx64\1402010.016\sr tsp64.sys -- (SRTSP)
DRV:64bit: - [2012.10.04 01:40:35 | 001,133,216 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\NISx64\1402010.016\sy mefa64.sys -- (SymEFA)
DRV:64bit: - [2012.10.04 01:40:20 | 000,493,216 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\NISx64\1402010.016\sy mds64.sys -- (SymDS)
DRV:64bit: - [2012.09.20 07:55:33 | 000,445,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2012.09.20 07:55:33 | 000,337,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2012.09.20 07:55:33 | 000,212,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2012.09.20 07:55:30 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2012.09.20 07:55:29 | 000,028,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2012.09.20 07:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012.09.20 07:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012.09.20 07:03:08 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2012.09.20 06:09:11 | 000,031,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2012.09.20 06:08:27 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2012.09.07 02:05:14 | 000,432,800 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NISx64\1402010.016\sy mnets.sys -- (SymNetS)
DRV:64bit: - [2012.09.07 01:48:08 | 000,224,416 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NISx64\1402010.016\ir onx64.sys -- (SymIRON)
DRV:64bit: - [2012.09.06 18:05:06 | 000,023,448 | R--- | M] (Symantec Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\NISx64\1402010.016\sy melam.sys -- (SymELAM)
DRV:64bit: - [2012.09.06 17:40:52 | 000,037,496 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NISx64\1402010.016\sr tspx64.sys -- (SRTSPX)
DRV:64bit: - [2012.08.20 19:50:10 | 000,168,096 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NISx64\1402010.016\cc setx64.sys -- (ccSet_NIS)
DRV:64bit: - [2012.08.20 13:48:50 | 000,019,032 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdrvio.sys -- (pwdrvio)
DRV:64bit: - [2012.08.20 13:48:48 | 000,012,384 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdspio.sys -- (pwdspio)
DRV:64bit: - [2012.07.26 05:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.07.26 05:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012.07.26 05:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012.07.26 05:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012.07.26 05:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012.07.26 05:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012.07.26 05:00:55 | 000,283,888 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2012.07.26 05:00:55 | 000,077,552 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2012.07.26 05:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012.07.26 05:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012.07.26 05:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012.07.26 05:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012.07.26 05:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012.07.26 05:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012.07.26 05:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012.07.26 05:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012.07.26 05:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012.07.26 05:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012.07.26 05:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012.07.26 04:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012.07.26 04:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2012.07.26 04:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012.07.26 04:44:30 | 000,258,288 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2012.07.26 04:36:15 | 000,034,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2012.07.26 03:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012.07.26 02:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012.07.26 02:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012.07.26 02:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012.07.26 02:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012.07.26 02:27:58 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2012.07.26 02:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012.07.26 02:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012.07.26 02:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012.07.26 02:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012.07.26 02:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012.07.26 02:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012.07.26 02:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012.07.26 02:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012.07.26 02:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012.07.26 02:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012.07.26 02:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012.07.26 02:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012.07.26 02:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.07.26 02:25:54 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2012.07.26 02:25:26 | 000,203,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\Vid.sys -- (Vid)
DRV:64bit: - [2012.07.26 02:25:22 | 000,067,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\storvsp.sys -- (storvsp)
DRV:64bit: - [2012.07.26 02:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012.07.26 02:25:12 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmbusr.sys -- (vmbusr)
DRV:64bit: - [2012.07.26 02:25:12 | 000,066,048 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpcivsp.sys -- (vpcivsp)
DRV:64bit: - [2012.07.26 02:25:02 | 000,202,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\BthLEEnum.sys -- (BthLEEnum)
DRV:64bit: - [2012.07.26 02:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012.07.26 02:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012.07.26 02:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012.07.17 17:12:08 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012.07.17 00:39:22 | 000,162,344 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2012.07.17 00:39:22 | 000,162,344 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2012.06.02 14:31:47 | 011,400,192 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NETwNe64.sys -- (NETwNe64)
DRV:64bit: - [2012.06.02 14:31:31 | 000,100,864 | ---- | M] (Qualcomm Atheros Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\L1C63x64.sys -- (L1C)
DRV:64bit: - [2012.01.27 19:34:30 | 000,134,696 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\bcbtums.sys -- (bcbtums)
DRV - [2013.01.28 18:34:28 | 002,087,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\VirusDefs\ 20130226.025\ex64.sys -- (NAVEX15)
DRV - [2013.01.28 18:34:28 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2013.01.28 18:34:28 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013.01.28 18:34:28 | 000,126,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\VirusDefs\ 20130226.025\eng64.sys -- (NAVENG)
DRV - [2013.01.24 16:29:58 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\IPSDefs\20 130226.001\IDSviA64.sys -- (IDSVia64)
DRV - [2013.01.16 03:22:36 | 001,388,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\BASHDefs\2 0130208.001\BHDrvx64.sys -- (BHDrvx64)
02-27-2013 , 10:16 AM
#11
IsaacAsimov's Avatar
IsaacAsimov
View Profile Send Message Find Posts By IsaacAsimov Find Threads By IsaacAsimov
old hand
Join Date: Oct 2006 Posts: 1,704
OTL OTL.txt part 2:




========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.de.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1A F9 B5 6E 68 0F CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyOverride" = <local>


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\WINDOWS\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\IPSFFPlgn\ [2013.01.28 18:04:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\coFFPlgn\ [2013.02.09 13:36:51 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ }{google:acceptedSuggestion}{googleriginalQueryF orSuggestion}{google:assistedQueryStats}{google:se archFieldtrialParameter}{google:searchClient}{goog le:sourceId}{google:instantExtendedEnabledParamete r}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldt rialParameter}client=chrome&q={searchTerms}&{googl e:cursorPosition}sugkey={google:suggestAPIKeyParam eter},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\Peppe rFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\ppGoo gleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\pdf.d ll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll
CHR - Extension: Google Drive = C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigk jlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo\4.2.5_0\
CHR - Extension: ******* Plus = C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddi lifddb\1.3.4_0\
CHR - Extension: Auf den Amazon-Wunschzettel = C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnj giaced\1.0.0.10_0\
CHR - Extension: Google-Suche = C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljnie djpjpf\0.0.0.19_0\
CHR - Extension: Keep My Opt-Outs = C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhnjdplhmcnkiecampfdgfjilc cfpfoe\1.0.14_0\
CHR - Extension: Diigo Web = C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default\Extensions\kipfakkakbicobflnnminhjjdk glgbmf\1.1.1_0\
CHR - Extension: Norton Identity Protection = C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmn jhmcmk\2013.2.1.36_0\
CHR - Extension: ******* Shortener for Chrome = C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default\Extensions\negjghjbfgfmdjpolclpmmjmfe ejolld\1.0.3_0\
CHR - Extension: Bastion = C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default\Extensions\oohphhdkahjlioohbalmicpoko efkgid\0.0.0.4_0\
CHR - Extension: Diigo Web Collector - Capture and Annotate = C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default\Extensions\oojbgadfejifecebmdnhhkbhdj aphole\2.0.8_0\
CHR - Extension: Evernote Web Clipper = C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefb ikjilc\5.9.9_0\
CHR - Extension: Google Mail = C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia\7_0\

O1 HOSTS File: ([2012.07.26 05:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.1.22\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.1.22\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Evernote extension) - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.1.22\coIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [AIM for Windows] C:\Users\Danny\AppData\Local\AOL\AIM\aim.exe (AOL Inc.)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Danny\AppData\Local\Akamai\netsession_win .exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [F.lux] C:\Users\Danny\Local Settings\Apps\F.lux\flux.exe ()
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [Spotify] C:\Users\Danny\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Danny\AppData\Roaming\Spotify\Data\Spotif yWebHelper.exe (Spotify Ltd)
O4 - HKCU..\Run: [Windows Firewall] C:\Users\Danny\AppData\Roaming\Microsoft\firewall. exe (Microsoft Corporation)
O4 - Startup: C:\Users\Danny\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Startup\Dropbox.lnk = C:\Users\Danny\AppData\Roaming\Dropbox\bin\Dropbox .exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Danny\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
O4 - Startup: C:\Users\Danny\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Startup\EvernoteTray.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Neue Notiz - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.htm l ()
O8:64bit: - Extra context menu item: Zu Evernote 4 hinzufügen - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html ()
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Neue Notiz - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.htm l ()
O8 - Extra context menu item: Zu Evernote 4 hinzufügen - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html ()
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.htm l ()
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.htm l ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{120B3661-3B5E-495B-BCCC-0295E2AE8FA6}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{3DF400C6-6704-4ECD-942A-F9731283EE9C}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\WINDOWS\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\WINDOWS\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\WINDOWS\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs:64bit: wlidsvc - C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
NetSvcs:64bit: DsmSvc - C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
NetSvcs:64bit: NcaSvc - C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)
NetSvcs:64bit: SystemEventsBroker - C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation)
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

MsConfig:64bit - State: "bootini" - Reg Error: Key error.

SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: BasicDisplay.sys - C:\Windows\SysNative\Drivers\BasicDisplay.sys (Microsoft Corporation)
SafeBootMin:64bit: BasicRender.sys - C:\Windows\SysNative\Drivers\BasicRender.sys (Microsoft Corporation)
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: BrokerInfrastructure - C:\Windows\SysNative\bisrv.dll (Microsoft Corporation)
SafeBootMin:64bit: EFS - C:\Windows\SysNative\efssvc.dll (Microsoft Corporation)
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: KeyIso - C:\Windows\SysNative\keyiso.dll (Microsoft Corporation)
SafeBootMin:64bit: LSM - C:\Windows\SysNative\lsm.dll (Microsoft Corporation)
SafeBootMin:64bit: Netlogon - C:\Windows\SysNative\netlogon.dll (Microsoft Corporation)
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: TBS - Service
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WudfRd - Driver
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {9DA2B80F-F89F-4A49-A5C2-511B085B9E8A} - Enhanced Storage Devices
SafeBootMin:64bit: {A0A588A4-C46F-4B37-B7EA-C82FE89870C6} - SDA Standard Compliant SD Host Controller
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: TBS - Service
SafeBootMin: vmms - Service
SafeBootMin: WudfRd - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {9DA2B80F-F89F-4A49-A5C2-511B085B9E8A} - Enhanced Storage Devices
SafeBootMin: {A0A588A4-C46F-4B37-B7EA-C82FE89870C6} - SDA Standard Compliant SD Host Controller
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: BasicDisplay.sys - C:\Windows\SysNative\Drivers\BasicDisplay.sys (Microsoft Corporation)
SafeBootNet:64bit: BasicRender.sys - C:\Windows\SysNative\Drivers\BasicRender.sys (Microsoft Corporation)
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: BrokerInfrastructure - C:\Windows\SysNative\bisrv.dll (Microsoft Corporation)
SafeBootNet:64bit: EFS - C:\Windows\SysNative\efssvc.dll (Microsoft Corporation)
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: KeyIso - C:\Windows\SysNative\keyiso.dll (Microsoft Corporation)
SafeBootNet:64bit: LSM - C:\Windows\SysNative\lsm.dll (Microsoft Corporation)
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Netlogon - C:\Windows\SysNative\netlogon.dll (Microsoft Corporation)
SafeBootNet:64bit: netprofm - C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation)
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdpencdd.sys - Driver
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: SmartcardSimulator - Driver
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TBS - Service
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: VaultSvc - C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation)
SafeBootNet:64bit: VirtualSmartcardReader - Driver
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: Wcmsvc - C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfRd - Driver
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {9DA2B80F-F89F-4A49-A5C2-511B085B9E8A} - Enhanced Storage Devices
SafeBootNet:64bit: {A0A588A4-C46F-4B37-B7EA-C82FE89870C6} - SDA Standard Compliant SD Host Controller
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdpencdd.sys - Driver
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: SmartcardSimulator - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TBS - Service
SafeBootNet: TDI - Driver Group
SafeBootNet: VirtualSmartcardReader - Driver
SafeBootNet: vmms - Service
SafeBootNet: WudfRd - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {9DA2B80F-F89F-4A49-A5C2-511B085B9E8A} - Enhanced Storage Devices
SafeBootNet: {A0A588A4-C46F-4B37-B7EA-C82FE89870C6} - SDA Standard Compliant SD Host Controller
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {74166507-F39E-305E-A972-2C3478E47350} - .NET Framework
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U %SystemRoot%\System32\shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\System32\Rundll32.exe C:\Windows\System32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {3A8403F3-90B5-35DC-8926-EB9B907209F9} - .NET Framework
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} -
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\Insta ller\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\WINDOWS\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll",CreateReaderUserSettings
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: vidc.tsc2 - C:\WINDOWS\SysWOW64\tsc2_codec64.dll (TechSmith Corporation)
Drivers32:64bit: vidc.tscc - C:\WINDOWS\SysWOW64\tsccvid64.dll (TechSmith Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\WINDOWS\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.tsc2 - C:\Windows\SysWOW64\tsc2_codec32.dll (TechSmith Corporation)
Drivers32: vidc.tscc - C:\Windows\SysWOW64\tsccvid.dll (TechSmith Corporation)
02-27-2013 , 10:16 AM
#12
IsaacAsimov's Avatar
IsaacAsimov
View Profile Send Message Find Posts By IsaacAsimov Find Threads By IsaacAsimov
old hand
Join Date: Oct 2006 Posts: 1,704
OTL OTL.txt part 3:

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013.02.27 13:13:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2013.02.27 10:05:06 | 001,139,800 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\SysNative\drivers\NISx64\1403000.024\sy mefa64.sys
[2013.02.27 10:05:06 | 000,796,248 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\SysNative\drivers\NISx64\1403000.024\sr tsp64.sys
[2013.02.27 10:05:06 | 000,493,656 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\SysNative\drivers\NISx64\1403000.024\sy mds64.sys
[2013.02.27 10:05:06 | 000,432,800 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\SysNative\drivers\NISx64\1403000.024\sy mnets.sys
[2013.02.27 10:05:06 | 000,224,416 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\SysNative\drivers\NISx64\1403000.024\ir onx64.sys
[2013.02.27 10:05:06 | 000,168,096 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\SysNative\drivers\NISx64\1403000.024\cc setx64.sys
[2013.02.27 10:05:06 | 000,036,952 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\SysNative\drivers\NISx64\1403000.024\sr tspx64.sys
[2013.02.27 10:05:06 | 000,023,448 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\SysNative\drivers\NISx64\1403000.024\sy melam.sys
[2013.02.27 10:04:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\drivers\NISx64\1403000.024
[2013.02.22 20:02:35 | 000,000,000 | ---D | C] -- C:\Users\Danny\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\AIM for Windows
[2013.02.22 20:02:33 | 000,000,000 | ---D | C] -- C:\Users\Danny\AppData\Local\AOL
[2013.02.22 20:02:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Software Update Utility
[2013.02.17 15:41:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Brother
[2013.02.16 20:21:11 | 000,000,000 | ---D | C] -- C:\Users\Danny\Desktop\william hill issue
[2013.02.15 10:17:09 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysWow64\javaws.exe
[2013.02.15 10:17:07 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysWow64\javaw.exe
[2013.02.15 10:17:07 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysWow64\java.exe
[2013.02.15 10:17:07 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysWow64\WindowsAccessBridge-32.dll
[2013.02.13 17:37:20 | 006,967,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntoskrnl.exe
[2013.02.13 17:37:04 | 003,966,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript9.dll
[2013.02.13 17:37:03 | 000,907,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\uxtheme.dll
[2013.02.13 17:37:03 | 000,854,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript.dll
[2013.02.13 17:37:03 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\jscript.dll
[2013.02.13 17:37:03 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msfeeds.dll
[2013.02.13 17:37:03 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\iesysprep.dll
[2013.02.13 17:37:03 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\iesysprep.dll
[2013.02.13 17:37:03 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\iesetup.dll
[2013.02.13 17:37:03 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\UXInit.dll
[2013.02.13 17:37:03 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ie4uinit.exe
[2013.02.13 17:37:03 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\UXInit.dll
[2013.02.13 17:37:03 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\iernonce.dll
[2013.02.07 16:15:25 | 000,000,000 | ---D | C] -- C:\Users\Danny\.MakeMKV
[2013.02.07 16:15:20 | 000,000,000 | ---D | C] -- C:\Users\Danny\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\MakeMKV
[2013.02.07 16:15:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MakeMKV
[2013.02.07 16:06:22 | 000,000,000 | ---D | C] -- C:\Users\Danny\AppData\Roaming\HandBrake
[2013.02.07 16:05:26 | 000,000,000 | ---D | C] -- C:\Users\Danny\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Handbrake
[2013.02.07 16:05:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Handbrake
[2013.02.07 16:05:25 | 000,000,000 | ---D | C] -- C:\Program Files\Handbrake
[2013.02.07 15:59:49 | 000,000,000 | ---D | C] -- C:\Users\Danny\AppData\Roaming\dvdcss
[2013.02.05 10:40:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.02.05 10:40:20 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2013.02.05 10:40:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013.01.31 02:33:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
[2013.01.31 02:33:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Evernote
[2013.01.29 13:12:38 | 001,133,216 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\SysNative\drivers\NISx64\1402010.016\sy mefa64.sys
[2013.01.29 13:12:38 | 000,776,864 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\SysNative\drivers\NISx64\1402010.016\sr tsp64.sys
[2013.01.29 13:12:38 | 000,493,216 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\SysNative\drivers\NISx64\1402010.016\sy mds64.sys
[2013.01.29 13:12:38 | 000,432,800 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\SysNative\drivers\NISx64\1402010.016\sy mnets.sys
[2013.01.29 13:12:38 | 000,224,416 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\SysNative\drivers\NISx64\1402010.016\ir onx64.sys
[2013.01.29 13:12:38 | 000,168,096 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\SysNative\drivers\NISx64\1402010.016\cc setx64.sys
[2013.01.29 13:12:38 | 000,037,496 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\SysNative\drivers\NISx64\1402010.016\sr tspx64.sys
[2013.01.29 13:12:38 | 000,023,448 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\SysNative\drivers\NISx64\1402010.016\sy melam.sys
[2013.01.29 13:12:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\drivers\NISx64\1402010.016
[2013.01.28 18:40:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2013.01.28 18:04:43 | 000,177,312 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\SysNative\drivers\SYMEVENT64x86.SYS
[2013.01.28 18:04:43 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2013.01.28 18:04:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\drivers\NISx64
[2013.01.28 18:04:26 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
[2013.01.28 18:04:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Internet Security
[2013.01.28 17:31:23 | 000,000,000 | ---D | C] -- C:\Users\Danny\Documents\ProcAlyzer Dumps
[2013.01.28 17:30:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013.01.28 17:30:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013.01.28 17:30:35 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\WINDOWS\SysNative\sdnclean64.exe
[2013.01.28 17:30:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2013.01.28 16:22:27 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\XAudio2_7.dll
[2013.01.28 16:22:27 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\XAudio2_7.dll
[2013.01.28 16:22:27 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\XAPOFX1_5.dll
[2013.01.28 16:22:27 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\XAPOFX1_5.dll
[2013.01.28 16:22:26 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\D3DCompiler_43.dll
[2013.01.28 16:22:26 | 002,401,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\D3DX9_43.dll
[2013.01.28 16:22:26 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\D3DCompiler_43.dll
[2013.01.28 16:22:26 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\D3DX9_43.dll
[2013.01.28 16:22:26 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\d3dx11_43.dll
[2013.01.28 16:22:26 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\d3dx11_43.dll
[2013.01.28 15:32:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\directx
[2013.01.28 14:10:25 | 000,000,000 | ---D | C] -- C:\Program Files\DisplayLink Core Software

========== Files - Modified Within 30 Days ==========

[2013.02.27 13:47:00 | 000,001,132 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013.02.27 13:40:40 | 001,745,416 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2013.02.27 13:40:40 | 000,753,134 | ---- | M] () -- C:\WINDOWS\SysNative\perfh007.dat
[2013.02.27 13:40:40 | 000,710,244 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2013.02.27 13:40:40 | 000,155,826 | ---- | M] () -- C:\WINDOWS\SysNative\perfc007.dat
[2013.02.27 13:40:40 | 000,132,614 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2013.02.27 13:37:45 | 000,001,128 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013.02.27 13:37:41 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.02.27 13:35:39 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013.02.27 13:35:38 | 2492,481,535 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.27 13:23:28 | 002,013,189 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\NISx64\1402010.016\Ca t.DB
[2013.02.24 19:51:20 | 000,000,173 | ---- | M] () -- C:\Users\Danny\AppData\Local\msmathematics.qat.Dan ny
[2013.02.23 13:56:03 | 000,001,078 | ---- | M] () -- C:\Users\Danny\Desktop\PokerTracker 4.lnk
[2013.02.21 10:46:18 | 000,422,536 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2013.02.15 10:17:03 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\npDeployJava1.dll
[2013.02.15 10:17:03 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\deployJava1.dll
[2013.02.15 10:17:03 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\javaws.exe
[2013.02.15 10:17:03 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\javaw.exe
[2013.02.15 10:17:03 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\java.exe
[2013.02.15 10:17:03 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\WindowsAccessBridge-32.dll
[2013.02.14 17:39:41 | 000,000,172 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\NISx64\1403000.024\is olate.ini
[2013.02.09 13:42:05 | 001,031,600 | ---- | M] () -- C:\Users\Danny\AppData\Local\census.cache
[2013.02.09 13:42:00 | 000,125,977 | ---- | M] () -- C:\Users\Danny\AppData\Local\ars.cache
[2013.02.09 13:16:10 | 000,234,544 | ---- | M] () -- C:\WINDOWS\RegBootClean64.exe
[2013.02.09 13:03:06 | 000,000,036 | ---- | M] () -- C:\Users\Danny\AppData\Local\housecall.guid.cache
[2013.02.07 17:43:14 | 000,014,818 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\NISx64\1402010.016\VT 20130115.021
[2013.02.04 21:36:29 | 000,693,600 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
[2013.02.04 21:36:29 | 000,081,248 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
[2013.02.04 20:42:36 | 000,001,776 | ---- | M] () -- C:\Users\Danny\Desktop\February - Verknüpfung.lnk
[2013.02.01 03:55:07 | 000,007,589 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\NISx64\1403000.024\sr tspx64.cat
[2013.02.01 03:55:06 | 000,007,585 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\NISx64\1403000.024\sr tsp64.cat
[2013.01.31 03:18:18 | 000,432,800 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\SysNative\drivers\NISx64\1403000.024\sy mnets.sys
[2013.01.31 03:18:11 | 000,001,440 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\NISx64\1403000.024\sy mnet.inf
[2013.01.31 03:18:06 | 001,139,800 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\SysNative\drivers\NISx64\1403000.024\sy mefa64.sys
[2013.01.31 03:18:06 | 000,014,818 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\NISx64\1403000.024\sy mvtcer.dat
[2013.01.31 03:18:06 | 000,007,587 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\NISx64\1403000.024\sy mefa64.cat
[2013.01.31 03:18:06 | 000,003,434 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\NISx64\1403000.024\sy mefa.inf
[2013.01.31 03:17:58 | 000,007,581 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\NISx64\1403000.024\sy mds64.cat
[2013.01.29 01:45:19 | 000,796,248 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\SysNative\drivers\NISx64\1403000.024\sr tsp64.sys
[2013.01.29 01:45:19 | 000,036,952 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\SysNative\drivers\NISx64\1403000.024\sr tspx64.sys
[2013.01.29 01:45:19 | 000,001,420 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\NISx64\1403000.024\sr tspx64.inf
[2013.01.29 01:45:18 | 000,001,438 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\NISx64\1403000.024\sr tsp64.inf
[2013.01.28 18:04:43 | 000,177,312 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\SysNative\drivers\SYMEVENT64x86.SYS
[2013.01.28 18:04:43 | 000,007,466 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\SYMEVENT64x86.CAT
[2013.01.28 18:04:43 | 000,000,855 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\SYMEVENT64x86.INF

========== Files Created - No Company Name ==========

[2013.02.27 10:05:06 | 000,009,670 | R--- | C] () -- C:\WINDOWS\SysNative\drivers\NISx64\1403000.024\sy melam64.cat
[2013.02.27 10:05:06 | 000,007,611 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\NISx64\1403000.024\cc setx64.cat
[2013.02.27 10:05:06 | 000,007,601 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\NISx64\1403000.024\sy mnet64.cat
[2013.02.27 10:05:06 | 000,007,593 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\NISx64\1403000.024\ir on.cat
[2013.02.27 10:05:06 | 000,007,589 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\NISx64\1403000.024\sr tspx64.cat
[2013.02.27 10:05:06 | 000,007,587 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\NISx64\1403000.024\sy mefa64.cat
[2013.02.27 10:05:06 | 000,007,585 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\NISx64\1403000.024\sr tsp64.cat
[2013.02.27 10:05:06 | 000,007,581 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\NISx64\1403000.024\sy mds64.cat
[2013.02.27 10:05:06 | 000,003,434 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\NISx64\1403000.024\sy mefa.inf
[2013.02.27 10:05:06 | 000,002,852 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\NISx64\1403000.024\sy mds.inf
[2013.02.27 10:05:06 | 000,001,440 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\NISx64\1403000.024\sy mnet.inf
[2013.02.27 10:05:06 | 000,001,438 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\NISx64\1403000.024\sr tsp64.inf
[2013.02.27 10:05:06 | 000,001,420 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\NISx64\1403000.024\sr tspx64.inf
[2013.02.27 10:05:06 | 000,000,996 | R--- | C] () -- C:\WINDOWS\SysNative\drivers\NISx64\1403000.024\sy melam.inf
[2013.02.27 10:05:06 | 000,000,853 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\NISx64\1403000.024\cc setx64.inf
[2013.02.27 10:05:06 | 000,000,767 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\NISx64\1403000.024\ir on.inf
[2013.02.27 10:04:56 | 000,014,818 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\NISx64\1403000.024\sy mvtcer.dat
[2013.02.27 10:04:56 | 000,000,172 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\NISx64\1403000.024\is olate.ini
[2013.02.21 10:46:16 | 000,422,536 | ---- | C] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2013.02.19 10:30:03 | 000,000,767 | ---- | C] () -- C:\Users\Danny\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Genting Poker.lnk
[2013.02.16 19:50:44 | 000,000,784 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\William Hill Poker.lnk
[2013.02.09 13:16:10 | 000,234,544 | ---- | C] () -- C:\WINDOWS\RegBootClean64.exe
[2013.02.09 13:10:14 | 001,031,600 | ---- | C] () -- C:\Users\Danny\AppData\Local\census.cache
[2013.02.09 13:10:04 | 000,125,977 | ---- | C] () -- C:\Users\Danny\AppData\Local\ars.cache
[2013.02.09 13:03:06 | 000,000,036 | ---- | C] () -- C:\Users\Danny\AppData\Local\housecall.guid.cache
[2013.02.07 17:43:14 | 002,013,189 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\NISx64\1402010.016\Ca t.DB
[2013.02.07 17:43:14 | 000,014,818 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\NISx64\1402010.016\VT 20130115.021
[2013.02.04 20:42:36 | 000,001,776 | ---- | C] () -- C:\Users\Danny\Desktop\February - Verknüpfung.lnk
[2013.01.29 13:12:38 | 000,009,670 | R--- | C] () -- C:\WINDOWS\SysNative\drivers\NISx64\1402010.016\sy melam64.cat
[2013.01.29 13:12:38 | 000,007,611 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\NISx64\1402010.016\cc setx64.cat
[2013.01.29 13:12:38 | 000,007,605 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\NISx64\1402010.016\sr tspx64.cat
[2013.01.29 13:12:38 | 000,007,603 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\NISx64\1402010.016\sy mefa64.cat
[2013.01.29 13:12:38 | 000,007,601 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\NISx64\1402010.016\sy mnet64.cat
[2013.01.29 13:12:38 | 000,007,601 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\NISx64\1402010.016\sr tsp64.cat
[2013.01.29 13:12:38 | 000,007,597 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\NISx64\1402010.016\sy mds64.cat
[2013.01.29 13:12:38 | 000,007,593 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\NISx64\1402010.016\ir on.cat
[2013.01.29 13:12:38 | 000,003,433 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\NISx64\1402010.016\sy mefa.inf
[2013.01.29 13:12:38 | 000,002,851 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\NISx64\1402010.016\sy mds.inf
[2013.01.29 13:12:38 | 000,001,440 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\NISx64\1402010.016\sy mnet.inf
[2013.01.29 13:12:38 | 000,001,437 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\NISx64\1402010.016\sr tsp64.inf
[2013.01.29 13:12:38 | 000,001,418 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\NISx64\1402010.016\sr tspx64.inf
[2013.01.29 13:12:38 | 000,000,996 | R--- | C] () -- C:\WINDOWS\SysNative\drivers\NISx64\1402010.016\sy melam.inf
[2013.01.29 13:12:38 | 000,000,853 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\NISx64\1402010.016\cc setx64.inf
[2013.01.29 13:12:38 | 000,000,767 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\NISx64\1402010.016\ir on.inf
[2013.01.29 13:12:36 | 000,009,103 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\NISx64\1402010.016\sy mvtcer.dat
[2013.01.29 13:12:36 | 000,000,172 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\NISx64\1402010.016\is olate.ini
[2013.01.28 18:04:43 | 000,007,466 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\SYMEVENT64x86.CAT
[2013.01.28 18:04:43 | 000,000,855 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\SYMEVENT64x86.INF
[2013.01.28 17:30:38 | 000,002,189 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2012.12.20 12:14:30 | 000,005,632 | ---- | C] () -- C:\Users\Danny\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.12.10 03:14:44 | 000,211,536 | ---- | C] () -- C:\WINDOWS\SysWow64\PTFVLib.dll
[2012.12.10 03:14:44 | 000,055,888 | ---- | C] () -- C:\WINDOWS\SysWow64\PTSDK4_SS500A_PTFV.dll
[2012.11.30 18:08:45 | 000,000,173 | ---- | C] () -- C:\Users\Danny\AppData\Local\msmathematics.qat.Dan ny
[2012.11.28 00:19:46 | 000,083,968 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll
[2012.11.27 02:05:31 | 000,004,934 | ---- | C] () -- C:\ProgramData\flwjycbm.bab
[2012.10.10 01:22:34 | 000,064,512 | ---- | C] () -- C:\WINDOWS\SysWow64\igdde32.dll
[2012.10.10 01:22:32 | 000,598,780 | ---- | C] () -- C:\WINDOWS\SysWow64\igvpkrng700.bin
[2012.10.10 01:22:16 | 000,755,048 | ---- | C] () -- C:\WINDOWS\SysWow64\igcodeckrng700.bin
[2012.09.14 09:22:10 | 000,045,056 | ---- | C] () -- C:\WINDOWS\SysWow64\BRTCPCON.DLL
[2012.09.14 09:22:10 | 000,000,114 | ---- | C] () -- C:\WINDOWS\SysWow64\BRLMW03A.INI
[2012.07.26 08:13:10 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
[2012.07.26 08:13:09 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
[2012.07.26 07:21:26 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012.07.26 01:17:42 | 000,043,520 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2012.07.25 20:37:29 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2012.07.25 20:28:31 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2012.06.02 14:31:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat

========== ZeroAccess Check ==========

[2012.12.21 15:20:33 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\cls id\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\cls id\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc8 7-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.10.11 05:45:39 | 019,789,824 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\cl sid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.10.11 05:07:29 | 017,560,576 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA 9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.07.26 03:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\cl sid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 03:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CD B-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.07.26 03:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\cl sid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Custom Scans ==========

< %APPDATA%\Microsoft\*.* >
[2013.01.09 14:28:59 | 000,977,920 | ---- | M] (Microsoft Corporation) -- C:\Users\Danny\AppData\Roaming\Microsoft\firewall. exe

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >
[2012.07.26 03:18:26 | 000,380,957 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\expsrv.dll
[2012.10.11 05:06:08 | 000,550,912 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\FirewallAPI.dll
[2012.12.20 00:37:02 | 013,740,032 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ieframe.dll
[2012.07.26 03:18:40 | 000,117,248 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iepeers.dll
[2012.07.26 03:18:57 | 001,119,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\mfc42.dll
[2013.01.04 05:32:36 | 002,706,432 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\mshtml****b
[2012.07.26 03:21:04 | 000,087,040 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msscript.ocx
[2012.07.26 03:19:17 | 001,386,496 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msvbvm60.dll
[2012.07.26 03:19:17 | 000,411,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msvcp60.dll
[2012.07.26 02:44:43 | 000,016,896 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\stdole2****b

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >

< %PROGRAMFILES%\*. >
[2012.12.31 21:38:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe
[2012.12.18 12:35:59 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AGEIA Technologies
[2012.12.25 15:50:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\BitTorrent
[2013.02.22 20:02:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files
[2012.12.02 16:54:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\DAEMON Tools Lite
[2013.01.31 02:33:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Evernote
[2013.02.19 10:30:30 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Full Tilt Poker
[2012.11.27 00:24:35 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Google
[2012.11.29 13:31:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\GrabIt
[2012.12.02 00:14:20 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\GreenTree Applications
[2012.11.27 01:43:01 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information
[2012.12.08 20:09:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Intel
[2013.02.15 00:22:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer
[2013.02.15 10:17:02 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Java
[2013.02.07 16:15:20 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MakeMKV
[2012.11.29 14:07:30 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Analysis Services
[2012.11.29 14:11:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Office
[2013.01.07 19:03:54 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Silverlight
[2012.11.29 14:11:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Sync Framework
[2012.11.29 14:08:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2012.11.29 14:11:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft.NET
[2012.11.27 01:07:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MiniTool Partition Wizard Home Edition 7.6
[2012.11.30 16:42:02 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSBuild
[2013.01.28 18:04:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Norton Internet Security
[2013.01.28 18:04:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\NortonInstaller
[2012.12.18 12:35:59 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\NVIDIA Corporation
[2012.11.27 01:30:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Pando Networks
[2012.12.23 22:11:46 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\PokerStars
[2013.02.25 14:33:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\PokerTracker 4
[2012.11.27 02:11:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\PostgreSQL
[2012.12.20 11:54:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\QuickTime
[2012.11.30 16:42:02 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Reference Assemblies
[2013.02.05 10:40:20 | 000,000,000 | R--D | M] -- C:\Program Files (x86)\Skype
[2013.01.28 17:30:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2013.01.07 20:00:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\StatKing3
[2013.02.26 11:03:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Steam
[2013.02.09 18:19:24 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\SwissFlash
[2012.12.19 19:17:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\TeamViewer
[2012.12.20 11:54:11 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\TechSmith
[2012.11.27 01:10:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\VideoLAN
[2012.07.26 10:27:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Defender
[2012.07.26 10:27:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Mail
[2012.11.30 15:53:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Player
[2012.07.26 08:13:01 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Multimedia Platform
[2012.07.26 08:12:59 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows NT
[2012.07.26 10:27:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Photo Viewer
[2012.07.26 08:13:01 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Portable Devices
[2012.07.26 08:12:59 | 000,000,000 | -HSD | M] -- C:\Program Files (x86)\Windows Sidebar

< MD5 for: EXPLORER.EXE >
[2012.10.11 05:53:24 | 002,115,952 | ---- | M] (Microsoft Corporation) MD5=0AD19A3CA61271BA872AD90771BA47DC -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.20534_none_b592 a71650d677ed\explorer.exe
[2012.10.11 08:09:58 | 002,380,944 | ---- | M] (Microsoft Corporation) MD5=0DDFEAA2AA18D4295EF220EB666B2312 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.20534_none_ab3d fcc41c75b5f2\explorer.exe
[2012.07.26 03:50:01 | 002,114,936 | ---- | M] (Microsoft Corporation) MD5=5B6ED1B57DBFF18D405A0260559B571E -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16384_none_b4d2 f8c937e166b1\explorer.exe
[2012.07.26 04:49:13 | 002,380,440 | ---- | M] (Microsoft Corporation) MD5=928791755FDDEA721B053535EF84FA17 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16384_none_aa7e 4e770380a4b6\explorer.exe
[2012.10.11 05:56:41 | 002,115,952 | ---- | M] (Microsoft Corporation) MD5=953ADECFF08202A01EFC6110214FDE02 -- C:\Windows\SysWOW64\explorer.exe
[2012.10.11 05:56:41 | 002,115,952 | ---- | M] (Microsoft Corporation) MD5=953ADECFF08202A01EFC6110214FDE02 -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16433_none_b508 0a0137b9becc\explorer.exe
[2012.10.11 07:35:16 | 002,380,944 | ---- | M] (Microsoft Corporation) MD5=E13A31D5254C25406A7946BDD9B06364 -- C:\Windows\explorer.exe
[2012.10.11 07:35:16 | 002,380,944 | ---- | M] (Microsoft Corporation) MD5=E13A31D5254C25406A7946BDD9B06364 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16433_none_aab3 5faf0358fcd1\explorer.exe
[2012.11.13 14:07:52 | 003,906,584 | ---- | M] (Safer-Networking Ltd.) MD5=E4A0900CF535888DDD85B10040CA3E34 -- C:\Program Files (x86)\Spybot - Search & Destroy 2\explorer.exe

< MD5 for: NETLOGON.DLL >
[2012.07.26 03:19:22 | 000,634,368 | ---- | M] (Microsoft Corporation) MD5=EEF9DA64D7B1DD51FB8AB9EFCC560E3E -- C:\Windows\SysWOW64\netlogon.dll
[2012.07.26 03:19:22 | 000,634,368 | ---- | M] (Microsoft Corporation) MD5=EEF9DA64D7B1DD51FB8AB9EFCC560E3E -- C:\Windows\WinSxS\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.2.9200.16384_none_60d6 08f9f61ee049\netlogon.dll
[2012.07.26 03:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) MD5=FDC70965F0FC9DFEBC919627DED5DDFF -- C:\WINDOWS\SysNative\netlogon.dll
[2012.07.26 03:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) MD5=FDC70965F0FC9DFEBC919627DED5DDFF -- C:\Windows\WinSxS\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.2.9200.16384_none_5681 5ea7c1be1e4e\netlogon.dll

< MD5 for: SERVICES.EXE >
[2012.09.20 06:33:11 | 000,410,624 | ---- | M] (Microsoft Corporation) MD5=581190907DA1CF8CB7B87B35FFE64A07 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_6.2.9200.20521_none_98a9ea 2e9f571eb2\services.exe
[2012.07.26 05:26:45 | 000,410,624 | ---- | M] (Microsoft Corporation) MD5=754A2CC1F32107EA87CBD305ABE3E618 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_6.2.9200.16384_none_97e26c d38667756c\services.exe
[2012.09.20 06:33:46 | 000,410,624 | ---- | M] (Microsoft Corporation) MD5=8F226143046435C75C033B0C52E90FFE -- C:\WINDOWS\SysNative\services.exe
[2012.09.20 06:33:46 | 000,410,624 | ---- | M] (Microsoft Corporation) MD5=8F226143046435C75C033B0C52E90FFE -- C:\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_6.2.9200.16420_none_981f4d 19863a6591\services.exe

< MD5 for: SVCHOST.EXE >
[2012.07.26 03:20:58 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=0A175AF8B65797BD22C11903A8BFEB2D -- C:\Windows\WinSxS\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.16384_none_b2666 581d6b482a6\svchost.exe
[2012.07.26 03:08:47 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=57350BEDE3834915B6145B67C71C7BDA -- C:\Windows\WinSxS\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.16384_none_0e850 1058f11f3dc\svchost.exe
[2012.09.20 06:33:14 | 000,029,696 | ---- | M] (Microsoft Corporation) MD5=607F7CB143783A8F9BA058D2FC4F2D36 -- C:\Windows\WinSxS\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.20521_none_0f4c7 e60a8019d22\svchost.exe
[2012.09.20 05:55:26 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=A46DC432F81473F526E3994AA483E366 -- C:\Windows\SysWOW64\svchost.exe
[2012.09.20 05:55:26 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=A46DC432F81473F526E3994AA483E366 -- C:\Windows\WinSxS\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.16420_none_b2a34 5c7d68772cb\svchost.exe
[2012.09.20 06:33:52 | 000,029,696 | ---- | M] (Microsoft Corporation) MD5=EDE27EACE742EE2888C5DD36400A2EC0 -- C:\WINDOWS\SysNative\svchost.exe
[2012.09.20 06:33:52 | 000,029,696 | ---- | M] (Microsoft Corporation) MD5=EDE27EACE742EE2888C5DD36400A2EC0 -- C:\Windows\WinSxS\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.16420_none_0ec1e 14b8ee4e401\svchost.exe
[2012.09.20 05:56:27 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=EEF5E64822C3E21B186EA53463BE92DA -- C:\Windows\WinSxS\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.20521_none_b32de 2dcefa42bec\svchost.exe

< MD5 for: USERINIT.EXE >
[2012.07.26 03:08:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E925F7BA032920D58DD284B6181A247 -- C:\WINDOWS\SysNative\userinit.exe
[2012.07.26 03:08:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E925F7BA032920D58DD284B6181A247 -- C:\Windows\WinSxS\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.2.9200.16384_none_34f2 617a5b742e02\userinit.exe
[2012.07.26 03:21:00 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=9F6289D194A04A09671FEED4B6CB6EF7 -- C:\Windows\SysWOW64\userinit.exe
[2012.07.26 03:21:00 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=9F6289D194A04A09671FEED4B6CB6EF7 -- C:\Windows\WinSxS\x86_microsoft-windows-userinit_31bf3856ad364e35_6.2.9200.16384_none_d8d3 c5f6a316bccc\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012.09.20 06:33:55 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=1F84B5F8DBDFFD36DF143C61CE25F12A -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16420_none_c8c9 88c15e88a211\winlogon.exe
[2012.09.20 06:33:17 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=6522E98C94A2A81AE11EB66D2AF5743A -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.20521_none_c954 25d677a55b32\winlogon.exe
[2012.07.26 03:08:50 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=93AB226C07A9789B2EC7B41F73602F76 -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16384_none_c88c a87b5eb5b1ec\winlogon.exe
[2012.10.11 05:46:58 | 000,517,120 | ---- | M] (Microsoft Corporation) MD5=BCF2036A0DD579E47C008C133550283E -- C:\WINDOWS\SysNative\winlogon.exe
[2012.10.11 05:46:58 | 000,517,120 | ---- | M] (Microsoft Corporation) MD5=BCF2036A0DD579E47C008C133550283E -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16433_none_c8c1 b9b35e8e0a07\winlogon.exe
[2012.10.11 05:45:27 | 000,517,120 | ---- | M] (Microsoft Corporation) MD5=CBFD56B4EC07CB056A6ABD55DD33671F -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.20534_none_c94c 56c877aac328\winlogon.exe

< hklm\SOFTWARE\Microsoft\Windows\CurrentVersion\Win dowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [2013.02.21 05:23:46 | 001,274,320 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --hide-icons [2013.02.21 05:23:46 | 001,274,320 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --show-icons [2013.02.21 05:23:46 | 001,274,320 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\Google Chrome\shell\open\command\\: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [2013.02.21 05:23:46 | 001,274,320 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show
HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall
HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide
HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012.12.20 02:27:37 | 000,775,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2012.12.20 02:27:37 | 000,775,128 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\Google Chrome\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2013.02.21 05:23:46 | 001,274,320 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\Google Chrome\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2013.02.21 05:23:46 | 001,274,320 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2013.02.21 05:23:46 | 001,274,320 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\Google Chrome\shell\open\command\\: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2013.02.21 05:23:46 | 001,274,320 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2012.12.20 00:29:29 | 000,050,688 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2012.12.20 00:29:29 | 000,050,688 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2012.12.20 00:29:29 | 000,050,688 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2012.12.20 02:27:37 | 000,775,128 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE [2012.12.20 02:27:37 | 000,775,128 | ---- | M] (Microsoft Corporation)

< hkcu\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /s >

< hklm\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1} /s >

< End of report >
02-27-2013 , 10:18 AM
#13
IsaacAsimov's Avatar
IsaacAsimov
View Profile Send Message Find Posts By IsaacAsimov Find Threads By IsaacAsimov
old hand
Join Date: Oct 2006 Posts: 1,704
OTL Extras.txt part 1:

OTL Extras logfile created on: 27.02.2013 13:46:15 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = E:\Downloads\Chrome
64bit- Professional (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16484)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

7,90 Gb Total Physical Memory | 5,02 Gb Available Physical Memory | 63,59% Memory free
9,34 Gb Paging File | 4,92 Gb Available in Paging File | 52,72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 238,25 Gb Total Space | 165,57 Gb Free Space | 69,50% Space Free | Partition Type: NTFS
Drive E: | 931,51 Gb Total Space | 670,54 Gb Free Space | 71,98% Space Free | Partition Type: NTFS

Computer Name: IDEAPAD_GTX | User Name: Danny | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\WINDOWS\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\WINDOWS\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\PublicPr ofile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Firewall Rules]
"{00A1870F-D640-4D7D-A4EA-047F10E695D1}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{03EE390D-6CC1-4189-96B2-F0A18C69CB06}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0C108160-77B3-43E0-BF4C-9C6DF0D36F78}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{3352B5AC-ED8B-436A-8DE9-5AEC16770A51}" = lport=137 | protocol=17 | dir=in | app=system |
"{39861446-BD09-40BC-BB37-6282A42E8803}" = lport=445 | protocol=6 | dir=in | app=system |
"{3D7CD6DB-0DA1-442E-B702-AADDBA198F6D}" = lport=10243 | protocol=6 | dir=in | app=system |
"{503182D4-79E2-4EBF-9D6C-97B366D9A245}" = rport=139 | protocol=6 | dir=out | app=system |
"{5219A4E9-B283-479A-AD9E-9C9948681576}" = lport=139 | protocol=6 | dir=in | app=system |
"{5565220E-2B5C-4530-9146-5B8EBD254967}" = rport=10243 | protocol=6 | dir=out | app=system |
"{57D30517-4AD0-47E8-A6E6-8541FCBD5E45}" = rport=137 | protocol=17 | dir=out | app=system |
"{59A1DF55-ECC7-4B60-8C3D-EBF6B885FF6E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{64F69288-3966-4A49-B5CB-5C5315052FA2}" = lport=58222 | protocol=6 | dir=in | name=pando media booster |
"{733BD531-FB04-478B-BE29-E463519405AA}" = lport=58222 | protocol=17 | dir=in | name=pando media booster |
"{7C5F3FDF-1FE4-4E48-95F1-3D3E2148189E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{8ED0ABDC-B121-457E-AB5E-CF3C2ECE98C6}" = lport=138 | protocol=17 | dir=in | app=system |
"{931940D7-0305-4F4C-B249-81CCD6E06F04}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9C24D797-B7B9-4848-A536-EC54D5E33C8F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AA5055CE-B814-4C70-B10D-179D48DCB185}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AE60BAA7-025B-4388-BDC4-D822FC242CAE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B3C11773-9C77-46F8-A3D1-A185697150A5}" = lport=58222 | protocol=6 | dir=in | name=pando media booster |
"{B593E170-33A9-4EC9-A5AA-13C4400C588F}" = lport=58222 | protocol=17 | dir=in | name=pando media booster |
"{C4AFF8DD-DECE-478B-AC9D-4DF00E3728A7}" = rport=138 | protocol=17 | dir=out | app=system |
"{E18FE3CF-7E70-455A-BDEB-B1F92297AF57}" = rport=445 | protocol=6 | dir=out | app=system |
"{E5F62DD1-E684-4A31-9C79-6452A3905E6E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F7D5ED63-582F-405E-8D4E-AC2957FC47F3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FE300FDE-5AD3-4EB2-B506-900FAEB2FC3C}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Firewall Rules]
"{062A93D4-2FA4-45C3-9781-2719228A8912}" = dir=in | name=@{microsoft.windowsphotos_16.4.4204.712_x64__ 8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{0E5904ED-413D-407B-AE16-0880A2E46DD9}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb 3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{18C86F13-F533-4BDD-846B-764245C776CA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1A47DEDA-120F-4DD9-8AB8-E5C70E82786B}" = protocol=6 | dir=in | app=c:\program files (x86)\postgresql\8.3\bin\pg_ctl.exe |
"{1DE2D7CC-963C-4593-933B-6CD842D09A54}" = dir=out | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe ?ms-resource://microsoft.bing/resources/app_name} |
"{213CB7E9-765B-4CC8-9F78-225FC65F85CE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{222709DA-4779-4967-AD68-5557165E0B8A}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4204.712_x 64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
"{22B5A366-E96D-47D6-B4B4-96CD8E1522D1}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{255D7CA7-CD64-44B2-AD15-0BEDAA6E7E8E}" = protocol=58 | dir=in | [email protected],-28545 |
"{25CD9CDD-71FB-4FA3-A8B2-0421A2D845DD}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{28272EBE-695B-47F6-8F92-2B8BFB712285}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2AD1EA69-62EB-4F19-BF76-8D6ACCC74401}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{2C6B0E9A-6ED7-42B1-B7A7-A2B4D60856B0}" = protocol=6 | dir=in | app=c:\users\danny\appdata\local\temp\7zsc22.tmp\s ymnrt.exe |
"{3067F0B1-7D65-4674-9E19-662858258AEA}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{336CDDEC-7DB0-4D01-B442-6D6428327D1C}" = dir=out | name=@{microsoft.windowsphotos_16.4.4204.712_x64__ 8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{36945CE2-39B4-41D6-A1C1-C899CF1AB313}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{39515FD9-2D20-497A-B306-8F4C6E1C4111}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8b bwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{3DAA5077-789B-45A3-BFAA-49549A2371CA}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{430E8BD6-E59D-4036-B490-77038F38CE7C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{487EA816-B95B-45B8-99C1-52ABA1217A9D}" = protocol=17 | dir=in | app=c:\users\danny\appdata\roaming\dropbox\bin\dro pbox.exe |
"{4D6F3593-876E-4279-B4DB-F8A5A34EB6CA}" = protocol=17 | dir=in | app=c:\program files (x86)\pokertracker 4\pokertracker4.exe |
"{4ED4AED0-3230-4DDC-A4D2-847026F484C7}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{5590D2CF-4A17-4A56-81AA-3047686CE0ED}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5631BEA9-6590-4675-A3A2-994E1BB9C2F2}" = protocol=1 | dir=out | [email protected],-28544 |
"{57A7FA13-EAC7-44DC-862C-328E45F2287F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\natural selection 2\ns2.exe |
"{58C36A7A-3801-4577-BB99-B691F3D58A79}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.42 06.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{5BE7B479-C327-4FE9-817A-B64C4FDA47E5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\natural selection 2\ns2.exe |
"{60293221-F98C-4F8A-8647-B973E00F3F88}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{6D8FD978-A24E-4D85-9252-DF481EFAB87A}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{6E12DA9B-E0F7-4C57-9DEA-17941DE77BFA}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{78338ACE-620A-4333-8F74-FF60A006FF7B}" = protocol=17 | dir=in | app=c:\users\danny\appdata\local\temp\7zsb946.tmp\ symnrt.exe |
"{78B8F232-3C97-463A-A099-D53A3E40366E}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d 8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
"{7B7DAC47-4386-4D70-ABFB-A9F157878917}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{823DE27A-AE28-45B2-A763-383B94DFA972}" = protocol=17 | dir=in | app=c:\program files (x86)\pokertracker 4\pokertrackerhud4.exe |
"{84DA04E9-0DB6-4E1D-9BD0-550C85638078}" = protocol=6 | dir=in | app=c:\users\danny\appdata\local\temp\7zs3642.tmp\ symnrt.exe |
"{868953E4-C48A-4EB8-92DB-2C168AC74240}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{88940AB0-5588-41D3-95F6-DE0BCC132DB1}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wek yb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{94E5C563-84D5-4ED7-9755-0277E5C419D7}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1 h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{99FCDAFF-7708-4280-95D8-EDA0B30FFD9E}" = protocol=17 | dir=in | app=c:\users\danny\appdata\local\temp\7zs3642.tmp\ symnrt.exe |
"{9F712666-1693-47B4-B82C-1D62FE57A075}" = protocol=6 | dir=in | app=c:\program files (x86)\pokertracker 4\pokertrackerhud4.exe |
"{A101F023-2E53-4217-B1F4-00EB4FCF064E}" = protocol=6 | dir=out | app=system |
"{A868A441-0712-4FCB-897C-B7C02690A715}" = protocol=17 | dir=in | app=c:\program files (x86)\postgresql\8.3\bin\postgres.exe |
"{AD6E9B38-245E-4F32-B4B1-BFB2D77E80B7}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3 d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{AE203815-296B-438C-861C-2518A063AECF}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{B060181B-A4AA-49D8-B963-7A7926DDDA2E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfa re\binaries\win32\udk.exe |
"{B1345234-FEC1-4C95-B59A-28D39D2315F0}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B4DB9B36-F78B-4FF5-9A1C-8BCADE806D1C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B67EDADD-51A6-4E77-91FC-3359CBB0BADD}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8 bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{B7BA2738-C733-40F4-ACB7-EAC5A24DCB98}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{B7EE7F3E-66DC-40E9-A379-BB9D572189A7}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{B8406781-BDD8-493F-A61B-E65311A3220D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{BC12E611-3706-48FC-BA0B-494FC81830D5}" = dir=in | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe ?ms-resource://microsoft.bing/resources/app_name} |
"{BF8D09C9-AFB7-4FEA-8A22-B2B792419EF1}" = protocol=58 | dir=out | [email protected],-28546 |
"{C1D6FDA8-FAF4-43DA-BDCB-1485637C0F1B}" = protocol=6 | dir=in | app=c:\users\danny\appdata\roaming\dropbox\bin\dro pbox.exe |
"{C25668C2-B575-4E07-A841-76151793D6B2}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3 d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{C5C4B9E9-18BC-44DA-A1B4-0C71DBFD14B3}" = protocol=17 | dir=in | app=c:\program files (x86)\postgresql\8.3\bin\pg_ctl.exe |
"{C7D55451-F617-4BFB-A2BF-395DFF3C8DBD}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1 h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{C876358D-55A8-4BFA-A5A4-8FE450E4DBE4}" = protocol=6 | dir=in | app=c:\program files (x86)\postgresql\8.3\bin\postgres.exe |
"{C96CB5F8-1FC4-4921-B22E-2166045C1E97}" = protocol=17 | dir=in | app=c:\users\danny\appdata\local\temp\7zsc22.tmp\s ymnrt.exe |
"{D3939CFB-275D-4855-BA10-56BD918EF1FB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D3FBB9B5-69A1-4D4A-8868-64A3C06E9DD9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D4C592F7-A91A-4CF5-99A2-FDA5946CD28C}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d 8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |
"{D5F2F2F5-2F45-4E74-9BF1-4A9A254ECF98}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D657C727-746B-4E30-BF74-0757676ED394}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8b bwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{DD7F72A6-6C33-44BB-8AC8-14A97CF4E296}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{DDAEB1A8-3497-4110-A6A7-D2C2B649816B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E3AB904C-8DD6-473A-A0C6-5A7B489B56BF}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{E55876FF-D5DA-407B-9855-93397E4458CB}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8 bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{E56E559E-9BF1-4FE0-8D5B-911815D97AD3}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb 3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{E77BB2AB-6648-468F-A669-E9377086542E}" = protocol=1 | dir=in | [email protected],-28543 |
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{E7C36CAA-A4F9-48E1-94C6-AE1A4BAE0FDD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{EAABFED4-A8A4-49D1-9358-D49551D182F3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{EBCA4979-12F9-4DF6-934A-1E0D975DECA2}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.42 06.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{ED8D0E3B-9AE0-4C37-BF7B-66872FDF08D3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfa re\binaries\win32\udk.exe |
"{F23F88C5-B6AE-4FF3-9360-A74C99416333}" = protocol=6 | dir=in | app=c:\users\danny\appdata\local\temp\7zsb946.tmp\ symnrt.exe |
"{F255A9D7-AAB8-4F5C-8E7C-AD8C4264D274}" = protocol=6 | dir=in | app=c:\program files (x86)\pokertracker 4\pokertracker4.exe |
"{F74F9069-A03A-405E-81DF-4012C7746025}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"TCP Query User{11417A92-A02D-4180-8AB2-016A25375BE4}C:\users\danny\appdata\roaming\micros oft\firewall.exe" = protocol=6 | dir=in | app=c:\users\danny\appdata\roaming\microsoft\firew all.exe |
"TCP Query User{4B79A4D5-76D6-4965-B2EF-32B9C62166F7}C:\users\danny\appdata\local\akamai\n etsession_win.exe" = protocol=6 | dir=in | app=c:\users\danny\appdata\local\akamai\netsession _win.exe |
"TCP Query User{86C6C2DE-2D31-44D1-8DB9-C557C416D244}C:\users\danny\appdata\roaming\spotif y\spotify.exe" = protocol=6 | dir=in | app=c:\users\danny\appdata\roaming\spotify\spotify .exe |
"UDP Query User{0E4E7EBE-5023-43A4-884B-9E855D53E4DF}C:\users\danny\appdata\local\akamai\n etsession_win.exe" = protocol=17 | dir=in | app=c:\users\danny\appdata\local\akamai\netsession _win.exe |
"UDP Query User{911494C8-B986-4E5F-8F93-61F40C7EBF14}C:\users\danny\appdata\roaming\micros oft\firewall.exe" = protocol=17 | dir=in | app=c:\users\danny\appdata\roaming\microsoft\firew all.exe |
"UDP Query User{AC1E1EC0-0166-4CDA-B28D-8AFCF1D314E4}C:\users\danny\appdata\roaming\spotif y\spotify.exe" = protocol=17 | dir=in | app=c:\users\danny\appdata\roaming\spotify\spotify .exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89478C31-5CE8-461A-9084-9A0AF059F84F}" = Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 310.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 310.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{E57B7E0A-8BE5-42E2-BE60-C07ED680A063}" = Microsoft Mathematics (64-bit)
"5992-1726-3179-3433" = ProPokerTools Odds Oracle 2.2.1
"GIMP-2_is1" = GIMP 2.8.2
"TeamSpeak 3 Client" = TeamSpeak 3 Client

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1" = MiniTool Partition Wizard Home Edition 7.6
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD Video Downloader 3.9.6
"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{595291ED-EBCA-40BB-8787-32036FDBA86B}_is1" = StatKing 3
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B823632F-3B72-4514-8861-B961CE263224}" = PostgreSQL 8.3
"{C0E8FE43-C35B-451D-B35F-D4BD056D70E7}" = Camtasia Studio 7
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{DCA963D4-6AA2-11E2-80AA-984BE15F174E}" = Evernote v. 4.6.2
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"Betsafe Poker_is1" = Betsafe Poker 1.0.0
"Betsson Poker_is1" = Betsson Poker 1.0.0
"betssonpoker (Poker)" = Betsson Poker by Microgaming
"BitTorrent" = BitTorrent
"DAEMON Tools Lite" = DAEMON Tools Lite
"Google Chrome" = Google Chrome
"GrabIt_is1" = GrabIt 1.7.2 Beta 6 (build 1008)
"HandBrake" = HandBrake 0.9.8
"MakeMKV" = MakeMKV v1.7.10
"NIS" = Norton Internet Security
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"PartyPoker" = PartyPoker
"PokerStars" = PokerStars
"PokerTracker4" = PokerTracker 4 (remove only)
"SoftwareUpdUtility" = Download Updater (AOL Inc.)
"Steam App 219640" = Chivalry: Medieval Warfare
"Steam App 4920" = Natural Selection 2
"TeamViewer 8" = TeamViewer 8
"VLC media player" = VLC media player 2.0.5
"William Hill Poker" = William Hill Poker

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Uninstall]
"AIM" = AIM for Windows
"Akamai" = Akamai NetSession Interface
"Dropbox" = Dropbox
"Flux" = F.lux
"GentingPoker" = Genting Poker
"Spotify" = Spotify

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 09.02.2013 14:24:54 | Computer Name = ideapad_gtx | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.2.9200.16433,
Zeitstempel: 0x50763312 Name des fehlerhaften Moduls: SHELL32.dll, Version: 6.2.9200.16433,
Zeitstempel: 0x507635b5 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000001f0cb6
ID
des fehlerhaften Prozesses: 0xf94 Startzeit der fehlerhaften Anwendung: 0x01ce06ca86bacd0c
Pfad
der fehlerhaften Anwendung: C:\WINDOWS\Explorer.EXE Pfad des fehlerhaften Moduls:
C:\WINDOWS\system32\SHELL32.dll Berichtskennung: ff9526a4-72e5-11e2-be79-08edb9da6339
Vollständiger
Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket
ist:

Error - 09.02.2013 14:36:14 | Computer Name = ideapad_gtx | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: chrome.exe, Version: 24.0.1312.57,
Zeitstempel: 0x510326ea Name des fehlerhaften Moduls: SYMHTML.DLL_unloaded, Version:
0.0.0.0, Zeitstempel: 0x507f1f1f Ausnahmecode: 0xc000041d Fehleroffset: 0x7173b179
ID
des fehlerhaften Prozesses: 0x187c Startzeit der fehlerhaften Anwendung: 0x01ce06ca960442cc
Pfad
der fehlerhaften Anwendung: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Pfad
des fehlerhaften Moduls: SYMHTML.DLL Berichtskennung: 94a4d870-72e7-11e2-be79-08edb9da6339
Vollständiger
Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket
ist:

Error - 10.02.2013 10:27:27 | Computer Name = ideapad_gtx | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.2.9200.16433,
Zeitstempel: 0x50763312 Name des fehlerhaften Moduls: SHELL32.dll, Version: 6.2.9200.16433,
Zeitstempel: 0x507635b5 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000001f0cb6
ID
des fehlerhaften Prozesses: 0x880 Startzeit der fehlerhaften Anwendung: 0x01ce07870fbd4174
Pfad
der fehlerhaften Anwendung: C:\WINDOWS\Explorer.EXE Pfad des fehlerhaften Moduls:
C:\WINDOWS\system32\SHELL32.dll Berichtskennung: fde6bed1-738d-11e2-be79-08edb9da6339
Vollständiger
Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket
ist:

Error - 10.02.2013 10:27:36 | Computer Name = ideapad_gtx | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: explorer.exe, Version: 6.2.9200.16433,
Zeitstempel: 0x50763312 Name des fehlerhaften Moduls: SHELL32.dll, Version: 6.2.9200.16433,
Zeitstempel: 0x507635b5 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000001f0cb6
ID
des fehlerhaften Prozesses: 0xfc8 Startzeit der fehlerhaften Anwendung: 0x01ce079ac0e4f601
Pfad
der fehlerhaften Anwendung: C:\WINDOWS\explorer.exe Pfad des fehlerhaften Moduls:
C:\WINDOWS\system32\SHELL32.dll Berichtskennung: 03bd1522-738e-11e2-be79-08edb9da6339
Vollständiger
Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket
ist:

Error - 13.02.2013 10:37:17 | Computer Name = ideapad_gtx | Source = MsiInstaller | ID = 11706
Description =

Error - 13.02.2013 10:37:30 | Computer Name = ideapad_gtx | Source = MsiInstaller | ID = 11706
Description =

Error - 13.02.2013 10:38:17 | Computer Name = ideapad_gtx | Source = MsiInstaller | ID = 11706
Description =

Error - 13.02.2013 15:03:07 | Computer Name = ideapad_gtx | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: chrome.exe, Version: 24.0.1312.57,
Zeitstempel: 0x510326ea Name des fehlerhaften Moduls: SYMHTML.DLL_unloaded, Version:
0.0.0.0, Zeitstempel: 0x507f1f1f Ausnahmecode: 0xc000041d Fehleroffset: 0x65e9b179
ID
des fehlerhaften Prozesses: 0xd30 Startzeit der fehlerhaften Anwendung: 0x01ce09c2fef6369f
Pfad
der fehlerhaften Anwendung: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Pfad
des fehlerhaften Moduls: SYMHTML.DLL Berichtskennung: 0009758e-7610-11e2-be79-08edb9da6339
Vollständiger
Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket
ist:

Error - 13.02.2013 19:47:09 | Computer Name = ideapad_gtx | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: vlc.exe, Version: 2.0.5.0, Zeitstempel:
0x50c91d8b Name des fehlerhaften Moduls: vlc.exe, Version: 2.0.5.0, Zeitstempel:
0x50c91d8b Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000172f ID des fehlerhaften Prozesses:
0x59c Startzeit der fehlerhaften Anwendung: 0x01ce0a28abf532cc Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe Pfad des fehlerhaften Moduls:
C:\Program Files (x86)\VideoLAN\VLC\vlc.exe Berichtskennung: adb49adf-7637-11e2-be79-08edb9da6339
Vollständiger
Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket
ist:

Error - 21.02.2013 06:45:49 | Computer Name = ideapad_gtx | Source = Application Hang | ID = 1002
Description = Programm chrome.exe, Version 24.0.1312.57 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: c90 Startzeit:
01ce10173e98b170 Endzeit: 4294967295 Anwendungspfad: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Berichts-ID:
da03d2e6-7c13-11e2-be7a-08edb9da6339 Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error - 27.02.2013 09:41:59 | Computer Name = ideapad_gtx | Source = Customer Experience Improvement Program | ID = 1008
Description =

[ System Events ]
Error - 27.02.2013 09:20:06 | Computer Name = ideapad_gtx | Source = DCOM | ID = 10005
Description =

Error - 27.02.2013 09:22:48 | Computer Name = ideapad_gtx | Source = DCOM | ID = 10005
Description =

Error - 27.02.2013 09:23:07 | Computer Name = ideapad_gtx | Source = DCOM | ID = 10005
Description =

Error - 27.02.2013 09:23:20 | Computer Name = ideapad_gtx | Source = DCOM | ID = 10005
Description =

Error - 27.02.2013 09:25:24 | Computer Name = ideapad_gtx | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x800f0923 fehlgeschlagen: Update für Windows 8 für x64-Systeme (KB2794599)

Error - 27.02.2013 09:25:24 | Computer Name = ideapad_gtx | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x800f0923 fehlgeschlagen: Update für Internet Explorer Flash Player unter
Windows 8 für x64-basierte Systeme (KB2805940)

Error - 27.02.2013 09:25:37 | Computer Name = ideapad_gtx | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).

Error - 27.02.2013 09:25:37 | Computer Name = ideapad_gtx | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069

Error - 27.02.2013 09:37:46 | Computer Name = ideapad_gtx | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
02-27-2013 , 10:20 AM
#14
GFXDude2010
View Profile Send Message Find Posts By GFXDude2010 Find Threads By GFXDude2010
enthusiast
Join Date: Feb 2013 Posts: 83
Download MBAM: http://download.cnet.com/Malwarebyte...=dl&tag=button

Run a Full Scan with it. MBAM is the leading removal software. Note that you shouldn't run the scan in Safe Mode, but on a regular boot instead.
02-27-2013 , 10:22 AM
#15
IsaacAsimov's Avatar
IsaacAsimov
View Profile Send Message Find Posts By IsaacAsimov Find Threads By IsaacAsimov
old hand
Join Date: Oct 2006 Posts: 1,704
Ok, got it to work by making them even shorter. I'm a little surprised they were able to get the number they called me on. It isn't actually in my name, it's my mother's number.
How likely do you think it is that I could have been infected through my home network and something my mother downloaded? I feel pretty safe on the internet and anything that could be unsafe I've checked with a friend who works in IT and he says it's safe plus has a poker player I'm more paranoid than your average user.
02-27-2013 , 10:55 AM
#16
IsaacAsimov's Avatar
IsaacAsimov
View Profile Send Message Find Posts By IsaacAsimov Find Threads By IsaacAsimov
old hand
Join Date: Oct 2006 Posts: 1,704
MBAM has found 2 objects and has been blocking access to some potentially malicious website.

Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org

Database version: v2013.02.27.08

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16484
Danny :: IDEAPAD_GTX [administrator]

Protection: Enabled

27.02.2013 14:26:58
MBAM-log-2013-02-27 (14-53-19).txt

Scan type: Full scan (C:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 474578
Time elapsed: 25 minute(s), 54 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\Software\DC3_FEXEC (Malware.Trace) -> No action taken.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Danny\AppData\Local\Temp\dclogs.sys (Stolen.Data) -> No action taken.

(end)
02-27-2013 , 11:09 AM
#17
Malfunction
View Profile Send Message Find Posts By Malfunction Find Threads By Malfunction
old hand
Join Date: Jul 2008 Posts: 1,719
Quote:
Originally Posted by IsaacAsimov
Ok, got it to work by making them even shorter. I'm a little surprised they were able to get the number they called me on. It isn't actually in my name, it's my mother's number.
How likely do you think it is that I could have been infected through my home network and something my mother downloaded? I feel pretty safe on the internet and anything that could be unsafe I've checked with a friend who works in IT and he says it's safe plus has a poker player I'm more paranoid than your average user.
Afaik they just call random numbers and hope for someone gullible enough to give them access, after which they'll install keyloggers and hope you log into your banksoftware etc.

No opening eventvwr doesn't do anything for them. It's a way for users to view what's happening on the computer.

I'm not too sure what CLSID is but according to http://msdn.microsoft.com/en-us/libr...(v=vs.85).aspx every application has an unique CLSID. So he probably named the CLSID for the piece of Trojan, maybe?
MBAM is great tho, run it! Might save you the trouble of reinstalling.
02-27-2013 , 11:15 AM
#18
Malfunction
View Profile Send Message Find Posts By Malfunction Find Threads By Malfunction
old hand
Join Date: Jul 2008 Posts: 1,719
Regarding DC3_FEXEC:
http://forums.malwarebytes.org/index...owtopic=115711

Quite a read but was solved for this user.
02-27-2013 , 11:26 AM
#19
IsaacAsimov's Avatar
IsaacAsimov
View Profile Send Message Find Posts By IsaacAsimov Find Threads By IsaacAsimov
old hand
Join Date: Oct 2006 Posts: 1,704
Quote:
Originally Posted by Malfunction
Afaik they just call random numbers and hope for someone gullible enough to give them access, after which they'll install keyloggers and hope you log into your banksoftware etc.

No opening eventvwr doesn't do anything for them. It's a way for users to view what's happening on the computer.

I'm not too sure what CLSID is but according to http://msdn.microsoft.com/en-us/libr...(v=vs.85).aspx every application has an unique CLSID. So he probably named the CLSID for the piece of Trojan, maybe?
MBAM is great tho, run it! Might save you the trouble of reinstalling.
Yea, I've already run it (see above post).

Tbh reinstalling isn't much trouble, especially when you think about the benefits for peace of mind. Reinstalling is how I usually deal with these problems, because it requires little technical knowledge but is very effective. However I am very interested in knowing the cause of my problems, if possible. So any feedback I get here is valuable.

I guess reading over your post I realize that it is somewhat likely that my computer isn't even infected. I also recall that the program he requested the CLSID for was "assoc", which according to MS is "Displays or modifies file name extension associations. Used without parameters, assoc displays a list of all the current file name extension associations." and assoc's CLSID is the same on my current computer and potentially infected computer so presumably it's the same for every computer.

The more I think about it the sillier it sounds, but fwiw, I was overly concerned, because of a previous Trojan that was found on my computer approx. two weeks back (or whenever I started my original thread). So it seems this was just a coincidence. I mean in essence the Indian guy calling didn't know anything about my computer.
02-27-2013 , 01:45 PM
#20
GFXDude2010
View Profile Send Message Find Posts By GFXDude2010 Find Threads By GFXDude2010
enthusiast
Join Date: Feb 2013 Posts: 83
They don't know anything about it. They call saying they're from Microsoft and that they somehow magically know that you are "infected", when in reality when you give them access you become infected. I don't think you are infected with anything the guy was referring to, but that doesn't mean there aren't any other infections. You posted the MBAM log, but it says "No action taken" beside the two malicious files. When you click "View Results" after the scan and it shows a list of infections, make sure you check the box beside both of them and tell it to "Remove Selected", otherwise the files will still be there.

Other than that, I don't see any reason to be concerned with any type of serious infection.
02-27-2013 , 01:51 PM
#21
Malfunction
View Profile Send Message Find Posts By Malfunction Find Threads By Malfunction
old hand
Join Date: Jul 2008 Posts: 1,719
All seems pretty fine except for the DC3-FEXEC, but check my previous post for a solution if you did check 'Remove selected'.
02-27-2013 , 02:00 PM
#22
IsaacAsimov's Avatar
IsaacAsimov
View Profile Send Message Find Posts By IsaacAsimov Find Threads By IsaacAsimov
old hand
Join Date: Oct 2006 Posts: 1,704
Quote:
Originally Posted by GFXDude2010
They don't know anything about it. They call saying they're from Microsoft and that they somehow magically know that you are "infected", when in reality when you give them access you become infected. I don't think you are infected with anything the guy was referring to, but that doesn't mean there aren't any other infections. You posted the MBAM log, but it says "No action taken" beside the two malicious files. When you click "View Results" after the scan and it shows a list of infections, make sure you check the box beside both of them and tell it to "Remove Selected", otherwise the files will still be there.

Other than that, I don't see any reason to be concerned with any type of serious infection.
Yea, I did quarentine the items aferwards. I've decided to nuke everything, I only backed up the most essential files. Will be installing Win 7 in a bit.
A friend of mine looked at my hijackthis log and pointed out a suspicious file. Turned out this file was a trojan at this point I think it's too much trouble to try and remove all malware from my computer so clean installing should actually save me some time. I'm still not sure how I got infected, but I will have to revise some of my computer behaviour to prevent this from happening again. In a way I was really lucky these scammers called me otherwise I may not have noticed the Trojan for a while to come and who knows what might have happend. Anyway everything looks good so far (all accounts seem fine) and I've learnt quite a bit today.
02-28-2013 , 03:49 AM
#23
Gabethebabe's Avatar
Gabethebabe
View Profile Send Message Find Posts By Gabethebabe Find Threads By Gabethebabe
Malware Jedi
Join Date: Oct 2007 Posts: 27,725
I found the motherfukcer
  • Please run OTL.exe again
  • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:
Code:
:files
C:\Users\Danny\AppData\Roaming\Microsoft\firewall.exe
C:\Users\Danny\AppData\Local\Temp\dclogs.sys

:otl
O4 - HKCU..\Run: [Windows Firewall] C:\Users\Danny\AppData\Roaming\Microsoft\firewall.exe (Microsoft Corporation)

:registry
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Firewall Rules]
"TCP Query User{11417A92-A02D-4180-8AB2-016A25375BE4}C:\users\danny\appdata\roaming\microsoft\firewall.exe"=-
"UDP Query User{911494C8-B986-4E5F-8F93-61F40C7EBF14}C:\users\danny\appdata\roaming\microsoft\firewall.exe"=-

:commands
[reboot]
  • CAREFUL NOW! You must click the Run Fix button, NOT the Run Scan!
  • If it asks to reboot the computer, please allow that.
  • Finally, post the contents of the log. (Located at C:\_OTL\Moved Files)
====================

After this go to the newly made folder C:\_OTL\Moved Files, because OTL has moved it here. Find the file we just quarantined (original name is C:\Users\Danny\AppData\Roaming\Microsoft\firewall. exe)

Submit that file to www.virustotal.com and post the url of the log back here pls.
I want to know what it is and what virusscanners have to say about this thing.

You should assume that everything you have done on your computer since the 9th of january this year is in hackers hands. Cancel used credit cards, change passwords comes to mind.

But first that virustotal log please
02-28-2013 , 04:00 AM
#24
bigsid
View Profile Find Posts By bigsid Find Threads By bigsid
banned
Join Date: Dec 2012 Posts: 174
Quote:
Originally Posted by IsaacAsimov
Well I'm not offended as I don't think I fell for it. I didn't give him any information. He wanted to connect me to a technician that would then remotely deal with the problem... at which point I brought the conversation to an end. I don't think checking eventvwr could be considered giving away anything right? I didn't tell him anything besides that I did have warning messages.
MS was great in this regard though... they are impossible to reach. They clearly have compromised my security in some way though, likely with a Trojan as you say.

edit: Does my CLSID change or is it constant?
this has happened to me ,there are just trying to sell you anti virus stuff bunch of BS
02-28-2013 , 06:56 AM
#25
IsaacAsimov's Avatar
IsaacAsimov
View Profile Send Message Find Posts By IsaacAsimov Find Threads By IsaacAsimov
old hand
Join Date: Oct 2006 Posts: 1,704
Quote:
Originally Posted by Gabethebabe
I found the motherfukcer
  • Please run OTL.exe again
  • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:
Code:
:files
C:\Users\Danny\AppData\Roaming\Microsoft\firewall.exe
C:\Users\Danny\AppData\Local\Temp\dclogs.sys

:otl
O4 - HKCU..\Run: [Windows Firewall] C:\Users\Danny\AppData\Roaming\Microsoft\firewall.exe (Microsoft Corporation)

:registry
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Firewall Rules]
"TCP Query User{11417A92-A02D-4180-8AB2-016A25375BE4}C:\users\danny\appdata\roaming\microsoft\firewall.exe"=-
"UDP Query User{911494C8-B986-4E5F-8F93-61F40C7EBF14}C:\users\danny\appdata\roaming\microsoft\firewall.exe"=-

:commands
[reboot]
  • CAREFUL NOW! You must click the Run Fix button, NOT the Run Scan!
  • If it asks to reboot the computer, please allow that.
  • Finally, post the contents of the log. (Located at C:\_OTL\Moved Files)
====================

After this go to the newly made folder C:\_OTL\Moved Files, because OTL has moved it here. Find the file we just quarantined (original name is C:\Users\Danny\AppData\Roaming\Microsoft\firewall. exe)

Submit that file to www.virustotal.com and post the url of the log back here pls.
I want to know what it is and what virusscanners have to say about this thing.

You should assume that everything you have done on your computer since the 9th of january this year is in hackers hands. Cancel used credit cards, change passwords comes to mind.

But first that virustotal log please
Hey Gabe, it seems you were just two hours too late. I erased all my hard drives yesterday, backing up only the most essential things and a couple of films I had on there. I really had to get my computer back online asap.

You were right about the file though. A friend pointed it out to me. I let it run through one of those mass online virus scanners and it came up as various forms of malware, one said it was a Trojan. I still have the link on my laptop, will post here momentarily.

edit: Here it is and thanks for all your help! http://r.virscan.org/report/e26c2ae3...8292814df.html
Last edited by IsaacAsimov; 02-28-2013 at 06:58 AM. Reason: added link
Urgent security problem
$25m Guaranteed WPM on CoinPoker
Join the action now
Daily Rewards • Splash Pots • CoinRaces
Urgent security problem
Closed Thread Subscribe
...
      
Feedback is used for internal purposes. LEARN MORE
Contact Us Privacy Statement TOS
Top
Powered by:  Hand2Note
Copyright ©2008-2022, Hand2Note Interactive LTD
m