1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved This program is blocked by group policy

Discussion in 'Malware and Virus Removal Archive' started by dutch, 2014/01/24.

  1. 2014/01/24
    dutch

    dutch Well-Known Member Thread Starter

    Joined:
    2002/02/19
    Messages:
    117
    Likes Received:
    1
    [Resolved] This program is blocked by group policy

    Hello,
    I recently ran some scans on my son's computer and noticed that the AVG scanner was turned off. I tried to start it back up and received this message, "This program is blocked by group policy ". I checked permissions and tried to start program as administrator. I continue to get that message. When I try to start other virus scanning programs I get the same message. I expect something has taken over but I'm not sure how to approach fixing the problem. I pasted his system specs below. Any help would be appreciated.

    Thanks,
    dutch

    OS Name Microsoft Windows 7 Home Premium
    Version 6.1.7601 Service Pack 1 Build 7601
    Other OS Description Not Available
    OS Manufacturer Microsoft Corporation
    System Name DONALD-PC
    System Manufacturer Gateway
    System Model NV52 Series
    System Type x64-based PC
    Processor AMD Turion(tm) X2 Dual-Core Mobile RM-72, 2100 Mhz, 2 Core(s), 2 Logical Processor(s)
    BIOS Version/Date Phoenix Technologies LTD V1.13, 9/18/2009
    SMBIOS Version 2.5
    Windows Directory C:\Windows
    System Directory C:\Windows\system32
    Boot Device \Device\HarddiskVolume2
    Locale United States
    Hardware Abstraction Layer Version = "6.1.7601.17514 "
    User Name Donald-PC\Donald
    Time Zone Eastern Standard Time
    Installed Physical Memory (RAM) 4.00 GB
    Total Physical Memory 3.75 GB
    Available Physical Memory 896 MB
    Total Virtual Memory 7.49 GB
    Available Virtual Memory 4.23 GB
    Page File Space 3.75 GB
    Page File C:\pagefile.sys
     
  2. 2014/01/24
    Steve R Jones

    Steve R Jones SuperGeek Staff

    Joined:
    2001/12/30
    Messages:
    12,279
    Likes Received:
    246

  3. to hide this advert.

  4. 2014/01/24
    dutch

    dutch Well-Known Member Thread Starter

    Joined:
    2002/02/19
    Messages:
    117
    Likes Received:
    1
    Ok. Here is the log from MBAM.

    Malwarebytes Anti-Rootkit BETA 1.07.0.1008
    www.malwarebytes.org

    Database version: v2014.01.24.07

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Donald :: DONALD-PC [administrator]

    1/24/2014 4:46:32 PM
    mbar-log-2014-01-24 (16-46-32).txt

    Scan type: Quick scan
    Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
    Scan options disabled:
    Objects scanned: 247277
    Time elapsed: 52 minute(s), 22 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 1
    C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta7395\ie\VideoPlayerV3beta7395.dll (Adware.BetterSurf) -> Delete on reboot.

    Registry Keys Detected: 8
    HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{ad30d684-85fe-4937-94ee-a97d84f101af} (Adware.BetterSurf) -> Delete on reboot.
    HKLM\SOFTWARE\CLASSES\TYPELIB\{e7b00367-b313-4a3d-a24c-84e7ae2ac783} (Adware.BetterSurf) -> Delete on reboot.
    HKLM\SOFTWARE\CLASSES\INTERFACE\{6BCB2D08-0383-4549-9D1B-CCFE6569DD28} (Adware.BetterSurf) -> Delete on reboot.
    HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{6BCB2D08-0383-4549-9D1B-CCFE6569DD28} (Adware.BetterSurf) -> Delete on reboot.
    HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{e7b00367-b313-4a3d-a24c-84e7ae2ac783} (Adware.BetterSurf) -> Delete on reboot.
    HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{AD30D684-85FE-4937-94EE-A97D84F101AF} (Adware.BetterSurf) -> Delete on reboot.
    HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{AD30D684-85FE-4937-94EE-A97D84F101AF} (Adware.BetterSurf) -> Delete on reboot.
    HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{AD30D684-85FE-4937-94EE-A97D84F101AF} (Adware.BetterSurf) -> Delete on reboot.

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta7395\ie\VideoPlayerV3beta7395.dll (Adware.BetterSurf) -> Delete on reboot.

    Physical Sectors Detected: 0
    (No malicious items detected)

    (end)


    Here is DDS.txt.

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16476
    Run by Donald at 17:48:45 on 2014-01-24
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3838.2387 [GMT -5:00]
    .
    AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~2\AVG\AVG2014\avgrsa.exe
    C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
    C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    C:\Users\Donald\AppData\Local\GCC\Controller.exe
    C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
    C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
    C:\Program Files (x86)\Highlightly\Service\hlsvc.exe
    C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
    C:\Windows\system32\svchost.exe -k HsfXAudioService
    C:\Program Files\Maximum Converter\ExtensionUpdaterService.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
    C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
    C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files (x86)\Sendori\sndappv2.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Sendori\SendoriSvc.exe
    C:\Program Files (x86)\Sendori\Sendori.Service.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files (x86)\Sendori\SendoriUp.exe
    C:\Windows\system32\taskeng.exe
    C:\Users\Donald\AppData\Local\GCC\Controller.exe
    C:\Windows\system32\svchost.exe -k HPService
    C:\Windows\System32\alg.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Launch Manager\LManager.exe
    C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe
    C:\Program Files (x86)\Cyberlink\PowerDVD8\PDVD8Serv.exe
    C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
    C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
    C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
    C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\Sendori\SendoriTray.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Windows\system32\sppsvc.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\System32\cscript.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxps://www.google.com/
    mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv52_series&r=2736120995b6l0330z155a48i1t22n
    mDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv52_series&r=2736120995b6l0330z155a48i1t22n
    BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - <orphaned>
    BHO: Maximum Converter: {4C1F15A7-7BBA-4a87-BFA7-7F455E8AF665} - C:\Program Files\Maximum Converter\Extension32.dll
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO: Highlightly: {83F2328D-0D6A-42B4-B0C4-02A929EDD4BE} - C:\Program Files (x86)\Highlightly\IE\HighlightlyClientIE.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: GreatArcadeHits Add-on: {D0C21091-FF8E-432C-9006-0540E81BA9D7} - C:\Users\Donald\AppData\Local\GreatArcadeHits\GreatArcadeHitsIE.dll
    BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
    BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe "
    uRun: [iLivid] "C:\Users\Donald\AppData\Local\iLivid\iLivid.exe" -autorun
    uRun: [NextLive] C:\Windows\SysWOW64\rundll32.exe "C:\Users\Donald\AppData\Roaming\newnext.me\nengine.dll ",EntryPoint -m l
    uRun: [AVG-Secure-Search-Update_1213b] C:\Users\Donald\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=c14b487f2ec6a8d6935ad098462a4739-8e1018c4c5665e25b76cea6c9390dfbf69f9a607 /CMPID=1213b
    mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [Camera Assistant Software] "C:\Program Files (x86)\Video Web Camera\traybar.exe "
    mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
    mRun: [CLMLServer] "c:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe "
    mRun: [RemoteControl8] "c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe "
    mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe "
    mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe "
    mRun: [FUFAXRCV] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe "
    mRun: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe "
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe "
    mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun: [Sendori Tray] "C:\Program Files (x86)\Sendori\SendoriTray.exe "
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe "
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe "
    mRun: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
    mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
    StartupFolder: C:\Users\Donald\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\BLITZM~1.LNK - C:\Program Files (x86)\BlitzMediaPlayer\BlitzMediaPlayerApp.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    uPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: NoDrives = dword:0
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    TCP: NameServer = 192.168.1.254
    TCP: Interfaces\{34A0A06F-0022-4D97-8A24-D04A0C1B7361} : DHCPNameServer = 192.32.12.29
    TCP: Interfaces\{8E45E88F-C45F-40CD-9A7F-0BCFC34EAD72} : DHCPNameServer = 192.168.1.254
    TCP: Interfaces\{8E45E88F-C45F-40CD-9A7F-0BCFC34EAD72}\34F657E64727970294E6E6 : DHCPNameServer = 75.75.75.75
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    SSODL: WebCheck - <orphaned>
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    IFEO: bitguard.exe - tasklist.exe
    IFEO: bprotect.exe - tasklist.exe
    IFEO: bpsvc.exe - tasklist.exe
    IFEO: browsemngr.exe - tasklist.exe
    IFEO: browserdefender.exe - tasklist.exe
    x64-mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv52_series&r=2736120995b6l0330z155a48i1t22n
    x64-BHO: Torntv V6.0: {11111111-1111-1111-1111-110411591160} - C:\Program Files (x86)\Torntv V6.0\Torntv V6.0-bho64.dll
    x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
    x64-BHO: Maximum Converter: {4C1F15A7-7BBA-4a87-BFA7-7F455E8AF665} - C:\Program Files\Maximum Converter\Extension64.dll
    x64-BHO: Highlightly: {83F2328D-0D6A-42B4-B0C4-02A929EDD4BE} - C:\Program Files\Highlightly\IE\HighlightlyClientIE.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
    x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
    x64-Run: [Acer ePower Management] C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
    x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    x64-IFEO: bitguard.exe - tasklist.exe
    x64-IFEO: bprotect.exe - tasklist.exe
    x64-IFEO: bpsvc.exe - tasklist.exe
    x64-IFEO: browsemngr.exe - tasklist.exe
    x64-IFEO: browserdefender.exe - tasklist.exe
    .
    Note: multiple IFEO entries found. Please refer to Attach.txt
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-10-24 194872]
    R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-10-31 294712]
    R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-10-1 123704]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-9-10 31544]
    R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2013-11-5 150808]
    R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-11-4 240920]
    R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-10-31 212280]
    R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-8-1 251192]
    R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-5-14 759048]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-10-3 203264]
    R2 Application Sendori;Application Sendori;C:\Program Files (x86)\Sendori\SendoriSvc.exe [2013-7-1 119072]
    R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2013-11-11 3478544]
    R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2013-9-24 348008]
    R2 ePowerSvc;Acer ePower Service;C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe [2009-10-3 844320]
    R2 EpsonCustomerParticipation;EpsonCustomerParticipation;C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [2011-3-17 552832]
    R2 Greg_Service;GRegService;C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe [2009-6-4 1150496]
    R2 hlsvc;Highlightly Client Service;C:\Program Files (x86)\Highlightly\Service\hlsvc.exe [2013-12-4 273000]
    R2 HsfXAudioService;HsfXAudioService;C:\Windows\System32\svchost.exe -k HsfXAudioService [2009-7-13 27136]
    R2 Maximum Converter Updater;Maximum Converter Updater;C:\Program Files\Maximum Converter\ExtensionUpdaterService.exe [2013-12-24 185856]
    R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-8-20 62720]
    R2 Service Sendori;Service Sendori;C:\Program Files (x86)\Sendori\Sendori.Service.exe [2013-7-1 22304]
    R2 sndappv2;sndappv2;C:\Program Files (x86)\Sendori\sndappv2.exe [2013-7-1 3623200]
    R2 Updater Service;Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2009-8-15 240160]
    R3 CAXHWAZL;CAXHWAZL;C:\Windows\System32\drivers\CAXHWAZL.sys [2009-10-3 292864]
    R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2009-6-20 317480]
    R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2009-10-3 34872]
    S2 consumerinput_update;ConsumerInput Update Service (consumerinput_update);C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe /svc --> C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe [?]
    S3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;C:\Windows\System32\drivers\netr28x.sys [2009-6-10 620544]
    S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
    S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
    S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-1-2 59392]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
    .
    =============== Created Last 30 ================
    .
    2014-01-24 21:46:23 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2014-01-18 02:03:27 -------- d-----w- C:\Program Files (x86)\VideoPlayerV3
    2014-01-10 14:48:55 -------- d-----w- C:\Users\Donald\AppData\Roaming\AVG2014
    2014-01-10 14:35:09 -------- d-----w- C:\Users\Donald\AppData\Roaming\TuneUp Software
    2014-01-10 14:27:50 -------- d-----w- C:\ProgramData\AVG2014
    2014-01-10 13:28:59 117464 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
    2014-01-10 13:26:25 89304 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
    2014-01-10 11:34:48 -------- d-----w- C:\Users\Donald\AppData\Local\MFAData
    2014-01-10 11:34:48 -------- d-----w- C:\Users\Donald\AppData\Local\Avg2014
    2014-01-10 11:34:48 -------- d-----w- C:\ProgramData\MFAData
    2014-01-03 03:49:36 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
    2014-01-03 03:49:35 9728 ----a-w- C:\Windows\System32\Wdfres.dll
    2014-01-03 03:49:35 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
    2014-01-03 03:49:35 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
    2014-01-03 03:17:32 69464 ----a-w- C:\Windows\SysWow64\XAPOFX1_3.dll
    2014-01-03 03:17:32 515416 ----a-w- C:\Windows\SysWow64\XAudio2_5.dll
    2014-01-03 03:17:31 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll
    2014-01-03 03:17:31 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll
    2014-01-03 02:17:41 469256 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\f9b85b8a1cf08292d\InstallManager_WLE_WLE.exe
    2014-01-03 02:17:15 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\eb2126f61cf082922\MeshBetaRemover.exe
    2014-01-03 02:16:53 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\de0812fc1cf08291a\DSETUP.dll
    2014-01-03 02:16:53 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\de0812fc1cf08291a\DXSETUP.exe
    2014-01-03 02:16:53 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\de0812fc1cf08291a\dsetup32.dll
    2014-01-03 02:16:52 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\dcc002181cf082919\DSETUP.dll
    2014-01-03 02:16:52 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\dcc002181cf082919\DXSETUP.exe
    2014-01-03 02:16:52 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\dcc002181cf082919\dsetup32.dll
    2014-01-03 02:15:41 -------- d-----w- C:\Users\Donald\AppData\Local\Windows Live
    2014-01-03 01:34:18 -------- d-----w- C:\Windows\System32\SPReview
    2014-01-03 01:32:50 -------- d-----w- C:\Windows\System32\EventProviders
    2014-01-03 01:23:55 46080 ----a-w- C:\Windows\System32\atmlib.dll
    2014-01-03 01:23:55 367616 ----a-w- C:\Windows\System32\atmfd.dll
    2014-01-03 01:23:55 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
    2014-01-03 01:23:55 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
    2014-01-03 01:22:14 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
    2014-01-03 01:22:14 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
    2014-01-03 01:22:14 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
    2014-01-03 01:22:14 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
    2014-01-03 01:22:14 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
    2014-01-03 01:22:13 744448 ----a-w- C:\Windows\System32\WUDFx.dll
    2014-01-03 01:22:13 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
    2014-01-03 00:21:20 -------- d-----w- C:\Windows\System32\MRT
    2014-01-03 00:18:36 81408 ----a-w- C:\Windows\System32\imagehlp.dll
    2014-01-03 00:18:36 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
    2014-01-03 00:18:36 5120 ----a-w- C:\Windows\System32\wmi.dll
    2014-01-03 00:18:36 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
    2014-01-03 00:18:36 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
    2014-01-02 23:55:58 902144 ----a-w- C:\Windows\System32\d2d1.dll
    2014-01-02 23:54:59 988160 ----a-w- C:\Windows\SysWow64\propsys.dll
    2014-01-02 23:53:59 743424 ----a-w- C:\Windows\SysWow64\blackbox.dll
    2014-01-02 23:52:58 189952 ----a-w- C:\Windows\SysWow64\sqmapi.dll
    2014-01-02 23:52:47 606208 ----a-w- C:\Windows\SysWow64\wbem\fastprox.dll
    2014-01-02 23:52:47 363008 ----a-w- C:\Windows\SysWow64\wbemcomn.dll
    2014-01-02 23:52:47 189952 ----a-w- C:\Program Files (x86)\Windows Portable Devices\sqmapi.dll
    2014-01-02 23:50:51 529408 ----a-w- C:\Windows\System32\wbemcomn.dll
    2014-01-02 23:50:51 244736 ----a-w- C:\Program Files\Windows Portable Devices\sqmapi.dll
    2014-01-02 23:50:44 244736 ----a-w- C:\Windows\System32\sqmapi.dll
    2014-01-02 23:44:25 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2014-01-02 23:44:25 2048 ----a-w- C:\Windows\System32\tzres.dll
    2014-01-02 23:43:07 215040 ----a-w- C:\Windows\System32\winsrv.dll
    2014-01-02 23:43:06 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2014-01-02 23:43:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2014-01-02 23:43:06 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2014-01-02 23:43:05 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2014-01-02 23:42:58 2048 ----a-w- C:\Windows\SysWow64\user.exe
    2014-01-02 23:39:59 340992 ----a-w- C:\Windows\System32\schannel.dll
    2014-01-02 23:38:59 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
    2014-01-02 23:04:30 1464320 ----a-w- C:\Windows\System32\crypt32.dll
    2014-01-02 23:04:29 1159680 ----a-w- C:\Windows\SysWow64\crypt32.dll
    2014-01-02 23:04:28 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
    2014-01-02 23:04:28 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
    2014-01-02 23:04:28 140288 ----a-w- C:\Windows\System32\cryptnet.dll
    2014-01-02 23:04:28 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
    2014-01-02 22:45:37 77312 ----a-w- C:\Windows\System32\packager.dll
    2014-01-02 22:45:37 67072 ----a-w- C:\Windows\SysWow64\packager.dll
    2014-01-02 22:25:22 2622464 ----a-w- C:\Windows\System32\wucltux.dll
    2014-01-02 22:24:57 99840 ----a-w- C:\Windows\System32\wudriver.dll
    2014-01-02 22:24:30 36864 ----a-w- C:\Windows\System32\wuapp.exe
    2014-01-02 22:24:30 186752 ----a-w- C:\Windows\System32\wuwebv.dll
    2014-01-02 16:20:35 -------- d-----w- C:\Users\Donald\AppData\Local\GCC
    2014-01-02 16:19:54 -------- d-----w- C:\Users\Donald\.android
    2014-01-02 16:19:51 -------- d-----w- C:\Users\Donald\AppData\Local\cache
    2014-01-02 16:19:48 -------- d-----w- C:\Users\Donald\AppData\Roaming\newnext.me
    2014-01-02 16:19:47 -------- d-----w- C:\Users\Donald\AppData\Local\genienext
    2014-01-02 16:19:46 -------- d-----w- C:\Users\Donald\AppData\Local\Mobogenie
    2014-01-02 16:19:35 -------- d-----w- C:\Program Files (x86)\Mobogenie
    2014-01-02 16:17:09 -------- d-----w- C:\Program Files (x86)\Torntv V6.0
    .
    ==================== Find3M ====================
    .
    2014-01-03 04:49:48 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
    2014-01-03 04:49:46 175616 ----a-w- C:\Windows\System32\msclmd.dll
    2013-11-06 02:55:48 150808 ----a-w- C:\Windows\System32\drivers\avgdiska.sys
    2013-11-05 02:52:42 240920 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
    2013-11-01 04:00:18 212280 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
    2013-11-01 03:49:46 294712 ----a-w- C:\Windows\System32\drivers\avgloga.sys
    .
    ============= FINISH: 17:51:10.04 ===============


    Here is Attach.txt>

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 12/25/2009 1:30:10 PM
    System Uptime: 1/24/2014 5:42:23 PM (0 hours ago)
    .
    Motherboard: Gateway | | SJV50PU
    Processor: AMD Turion(tm) X2 Dual-Core Mobile RM-72 | Socket S1G2 | 2100/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 286 GiB total, 226.438 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: hlnfd
    Device ID: ROOT\LEGACY_HLNFD\0000
    Manufacturer:
    Name: hlnfd
    PNP Device ID: ROOT\LEGACY_HLNFD\0000
    Service: hlnfd
    .
    Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
    Description: Photosmart C4700 series
    Device ID: ROOT\MULTIFUNCTION\0000
    Manufacturer: HP
    Name: Photosmart C4700 series
    PNP Device ID: ROOT\MULTIFUNCTION\0000
    Service:
    .
    Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
    Description: Photosmart C4700 series
    Device ID: ROOT\MULTIFUNCTION\0001
    Manufacturer: HP
    Name: Photosmart C4700 series
    PNP Device ID: ROOT\MULTIFUNCTION\0001
    Service:
    .
    Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
    Description: Photosmart C4700 series
    Device ID: ROOT\IMAGE\0000
    Manufacturer: HP
    Name: Photosmart C4700 series
    PNP Device ID: ROOT\IMAGE\0000
    Service: StillCam
    .
    ==== System Restore Points ===================
    .
    RP107: 1/2/2014 8:33:53 PM - Windows 7 Service Pack 1
    RP108: 1/10/2014 6:40:13 AM - Installed AVG 2014
    RP109: 1/10/2014 6:42:01 AM - Removed AVG Free 9.0
    RP110: 1/10/2014 8:10:41 AM - PriceSparrow wird entfernt
    RP111: 1/10/2014 8:11:59 AM - PriceSparrow wird entfernt
    RP112: 1/10/2014 9:10:25 AM - Malwarebytes Anti-Rootkit Restore Point
    RP113: 1/10/2014 9:24:32 AM - Installed AVG 2014
    RP114: 1/10/2014 11:08:28 AM - Malwarebytes Anti-Rootkit Restore Point
    RP115: 1/24/2014 10:01:03 AM - Malwarebytes Anti-Rootkit Restore Point
    RP116: 1/24/2014 5:40:08 PM - Malwarebytes Anti-Rootkit Restore Point
    .
    ==== Image File Execution Options =============
    .
    IFEO: bitguard.exe - tasklist.exe
    IFEO: bprotect.exe - tasklist.exe
    IFEO: bpsvc.exe - tasklist.exe
    IFEO: browsemngr.exe - tasklist.exe
    IFEO: browserdefender.exe - tasklist.exe
    IFEO: browsermngr.exe - tasklist.exe
    IFEO: browserprotect.exe - tasklist.exe
    IFEO: browsersafeguard.exe - tasklist.exe
    IFEO: bundlesweetimsetup.exe - tasklist.exe
    IFEO: cltmngsvc.exe - tasklist.exe
    IFEO: delta babylon.exe - tasklist.exe
    IFEO: delta tb.exe - tasklist.exe
    IFEO: delta2.exe - tasklist.exe
    IFEO: deltainstaller.exe - tasklist.exe
    IFEO: deltasetup.exe - tasklist.exe
    IFEO: deltatb.exe - tasklist.exe
    IFEO: deltatb_2501-c733154b.exe - tasklist.exe
    IFEO: iminentsetup.exe - tasklist.exe
    IFEO: protectedsearch.exe - tasklist.exe
    IFEO: rjatydimofu.exe - tasklist.exe
    IFEO: snapdo.exe - tasklist.exe
    IFEO: stinst32.exe - tasklist.exe
    IFEO: stinst64.exe - tasklist.exe
    IFEO: sweetimsetup.exe - tasklist.exe
    IFEO: tbdelta.exetoolbar783881609.exe - tasklist.exe
    x64-IFEO: bitguard.exe - tasklist.exe
    x64-IFEO: bprotect.exe - tasklist.exe
    x64-IFEO: bpsvc.exe - tasklist.exe
    x64-IFEO: browsemngr.exe - tasklist.exe
    x64-IFEO: browserdefender.exe - tasklist.exe
    x64-IFEO: browsermngr.exe - tasklist.exe
    x64-IFEO: browserprotect.exe - tasklist.exe
    x64-IFEO: browsersafeguard.exe - tasklist.exe
    x64-IFEO: bundlesweetimsetup.exe - tasklist.exe
    x64-IFEO: cltmngsvc.exe - tasklist.exe
    x64-IFEO: delta babylon.exe - tasklist.exe
    x64-IFEO: delta tb.exe - tasklist.exe
    x64-IFEO: delta2.exe - tasklist.exe
    x64-IFEO: deltainstaller.exe - tasklist.exe
    x64-IFEO: deltasetup.exe - tasklist.exe
    x64-IFEO: deltatb.exe - tasklist.exe
    x64-IFEO: deltatb_2501-c733154b.exe - tasklist.exe
    x64-IFEO: iminentsetup.exe - tasklist.exe
    x64-IFEO: protectedsearch.exe - tasklist.exe
    x64-IFEO: rjatydimofu.exe - tasklist.exe
    x64-IFEO: snapdo.exe - tasklist.exe
    x64-IFEO: stinst32.exe - tasklist.exe
    x64-IFEO: stinst64.exe - tasklist.exe
    x64-IFEO: sweetimsetup.exe - tasklist.exe
    x64-IFEO: tbdelta.exetoolbar783881609.exe - tasklist.exe
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    µTorrent
    64 Bit HP CIO Components Installer
    ABBYY FineReader 9.0 Sprint
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 10 Plugin
    Adobe Flash Player 11 ActiveX
    Adobe Reader XI (11.0.06)
    AMD USB Filter Driver
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ATI Catalyst Install Manager
    AVG 2014
    Backup Manager Basic
    Blitz Media Player - a modern video player
    Bonjour
    Broadcom Gigabit NetLink Controller
    BufferChm
    C4700
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-core-static
    ccc-utility64
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    Compatibility Pack for the 2007 Office system
    Conexant HD Audio
    Consumer Input (remove only)
    Coupon Printer for Windows
    CyberLink Power2Go
    CyberLink PowerDVD 8
    Destinations
    DeviceDiscovery
    eBay Worldwide
    EPSON Artisan 837 Series Printer Uninstall
    Epson Connect
    Epson Customer Participation
    Epson Download Navigator
    Epson Event Manager
    Epson FAX Utility
    Epson PC-FAX Driver
    Epson Print CD
    EPSON Scan
    EpsonNet Print
    Gateway Games
    Gateway InfoCentre
    Gateway MyBackup
    Gateway Power Management
    Gateway Recovery Management
    Gateway Registration
    Gateway ScreenSaver
    Gateway Updater
    GigaClicks Crawler
    Google Chrome
    Google Toolbar for Internet Explorer
    Google Update Helper
    GPBaseService2
    GreatArcadeHits
    HDAUDIO Soft Data Fax Modem with SmartCP
    Highlightly
    HP Customer Participation Program 14.0
    HP Imaging Device Functions 14.0
    HP Photo Creations
    HP Photosmart C4700 All-in-One Driver Software 14.0 Rel. 6
    HP Smart Web Printing 4.60
    HP Solution Center 14.0
    HP Update
    HPPhotoGadget
    HPProductAssistant
    Identity Card
    iTunes
    Junk Mail filter update
    Launch Manager
    Malwarebytes Anti-Malware version 1.70.0.1100
    MarketResearch
    Maximum Converter 2.0.0.429
    Microsoft Application Error Reporting
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office Office 64-bit Components 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared 64-bit MUI (English) 2007
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Suite Activation Assistant
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Works
    Mobogenie
    Movies Toolbar for Chrome (Dist. by Bandoo Media, Inc.)
    Movies Toolbar for Internet Explorer (Dist. by Bandoo Media, Inc.)
    MSVCRT
    Network64
    PDFCreator
    PriceSparrow
    PS_AIO_06_C4700_SW_Min
    QuickTime
    QuickTransfer
    Realtek USB 2.0 Card Reader
    Rosetta Stone Version 3
    Scan
    Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
    Sendori
    SmartMusic 2011a
    SmartWebPrinting
    SolutionCenter
    Status
    Synaptics Pointing Device Driver
    Toolbox
    Torch
    Torntv V6.0
    TrayApp
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Video Player
    Video Web Camera
    Visual C++ 8.0 Runtime Setup Package (x64)
    Visual Studio 2012 x64 Redistributables
    Visual Studio 2012 x86 Redistributables
    VLC media player 2.0.4
    WebReg
    Welcome Center
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Mail
    Windows Live Messenger
    Windows Live Photo Gallery
    Windows Live Sync
    Windows Live Writer
    Yahoo! Toolbar
    .
    ==== Event Viewer Messages From Past Week ========
    .
    1/24/2014 5:48:33 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {ABC01078-F197-4B0B-ADBC-CFE684B39C82} and APPID Unavailable to the user Donald-PC\Donald SID (S-1-5-21-2489132201-484419006-807122641-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    1/24/2014 5:47:03 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {3EEF301F-B596-4C0B-BD92-013BEAFCE793} and APPID {3EEF301F-B596-4C0B-BD92-013BEAFCE793} to the user Donald-PC\Donald SID (S-1-5-21-2489132201-484419006-807122641-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    1/24/2014 5:46:29 PM, Error: Service Control Manager [7000] - The ConsumerInput Update Service (consumerinput_update) service failed to start due to the following error: The system cannot find the file specified.
    1/24/2014 5:44:28 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: hlnfd
    1/24/2014 5:44:28 PM, Error: Service Control Manager [7000] - The hlnfd service failed to start due to the following error: The system cannot find the file specified.
    1/24/2014 5:44:21 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    1/24/2014 4:10:32 PM, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
    1/24/2014 3:53:44 PM, Error: Service Control Manager [7031] - The Update Bizzybolt service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
    1/24/2014 3:53:16 PM, Error: Service Control Manager [7031] - The Util Bizzybolt service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
    1/24/2014 2:16:16 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Application Sendori service.
    1/24/2014 2:08:34 PM, Error: Service Control Manager [7031] - The Service Sendori service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    .
    ==== End Of File ===========================

    Thanks so Much.
     
  5. 2014/01/24
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ================================

    [​IMG] Download RogueKiller for 32bit or Roguekiller for 64bit to your Desktop.
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Create new restore point before proceeding with the next step....
    How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

    Download Malwarebytes Anti-Rootkit (MBAR) from HERE
    • Unzip downloaded file.
    • Open the folder where the contents were unzipped and run mbar.exe
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    • Wait while the system shuts down and the cleanup process is performed.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
     
  6. 2014/01/24
    dutch

    dutch Well-Known Member Thread Starter

    Joined:
    2002/02/19
    Messages:
    117
    Likes Received:
    1
    First Log from RogueKiller:


    RogueKiller V8.8.3 _x64_ [Jan 24 2014] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.adlice.com/forum/
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Donald [Admin rights]
    Mode : Scan -- Date : 01/24/2014 22:00:42
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 3 ¤¤¤
    [SUSP PATH] Controller.exe -- C:\Users\Donald\AppData\Local\GCC\Controller.exe [-] -> KILLED [TermProc]
    [SUSP PATH] Controller.exe -- C:\Users\Donald\AppData\Local\GCC\Controller.exe [-] -> KILLED [TermProc]
    [SUSP PATH][DLL] rundll32.exe -- C:\Users\Donald\AppData\Roaming\newnext.me\nengine.dll [-] -> rundll32.exe KILLED [TermProc]

    ¤¤¤ Registry Entries : 35 ¤¤¤
    [RUN][SUSP PATH] HKCU\[...]\Run : iLivid ( "C:\Users\Donald\AppData\Local\iLivid\iLivid.exe" -autorun [x]) -> FOUND
    [RUN][SUSP PATH] HKCU\[...]\Run : NextLive (C:\Windows\SysWOW64\rundll32.exe "C:\Users\Donald\AppData\Roaming\newnext.me\nengine.dll ",EntryPoint -m l [7][-][x]) -> FOUND
    [RUN][SUSP PATH] HKCU\[...]\Run : AVG-Secure-Search-Update_1213b (C:\Users\Donald\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=c14b487f2ec6a8d6935ad098462a4739-8e1018c4c5665e25b76cea6c9390dfbf69f9a607 /CMPID=1213b [x][x]) -> FOUND
    [RUN][SUSP PATH] HKUS\S-1-5-21-2489132201-484419006-807122641-1001\[...]\Run : iLivid ( "C:\Users\Donald\AppData\Local\iLivid\iLivid.exe" -autorun [x]) -> FOUND
    [RUN][SUSP PATH] HKUS\S-1-5-21-2489132201-484419006-807122641-1001\[...]\Run : NextLive (C:\Windows\SysWOW64\rundll32.exe "C:\Users\Donald\AppData\Roaming\newnext.me\nengine.dll ",EntryPoint -m l [7][-][x]) -> FOUND
    [RUN][SUSP PATH] HKUS\S-1-5-21-2489132201-484419006-807122641-1001\[...]\Run : AVG-Secure-Search-Update_1213b (C:\Users\Donald\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=c14b487f2ec6a8d6935ad098462a4739-8e1018c4c5665e25b76cea6c9390dfbf69f9a607 /CMPID=1213b [x][x]) -> FOUND
    [IFEO] HKLM\[...]\bitguard.exe : Debugger (tasklist.exe [x]) -> FOUND
    [IFEO] HKLM\[...]\bprotect.exe : Debugger (tasklist.exe [x]) -> FOUND
    [IFEO] HKLM\[...]\bpsvc.exe : Debugger (tasklist.exe [x]) -> FOUND
    [IFEO] HKLM\[...]\browsemngr.exe : Debugger (tasklist.exe [x]) -> FOUND
    [IFEO] HKLM\[...]\browserdefender.exe : Debugger (tasklist.exe [x]) -> FOUND
    [IFEO] HKLM\[...]\browsermngr.exe : Debugger (tasklist.exe [x]) -> FOUND
    [IFEO] HKLM\[...]\browserprotect.exe : Debugger (tasklist.exe [x]) -> FOUND
    [IFEO] HKLM\[...]\browsersafeguard.exe : Debugger (tasklist.exe [x]) -> FOUND
    [IFEO] HKLM\[...]\bundlesweetimsetup.exe : Debugger (tasklist.exe [x]) -> FOUND
    [IFEO] HKLM\[...]\cltmngsvc.exe : Debugger (tasklist.exe [x]) -> FOUND
    [IFEO] HKLM\[...]\delta babylon.exe : Debugger (tasklist.exe [x]) -> FOUND
    [IFEO] HKLM\[...]\delta tb.exe : Debugger (tasklist.exe [x]) -> FOUND
    [IFEO] HKLM\[...]\delta2.exe : Debugger (tasklist.exe [x]) -> FOUND
    [IFEO] HKLM\[...]\deltainstaller.exe : Debugger (tasklist.exe [x]) -> FOUND
    [IFEO] HKLM\[...]\deltasetup.exe : Debugger (tasklist.exe [x]) -> FOUND
    [IFEO] HKLM\[...]\deltatb.exe : Debugger (tasklist.exe [x]) -> FOUND
    [IFEO] HKLM\[...]\deltatb_2501-c733154b.exe : Debugger (tasklist.exe [x]) -> FOUND
    [IFEO] HKLM\[...]\iminentsetup.exe : Debugger (tasklist.exe [x]) -> FOUND
    [IFEO] HKLM\[...]\protectedsearch.exe : Debugger (tasklist.exe [x]) -> FOUND
    [IFEO] HKLM\[...]\rjatydimofu.exe : Debugger (tasklist.exe [x]) -> FOUND
    [IFEO] HKLM\[...]\snapdo.exe : Debugger (tasklist.exe [x]) -> FOUND
    [IFEO] HKLM\[...]\stinst32.exe : Debugger (tasklist.exe [x]) -> FOUND
    [IFEO] HKLM\[...]\stinst64.exe : Debugger (tasklist.exe [x]) -> FOUND
    [IFEO] HKLM\[...]\sweetimsetup.exe : Debugger (tasklist.exe [x]) -> FOUND
    [IFEO] HKLM\[...]\tbdelta.exetoolbar783881609.exe : Debugger (tasklist.exe [x]) -> FOUND
    [HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
    [HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
    [HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
    [HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND

    ¤¤¤ Scheduled tasks : 5 ¤¤¤
    [V1][SUSP PATH] GreatArcadeHits.job : C:\Users\Donald\AppData\Local\GreatArcadeHits\GAHUpdate.exe [7] -> FOUND
    [V2][SUSP PATH] GC_Informer : "%LOCALAPPDATA%\GCC\Controller.exe" - --Informer [x] -> FOUND
    [V2][SUSP PATH] GC_Scheduler : "%LOCALAPPDATA%\GCC\Controller.exe" [x] -> FOUND
    [V2][SUSP PATH] GreatArcadeHits : C:\Users\Donald\AppData\Local\GreatArcadeHits\GAHUpdate.exe [7] -> FOUND
    [V2][SUSP PATH] UP_Scheduler : "%LOCALAPPDATA%\GCC\Controller.exe" - --Update [x] -> FOUND

    ¤¤¤ Startup Entries : 0 ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ Browser Addons : 0 ¤¤¤

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

    ¤¤¤ External Hives: ¤¤¤

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> %SystemRoot%\System32\drivers\etc\hosts


    127.0.0.1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Hitachi HTS545032B9A300 ATA Device +++++
    --- User ---
    [MBR] 619c9f326b7a555a7d475f2f3abf3574
    [BSP] 07fd903742dc801170f022c0c346a928 : Windows Vista MBR Code
    Partition table:
    0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 12000 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 24578048 | Size: 100 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 24782848 | Size: 293143 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[0]_S_01242014_220042.txt >>


    Second Log from RogueKiller:

    RogueKiller V8.8.3 _x64_ [Jan 24 2014] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.adlice.com/forum/
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Donald [Admin rights]
    Mode : Remove -- Date : 01/24/2014 22:04:15
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 3 ¤¤¤
    [SUSP PATH] Controller.exe -- C:\Users\Donald\AppData\Local\GCC\Controller.exe [-] -> KILLED [TermProc]
    [SUSP PATH] Controller.exe -- C:\Users\Donald\AppData\Local\GCC\Controller.exe [-] -> KILLED [TermProc]
    [SUSP PATH][DLL] rundll32.exe -- C:\Users\Donald\AppData\Roaming\newnext.me\nengine.dll [-] -> rundll32.exe KILLED [TermProc]

    ¤¤¤ Registry Entries : 35 ¤¤¤
    [RUN][SUSP PATH] HKCU\[...]\Run : iLivid ( "C:\Users\Donald\AppData\Local\iLivid\iLivid.exe" -autorun [x]) -> DELETED
    [RUN][SUSP PATH] HKCU\[...]\Run : NextLive (C:\Windows\SysWOW64\rundll32.exe "C:\Users\Donald\AppData\Roaming\newnext.me\nengine.dll ",EntryPoint -m l [7][-][x]) -> DELETED
    [RUN][SUSP PATH] HKCU\[...]\Run : AVG-Secure-Search-Update_1213b (C:\Users\Donald\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=c14b487f2ec6a8d6935ad098462a4739-8e1018c4c5665e25b76cea6c9390dfbf69f9a607 /CMPID=1213b [x][x]) -> DELETED
    [RUN][SUSP PATH] HKUS\S-1-5-21-2489132201-484419006-807122641-1001\[...]\Run : iLivid ( "C:\Users\Donald\AppData\Local\iLivid\iLivid.exe" -autorun [x]) -> [0x2] The system cannot find the file specified.
    [RUN][SUSP PATH] HKUS\S-1-5-21-2489132201-484419006-807122641-1001\[...]\Run : NextLive (C:\Windows\SysWOW64\rundll32.exe "C:\Users\Donald\AppData\Roaming\newnext.me\nengine.dll ",EntryPoint -m l [7][-][x]) -> [0x2] The system cannot find the file specified.
    [RUN][SUSP PATH] HKUS\S-1-5-21-2489132201-484419006-807122641-1001\[...]\Run : AVG-Secure-Search-Update_1213b (C:\Users\Donald\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=c14b487f2ec6a8d6935ad098462a4739-8e1018c4c5665e25b76cea6c9390dfbf69f9a607 /CMPID=1213b [x][x]) -> [0x2] The system cannot find the file specified.
    [IFEO] HKLM\[...]\bitguard.exe : Debugger (tasklist.exe [x]) -> DELETED
    [IFEO] HKLM\[...]\bprotect.exe : Debugger (tasklist.exe [x]) -> DELETED
    [IFEO] HKLM\[...]\bpsvc.exe : Debugger (tasklist.exe [x]) -> DELETED
    [IFEO] HKLM\[...]\browsemngr.exe : Debugger (tasklist.exe [x]) -> DELETED
    [IFEO] HKLM\[...]\browserdefender.exe : Debugger (tasklist.exe [x]) -> DELETED
    [IFEO] HKLM\[...]\browsermngr.exe : Debugger (tasklist.exe [x]) -> DELETED
    [IFEO] HKLM\[...]\browserprotect.exe : Debugger (tasklist.exe [x]) -> DELETED
    [IFEO] HKLM\[...]\browsersafeguard.exe : Debugger (tasklist.exe [x]) -> DELETED
    [IFEO] HKLM\[...]\bundlesweetimsetup.exe : Debugger (tasklist.exe [x]) -> DELETED
    [IFEO] HKLM\[...]\cltmngsvc.exe : Debugger (tasklist.exe [x]) -> DELETED
    [IFEO] HKLM\[...]\delta babylon.exe : Debugger (tasklist.exe [x]) -> DELETED
    [IFEO] HKLM\[...]\delta tb.exe : Debugger (tasklist.exe [x]) -> DELETED
    [IFEO] HKLM\[...]\delta2.exe : Debugger (tasklist.exe [x]) -> DELETED
    [IFEO] HKLM\[...]\deltainstaller.exe : Debugger (tasklist.exe [x]) -> DELETED
    [IFEO] HKLM\[...]\deltasetup.exe : Debugger (tasklist.exe [x]) -> DELETED
    [IFEO] HKLM\[...]\deltatb.exe : Debugger (tasklist.exe [x]) -> DELETED
    [IFEO] HKLM\[...]\deltatb_2501-c733154b.exe : Debugger (tasklist.exe [x]) -> DELETED
    [IFEO] HKLM\[...]\iminentsetup.exe : Debugger (tasklist.exe [x]) -> DELETED
    [IFEO] HKLM\[...]\protectedsearch.exe : Debugger (tasklist.exe [x]) -> DELETED
    [IFEO] HKLM\[...]\rjatydimofu.exe : Debugger (tasklist.exe [x]) -> DELETED
    [IFEO] HKLM\[...]\snapdo.exe : Debugger (tasklist.exe [x]) -> DELETED
    [IFEO] HKLM\[...]\stinst32.exe : Debugger (tasklist.exe [x]) -> DELETED
    [IFEO] HKLM\[...]\stinst64.exe : Debugger (tasklist.exe [x]) -> DELETED
    [IFEO] HKLM\[...]\sweetimsetup.exe : Debugger (tasklist.exe [x]) -> DELETED
    [IFEO] HKLM\[...]\tbdelta.exetoolbar783881609.exe : Debugger (tasklist.exe [x]) -> DELETED
    [HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
    [HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
    [HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
    [HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> [0x2] The system cannot find the file specified.

    ¤¤¤ Scheduled tasks : 5 ¤¤¤
    [V1][SUSP PATH] GreatArcadeHits.job : C:\Users\Donald\AppData\Local\GreatArcadeHits\GAHUpdate.exe [7] -> DELETED
    [V2][SUSP PATH] GC_Informer : "%LOCALAPPDATA%\GCC\Controller.exe" - --Informer [x] -> DELETED
    [V2][SUSP PATH] GC_Scheduler : "%LOCALAPPDATA%\GCC\Controller.exe" [x] -> DELETED
    [V2][SUSP PATH] GreatArcadeHits : C:\Users\Donald\AppData\Local\GreatArcadeHits\GAHUpdate.exe [7] -> ERROR DELETING TASK
    [V2][SUSP PATH] UP_Scheduler : "%LOCALAPPDATA%\GCC\Controller.exe" - --Update [x] -> DELETED

    ¤¤¤ Startup Entries : 0 ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ Browser Addons : 0 ¤¤¤

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

    ¤¤¤ External Hives: ¤¤¤

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> %SystemRoot%\System32\drivers\etc\hosts


    127.0.0.1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Hitachi HTS545032B9A300 ATA Device +++++
    --- User ---
    [MBR] 619c9f326b7a555a7d475f2f3abf3574
    [BSP] 07fd903742dc801170f022c0c346a928 : Windows Vista MBR Code
    Partition table:
    0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 12000 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 24578048 | Size: 100 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 24782848 | Size: 293143 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[0]_D_01242014_220415.txt >>
    RKreport[0]_S_01242014_220042.txt


    MBAR Log:

    Malwarebytes Anti-Rootkit BETA 1.07.0.1009
    www.malwarebytes.org

    Database version: v2014.01.25.03

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Donald :: DONALD-PC [administrator]

    1/24/2014 10:13:43 PM
    mbar-log-2014-01-24 (22-13-43).txt

    Scan type: Quick scan
    Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
    Scan options disabled:
    Objects scanned: 245547
    Time elapsed: 46 minute(s), 41 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    Physical Sectors Detected: 0
    (No malicious items detected)

    (end)


    System Log:

    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.07.0.1008

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.1.7601 Windows 7 Service Pack 1 x64

    Account is Administrative

    Internet Explorer version: 9.0.8112.16421

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED
    CPU speed: 2.100000 GHz
    Memory total: 4024811520, free: 1887358976

    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.07.0.1008

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.1.7601 Windows 7 Service Pack 1 x64

    Account is Administrative

    Internet Explorer version: 9.0.8112.16421

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED
    CPU speed: 2.100000 GHz
    Memory total: 4024811520, free: 1850728448

    =======================================


    =======================================
    Initializing...
    ------------ Kernel report ------------
    01/10/2014 08:28:59
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntoskrnl.exe
    \SystemRoot\system32\hal.dll
    \SystemRoot\system32\kdcom.dll
    \SystemRoot\system32\mcupdate_AuthenticAMD.dll
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\CLFS.SYS
    \SystemRoot\system32\CI.dll
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\system32\drivers\ACPI.sys
    \SystemRoot\system32\drivers\WMILIB.SYS
    \SystemRoot\system32\drivers\msisadrv.sys
    \SystemRoot\system32\drivers\pci.sys
    \SystemRoot\system32\drivers\vdrvroot.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\system32\DRIVERS\compbatt.sys
    \SystemRoot\system32\DRIVERS\BATTC.SYS
    \SystemRoot\system32\drivers\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\system32\drivers\atapi.sys
    \SystemRoot\system32\drivers\ataport.SYS
    \SystemRoot\system32\drivers\msahci.sys
    \SystemRoot\system32\drivers\PCIIDEX.SYS
    \SystemRoot\system32\drivers\amdxata.sys
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\system32\drivers\fileinfo.sys
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\System32\Drivers\msrpc.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\System32\Drivers\cng.sys
    \SystemRoot\System32\drivers\pcw.sys
    \SystemRoot\System32\Drivers\Fs_Rec.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\Drivers\ksecpkg.sys
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\system32\drivers\volsnap.sys
    \SystemRoot\System32\Drivers\spldr.sys
    \SystemRoot\System32\drivers\rdyboost.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\System32\drivers\hwpolicy.sys
    \SystemRoot\System32\DRIVERS\fvevol.sys
    \SystemRoot\system32\DRIVERS\disk.sys
    \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    \SystemRoot\system32\DRIVERS\AtiPcie.sys
    \SystemRoot\system32\drivers\cdrom.sys
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\drivers\VIDEOPRT.SYS
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\system32\drivers\rdpencdd.sys
    \SystemRoot\system32\drivers\rdprefmp.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\system32\drivers\hlnfd.sys
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\drivers\afd.sys
    \SystemRoot\system32\drivers\ws2ifsl.sys
    \SystemRoot\system32\DRIVERS\wfplwf.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\vwififlt.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\drivers\termdd.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \SystemRoot\system32\drivers\mssmbios.sys
    \SystemRoot\System32\drivers\discache.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\system32\DRIVERS\blbdrive.sys
    \SystemRoot\system32\DRIVERS\tunnel.sys
    \SystemRoot\system32\DRIVERS\amdppm.sys
    \SystemRoot\system32\drivers\wmiacpi.sys
    \SystemRoot\system32\DRIVERS\atikmdag.sys
    \SystemRoot\System32\drivers\dxgkrnl.sys
    \SystemRoot\System32\drivers\dxgmms1.sys
    \SystemRoot\system32\drivers\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\k57nd60a.sys
    \SystemRoot\system32\DRIVERS\athrx.sys
    \SystemRoot\system32\DRIVERS\vwifibus.sys
    \??\C:\Windows\system32\drivers\UBHelper.sys
    \??\C:\Windows\system32\drivers\NTIDrvr.sys
    \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    \SystemRoot\system32\DRIVERS\usbohci.sys
    \SystemRoot\system32\DRIVERS\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\usbfilter.sys
    \SystemRoot\system32\DRIVERS\usbehci.sys
    \SystemRoot\system32\DRIVERS\CmBatt.sys
    \SystemRoot\system32\drivers\i8042prt.sys
    \SystemRoot\SysWOW64\Drivers\DKbFltr.sys
    \SystemRoot\system32\drivers\kbdclass.sys
    \SystemRoot\system32\DRIVERS\SynTP.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\system32\drivers\mouclass.sys
    \SystemRoot\system32\drivers\CompositeBus.sys
    \SystemRoot\system32\DRIVERS\AgileVpn.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\rassstp.sys
    \SystemRoot\system32\drivers\swenum.sys
    \SystemRoot\system32\drivers\ks.sys
    \SystemRoot\system32\drivers\umbus.sys
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\drivers\AtiHdmi.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\drivers\ksthunk.sys
    \SystemRoot\system32\drivers\CHDRT64.sys
    \SystemRoot\system32\DRIVERS\CAXHWAZL.sys
    \SystemRoot\system32\DRIVERS\CAX_DPV.sys
    \SystemRoot\system32\DRIVERS\CAX_CNXT.sys
    \SystemRoot\system32\drivers\modem.sys
    \SystemRoot\system32\drivers\hidusb.sys
    \SystemRoot\system32\drivers\HIDCLASS.SYS
    \SystemRoot\system32\drivers\HIDPARSE.SYS
    \SystemRoot\system32\DRIVERS\mouhid.sys
    \SystemRoot\system32\DRIVERS\usbccgp.sys
    \SystemRoot\System32\Drivers\usbvideo.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\System32\Drivers\dump_dumpata.sys
    \SystemRoot\System32\Drivers\dump_msahci.sys
    \SystemRoot\System32\Drivers\dump_dumpfve.sys
    \SystemRoot\system32\DRIVERS\monitor.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\System32\cdd.dll
    \SystemRoot\system32\drivers\luafv.sys
    \SystemRoot\system32\drivers\WudfPf.sys
    \SystemRoot\system32\DRIVERS\lltdio.sys
    \SystemRoot\system32\DRIVERS\nwifi.sys
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\DRIVERS\rspndr.sys
    \SystemRoot\system32\drivers\HTTP.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\System32\drivers\mpsdrv.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \SystemRoot\system32\DRIVERS\mdmxsdk.sys
    \SystemRoot\system32\drivers\peauth.sys
    \SystemRoot\System32\Drivers\secdrv.SYS
    \SystemRoot\System32\DRIVERS\srvnet.sys
    \SystemRoot\System32\drivers\tcpipreg.sys
    \SystemRoot\system32\DRIVERS\XAudio64.sys
    \SystemRoot\System32\DRIVERS\srv2.sys
    \SystemRoot\System32\DRIVERS\srv.sys
    \SystemRoot\System32\drivers\ipnat.sys
    \??\C:\Windows\system32\drivers\mbamchameleon.sys
    \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
    \Windows\System32\ntdll.dll
    \Windows\System32\smss.exe
    \Windows\System32\apisetschema.dll
    \Windows\System32\autochk.exe
    \Windows\System32\usp10.dll
    \Windows\System32\sechost.dll
    \Windows\System32\ole32.dll
    \Windows\System32\shell32.dll
    \Windows\System32\difxapi.dll
    \Windows\System32\normaliz.dll
    \Windows\System32\gdi32.dll
    \Windows\System32\setupapi.dll
    \Windows\System32\comdlg32.dll
    \Windows\System32\imm32.dll
    \Windows\System32\shlwapi.dll
    \Windows\System32\urlmon.dll
    \Windows\System32\user32.dll
    \Windows\System32\wininet.dll
    \Windows\System32\imagehlp.dll
    \Windows\System32\kernel32.dll
    \Windows\System32\nsi.dll
    \Windows\System32\psapi.dll
    \Windows\System32\advapi32.dll
    \Windows\System32\clbcatq.dll
    \Windows\System32\msctf.dll
    \Windows\System32\msvcrt.dll
    \Windows\System32\iertutil.dll
    \Windows\System32\ws2_32.dll
    \Windows\System32\lpk.dll
    \Windows\System32\Wldap32.dll
    \Windows\System32\rpcrt4.dll
    \Windows\System32\oleaut32.dll
    \Windows\System32\wintrust.dll
    \Windows\System32\cfgmgr32.dll
    \Windows\System32\crypt32.dll
    \Windows\System32\devobj.dll
    \Windows\System32\comctl32.dll
    \Windows\System32\KernelBase.dll
    \Windows\System32\msasn1.dll
    \Windows\SysWOW64\normaliz.dll
    ----------- End -----------
    Done!
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xfffffa8004a98060
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
    Lower Device Object: 0xfffffa80049fc060
    Lower Device Driver Name: \Driver\atapi\
    <<<2>>>
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xfffffa8004a98060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa8004a98b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa8004a98060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa80049fc060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Done!
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 20BC20BC

    Partition information:

    Partition 0 type is Other (0x27)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048 Numsec = 24576000

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 24578048 Numsec = 204800
    Partition is not bootable

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 24782848 Numsec = 600357552

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 320072933376 bytes
    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 0 (1-2047-625122448-625142448)...
    Done!
    Infected: C:\ProgramData\celezu.dat --> [Trojan.Ransom.Gend]
    Infected: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|celezu --> [Trojan.Ransom.Gend]
    Infected: C:\Users\Donald\AppData\Local\Temp\GetCC.dll --> [MSIL.Solimba]
    Infected: C:\Windows\Temp\65036.exe --> [Trojan.FakeAlert.RRE]
    Infected: C:\Windows\Temp\69217.exe --> [Trojan.Agent.ED]
    Infected: C:\Windows\Temp\100308.exe --> [Trojan.Ransom.ED]
    Infected: C:\Windows\Temp\143286.exe --> [Rootkit.0Access]
    Infected: C:\Windows\Tasks\Security Center Update - 1046356694.job --> [Trojan.Agent.RvGen]
    Infected: C:\Windows\Tasks\Security Center Update - 1050735107.job --> [Trojan.Agent.RvGen]
    Infected: C:\Windows\Tasks\Security Center Update - 1168760202.job --> [Trojan.Agent.RvGen]
    Infected: C:\Windows\Tasks\Security Center Update - 1260839663.job --> [Trojan.Agent.RvGen]
    Infected: C:\Windows\Tasks\Security Center Update - 1271483492.job --> [Trojan.Agent.RvGen]
    Infected: C:\Windows\Tasks\Security Center Update - 1347720036.job --> [Trojan.Agent.RvGen]
    Infected: C:\Windows\Tasks\Security Center Update - 1423052530.job --> [Trojan.Agent.RvGen]
    Infected: C:\Windows\Tasks\Security Center Update - 1451943603.job --> [Trojan.Agent.RvGen]
    Infected: C:\Windows\Tasks\Security Center Update - 1505125467.job --> [Trojan.Agent.RvGen]
    Infected: C:\Windows\Tasks\Security Center Update - 1781608686.job --> [Trojan.Agent.RvGen]
    Infected: C:\Windows\Tasks\Security Center Update - 1873086598.job --> [Trojan.Agent.RvGen]
    Infected: C:\Windows\Tasks\Security Center Update - 1901918881.job --> [Trojan.Agent.RvGen]
    Infected: C:\Windows\Tasks\Security Center Update - 1976910982.job --> [Trojan.Agent.RvGen]
    Infected: C:\Windows\Tasks\Security Center Update - 2015975346.job --> [Trojan.Agent.RvGen]
    Infected: C:\Windows\Tasks\Security Center Update - 2061477007.job --> [Trojan.Agent.RvGen]
    Infected: C:\Windows\Tasks\Security Center Update - 2070894249.job --> [Trojan.Agent.RvGen]
    Infected: C:\Windows\Tasks\Security Center Update - 211334876.job --> [Trojan.Agent.RvGen]
    Infected: C:\Windows\Tasks\Security Center Update - 2169561906.job --> [Trojan.Agent.RvGen]
    Infected: C:\Windows\Tasks\Security Center Update - 2173129686.job --> [Trojan.Agent.RvGen]
    Infected: C:\Windows\Tasks\Security Center Update - 2219684421.job --> [Trojan.Agent.RvGen]
    Infected: C:\Windows\Tasks\Security Center Update - 2261576578.job --> [Trojan.Agent.RvGen]
    Infected: C:\Windows\Tasks\Security Center Update - 2330549512.job --> [Trojan.Agent.RvGen]
    Infected: C:\Windows\Tasks\Security Center Update - 2410044408.job --> [Trojan.Agent.RvGen]
    Infected: C:\Windows\Tasks\Security Center Update - 2425766159.job --> [Trojan.Agent.RvGen]
    Infected: C:\Windows\Tasks\Security Center Update - 2430354189.job --> [Trojan.Agent.RvGen]
    Infected: C:\Windows\Tasks\Security Center Update - 2459700218.job --> [Trojan.Agent.RvGen]
    Infected: C:\Windows\Tasks\Security Center Update - 2519292187.job --> [Trojan.Agent.RvGen]
    Infected: C:\Windows\Tasks\Security Center Update - 2559211587.job --> [Trojan.Agent.RvGen]
    Infected: C:\Windows\Tasks\Security Center Update - 2571024234.job --> [Trojan.Agent.RvGen]
    Infected: C:\Windows\Tasks\Security Center Update - 2745028878.job --> [Trojan.Agent.RvGen]
    Infected: C:\Windows\Tasks\Security Center Update - 2778014529.job --> [Trojan.Agent.RvGen]
    Infected: C:\Windows\Tasks\Security Center Update - 2812222598.job --> [Trojan.Agent.RvGen]
    Infected: C:\Windows\Tasks\Security Center Update - 2816935913.job --> [Trojan.Agent.RvGen]
    Infected: C:\Windows\Tasks\Security Center Update - 2884926341.job --> [Trojan.Agent.RvGen]
    Infected: C:\Windows\Tasks\Security Center Update - 2922685697.job --> [Trojan.Agent.RvGen]
    Infected: C:\Windows\Tasks\Security Center Update - 293062511.job --> [Trojan.Agent.RvGen]
    Infected: C:\Windows\Tasks\Security Center Update - 2946485252.job --> [Trojan.Agent.RvGen]
    Infected: C:\Windows\Tasks\Security Center Update - 2949625167.job --> [Trojan.Agent.RvGen]
    Infected: C:\Windows\Tasks\Security Center Update - 2962361739.job --> [Trojan.Agent.RvGen]
    Infected: C:\Windows\Tasks\Security Center Update - 3062569026.job --> [Trojan.Agent.RvGen]
    Infected: C:\Windows\Tasks\Security Center Update - 3075971606.job --> [Trojan.Agent.RvGen]
    Infected: C:\Windows\Tasks\Security Center Update - 3249568890.job --> [Trojan.Agent.RvGen]
    Infected: C:\Windows\Tasks\Security Center Update - 3290262203.job --> [Trojan.Agent.RvGen]
    Infected: C:\Windows\Tasks\Security Center Update - 3344764187.job --> [Trojan.Agent.RvGen]
    Infected: C:\Windows\Tasks\Security Center Update - 3369774985.job --> [Trojan.Agent.RvGen]
    Infected: C:\Windows\Tasks\Security Center Update - 3379833770.job --> [Trojan.Agent.RvGen]
    Infected: C:\Windows\Tasks\Security Center Update - 3412777518.job --> [Trojan.Agent.RvGen]
    Infected: C:\Windows\Tasks\Security Center Update - 3446069764.job --> [Trojan.Agent.RvGen]
    Infected: C:\Windows\Tasks\Security Center Update - 3521435614.job --> [Trojan.Agent.RvGen]
    Infected: C:\Windows\Tasks\Security Center Update - 3531251319.job --> [Trojan.Agent.RvGen]
    Infected: C:\Windows\Tasks\Security Center Update - 3639408951.job --> [Trojan.Agent.RvGen]
    Infected: C:\Windows\Tasks\Security Center Update - 3670355552.job --> [Trojan.Agent.RvGen]
    Infected: C:\Windows\Tasks\Security Center Update - 3685983696.job --> [Trojan.Agent.RvGen]
    Infected: C:\Windows\Tasks\Security Center Update - 3947951952.job --> [Trojan.Agent.RvGen]
    Infected: C:\Windows\Tasks\Security Center Update - 4151678097.job --> [Trojan.Agent.RvGen]
    Infected: C:\Windows\Tasks\Security Center Update - 4269382055.job --> [Trojan.Agent.RvGen]
    Infected: C:\Windows\Tasks\Security Center Update - 524355557.job --> [Trojan.Agent.RvGen]
    Infected: C:\Windows\Tasks\Security Center Update - 628872661.job --> [Trojan.Agent.RvGen]
    Infected: C:\Windows\Tasks\Security Center Update - 710831193.job --> [Trojan.Agent.RvGen]
    Infected: C:\Windows\Tasks\Security Center Update - 826842775.job --> [Trojan.Agent.RvGen]
    Infected: C:\Windows\Tasks\Security Center Update - 962784075.job --> [Trojan.Agent.RvGen]
    Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SecurityCenterServer1046356694 --> [Trojan.Agent.SCS]
    Infected: C:\Windows\SysWOW64\asynov.exe --> [Trojan.Agent.SCS]
    Infected: C:\Windows\SysWOW64\asynov.exe --> [Trojan.Agent.SCS]
    Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SecurityCenterServer1050735107 --> [Trojan.Agent.SCS]
    Infected: C:\Windows\SysWOW64\adaktoxoc.exe --> [Trojan.Agent.SCS]
    Infected: C:\Windows\SysWOW64\adaktoxoc.exe --> [Trojan.Agent.SCS]
    Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SecurityCenterServer1168760202 --> [Trojan.Agent.SCS]
    Infected: C:\Windows\SysWOW64\yzmadawi.exe --> [Trojan.Agent.SCS]
    Infected: C:\Windows\SysWOW64\yzmadawi.exe --> [Trojan.Agent.SCS]
    Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SecurityCenterServer1260839663 --> [Trojan.Agent.SCS]
    Infected: C:\Windows\SysWOW64\arnoz.exe --> [Trojan.Agent.SCS]
    Infected: C:\Windows\SysWOW64\arnoz.exe --> [Trojan.Agent.SCS]
    Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SecurityCenterServer1271483492 --> [Trojan.Agent.SCS]
    Infected: C:\Windows\SysWOW64\eqqulueto.exe --> [Trojan.Agent.SCS]
    Infected: C:\Windows\SysWOW64\eqqulueto.exe --> [Trojan.Agent.SCS]
    Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SecurityCenterServer1347720036 --> [Trojan.Agent.SCS]
    Infected: C:\Windows\SysWOW64\saqyykazes.exe --> [Trojan.Agent.SCS]
    Infected: C:\Windows\SysWOW64\saqyykazes.exe --> [Trojan.Agent.SCS]
    Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SecurityCenterServer1423052530 --> [Trojan.Agent.SCS]
    Infected: C:\Windows\SysWOW64\piqeuqroy.exe --> [Trojan.Agent.SCS]
    Infected: C:\Windows\SysWOW64\piqeuqroy.exe --> [Trojan.Agent.SCS]
    Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SecurityCenterServer1451943603 --> [Trojan.Agent.SCS]
    Infected: C:\Windows\SysWOW64\zyuwmuic.exe --> [Trojan.Agent.SCS]
    Infected: C:\Windows\SysWOW64\zyuwmuic.exe --> [Trojan.Agent.SCS]
    Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SecurityCenterServer1505125467 --> [Trojan.Agent.SCS]
    Infected: C:\Windows\SysWOW64\ekavgi.exe --> [Trojan.Agent.SCS]
    Infected: C:\Windows\SysWOW64\ekavgi.exe --> [Trojan.Agent.SCS]
    Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SecurityCenterServer1781608686 --> [Trojan.Agent.SCS]
    Infected: C:\Windows\SysWOW64\pyvysakiv.exe --> [Trojan.Agent.SCS]
    Infected: C:\Windows\SysWOW64\pyvysakiv.exe --> [Trojan.Agent.SCS]
    Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SecurityCenterServer1873086598 --> [Trojan.Agent.SCS]
    Infected: C:\Windows\SysWOW64\aqawqici.exe --> [Trojan.Agent.SCS]
    Infected: C:\Windows\SysWOW64\aqawqici.exe --> [Trojan.Agent.SCS]
    Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SecurityCenterServer1901918881 --> [Trojan.Agent.SCS]
    Infected: C:\Windows\SysWOW64\dyviob.exe --> [Trojan.Agent.SCS]
    Infected: C:\Windows\SysWOW64\dyviob.exe --> [Trojan.Agent.SCS]
    Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SecurityCenterServer1976910982 --> [Trojan.Agent.SCS]
    Infected: C:\Windows\SysWOW64\ibisecal.exe --> [Trojan.Agent.SCS]
    Infected: C:\Windows\SysWOW64\ibisecal.exe --> [Trojan.Agent.SCS]
    Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SecurityCenterServer2015975346 --> [Trojan.Agent.SCS]
    Infected: C:\Windows\SysWOW64\emyqkoy.exe --> [Trojan.Agent.SCS]
    Infected: C:\Windows\SysWOW64\emyqkoy.exe --> [Trojan.Agent.SCS]
    Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SecurityCenterServer2061477007 --> [Trojan.Agent.SCS]
    Infected: C:\Windows\SysWOW64\bycaef.exe --> [Trojan.Agent.SCS]
    Infected: C:\Windows\SysWOW64\bycaef.exe --> [Trojan.Agent.SCS]
    Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SecurityCenterServer2070894249 --> [Trojan.Agent.SCS]
    Infected: C:\Windows\SysWOW64\ehywdelyva.exe --> [Trojan.Agent.SCS]
    Infected: C:\Windows\SysWOW64\ehywdelyva.exe --> [Trojan.Agent.SCS]
    Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SecurityCenterServer211334876 --> [Trojan.Agent.SCS]
    Infected: C:\Windows\SysWOW64\yqotoz.exe --> [Trojan.Agent.SCS]
    Infected: C:\Windows\SysWOW64\yqotoz.exe --> [Trojan.Agent.SCS]
    Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SecurityCenterServer2169561906 --> [Trojan.Agent.SCS]
    Infected: C:\Windows\SysWOW64\ubkyemacev.exe --> [Trojan.Agent.SCS]
    Infected: C:\Windows\SysWOW64\ubkyemacev.exe --> [Trojan.Agent.SCS]
    Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SecurityCenterServer2173129686 --> [Trojan.Agent.SCS]
    Infected: C:\Windows\SysWOW64\kaebti.exe --> [Trojan.Agent.SCS]
    Infected: C:\Windows\SysWOW64\kaebti.exe --> [Trojan.Agent.SCS]
    Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SecurityCenterServer2219684421 --> [Trojan.Agent.SCS]
    Infected: C:\Windows\SysWOW64\zopekuirt.exe --> [Trojan.Agent.SCS]
    Infected: C:\Windows\SysWOW64\zopekuirt.exe --> [Trojan.Agent.SCS]
    Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SecurityCenterServer2261576578 --> [Trojan.Agent.SCS]
    Infected: C:\Windows\SysWOW64\haypugi.exe --> [Trojan.Agent.SCS]
    Infected: C:\Windows\SysWOW64\haypugi.exe --> [Trojan.Agent.SCS]
    Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SecurityCenterServer2330549512 --> [Trojan.Agent.SCS]
    Infected: C:\Windows\SysWOW64\koyzgein.exe --> [Trojan.Agent.SCS]
    Infected: C:\Windows\SysWOW64\koyzgein.exe --> [Trojan.Agent.SCS]
    Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SecurityCenterServer2410044408 --> [Trojan.Agent.SCS]
    Infected: C:\Windows\SysWOW64\dyovs.exe --> [Trojan.Agent.SCS]
    Infected: C:\Windows\SysWOW64\dyovs.exe --> [Trojan.Agent.SCS]
    Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SecurityCenterServer2425766159 --> [Trojan.Agent.SCS]
    Infected: C:\Windows\SysWOW64\ycgot.exe --> [Trojan.Agent.SCS]
    Infected: C:\Windows\SysWOW64\ycgot.exe --> [Trojan.Agent.SCS]
    Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SecurityCenterServer2430354189 --> [Trojan.Agent.SCS]
    Infected: C:\Windows\SysWOW64\sarumyfo.exe --> [Trojan.Agent.SCS]
    Infected: C:\Windows\SysWOW64\sarumyfo.exe --> [Trojan.Agent.SCS]
    Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SecurityCenterServer2459700218 --> [Trojan.Agent.SCS]
    Infected: C:\Windows\SysWOW64\orydivoz.exe --> [Trojan.Agent.SCS]
    Infected: C:\Windows\SysWOW64\orydivoz.exe --> [Trojan.Agent.SCS]
    Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SecurityCenterServer2519292187 --> [Trojan.Agent.SCS]
    Infected: C:\Windows\SysWOW64\yvdaegobga.exe --> [Trojan.Agent.SCS]
    Infected: C:\Windows\SysWOW64\yvdaegobga.exe --> [Trojan.Agent.SCS]
    Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SecurityCenterServer2559211587 --> [Trojan.Agent.SCS]
    Infected: C:\Windows\SysWOW64\ruaco.exe --> [Trojan.Agent.SCS]
    Infected: C:\Windows\SysWOW64\ruaco.exe --> [Trojan.Agent.SCS]
    Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SecurityCenterServer2571024234 --> [Trojan.Agent.SCS]
    Infected: C:\Windows\SysWOW64\iwensuybge.exe --> [Trojan.Agent.SCS]
    Infected: C:\Windows\SysWOW64\iwensuybge.exe --> [Trojan.Agent.SCS]
    Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SecurityCenterServer2745028878 --> [Trojan.Agent.SCS]
    Infected: C:\Windows\SysWOW64\ihygtaep.exe --> [Trojan.Agent.SCS]
    Infected: C:\Windows\SysWOW64\ihygtaep.exe --> [Trojan.Agent.SCS]
    Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SecurityCenterServer2778014529 --> [Trojan.Agent.SCS]
    Infected: C:\Windows\SysWOW64\zaupqot.exe --> [Trojan.Agent.SCS]
    Infected: C:\Windows\SysWOW64\zaupqot.exe --> [Trojan.Agent.SCS]
    Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SecurityCenterServer2812222598 --> [Trojan.Agent.SCS]
    Infected: C:\Windows\SysWOW64\irervi.exe --> [Trojan.Agent.SCS]
    Infected: C:\Windows\SysWOW64\irervi.exe --> [Trojan.Agent.SCS]
    Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SecurityCenterServer2816935913 --> [Trojan.Agent.SCS]
    Infected: C:\Windows\SysWOW64\duesec.exe --> [Trojan.Agent.SCS]
    Infected: C:\Windows\SysWOW64\duesec.exe --> [Trojan.Agent.SCS]
    Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SecurityCenterServer2884926341 --> [Trojan.Agent.SCS]
    Infected: C:\Windows\SysWOW64\izsoeclyic.exe --> [Trojan.Agent.SCS]
    Infected: C:\Windows\SysWOW64\izsoeclyic.exe --> [Trojan.Agent.SCS]
    Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SecurityCenterServer2922685697 --> [Trojan.Agent.SCS]
    Infected: C:\Windows\SysWOW64\upucevebvi.exe --> [Trojan.Agent.SCS]
    Infected: C:\Windows\SysWOW64\upucevebvi.exe --> [Trojan.Agent.SCS]
    Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SecurityCenterServer293062511 --> [Trojan.Agent.SCS]
    Infected: C:\Windows\SysWOW64\faxeemyve.exe --> [Trojan.Agent.SCS]
    Infected: C:\Windows\SysWOW64\faxeemyve.exe --> [Trojan.Agent.SCS]
    Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SecurityCenterServer2946485252 --> [Trojan.Agent.SCS]
    Infected: C:\Windows\SysWOW64\omwamu.exe --> [Trojan.Agent.SCS]
    Infected: C:\Windows\SysWOW64\omwamu.exe --> [Trojan.Agent.SCS]
    Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SecurityCenterServer2949625167 --> [Trojan.Agent.SCS]
    Infected: C:\Windows\SysWOW64\icfeigsyug.exe --> [Trojan.Agent.SCS]
    Infected: C:\Windows\SysWOW64\icfeigsyug.exe --> [Trojan.Agent.SCS]
    Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SecurityCenterServer2962361739 --> [Trojan.Agent.SCS]
    Infected: C:\Windows\SysWOW64\uxkekutua.exe --> [Trojan.Agent.SCS]
    Infected: C:\Windows\SysWOW64\uxkekutua.exe --> [Trojan.Agent.SCS]
    Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SecurityCenterServer3062569026 --> [Trojan.Agent.SCS]
    Infected: C:\Windows\SysWOW64\agzaosu.exe --> [Trojan.Agent.SCS]
    Infected: C:\Windows\SysWOW64\agzaosu.exe --> [Trojan.Agent.SCS]
    Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SecurityCenterServer3075971606 --> [Trojan.Agent.SCS]
    Infected: C:\Windows\SysWOW64\houmahudu.exe --> [Trojan.Agent.SCS]
    Infected: C:\Windows\SysWOW64\houmahudu.exe --> [Trojan.Agent.SCS]
    Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SecurityCenterServer3249568890 --> [Trojan.Agent.SCS]
    Infected: C:\Windows\SysWOW64\neuwzuh.exe --> [Trojan.Agent.SCS]
    Infected: C:\Windows\SysWOW64\neuwzuh.exe --> [Trojan.Agent.SCS]
    Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SecurityCenterServer3290262203 --> [Trojan.Agent.SCS]
    Infected: C:\Windows\SysWOW64\watialoh.exe --> [Trojan.Agent.SCS]
    Infected: C:\Windows\SysWOW64\watialoh.exe --> [Trojan.Agent.SCS]
    Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SecurityCenterServer3344764187 --> [Trojan.Agent.SCS]
    Infected: C:\Windows\SysWOW64\serit.exe --> [Trojan.Agent.SCS]
    Infected: C:\Windows\SysWOW64\serit.exe --> [Trojan.Agent.SCS]
    Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SecurityCenterServer3369774985 --> [Trojan.Agent.SCS]
    Infected: C:\Windows\SysWOW64\hidivi.exe --> [Trojan.Agent.SCS]
    Infected: C:\Windows\SysWOW64\hidivi.exe --> [Trojan.Agent.SCS]
    Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SecurityCenterServer3379833770 --> [Trojan.Agent.SCS]
    Infected: C:\Windows\SysWOW64\nywao.exe --> [Trojan.Agent.SCS]
    Infected: C:\Windows\SysWOW64\nywao.exe --> [Trojan.Agent.SCS]
    Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SecurityCenterServer3412777518 --> [Trojan.Agent.SCS]
    Infected: C:\Windows\SysWOW64\evfiewigg.exe --> [Trojan.Agent.SCS]
    Infected: C:\Windows\SysWOW64\evfiewigg.exe --> [Trojan.Agent.SCS]
    Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SecurityCenterServer3446069764 --> [Trojan.Agent.SCS]
    Infected: C:\Windows\SysWOW64\obaccei.exe --> [Trojan.Agent.SCS]
    Infected: C:\Windows\SysWOW64\obaccei.exe --> [Trojan.Agent.SCS]
    Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SecurityCenterServer3521435614 --> [Trojan.Agent.SCS]
    Infected: C:\Windows\SysWOW64\ukidefso.exe --> [Trojan.Agent.SCS]
    Infected: C:\Windows\SysWOW64\ukidefso.exe --> [Trojan.Agent.SCS]
    Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SecurityCenterServer3531251319 --> [Trojan.Agent.SCS]
    Infected: C:\Windows\SysWOW64\uzneycyr.exe --> [Trojan.Agent.SCS]
    Infected: C:\Windows\SysWOW64\uzneycyr.exe --> [Trojan.Agent.SCS]
    Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SecurityCenterServer3639408951 --> [Trojan.Agent.SCS]
    Infected: C:\Windows\SysWOW64\vamuu.exe --> [Trojan.Agent.SCS]
    Infected: C:\Windows\SysWOW64\vamuu.exe --> [Trojan.Agent.SCS]
    Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SecurityCenterServer3670355552 --> [Trojan.Agent.SCS]
    Infected: C:\Windows\SysWOW64\ucroac.exe --> [Trojan.Agent.SCS]
    Infected: C:\Windows\SysWOW64\ucroac.exe --> [Trojan.Agent.SCS]
    Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SecurityCenterServer3685983696 --> [Trojan.Agent.SCS]
    Infected: C:\Windows\SysWOW64\owotfiy.exe --> [Trojan.Agent.SCS]
    Infected: C:\Windows\SysWOW64\owotfiy.exe --> [Trojan.Agent.SCS]
    Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SecurityCenterServer3947951952 --> [Trojan.Agent.SCS]
    Infected: C:\Windows\SysWOW64\lyedmiwum.exe --> [Trojan.Agent.SCS]
    Infected: C:\Windows\SysWOW64\lyedmiwum.exe --> [Trojan.Agent.SCS]
    Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SecurityCenterServer4151678097 --> [Trojan.Agent.SCS]
    Infected: C:\Windows\SysWOW64\ireqhexiny.exe --> [Trojan.Agent.SCS]
    Infected: C:\Windows\SysWOW64\ireqhexiny.exe --> [Trojan.Agent.SCS]
    Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SecurityCenterServer4269382055 --> [Trojan.Agent.SCS]
    Infected: C:\Windows\SysWOW64\uxyvykcy.exe --> [Trojan.Agent.SCS]
    Infected: C:\Windows\SysWOW64\uxyvykcy.exe --> [Trojan.Agent.SCS]
    Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SecurityCenterServer524355557 --> [Trojan.Agent.SCS]
    Infected: C:\Windows\SysWOW64\ucluyb.exe --> [Trojan.Agent.SCS]
    Infected: C:\Windows\SysWOW64\ucluyb.exe --> [Trojan.Agent.SCS]
    Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SecurityCenterServer628872661 --> [Trojan.Agent.SCS]
    Infected: C:\Windows\SysWOW64\ymrel.exe --> [Trojan.Agent.SCS]
    Infected: C:\Windows\SysWOW64\ymrel.exe --> [Trojan.Agent.SCS]
    Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SecurityCenterServer710831193 --> [Trojan.Agent.SCS]
    Infected: C:\Windows\SysWOW64\ixycecc.exe --> [Trojan.Agent.SCS]
    Infected: C:\Windows\SysWOW64\ixycecc.exe --> [Trojan.Agent.SCS]
    Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SecurityCenterServer826842775 --> [Trojan.Agent.SCS]
    Infected: C:\Windows\SysWOW64\xaogheyva.exe --> [Trojan.Agent.SCS]
    Infected: C:\Windows\SysWOW64\xaogheyva.exe --> [Trojan.Agent.SCS]
    Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SecurityCenterServer962784075 --> [Trojan.Agent.SCS]
    Infected: C:\Windows\SysWOW64\uckyfeisi.exe --> [Trojan.Agent.SCS]
    Infected: C:\Windows\SysWOW64\uckyfeisi.exe --> [Trojan.Agent.SCS]
    Scan finished
    Creating System Restore point...
    Cleaning up...
    Executing an action fixdamage.exe...
    Success!
    Queuing an action fixdamage.exe
    Removal scheduling successful. System shutdown needed.
    System shutdown occurred
    =======================================




    Thanks again,
    dutch
     
  7. 2014/01/24
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    .....
     
  8. 2014/01/24
    dutch

    dutch Well-Known Member Thread Starter

    Joined:
    2002/02/19
    Messages:
    117
    Likes Received:
    1
    More of System Log:

    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.07.0.1008

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.1.7601 Windows 7 Service Pack 1 x64

    Account is Administrative

    Internet Explorer version: 9.0.8112.16421

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED
    CPU speed: 2.100000 GHz
    Memory total: 4024811520, free: 3124301824

    =======================================
    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.07.0.1008

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.1.7601 Windows 7 Service Pack 1 x64

    Account is Administrative

    Internet Explorer version: 9.0.8112.16421

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED
    CPU speed: 2.100000 GHz
    Memory total: 4024811520, free: 2211282944

    Downloaded database version: v2014.01.10.05
    Downloaded database version: v2013.12.18.01
    =======================================
    Initializing...
    ------------ Kernel report ------------
    01/10/2014 09:52:37
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntoskrnl.exe
    \SystemRoot\system32\hal.dll
    \SystemRoot\system32\kdcom.dll
    \SystemRoot\system32\mcupdate_AuthenticAMD.dll
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\CLFS.SYS
    \SystemRoot\system32\CI.dll
    \SystemRoot\system32\drivers\CLASSPNP.SYS
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\system32\drivers\ACPI.sys
    \SystemRoot\system32\drivers\WMILIB.SYS
    \SystemRoot\system32\drivers\msisadrv.sys
    \SystemRoot\system32\drivers\pci.sys
    \SystemRoot\system32\drivers\vdrvroot.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\system32\DRIVERS\compbatt.sys
    \SystemRoot\system32\DRIVERS\BATTC.SYS
    \SystemRoot\system32\drivers\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\system32\drivers\atapi.sys
    \SystemRoot\system32\drivers\ataport.SYS
    \SystemRoot\system32\drivers\msahci.sys
    \SystemRoot\system32\drivers\PCIIDEX.SYS
    \SystemRoot\system32\drivers\amdxata.sys
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\system32\drivers\fileinfo.sys
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\System32\Drivers\msrpc.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\System32\Drivers\cng.sys
    \SystemRoot\System32\drivers\pcw.sys
    \SystemRoot\System32\Drivers\Fs_Rec.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\Drivers\ksecpkg.sys
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\system32\drivers\volsnap.sys
    \SystemRoot\System32\Drivers\spldr.sys
    \SystemRoot\System32\drivers\rdyboost.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\System32\drivers\hwpolicy.sys
    \SystemRoot\System32\DRIVERS\fvevol.sys
    \SystemRoot\system32\DRIVERS\disk.sys
    \SystemRoot\system32\DRIVERS\AtiPcie.sys
    \SystemRoot\system32\drivers\cdrom.sys
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\drivers\VIDEOPRT.SYS
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\system32\drivers\rdpencdd.sys
    \SystemRoot\system32\drivers\rdprefmp.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\system32\drivers\hlnfd.sys
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\drivers\afd.sys
    \SystemRoot\system32\drivers\ws2ifsl.sys
    \SystemRoot\system32\DRIVERS\wfplwf.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\vwififlt.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\drivers\termdd.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \SystemRoot\system32\drivers\mssmbios.sys
    \SystemRoot\System32\drivers\discache.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\system32\DRIVERS\blbdrive.sys
    \SystemRoot\system32\DRIVERS\tunnel.sys
    \SystemRoot\system32\DRIVERS\amdppm.sys
    \SystemRoot\system32\drivers\wmiacpi.sys
    \SystemRoot\system32\DRIVERS\atikmdag.sys
    \SystemRoot\System32\drivers\dxgkrnl.sys
    \SystemRoot\System32\drivers\dxgmms1.sys
    \SystemRoot\system32\drivers\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\k57nd60a.sys
    \SystemRoot\system32\DRIVERS\athrx.sys
    \SystemRoot\system32\DRIVERS\vwifibus.sys
    \??\C:\Windows\system32\drivers\UBHelper.sys
    \??\C:\Windows\system32\drivers\NTIDrvr.sys
    \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    \SystemRoot\system32\DRIVERS\usbohci.sys
    \SystemRoot\system32\DRIVERS\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\usbfilter.sys
    \SystemRoot\system32\DRIVERS\usbehci.sys
    \SystemRoot\system32\DRIVERS\CmBatt.sys
    \SystemRoot\system32\drivers\i8042prt.sys
    \SystemRoot\SysWOW64\Drivers\DKbFltr.sys
    \SystemRoot\system32\drivers\kbdclass.sys
    \SystemRoot\system32\DRIVERS\SynTP.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\system32\drivers\mouclass.sys
    \SystemRoot\system32\drivers\CompositeBus.sys
    \SystemRoot\system32\DRIVERS\AgileVpn.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\rassstp.sys
    \SystemRoot\system32\drivers\swenum.sys
    \SystemRoot\system32\drivers\ks.sys
    \SystemRoot\system32\drivers\umbus.sys
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\drivers\AtiHdmi.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\drivers\ksthunk.sys
    \SystemRoot\system32\drivers\CHDRT64.sys
    \SystemRoot\system32\DRIVERS\CAXHWAZL.sys
    \SystemRoot\system32\DRIVERS\CAX_DPV.sys
    \SystemRoot\system32\DRIVERS\CAX_CNXT.sys
    \SystemRoot\system32\drivers\modem.sys
    \SystemRoot\system32\drivers\hidusb.sys
    \SystemRoot\system32\drivers\HIDCLASS.SYS
    \SystemRoot\system32\drivers\HIDPARSE.SYS
    \SystemRoot\system32\DRIVERS\mouhid.sys
    \SystemRoot\system32\DRIVERS\usbccgp.sys
    \SystemRoot\System32\Drivers\usbvideo.sys
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\System32\Drivers\dump_dumpata.sys
    \SystemRoot\System32\Drivers\dump_msahci.sys
    \SystemRoot\System32\Drivers\dump_dumpfve.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\system32\DRIVERS\monitor.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\System32\cdd.dll
    \SystemRoot\system32\drivers\luafv.sys
    \SystemRoot\system32\drivers\WudfPf.sys
    \SystemRoot\system32\DRIVERS\lltdio.sys
    \SystemRoot\system32\DRIVERS\nwifi.sys
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\DRIVERS\rspndr.sys
    \SystemRoot\system32\drivers\HTTP.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\System32\drivers\mpsdrv.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \SystemRoot\system32\DRIVERS\mdmxsdk.sys
    \SystemRoot\system32\drivers\peauth.sys
    \SystemRoot\System32\Drivers\secdrv.SYS
    \SystemRoot\System32\DRIVERS\srvnet.sys
    \SystemRoot\System32\drivers\tcpipreg.sys
    \SystemRoot\system32\DRIVERS\XAudio64.sys
    \SystemRoot\System32\DRIVERS\srv2.sys
    \SystemRoot\System32\DRIVERS\srv.sys
    \SystemRoot\System32\drivers\ipnat.sys
    \SystemRoot\system32\DRIVERS\avgloga.sys
    \SystemRoot\system32\DRIVERS\avgrkx64.sys
    \SystemRoot\system32\DRIVERS\avgldx64.sys
    \SystemRoot\system32\DRIVERS\avgmfx64.sys
    \SystemRoot\system32\DRIVERS\avgtdia.sys
    \SystemRoot\system32\DRIVERS\avgidsha.sys
    \SystemRoot\system32\DRIVERS\avgidsdrivera.sys
    \SystemRoot\system32\DRIVERS\avgdiska.sys
    \??\C:\Windows\system32\drivers\mbamchameleon.sys
    \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
    \Windows\System32\ntdll.dll
    \Windows\System32\smss.exe
    \Windows\System32\apisetschema.dll
    \Windows\System32\autochk.exe
    \Windows\System32\oleaut32.dll
    \Windows\System32\wininet.dll
    \Windows\System32\msctf.dll
    \Windows\System32\kernel32.dll
    \Windows\System32\normaliz.dll
    \Windows\System32\user32.dll
    \Windows\System32\sechost.dll
    \Windows\System32\gdi32.dll
    \Windows\System32\shlwapi.dll
    \Windows\System32\comdlg32.dll
    \Windows\System32\imagehlp.dll
    \Windows\System32\psapi.dll
    \Windows\System32\advapi32.dll
    \Windows\System32\nsi.dll
    \Windows\System32\rpcrt4.dll
    \Windows\System32\urlmon.dll
    \Windows\System32\imm32.dll
    \Windows\System32\msvcrt.dll
    \Windows\System32\ws2_32.dll
    \Windows\System32\Wldap32.dll
    \Windows\System32\usp10.dll
    \Windows\System32\shell32.dll
    \Windows\System32\difxapi.dll
    \Windows\System32\setupapi.dll
    \Windows\System32\ole32.dll
    \Windows\System32\clbcatq.dll
    \Windows\System32\lpk.dll
    \Windows\System32\iertutil.dll
    \Windows\System32\wintrust.dll
    \Windows\System32\devobj.dll
    \Windows\System32\comctl32.dll
    \Windows\System32\crypt32.dll
    \Windows\System32\cfgmgr32.dll
    \Windows\System32\KernelBase.dll
    \Windows\System32\msasn1.dll
    \Windows\SysWOW64\normaliz.dll
    ----------- End -----------
    Done!
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xfffffa8004a94060
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
    Lower Device Object: 0xfffffa8004a00060
    Lower Device Driver Name: \Driver\atapi\
    <<<2>>>
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xfffffa8004a94060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa8004a94b20, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa8004a94060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa8004a00060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Done!
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 20BC20BC
    Partition information:

    Partition 0 type is Other (0x27)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048 Numsec = 24576000

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 24578048 Numsec = 204800
    Partition is not bootable

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 24782848 Numsec = 600357552

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Disk Size: 320072933376 bytes
    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 0 (1-2047-625122448-625142448)...
    Done!
    Infected: C:\Users\Donald\AppData\Roaming\Ozunzahu\toenunb.exe --> [Trojan.Zbot]
    Infected: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Awekhycoebi --> [Trojan.Zbot]
    Infected: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|Awekhycoebi --> [Trojan.Zbot]
    Infected: HKCU\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|Awekhycoebi --> [Trojan.Zbot]
    Infected: C:\Users\Donald\AppData\Roaming\Ozunzahu\toenunb.exe --> [Trojan.Zbot]
    Infected: C:\Users\Donald\AppData\Roaming\Cuidtyo\atykc.exe --> [Trojan.Zbot]
    Infected: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|Koesovydpuseyb --> [Trojan.Zbot]
    Infected: C:\Users\Donald\AppData\Roaming\Xiomosv\owfei.exe --> [Trojan.Zbot]
    Infected: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|Yggaqapomu --> [Trojan.Zbot]
    Infected: C:\Users\Donald\AppData\Roaming\Usgail\dylata.exe --> [Trojan.Zbot]
    Infected: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|Ymogydceqyopife --> [Trojan.Zbot]
    Infected: C:\Users\Donald\AppData\Roaming\Cawaew\zezuopo.exe --> [Trojan.Zbot]
    Infected: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|Pokyryidug --> [Trojan.Zbot]
    Infected: C:\Users\Donald\AppData\Roaming\Rexiynd\haxie.exe --> [Trojan.Zbot]
    Infected: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|Xayrokyhufy --> [Trojan.Zbot]
    Infected: C:\Users\Donald\AppData\Roaming\Heonvo\ynexka.exe --> [Trojan.Zbot]
    Infected: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|Akdyis --> [Trojan.Zbot]
    Infected: C:\Users\Donald\AppData\Roaming\Ugesgaot\byifa.exe --> [Trojan.Zbot]
    Infected: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|Odompiarapamwiy --> [Trojan.Zbot]
    Infected: C:\Users\Donald\AppData\Roaming\Qeixexid\lynyyhe.exe --> [Trojan.Zbot]
    Infected: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|Awisenyx --> [Trojan.Zbot]
    Infected: C:\Users\Donald\AppData\Roaming\Ecdyigy\veemny.exe --> [Trojan.Zbot]
    Infected: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|Uxlokaviwuecif --> [Trojan.Zbot]
    Infected: C:\Users\Donald\AppData\Roaming\Tepopyiz\ysloobn.exe --> [Trojan.Zbot]
    Infected: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|Bufytynoyxu --> [Trojan.Zbot]
    Infected: C:\Users\Donald\AppData\Roaming\Lywozas\acvauta.exe --> [Trojan.Zbot]
    Infected: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|Ybqyifexebxiala --> [Trojan.Zbot]
    Infected: C:\Users\Donald\AppData\Roaming\Kiungu\madoyra.exe --> [Trojan.Zbot]
    Infected: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|Apwoofruaxoxga --> [Trojan.Zbot]
    Infected: C:\Users\Donald\AppData\Roaming\Moehet\letauf.exe --> [Trojan.Zbot]
    Infected: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|Ogwuqiobehesi --> [Trojan.Zbot]
    Infected: C:\Users\Donald\AppData\Roaming\Utweywfo\azivhe.exe --> [Trojan.Zbot]
    Infected: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|Ivetdyte --> [Trojan.Zbot]
    Infected: C:\Users\Donald\AppData\Roaming\Ilinen\coyqexz.exe --> [Trojan.Zbot]
    Infected: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|Upxodatyripeemy --> [Trojan.Zbot]
    Infected: C:\Users\Donald\AppData\Roaming\Xatife\wapyf.exe --> [Trojan.Zbot]
    Infected: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|Unfyonxyoqoc --> [Trojan.Zbot]
    Infected: C:\Users\Donald\AppData\Roaming\Anfoabti\woagat.exe --> [Trojan.Zbot]
    Infected: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|Siwao --> [Trojan.Zbot]
    Infected: C:\Users\Donald\AppData\Roaming\Kuynpil\xycygye.exe --> [Trojan.Zbot]
    Infected: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|Edvihy --> [Trojan.Zbot]
    Infected: C:\Users\Donald\AppData\Roaming\Goykitpo\ynawu.exe --> [Trojan.Zbot]
    Infected: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|Ugozzafaaxehci --> [Trojan.Zbot]
    Infected: C:\Users\Donald\AppData\Roaming\Ciguloki\kyviybp.exe --> [Trojan.Zbot]
    Infected: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|Opakahqyasatxiz --> [Trojan.Zbot]
    Infected: C:\Users\Donald\AppData\Roaming\Samuyfze\adbyqa.exe --> [Trojan.Zbot]
    Infected: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|Enboob --> [Trojan.Zbot]
    Infected: C:\Users\Donald\AppData\Roaming\Huutdep\otrowu.exe --> [Trojan.Zbot]
    Infected: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|Aggepiufico --> [Trojan.Zbot]
    Infected: C:\Users\Donald\AppData\Roaming\Apququaw\kiinu.exe --> [Trojan.Zbot]
    Infected: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|Ravaorand --> [Trojan.Zbot]
    Infected: C:\Users\Donald\AppData\Roaming\Kyugexal\olarev.exe --> [Trojan.Zbot]
    Infected: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|Ybzaynnypyog --> [Trojan.Zbot]
    Infected: C:\Users\Donald\AppData\Roaming\Xitauh\alpuas.exe --> [Trojan.Zbot]
    Infected: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|Miysgeezko --> [Trojan.Zbot]
    Infected: C:\Users\Donald\AppData\Roaming\Epanoqz\ateqsyu.exe --> [Trojan.Zbot]
    Infected: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|Qyyzibsyufdo --> [Trojan.Zbot]
    Infected: C:\Users\Donald\AppData\Roaming\Icqere\xeavy.exe --> [Trojan.Zbot]
    Infected: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|Weytosichu --> [Trojan.Zbot]
    Infected: C:\Users\Donald\AppData\Roaming\Iqpoosu\maigak.exe --> [Trojan.Zbot]
    Infected: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|Poisb --> [Trojan.Zbot]
    Infected: C:\Users\Donald\AppData\Roaming\Ibelpiyb\soyzy.exe --> [Trojan.Zbot]
    Infected: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|Wehuuwtytoagamg --> [Trojan.Zbot]
    Infected: C:\Users\Donald\AppData\Roaming\Ygriig\miarzu.exe --> [Trojan.Zbot]
    Infected: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|Yboqidavehinzi --> [Trojan.Zbot]
    Infected: C:\Users\Donald\AppData\Roaming\Miebzuve\yzykyru.exe --> [Trojan.Zbot]
    Infected: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|Arapumiwom --> [Trojan.Zbot]
    Infected: C:\Users\Donald\AppData\Roaming\Ywiqonn\muykgi.exe --> [Trojan.Zbot]
    Infected: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|Noihakwaydwioz --> [Trojan.Zbot]
    Infected: C:\Users\Donald\AppData\Roaming\Qyfauk\ocehigr.exe --> [Trojan.Zbot]
    Infected: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|Weiqzev --> [Trojan.Zbot]
    Infected: C:\Users\Donald\AppData\Roaming\Uknoqueh\ekgup.exe --> [Trojan.Zbot]
    Infected: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|Odinobef --> [Trojan.Zbot]
    Infected: C:\Users\Donald\AppData\Roaming\Ilegecif\ibebo.exe --> [Trojan.Zbot]
    Infected: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|Ezupavivmeyd --> [Trojan.Zbot]
    Infected: C:\Users\Donald\AppData\Roaming\Ubihdof\idnio.exe --> [Trojan.Zbot]
    Infected: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|Goyvsuo --> [Trojan.Zbot]
    Infected: C:\Users\Donald\AppData\Roaming\Ekohboex\isfay.exe --> [Trojan.Zbot]
    Infected: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|Lamyulossufya --> [Trojan.Zbot]
    Infected: C:\Users\Donald\AppData\Roaming\Ebrusy\alroib.exe --> [Trojan.Zbot]
    Infected: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|Uxqiycemqeypid --> [Trojan.Zbot]
    Infected: C:\Users\Donald\AppData\Roaming\Ykmeog\yhoko.exe --> [Trojan.Zbot]
    Infected: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|Moatekoxida --> [Trojan.Zbot]
    Infected: C:\Users\Donald\AppData\Roaming\Ugrimi\hikeil.exe --> [Trojan.Zbot]
    Infected: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|Uknoepweumsoixe --> [Trojan.Zbot]
    Infected: C:\Users\Donald\AppData\Roaming\Mytiar\kaoxy.exe --> [Trojan.Zbot]
    Infected: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|Emliovikfydaqu --> [Trojan.Zbot]
    Infected: C:\Users\Donald\AppData\Roaming\Evcyin\azefrit.exe --> [Trojan.Zbot]
    Infected: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|Rihilytu --> [Trojan.Zbot]
    Infected: C:\Users\Donald\AppData\Roaming\Ivizcy\angii.exe --> [Trojan.Zbot]
    Infected: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|Pointyfaapcod --> [Trojan.Zbot]
    Infected: C:\Users\Donald\AppData\Roaming\Maagix\qeawmae.exe --> [Trojan.Zbot]
    Infected: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|Huinfeehd --> [Trojan.Zbot]
    Infected: C:\Users\Donald\AppData\Roaming\Gugaaxy\wiywh.exe --> [Trojan.Zbot]
    Infected: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|Zanuymm --> [Trojan.Zbot]
    Infected: C:\Users\Donald\AppData\Roaming\Riapoc\ofhunu.exe --> [Trojan.Zbot]
    Infected: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|Albotyvuazs --> [Trojan.Zbot]
    Infected: C:\Users\Donald\AppData\Roaming\Pyyfycih\ysxoylu.exe --> [Trojan.Zbot]
    Infected: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|Pocai --> [Trojan.Zbot]
    Infected: C:\Users\Donald\AppData\Roaming\Sisoesri\ofimas.exe --> [Trojan.Zbot]
    Infected: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|Veudewihgi --> [Trojan.Zbot]
    Infected: C:\Users\Donald\AppData\Roaming\Rameawo\yfiqeno.exe --> [Trojan.Zbot]
    Infected: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|Egwyobo --> [Trojan.Zbot]
    Infected: C:\Users\Donald\AppData\Roaming\Dearek\ciamob.exe --> [Trojan.Zbot]
    Infected: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|Hikoodo --> [Trojan.Zbot]
    Infected: C:\Users\Donald\AppData\Roaming\Ratepu\noodky.exe --> [Trojan.Zbot]
    Infected: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|Zumimasugyhu --> [Trojan.Zbot]
    Infected: C:\Users\Donald\AppData\Roaming\Seidfi\mihud.exe --> [Trojan.Zbot]
    Infected: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|Emdaesxeetwiar --> [Trojan.Zbot]
    Infected: C:\Users\Donald\AppData\Roaming\Ysapyb\lugypi.exe --> [Trojan.Zbot]
    Infected: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|Etenybavveab --> [Trojan.Zbot]
    Infected: C:\Users\Donald\AppData\Roaming\Medeema\xyyzka.exe --> [Trojan.Zbot]
    Infected: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|Nimeweryf --> [Trojan.Zbot]
    Infected: C:\Users\Donald\AppData\Roaming\Upzasi\uxryivo.exe --> [Trojan.Zbot]
    Infected: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|Mucyync --> [Trojan.Zbot]
    Infected: C:\Users\Donald\AppData\Roaming\Quqeyko\ygebiqt.exe --> [Trojan.Zbot]
    Infected: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|Woemamb --> [Trojan.Zbot]
    Infected: C:\Users\Donald\AppData\Roaming\Oqotdo\yzqucog.exe --> [Trojan.Zbot]
    Infected: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|Maohl --> [Trojan.Zbot]
    Infected: C:\Users\Donald\AppData\Roaming\Tiefup\zudyzuk.exe --> [Trojan.Zbot]
    Infected: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|Gyaqhyhib --> [Trojan.Zbot]
    Infected: C:\Users\Donald\AppData\Roaming\Uslyite\ezyxuv.exe --> [Trojan.Zbot]
    Infected: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|Dutopuquegnor --> [Trojan.Zbot]
    Infected: C:\Users\Donald\AppData\Roaming\Huilyso\anmooc.exe --> [Trojan.Zbot]
    Infected: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|Peixdearit --> [Trojan.Zbot]
    Read File: File "c:\programdata\avg2014\chjw\16ae6026ae5ffc9d.dat:9868ca32-c216-4459-92ab-0c6b1cb48070" is sparse (flags = 32768)
    Infected: C:\Users\Donald\AppData\Roaming\verison.dll --> [Trojan.Agent.ED]
    Infected: C:\Users\Donald\AppData\Local\Temp\A728.tmp.exe --> [Trojan.Inject.ED]
    Infected: C:\Users\Donald\AppData\Local\Temp\Java_Update_3e41d74e.exe --> [Trojan.Inject]
    Infected: C:\Users\Donald\AppData\Local\Temp\94C0.tmp.exe --> [Trojan.Zbot]
    Infected: C:\Users\Donald\AppData\Local\Temp\Low\rad267AF.tmp.exe --> [Trojan.Zbot]
    Read File: File "c:\windows\system32\config\systemprofile\appdata\local\avg2014\log\avg-64df0d54-75fd-4e4d-bff6-1f4a0acaad10.tmp" is compressed (flags = 1)
    Read File: File "c:\windows\system32\config\systemprofile\appdata\local\avg2014\log\avg-71af2e26-cf87-4275-a910-912dc1018006.tmp" is compressed (flags = 1)
    Read File: File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2014\log\avgcore.log.6" is compressed (flags = 1)
    Scan finished
    Creating System Restore point...
    Cleaning up...
    Removal scheduling successful. System shutdown needed.
    System shutdown occurred
    =======================================


    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.07.0.1008

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.1.7601 Windows 7 Service Pack 1 x64

    Account is Administrative

    Internet Explorer version: 9.0.8112.16421

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED
    CPU speed: 2.100000 GHz
    Memory total: 4024811520, free: 2724802560

    =======================================
    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.07.0.1008

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.1.7601 Windows 7 Service Pack 1 x64

    Account is Administrative

    Internet Explorer version: 9.0.8112.16421

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED
    CPU speed: 2.100000 GHz
    Memory total: 4024811520, free: 2520268800

    =======================================
    Initializing...
    ------------ Kernel report ------------
    01/10/2014 11:30:49
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntoskrnl.exe
    \SystemRoot\system32\hal.dll
    \SystemRoot\system32\kdcom.dll
    \SystemRoot\system32\mcupdate_AuthenticAMD.dll
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\CLFS.SYS
    \SystemRoot\system32\CI.dll
    \SystemRoot\system32\drivers\CLASSPNP.SYS
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\system32\drivers\ACPI.sys
    \SystemRoot\system32\drivers\WMILIB.SYS
    \SystemRoot\system32\drivers\msisadrv.sys
    \SystemRoot\system32\drivers\pci.sys
    \SystemRoot\system32\drivers\vdrvroot.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\system32\DRIVERS\compbatt.sys
    \SystemRoot\system32\DRIVERS\BATTC.SYS
    \SystemRoot\system32\drivers\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\system32\drivers\atapi.sys
    \SystemRoot\system32\drivers\ataport.SYS
    \SystemRoot\system32\drivers\msahci.sys
    \SystemRoot\system32\drivers\PCIIDEX.SYS
    \SystemRoot\system32\drivers\amdxata.sys
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\system32\drivers\fileinfo.sys
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\System32\Drivers\msrpc.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\System32\Drivers\cng.sys
    \SystemRoot\System32\drivers\pcw.sys
    \SystemRoot\System32\Drivers\Fs_Rec.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\Drivers\ksecpkg.sys
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\system32\drivers\volsnap.sys
    \SystemRoot\System32\Drivers\spldr.sys
    \SystemRoot\System32\drivers\rdyboost.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\System32\drivers\hwpolicy.sys
    \SystemRoot\System32\DRIVERS\fvevol.sys
    \SystemRoot\system32\DRIVERS\disk.sys
    \SystemRoot\system32\DRIVERS\avgrkx64.sys
    \SystemRoot\system32\DRIVERS\avgloga.sys
    \SystemRoot\system32\DRIVERS\avgmfx64.sys
    \SystemRoot\system32\DRIVERS\avgidsha.sys
    \SystemRoot\system32\DRIVERS\AtiPcie.sys
    \SystemRoot\system32\drivers\cdrom.sys
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\drivers\VIDEOPRT.SYS
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\system32\drivers\rdpencdd.sys
    \SystemRoot\system32\drivers\rdprefmp.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\system32\drivers\hlnfd.sys
    \SystemRoot\system32\DRIVERS\avgtdia.sys
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\drivers\afd.sys
    \SystemRoot\system32\drivers\ws2ifsl.sys
    \SystemRoot\system32\DRIVERS\wfplwf.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\vwififlt.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\drivers\termdd.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \SystemRoot\system32\drivers\mssmbios.sys
    \SystemRoot\System32\drivers\discache.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\system32\DRIVERS\blbdrive.sys
    \SystemRoot\system32\DRIVERS\avgldx64.sys
    \SystemRoot\system32\DRIVERS\avgidsdrivera.sys
    \SystemRoot\system32\DRIVERS\avgdiska.sys
    \SystemRoot\system32\DRIVERS\tunnel.sys
    \SystemRoot\system32\DRIVERS\amdppm.sys
    \SystemRoot\system32\drivers\wmiacpi.sys
    \SystemRoot\system32\DRIVERS\atikmdag.sys
    \SystemRoot\System32\drivers\dxgkrnl.sys
    \SystemRoot\System32\drivers\dxgmms1.sys
    \SystemRoot\system32\drivers\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\k57nd60a.sys
    \SystemRoot\system32\DRIVERS\athrx.sys
    \SystemRoot\system32\DRIVERS\vwifibus.sys
    \??\C:\Windows\system32\drivers\UBHelper.sys
    \??\C:\Windows\system32\drivers\NTIDrvr.sys
    \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    \SystemRoot\system32\DRIVERS\usbohci.sys
    \SystemRoot\system32\DRIVERS\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\usbfilter.sys
    \SystemRoot\system32\DRIVERS\usbehci.sys
    \SystemRoot\system32\DRIVERS\CmBatt.sys
    \SystemRoot\system32\drivers\i8042prt.sys
    \SystemRoot\SysWOW64\Drivers\DKbFltr.sys
    \SystemRoot\system32\drivers\kbdclass.sys
    \SystemRoot\system32\DRIVERS\SynTP.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\system32\drivers\mouclass.sys
    \SystemRoot\system32\drivers\CompositeBus.sys
    \SystemRoot\system32\DRIVERS\AgileVpn.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\rassstp.sys
    \SystemRoot\system32\drivers\swenum.sys
    \SystemRoot\system32\drivers\ks.sys
    \SystemRoot\system32\drivers\umbus.sys
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\drivers\AtiHdmi.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\drivers\ksthunk.sys
    \SystemRoot\system32\drivers\CHDRT64.sys
    \SystemRoot\system32\DRIVERS\CAXHWAZL.sys
    \SystemRoot\system32\DRIVERS\CAX_DPV.sys
    \SystemRoot\system32\DRIVERS\CAX_CNXT.sys
    \SystemRoot\system32\drivers\modem.sys
    \SystemRoot\system32\drivers\hidusb.sys
    \SystemRoot\system32\drivers\HIDCLASS.SYS
    \SystemRoot\system32\drivers\HIDPARSE.SYS
    \SystemRoot\system32\DRIVERS\mouhid.sys
    \SystemRoot\system32\DRIVERS\usbccgp.sys
    \SystemRoot\System32\Drivers\usbvideo.sys
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\System32\Drivers\dump_dumpata.sys
    \SystemRoot\System32\Drivers\dump_msahci.sys
    \SystemRoot\System32\Drivers\dump_dumpfve.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\system32\DRIVERS\monitor.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\System32\cdd.dll
    \SystemRoot\system32\drivers\luafv.sys
    \SystemRoot\system32\drivers\WudfPf.sys
    \SystemRoot\system32\DRIVERS\lltdio.sys
    \SystemRoot\system32\DRIVERS\nwifi.sys
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\DRIVERS\rspndr.sys
    \SystemRoot\system32\drivers\HTTP.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\System32\drivers\mpsdrv.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \SystemRoot\system32\DRIVERS\mdmxsdk.sys
    \SystemRoot\system32\drivers\peauth.sys
    \SystemRoot\System32\Drivers\secdrv.SYS
    \SystemRoot\System32\DRIVERS\srvnet.sys
    \SystemRoot\System32\drivers\tcpipreg.sys
    \SystemRoot\system32\DRIVERS\XAudio64.sys
    \SystemRoot\System32\DRIVERS\srv2.sys
    \SystemRoot\System32\DRIVERS\srv.sys
    \SystemRoot\System32\drivers\ipnat.sys
    \SystemRoot\system32\drivers\spsys.sys
    \??\C:\Windows\system32\drivers\mbamchameleon.sys
    \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
    \Windows\System32\ntdll.dll
    \Windows\System32\smss.exe
    \Windows\System32\apisetschema.dll
    ----------- End -----------
    Done!
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xfffffa8004aa1060
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
    Lower Device Object: 0xfffffa80049fb060
    Lower Device Driver Name: \Driver\atapi\
    <<<2>>>
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xfffffa8004aa1060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa8004aa1b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa8004aa1060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa80049fb060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Done!
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 20BC20BC

    Partition information:

    Partition 0 type is Other (0x27)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048 Numsec = 24576000

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 24578048 Numsec = 204800
    Partition is not bootable

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 24782848 Numsec = 600357552

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 320072933376 bytes
    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 0 (1-2047-625122448-625142448)...
    Done!
    Read File: File "c:\programdata\avg2014\chjw\16ae6026ae5ffc9d.dat:94492e78-4b77-4718-ac41-0021dc36dc06" is sparse (flags = 32768)
    Scan finished
    =======================================


    Removal queue found; removal started
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_1_24578048_i.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
    Removal finished
    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.07.0.1008

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.1.7601 Windows 7 Service Pack 1 x64

    Account is Administrative

    Internet Explorer version: 9.0.8112.16421

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED
    CPU speed: 2.100000 GHz
    Memory total: 4024811520, free: 2311720960

    Downloaded database version: v2014.01.24.04
    =======================================
    Initializing...
    ------------ Kernel report ------------
    01/24/2014 08:42:29
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntoskrnl.exe
    \SystemRoot\system32\hal.dll
    \SystemRoot\system32\kdcom.dll
    \SystemRoot\system32\mcupdate_AuthenticAMD.dll
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\CLFS.SYS
    \SystemRoot\system32\CI.dll
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\system32\drivers\ACPI.sys
    \SystemRoot\system32\drivers\WMILIB.SYS
    \SystemRoot\system32\drivers\msisadrv.sys
    \SystemRoot\system32\drivers\pci.sys
    \SystemRoot\system32\drivers\vdrvroot.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\system32\DRIVERS\compbatt.sys
    \SystemRoot\system32\DRIVERS\BATTC.SYS
    \SystemRoot\system32\drivers\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\system32\drivers\atapi.sys
    \SystemRoot\system32\drivers\ataport.SYS
    \SystemRoot\system32\drivers\msahci.sys
    \SystemRoot\system32\drivers\PCIIDEX.SYS
    \SystemRoot\system32\drivers\amdxata.sys
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\system32\drivers\fileinfo.sys
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\System32\Drivers\msrpc.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\System32\Drivers\cng.sys
    \SystemRoot\System32\drivers\pcw.sys
    \SystemRoot\System32\Drivers\Fs_Rec.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\Drivers\ksecpkg.sys
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\system32\drivers\volsnap.sys
    \SystemRoot\System32\Drivers\spldr.sys
    \SystemRoot\System32\drivers\rdyboost.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\System32\drivers\hwpolicy.sys
    \SystemRoot\System32\DRIVERS\fvevol.sys
    \SystemRoot\system32\DRIVERS\disk.sys
    \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    \SystemRoot\system32\DRIVERS\avgrkx64.sys
    \SystemRoot\system32\DRIVERS\avgloga.sys
    \SystemRoot\system32\DRIVERS\avgmfx64.sys
    \SystemRoot\system32\DRIVERS\avgidsha.sys
    \SystemRoot\system32\DRIVERS\AtiPcie.sys
    \SystemRoot\system32\drivers\cdrom.sys
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\drivers\VIDEOPRT.SYS
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\system32\drivers\rdpencdd.sys
    \SystemRoot\system32\drivers\rdprefmp.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\system32\drivers\hlnfd.sys
    \SystemRoot\system32\DRIVERS\avgtdia.sys
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\drivers\afd.sys
    \SystemRoot\system32\drivers\ws2ifsl.sys
    \SystemRoot\system32\DRIVERS\wfplwf.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\vwififlt.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\drivers\termdd.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \SystemRoot\system32\drivers\mssmbios.sys
    \SystemRoot\System32\drivers\discache.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\system32\DRIVERS\blbdrive.sys
    \SystemRoot\system32\DRIVERS\avgldx64.sys
    \SystemRoot\system32\DRIVERS\avgidsdrivera.sys
    \SystemRoot\system32\DRIVERS\avgdiska.sys
    \SystemRoot\system32\DRIVERS\tunnel.sys
    \SystemRoot\system32\DRIVERS\amdppm.sys
    \SystemRoot\system32\drivers\wmiacpi.sys
    \SystemRoot\system32\DRIVERS\atikmdag.sys
    \SystemRoot\System32\drivers\dxgkrnl.sys
    \SystemRoot\System32\drivers\dxgmms1.sys
    \SystemRoot\system32\drivers\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\k57nd60a.sys
    \SystemRoot\system32\DRIVERS\athrx.sys
    \SystemRoot\system32\DRIVERS\vwifibus.sys
    \??\C:\Windows\system32\drivers\UBHelper.sys
    \??\C:\Windows\system32\drivers\NTIDrvr.sys
    \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    \SystemRoot\system32\DRIVERS\usbohci.sys
    \SystemRoot\system32\DRIVERS\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\usbfilter.sys
    \SystemRoot\system32\DRIVERS\usbehci.sys
    \SystemRoot\system32\DRIVERS\CmBatt.sys
    \SystemRoot\system32\drivers\i8042prt.sys
    \SystemRoot\SysWOW64\Drivers\DKbFltr.sys
    \SystemRoot\system32\drivers\kbdclass.sys
    \SystemRoot\system32\DRIVERS\SynTP.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\system32\drivers\mouclass.sys
    \SystemRoot\system32\drivers\CompositeBus.sys
    \SystemRoot\system32\DRIVERS\AgileVpn.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\rassstp.sys
    \SystemRoot\system32\drivers\swenum.sys
    \SystemRoot\system32\drivers\ks.sys
    \SystemRoot\system32\drivers\umbus.sys
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\drivers\AtiHdmi.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\drivers\ksthunk.sys
    \SystemRoot\system32\drivers\CHDRT64.sys
    \SystemRoot\system32\DRIVERS\CAXHWAZL.sys
    \SystemRoot\system32\DRIVERS\CAX_DPV.sys
    \SystemRoot\system32\DRIVERS\CAX_CNXT.sys
    \SystemRoot\system32\drivers\modem.sys
    \SystemRoot\system32\DRIVERS\usbccgp.sys
    \SystemRoot\System32\Drivers\usbvideo.sys
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\System32\Drivers\dump_dumpata.sys
    \SystemRoot\System32\Drivers\dump_msahci.sys
    \SystemRoot\System32\Drivers\dump_dumpfve.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\system32\DRIVERS\monitor.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\System32\cdd.dll
    \SystemRoot\system32\drivers\luafv.sys
    \SystemRoot\system32\drivers\WudfPf.sys
    \SystemRoot\system32\DRIVERS\lltdio.sys
    \SystemRoot\system32\DRIVERS\nwifi.sys
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\DRIVERS\rspndr.sys
    \SystemRoot\system32\drivers\HTTP.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\System32\drivers\mpsdrv.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \SystemRoot\system32\DRIVERS\mdmxsdk.sys
    \SystemRoot\system32\drivers\peauth.sys
    \SystemRoot\System32\Drivers\secdrv.SYS
    \SystemRoot\System32\DRIVERS\srvnet.sys
    \SystemRoot\System32\drivers\tcpipreg.sys
    \SystemRoot\system32\DRIVERS\XAudio64.sys
    \SystemRoot\System32\DRIVERS\srv2.sys
    \SystemRoot\System32\DRIVERS\srv.sys
    \SystemRoot\System32\drivers\ipnat.sys
    \SystemRoot\system32\drivers\hidusb.sys
    \SystemRoot\system32\drivers\HIDCLASS.SYS
    \SystemRoot\system32\drivers\HIDPARSE.SYS
    \SystemRoot\system32\DRIVERS\mouhid.sys
    \??\C:\Windows\system32\drivers\mbamchameleon.sys
    \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
    \Windows\System32\ntdll.dll
    \Windows\System32\smss.exe
    \Windows\System32\apisetschema.dll
    ----------- End -----------
    Done!
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xfffffa8004aa1530
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
    Lower Device Object: 0xfffffa8004987060
    Lower Device Driver Name: \Driver\atapi\
    <<<2>>>
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xfffffa8004aa1530, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa8004aa2040, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa8004aa1530, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa8004987060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Done!
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 20BC20BC

    Partition information:

    Partition 0 type is Other (0x27)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048 Numsec = 24576000

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 24578048 Numsec = 204800
    Partition is not bootable

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 24782848 Numsec = 600357552

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 320072933376 bytes
    Sector size: 512 bytes

    Done!
    Read File: File "c:\programdata\avg2014\chjw\16ae6026ae5ffc9d.dat:f5ca573d-ae37-4740-99c6-ce7ce923a12d" is sparse (flags = 32768)
    Read File: File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2014\log\avgcore.log.1" is compressed (flags = 1)
    File C:\Windows\System32\drivers\hlnfd.sys will be destroyed
    Infected: C:\Windows\System32\drivers\hlnfd.sys --> [PUP.Optional.Highlightly]
    Scan finished
    Creating System Restore point...
    Cleaning up...
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Removal scheduling successful. System shutdown needed.
    System shutdown occurred
    =======================================




    Thanks again
    dutch
     
  9. 2014/01/24
    dutch

    dutch Well-Known Member Thread Starter

    Joined:
    2002/02/19
    Messages:
    117
    Likes Received:
    1
    End of System Log:

    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.07.0.1008

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.1.7601 Windows 7 Service Pack 1 x64

    Account is Administrative

    Internet Explorer version: 9.0.8112.16421

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED
    CPU speed: 2.100000 GHz
    Memory total: 4024811520, free: 2890059776

    =======================================
    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.07.0.1008

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.1.7601 Windows 7 Service Pack 1 x64

    Account is Administrative

    Internet Explorer version: 9.0.8112.16421

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED
    CPU speed: 2.100000 GHz
    Memory total: 4024811520, free: 2280980480

    Downloaded database version: v2014.01.24.05
    =======================================
    Initializing...
    ------------ Kernel report ------------
    01/24/2014 11:31:48
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntoskrnl.exe
    \SystemRoot\system32\hal.dll
    \SystemRoot\system32\kdcom.dll
    \SystemRoot\system32\mcupdate_AuthenticAMD.dll
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\CLFS.SYS
    \SystemRoot\system32\CI.dll
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\system32\drivers\ACPI.sys
    \SystemRoot\system32\drivers\WMILIB.SYS
    \SystemRoot\system32\drivers\msisadrv.sys
    \SystemRoot\system32\drivers\pci.sys
    \SystemRoot\system32\drivers\vdrvroot.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\system32\DRIVERS\compbatt.sys
    \SystemRoot\system32\DRIVERS\BATTC.SYS
    \SystemRoot\system32\drivers\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\system32\drivers\atapi.sys
    \SystemRoot\system32\drivers\ataport.SYS
    \SystemRoot\system32\drivers\msahci.sys
    \SystemRoot\system32\drivers\PCIIDEX.SYS
    \SystemRoot\system32\drivers\amdxata.sys
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\system32\drivers\fileinfo.sys
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\System32\Drivers\msrpc.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\System32\Drivers\cng.sys
    \SystemRoot\System32\drivers\pcw.sys
    \SystemRoot\System32\Drivers\Fs_Rec.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\Drivers\ksecpkg.sys
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\system32\drivers\volsnap.sys
    \SystemRoot\System32\Drivers\spldr.sys
    \SystemRoot\System32\drivers\rdyboost.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\System32\drivers\hwpolicy.sys
    \SystemRoot\System32\DRIVERS\fvevol.sys
    \SystemRoot\system32\DRIVERS\disk.sys
    \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    \SystemRoot\system32\DRIVERS\avgrkx64.sys
    \SystemRoot\system32\DRIVERS\avgloga.sys
    \SystemRoot\system32\DRIVERS\avgmfx64.sys
    \SystemRoot\system32\DRIVERS\avgidsha.sys
    \SystemRoot\system32\DRIVERS\AtiPcie.sys
    \SystemRoot\system32\drivers\cdrom.sys
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\drivers\VIDEOPRT.SYS
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\system32\drivers\rdpencdd.sys
    \SystemRoot\system32\drivers\rdprefmp.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\system32\DRIVERS\avgtdia.sys
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\drivers\afd.sys
    \SystemRoot\system32\drivers\ws2ifsl.sys
    \SystemRoot\system32\DRIVERS\wfplwf.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\vwififlt.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\drivers\termdd.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \SystemRoot\system32\drivers\mssmbios.sys
    \SystemRoot\System32\drivers\discache.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\system32\DRIVERS\blbdrive.sys
    \SystemRoot\system32\DRIVERS\avgldx64.sys
    \SystemRoot\system32\DRIVERS\avgidsdrivera.sys
    \SystemRoot\system32\DRIVERS\avgdiska.sys
    \SystemRoot\system32\DRIVERS\tunnel.sys
    \SystemRoot\system32\DRIVERS\amdppm.sys
    \SystemRoot\system32\drivers\wmiacpi.sys
    \SystemRoot\system32\DRIVERS\atikmdag.sys
    \SystemRoot\System32\drivers\dxgkrnl.sys
    \SystemRoot\System32\drivers\dxgmms1.sys
    \SystemRoot\system32\drivers\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\k57nd60a.sys
    \SystemRoot\system32\DRIVERS\athrx.sys
    \SystemRoot\system32\DRIVERS\vwifibus.sys
    \??\C:\Windows\system32\drivers\UBHelper.sys
    \??\C:\Windows\system32\drivers\NTIDrvr.sys
    \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    \SystemRoot\system32\DRIVERS\usbohci.sys
    \SystemRoot\system32\DRIVERS\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\usbfilter.sys
    \SystemRoot\system32\DRIVERS\usbehci.sys
    \SystemRoot\system32\DRIVERS\CmBatt.sys
    \SystemRoot\system32\drivers\i8042prt.sys
    \SystemRoot\SysWOW64\Drivers\DKbFltr.sys
    \SystemRoot\system32\drivers\kbdclass.sys
    \SystemRoot\system32\DRIVERS\SynTP.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\system32\drivers\mouclass.sys
    \SystemRoot\system32\drivers\CompositeBus.sys
    \SystemRoot\system32\DRIVERS\AgileVpn.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\rassstp.sys
    \SystemRoot\system32\drivers\swenum.sys
    \SystemRoot\system32\drivers\ks.sys
    \SystemRoot\system32\drivers\umbus.sys
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\drivers\AtiHdmi.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\drivers\ksthunk.sys
    \SystemRoot\system32\drivers\CHDRT64.sys
    \SystemRoot\system32\DRIVERS\CAXHWAZL.sys
    \SystemRoot\system32\DRIVERS\CAX_DPV.sys
    \SystemRoot\system32\DRIVERS\CAX_CNXT.sys
    \SystemRoot\system32\drivers\modem.sys
    \SystemRoot\system32\drivers\hidusb.sys
    \SystemRoot\system32\drivers\HIDCLASS.SYS
    \SystemRoot\system32\drivers\HIDPARSE.SYS
    \SystemRoot\system32\DRIVERS\mouhid.sys
    \SystemRoot\system32\DRIVERS\usbccgp.sys
    \SystemRoot\System32\Drivers\usbvideo.sys
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\System32\Drivers\dump_dumpata.sys
    \SystemRoot\System32\Drivers\dump_msahci.sys
    \SystemRoot\System32\Drivers\dump_dumpfve.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\system32\DRIVERS\monitor.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\System32\cdd.dll
    \SystemRoot\system32\drivers\luafv.sys
    \SystemRoot\system32\drivers\WudfPf.sys
    \SystemRoot\system32\DRIVERS\lltdio.sys
    \SystemRoot\system32\DRIVERS\nwifi.sys
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\DRIVERS\rspndr.sys
    \SystemRoot\system32\drivers\HTTP.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\System32\drivers\mpsdrv.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \SystemRoot\system32\DRIVERS\mdmxsdk.sys
    \SystemRoot\system32\drivers\peauth.sys
    \SystemRoot\System32\Drivers\secdrv.SYS
    \SystemRoot\System32\DRIVERS\srvnet.sys
    \SystemRoot\System32\drivers\tcpipreg.sys
    \SystemRoot\system32\DRIVERS\XAudio64.sys
    \SystemRoot\System32\DRIVERS\srv2.sys
    \SystemRoot\System32\DRIVERS\srv.sys
    \SystemRoot\System32\drivers\ipnat.sys
    \SystemRoot\system32\DRIVERS\asyncmac.sys
    \??\C:\Windows\system32\drivers\mbamchameleon.sys
    \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
    \Windows\System32\ntdll.dll
    \Windows\System32\smss.exe
    \Windows\System32\apisetschema.dll
    ----------- End -----------
    Done!
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xfffffa8004a805c0
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
    Lower Device Object: 0xfffffa80049e6060
    Lower Device Driver Name: \Driver\atapi\
    <<<2>>>
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xfffffa8004a805c0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa8004a81040, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa8004a805c0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa80049e6060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Done!
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 20BC20BC

    Partition information:

    Partition 0 type is Other (0x27)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048 Numsec = 24576000

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 24578048 Numsec = 204800
    Partition is not bootable

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 24782848 Numsec = 600357552

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 320072933376 bytes
    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 0 (1-2047-625122448-625142448)...
    Done!
    Read File: File "c:\programdata\avg2014\chjw\16ae6026ae5ffc9d.dat:f5ca573d-ae37-4740-99c6-ce7ce923a12d" is sparse (flags = 32768)
    Scan finished
    =======================================


    Removal queue found; removal started
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_1_24578048_i.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
    Removal finished
    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.07.0.1008

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.1.7601 Windows 7 Service Pack 1 x64

    Account is Administrative

    Internet Explorer version: 9.0.8112.16421

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED
    CPU speed: 2.100000 GHz
    Memory total: 4024811520, free: 2151202816

    Downloaded database version: v2014.01.24.06
    Downloaded database version: v2014.01.24.07
    =======================================
    Initializing...
    ------------ Kernel report ------------
    01/24/2014 16:46:23
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntoskrnl.exe
    \SystemRoot\system32\hal.dll
    \SystemRoot\system32\kdcom.dll
    \SystemRoot\system32\mcupdate_AuthenticAMD.dll
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\CLFS.SYS
    \SystemRoot\system32\CI.dll
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\system32\drivers\ACPI.sys
    \SystemRoot\system32\drivers\WMILIB.SYS
    \SystemRoot\system32\drivers\msisadrv.sys
    \SystemRoot\system32\drivers\pci.sys
    \SystemRoot\system32\drivers\vdrvroot.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\system32\DRIVERS\compbatt.sys
    \SystemRoot\system32\DRIVERS\BATTC.SYS
    \SystemRoot\system32\drivers\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\system32\drivers\atapi.sys
    \SystemRoot\system32\drivers\ataport.SYS
    \SystemRoot\system32\drivers\msahci.sys
    \SystemRoot\system32\drivers\PCIIDEX.SYS
    \SystemRoot\system32\drivers\amdxata.sys
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\system32\drivers\fileinfo.sys
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\System32\Drivers\msrpc.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\System32\Drivers\cng.sys
    \SystemRoot\System32\drivers\pcw.sys
    \SystemRoot\System32\Drivers\Fs_Rec.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\Drivers\ksecpkg.sys
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\system32\drivers\volsnap.sys
    \SystemRoot\System32\Drivers\spldr.sys
    \SystemRoot\System32\drivers\rdyboost.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\System32\drivers\hwpolicy.sys
    \SystemRoot\System32\DRIVERS\fvevol.sys
    \SystemRoot\system32\DRIVERS\disk.sys
    \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    \SystemRoot\system32\DRIVERS\avgrkx64.sys
    \SystemRoot\system32\DRIVERS\avgloga.sys
    \SystemRoot\system32\DRIVERS\avgmfx64.sys
    \SystemRoot\system32\DRIVERS\avgidsha.sys
    \SystemRoot\system32\DRIVERS\AtiPcie.sys
    \SystemRoot\system32\drivers\cdrom.sys
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\drivers\VIDEOPRT.SYS
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\system32\drivers\rdpencdd.sys
    \SystemRoot\system32\drivers\rdprefmp.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\system32\DRIVERS\avgtdia.sys
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\drivers\afd.sys
    \SystemRoot\system32\drivers\ws2ifsl.sys
    \SystemRoot\system32\DRIVERS\wfplwf.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\vwififlt.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\drivers\termdd.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \SystemRoot\system32\drivers\mssmbios.sys
    \SystemRoot\System32\drivers\discache.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\system32\DRIVERS\blbdrive.sys
    \SystemRoot\system32\DRIVERS\avgldx64.sys
    \SystemRoot\system32\DRIVERS\avgidsdrivera.sys
    \SystemRoot\system32\DRIVERS\avgdiska.sys
    \SystemRoot\system32\DRIVERS\tunnel.sys
    \SystemRoot\system32\DRIVERS\amdppm.sys
    \SystemRoot\system32\drivers\wmiacpi.sys
    \SystemRoot\system32\DRIVERS\atikmdag.sys
    \SystemRoot\System32\drivers\dxgkrnl.sys
    \SystemRoot\System32\drivers\dxgmms1.sys
    \SystemRoot\system32\drivers\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\k57nd60a.sys
    \SystemRoot\system32\DRIVERS\athrx.sys
    \SystemRoot\system32\DRIVERS\vwifibus.sys
    \??\C:\Windows\system32\drivers\UBHelper.sys
    \??\C:\Windows\system32\drivers\NTIDrvr.sys
    \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    \SystemRoot\system32\DRIVERS\usbohci.sys
    \SystemRoot\system32\DRIVERS\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\usbfilter.sys
    \SystemRoot\system32\DRIVERS\usbehci.sys
    \SystemRoot\system32\DRIVERS\CmBatt.sys
    \SystemRoot\system32\drivers\i8042prt.sys
    \SystemRoot\SysWOW64\Drivers\DKbFltr.sys
    \SystemRoot\system32\drivers\kbdclass.sys
    \SystemRoot\system32\DRIVERS\SynTP.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\system32\drivers\mouclass.sys
    \SystemRoot\system32\drivers\CompositeBus.sys
    \SystemRoot\system32\DRIVERS\AgileVpn.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\rassstp.sys
    \SystemRoot\system32\drivers\swenum.sys
    \SystemRoot\system32\drivers\ks.sys
    \SystemRoot\system32\drivers\umbus.sys
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\drivers\AtiHdmi.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\drivers\ksthunk.sys
    \SystemRoot\system32\drivers\CHDRT64.sys
    \SystemRoot\system32\DRIVERS\CAXHWAZL.sys
    \SystemRoot\system32\DRIVERS\CAX_DPV.sys
    \SystemRoot\system32\DRIVERS\CAX_CNXT.sys
    \SystemRoot\system32\drivers\modem.sys
    \SystemRoot\system32\drivers\hidusb.sys
    \SystemRoot\system32\drivers\HIDCLASS.SYS
    \SystemRoot\system32\drivers\HIDPARSE.SYS
    \SystemRoot\system32\DRIVERS\mouhid.sys
    \SystemRoot\system32\DRIVERS\usbccgp.sys
    \SystemRoot\System32\Drivers\usbvideo.sys
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\System32\Drivers\dump_dumpata.sys
    \SystemRoot\System32\Drivers\dump_msahci.sys
    \SystemRoot\System32\Drivers\dump_dumpfve.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\system32\DRIVERS\monitor.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\System32\cdd.dll
    \SystemRoot\system32\drivers\luafv.sys
    \SystemRoot\system32\drivers\WudfPf.sys
    \SystemRoot\system32\DRIVERS\lltdio.sys
    \SystemRoot\system32\DRIVERS\nwifi.sys
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\DRIVERS\rspndr.sys
    \SystemRoot\system32\drivers\HTTP.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\System32\drivers\mpsdrv.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \SystemRoot\system32\DRIVERS\mdmxsdk.sys
    \SystemRoot\system32\drivers\peauth.sys
    \SystemRoot\System32\Drivers\secdrv.SYS
    \SystemRoot\System32\DRIVERS\srvnet.sys
    \SystemRoot\System32\drivers\tcpipreg.sys
    \SystemRoot\system32\DRIVERS\XAudio64.sys
    \SystemRoot\System32\DRIVERS\srv2.sys
    \SystemRoot\System32\DRIVERS\srv.sys
    \SystemRoot\System32\drivers\ipnat.sys
    \??\C:\Windows\system32\drivers\mbamchameleon.sys
    \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
    \Windows\System32\ntdll.dll
    \Windows\System32\smss.exe
    \Windows\System32\apisetschema.dll
    ----------- End -----------
    Done!
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xfffffa8004a9f060
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
    Lower Device Object: 0xfffffa80049fd060
    Lower Device Driver Name: \Driver\atapi\
    <<<2>>>
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xfffffa8004a9f060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa8004a9e470, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa8004a9f060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa80049fd060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Done!
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 20BC20BC

    Partition information:

    Partition 0 type is Other (0x27)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048 Numsec = 24576000

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 24578048 Numsec = 204800
    Partition is not bootable

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 24782848 Numsec = 600357552

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 320072933376 bytes
    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 0 (1-2047-625122448-625142448)...
    Done!
    Infected: C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta7395\ie\VideoPlayerV3beta7395.dll --> [Adware.BetterSurf]
    Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{ad30d684-85fe-4937-94ee-a97d84f101af} --> [Adware.BetterSurf]
    Infected: HKLM\SOFTWARE\CLASSES\TYPELIB\{e7b00367-b313-4a3d-a24c-84e7ae2ac783} --> [Adware.BetterSurf]
    Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{6BCB2D08-0383-4549-9D1B-CCFE6569DD28} --> [Adware.BetterSurf]
    Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{6BCB2D08-0383-4549-9D1B-CCFE6569DD28} --> [Adware.BetterSurf]
    Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{e7b00367-b313-4a3d-a24c-84e7ae2ac783} --> [Adware.BetterSurf]
    Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{AD30D684-85FE-4937-94EE-A97D84F101AF} --> [Adware.BetterSurf]
    Infected: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{AD30D684-85FE-4937-94EE-A97D84F101AF} --> [Adware.BetterSurf]
    Infected: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{AD30D684-85FE-4937-94EE-A97D84F101AF} --> [Adware.BetterSurf]
    Infected: C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta7395\ie\VideoPlayerV3beta7395.dll --> [Adware.BetterSurf]
    Read File: File "c:\programdata\avg2014\chjw\16ae6026ae5ffc9d.dat:f5ca573d-ae37-4740-99c6-ce7ce923a12d" is sparse (flags = 32768)
    Read File: File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2014\log\avgcore.log.1" is compressed (flags = 1)
    Scan finished
    Creating System Restore point...
    Cleaning up...
    Removal scheduling successful. System shutdown needed.
    System shutdown occurred
    =======================================


    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.07.0.1008

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.1.7601 Windows 7 Service Pack 1 x64

    Account is Administrative

    Internet Explorer version: 9.0.8112.16421

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED
    CPU speed: 2.100000 GHz
    Memory total: 4024811520, free: 2450161664

    =======================================
    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.07.0.1009

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.1.7601 Windows 7 Service Pack 1 x64

    Account is Administrative

    Internet Explorer version: 9.0.8112.16421

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED
    CPU speed: 2.100000 GHz
    Memory total: 4024811520, free: 2350948352

    Downloaded database version: v2014.01.25.03
    Downloaded database version: v2013.12.18.01
    =======================================
    Initializing...
    ------------ Kernel report ------------
    01/24/2014 22:13:35
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntoskrnl.exe
    \SystemRoot\system32\hal.dll
    \SystemRoot\system32\kdcom.dll
    \SystemRoot\system32\mcupdate_AuthenticAMD.dll
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\CLFS.SYS
    \SystemRoot\system32\CI.dll
    \SystemRoot\system32\drivers\CLASSPNP.SYS
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\system32\drivers\ACPI.sys
    \SystemRoot\system32\drivers\WMILIB.SYS
    \SystemRoot\system32\drivers\msisadrv.sys
    \SystemRoot\system32\drivers\pci.sys
    \SystemRoot\system32\drivers\vdrvroot.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\system32\DRIVERS\compbatt.sys
    \SystemRoot\system32\DRIVERS\BATTC.SYS
    \SystemRoot\system32\drivers\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\system32\drivers\atapi.sys
    \SystemRoot\system32\drivers\ataport.SYS
    \SystemRoot\system32\drivers\msahci.sys
    \SystemRoot\system32\drivers\PCIIDEX.SYS
    \SystemRoot\system32\drivers\amdxata.sys
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\system32\drivers\fileinfo.sys
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\System32\Drivers\msrpc.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\System32\Drivers\cng.sys
    \SystemRoot\System32\drivers\pcw.sys
    \SystemRoot\System32\Drivers\Fs_Rec.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\Drivers\ksecpkg.sys
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\system32\drivers\volsnap.sys
    \SystemRoot\System32\Drivers\spldr.sys
    \SystemRoot\System32\drivers\rdyboost.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\System32\drivers\hwpolicy.sys
    \SystemRoot\System32\DRIVERS\fvevol.sys
    \SystemRoot\system32\DRIVERS\disk.sys
    \SystemRoot\system32\DRIVERS\avgrkx64.sys
    \SystemRoot\system32\DRIVERS\avgloga.sys
    \SystemRoot\system32\DRIVERS\avgmfx64.sys
    \SystemRoot\system32\DRIVERS\avgidsha.sys
    \SystemRoot\system32\DRIVERS\AtiPcie.sys
    \SystemRoot\system32\drivers\cdrom.sys
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\drivers\VIDEOPRT.SYS
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\system32\drivers\rdpencdd.sys
    \SystemRoot\system32\drivers\rdprefmp.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\system32\DRIVERS\avgtdia.sys
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\drivers\afd.sys
    \SystemRoot\system32\drivers\ws2ifsl.sys
    \SystemRoot\system32\DRIVERS\wfplwf.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\vwififlt.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\drivers\termdd.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \SystemRoot\system32\drivers\mssmbios.sys
    \SystemRoot\System32\drivers\discache.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\system32\DRIVERS\blbdrive.sys
    \SystemRoot\system32\DRIVERS\avgldx64.sys
    \SystemRoot\system32\DRIVERS\avgidsdrivera.sys
    \SystemRoot\system32\DRIVERS\avgdiska.sys
    \SystemRoot\system32\DRIVERS\tunnel.sys
    \SystemRoot\system32\DRIVERS\amdppm.sys
    \SystemRoot\system32\drivers\wmiacpi.sys
    \SystemRoot\system32\DRIVERS\atikmdag.sys
    \SystemRoot\System32\drivers\dxgkrnl.sys
    \SystemRoot\System32\drivers\dxgmms1.sys
    \SystemRoot\system32\drivers\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\k57nd60a.sys
    \SystemRoot\system32\DRIVERS\athrx.sys
    \SystemRoot\system32\DRIVERS\vwifibus.sys
    \??\C:\Windows\system32\drivers\UBHelper.sys
    \??\C:\Windows\system32\drivers\NTIDrvr.sys
    \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    \SystemRoot\system32\DRIVERS\usbohci.sys
    \SystemRoot\system32\DRIVERS\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\usbfilter.sys
    \SystemRoot\system32\DRIVERS\usbehci.sys
    \SystemRoot\system32\DRIVERS\CmBatt.sys
    \SystemRoot\system32\drivers\i8042prt.sys
    \SystemRoot\SysWOW64\Drivers\DKbFltr.sys
    \SystemRoot\system32\drivers\kbdclass.sys
    \SystemRoot\system32\DRIVERS\SynTP.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\system32\drivers\mouclass.sys
    \SystemRoot\system32\drivers\CompositeBus.sys
    \SystemRoot\system32\DRIVERS\AgileVpn.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\rassstp.sys
    \SystemRoot\system32\drivers\swenum.sys
    \SystemRoot\system32\drivers\ks.sys
    \SystemRoot\system32\drivers\umbus.sys
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\drivers\AtiHdmi.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\drivers\ksthunk.sys
    \SystemRoot\system32\drivers\CHDRT64.sys
    \SystemRoot\system32\DRIVERS\CAXHWAZL.sys
    \SystemRoot\system32\DRIVERS\CAX_DPV.sys
    \SystemRoot\system32\DRIVERS\CAX_CNXT.sys
    \SystemRoot\system32\drivers\modem.sys
    \SystemRoot\system32\drivers\hidusb.sys
    \SystemRoot\system32\drivers\HIDCLASS.SYS
    \SystemRoot\system32\drivers\HIDPARSE.SYS
    \SystemRoot\system32\DRIVERS\mouhid.sys
    \SystemRoot\system32\DRIVERS\usbccgp.sys
    \SystemRoot\System32\Drivers\usbvideo.sys
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\System32\Drivers\dump_dumpata.sys
    \SystemRoot\System32\Drivers\dump_msahci.sys
    \SystemRoot\System32\Drivers\dump_dumpfve.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\system32\DRIVERS\monitor.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\System32\cdd.dll
    \SystemRoot\system32\drivers\luafv.sys
    \SystemRoot\system32\drivers\WudfPf.sys
    \SystemRoot\system32\DRIVERS\lltdio.sys
    \SystemRoot\system32\DRIVERS\nwifi.sys
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\DRIVERS\rspndr.sys
    \SystemRoot\system32\drivers\HTTP.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\System32\drivers\mpsdrv.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \SystemRoot\system32\DRIVERS\mdmxsdk.sys
    \SystemRoot\system32\drivers\peauth.sys
    \SystemRoot\System32\Drivers\secdrv.SYS
    \SystemRoot\System32\DRIVERS\srvnet.sys
    \SystemRoot\System32\drivers\tcpipreg.sys
    \SystemRoot\system32\DRIVERS\XAudio64.sys
    \SystemRoot\System32\DRIVERS\srv2.sys
    \SystemRoot\System32\DRIVERS\srv.sys
    \SystemRoot\System32\drivers\ipnat.sys
    \??\C:\Windows\system32\drivers\mbamchameleon.sys
    \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
    \Windows\System32\ntdll.dll
    \Windows\System32\smss.exe
    \Windows\System32\apisetschema.dll
    ----------- End -----------
    Done!
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xfffffa8004a9b3d0
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
    Lower Device Object: 0xfffffa80049fa060
    Lower Device Driver Name: \Driver\atapi\
    <<<2>>>
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xfffffa8004a9b3d0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa8004a9c040, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa8004a9b3d0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa80049fa060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Done!
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 20BC20BC

    Partition information:

    Partition 0 type is Other (0x27)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048 Numsec = 24576000

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 24578048 Numsec = 204800
    Partition is not bootable

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 24782848 Numsec = 600357552

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 320072933376 bytes
    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 0 (1-2047-625122448-625142448)...
    Done!
    Read File: File "c:\programdata\avg2014\chjw\16ae6026ae5ffc9d.dat:f5ca573d-ae37-4740-99c6-ce7ce923a12d" is sparse (flags = 32768)
    Scan finished
    =======================================


    Removal queue found; removal started
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-24578048-i.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
    Removal finished

    Thanks again,
    dutch
     
  10. 2014/01/24
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  11. 2014/01/25
    dutch

    dutch Well-Known Member Thread Starter

    Joined:
    2002/02/19
    Messages:
    117
    Likes Received:
    1
    ComboFix 14-01-23.02 - Donald 01/25/2014 9:29.2.2 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3838.2468 [GMT -5:00]
    Running from: c:\users\Donald\Desktop\ComboFix.exe
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files (x86)\VideoPlayerV3
    c:\program files (x86)\VideoPlayerV3\VideoPlayerV3beta7395\ch\VideoPlayerV3beta7395.crx
    c:\program files (x86)\VideoPlayerV3\VideoPlayerV3beta7395\ff\chrome.manifest
    c:\program files (x86)\VideoPlayerV3\VideoPlayerV3beta7395\ff\chrome\content\ffVideoPlayerV3beta7395.js
    c:\program files (x86)\VideoPlayerV3\VideoPlayerV3beta7395\ff\chrome\content\ffVideoPlayerV3beta7395ffaction.js
    c:\program files (x86)\VideoPlayerV3\VideoPlayerV3beta7395\ff\chrome\content\icons\default\VideoPlayerV3beta7395_32.png
    c:\program files (x86)\VideoPlayerV3\VideoPlayerV3beta7395\ff\chrome\content\icons\Thumbs.db
    c:\program files (x86)\VideoPlayerV3\VideoPlayerV3beta7395\ff\chrome\content\overlay.xul
    c:\program files (x86)\VideoPlayerV3\VideoPlayerV3beta7395\ff\install.rdf
    c:\program files (x86)\VideoPlayerV3\VideoPlayerV3beta7395\uninstall.exe
    c:\users\Donald\AppData\Local\Microsoft\Windows\Temporary Internet Files\Bizzybolt_iels
    c:\users\Donald\Documents\~WRL1546.tmp
    c:\windows\msxml4-KB954430-enu.LOG
    c:\windows\security\Database\tmp.edb
    c:\windows\wininit.ini
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-12-25 to 2014-01-25 )))))))))))))))))))))))))))))))
    .
    .
    2014-01-25 14:41 . 2014-01-25 14:41 -------- d-----w- c:\users\Public\AppData\Local\temp
    2014-01-25 14:41 . 2014-01-25 14:41 -------- d-----w- c:\users\Default\AppData\Local\temp
    2014-01-10 14:35 . 2014-01-10 14:35 -------- d-----w- c:\users\Donald\AppData\Roaming\TuneUp Software
    2014-01-10 13:28 . 2014-01-25 03:13 119000 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2014-01-10 13:26 . 2014-01-25 03:11 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2014-01-10 11:34 . 2014-01-25 14:12 -------- d-----w- c:\programdata\MFAData
    2014-01-10 11:34 . 2014-01-10 11:34 -------- d-----w- c:\users\Donald\AppData\Local\MFAData
    2014-01-03 03:49 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
    2014-01-03 03:49 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
    2014-01-03 03:49 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
    2014-01-03 03:49 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
    2014-01-03 03:17 . 2009-09-04 22:44 69464 ----a-w- c:\windows\SysWow64\XAPOFX1_3.dll
    2014-01-03 03:17 . 2009-09-04 22:44 515416 ----a-w- c:\windows\SysWow64\XAudio2_5.dll
    2014-01-03 03:17 . 2009-09-04 22:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll
    2014-01-03 03:17 . 2009-09-04 22:29 523088 ----a-w- c:\windows\system32\d3dx10_42.dll
    2014-01-03 02:17 . 2014-01-03 02:17 469256 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\f9b85b8a1cf08292d\InstallManager_WLE_WLE.exe
    2014-01-03 02:17 . 2014-01-03 02:17 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\eb2126f61cf082922\MeshBetaRemover.exe
    2014-01-03 02:16 . 2014-01-03 02:16 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\de0812fc1cf08291a\DSETUP.dll
    2014-01-03 02:16 . 2014-01-03 02:16 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\de0812fc1cf08291a\DXSETUP.exe
    2014-01-03 02:16 . 2014-01-03 02:16 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\de0812fc1cf08291a\dsetup32.dll
    2014-01-03 02:16 . 2014-01-03 02:16 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\dcc002181cf082919\DSETUP.dll
    2014-01-03 02:16 . 2014-01-03 02:16 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\dcc002181cf082919\DXSETUP.exe
    2014-01-03 02:16 . 2014-01-03 02:16 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\dcc002181cf082919\dsetup32.dll
    2014-01-03 02:15 . 2014-01-03 02:15 -------- d-----w- c:\users\Donald\AppData\Local\Windows Live
    2014-01-03 02:04 . 2014-01-03 02:04 -------- d-----w- c:\program files\Microsoft Silverlight
    2014-01-03 02:04 . 2014-01-03 02:04 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
    2014-01-03 01:34 . 2014-01-03 01:34 -------- d-----w- c:\windows\system32\SPReview
    2014-01-03 01:32 . 2014-01-03 01:32 -------- d-----w- c:\windows\system32\EventProviders
    2014-01-03 01:23 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
    2014-01-03 01:23 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
    2014-01-03 01:23 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
    2014-01-03 01:23 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
    2014-01-03 01:22 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
    2014-01-03 01:22 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
    2014-01-03 01:22 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
    2014-01-03 01:22 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
    2014-01-03 01:22 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
    2014-01-03 01:22 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
    2014-01-03 01:22 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
    2014-01-03 00:21 . 2014-01-03 05:13 -------- d-----w- c:\windows\system32\MRT
    2014-01-03 00:18 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
    2014-01-03 00:18 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
    2014-01-03 00:18 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
    2014-01-03 00:18 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
    2014-01-03 00:18 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
    2014-01-02 23:55 . 2010-11-20 13:25 902144 ----a-w- c:\windows\system32\d2d1.dll
    2014-01-02 23:54 . 2010-11-20 13:27 501248 ----a-w- c:\windows\system32\WinSATAPI.dll
    2014-01-02 23:53 . 2010-11-20 13:27 270848 ----a-w- c:\windows\system32\srrstr.dll
    2014-01-02 23:52 . 2010-11-20 12:21 189952 ----a-w- c:\windows\SysWow64\sqmapi.dll
    2014-01-02 23:52 . 2010-11-20 12:21 363008 ----a-w- c:\windows\SysWow64\wbemcomn.dll
    2014-01-02 23:52 . 2010-11-20 12:21 189952 ----a-w- c:\program files (x86)\Windows Portable Devices\sqmapi.dll
    2014-01-02 23:52 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll
    2014-01-02 23:50 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
    2014-01-02 23:50 . 2010-11-20 13:27 244736 ----a-w- c:\program files\Windows Portable Devices\sqmapi.dll
    2014-01-02 23:50 . 2010-11-20 13:27 244736 ----a-w- c:\windows\system32\sqmapi.dll
    2014-01-02 23:44 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
    2014-01-02 23:44 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    2014-01-02 23:43 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll
    2014-01-02 23:43 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe
    2014-01-02 23:43 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe
    2014-01-02 23:43 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
    2014-01-02 23:43 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll
    2014-01-02 23:42 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe
    2014-01-02 23:40 . 2012-06-09 05:43 14172672 ----a-w- c:\windows\system32\shell32.dll
    2014-01-02 23:39 . 2012-06-02 05:45 340992 ----a-w- c:\windows\system32\schannel.dll
    2014-01-02 23:38 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll
    2014-01-02 23:04 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll
    2014-01-02 23:04 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll
    2014-01-02 23:04 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll
    2014-01-02 23:04 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll
    2014-01-02 23:04 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
    2014-01-02 23:04 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
    2014-01-02 22:45 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
    2014-01-02 22:45 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
    2014-01-02 22:25 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2014-01-02 22:25 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
    2014-01-02 22:25 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2014-01-02 22:25 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2014-01-02 22:24 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
    2014-01-02 22:24 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
    2014-01-02 22:24 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
    2014-01-02 22:24 . 2012-06-02 20:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2014-01-02 22:24 . 2012-06-02 20:15 36864 ----a-w- c:\windows\system32\wuapp.exe
    2014-01-02 16:20 . 2014-01-02 16:20 -------- d-----w- c:\users\Donald\AppData\Local\GCC
    2014-01-02 16:19 . 2014-01-02 16:19 -------- d-----w- c:\users\Donald\.android
    2014-01-02 16:19 . 2014-01-02 16:19 -------- d-----w- c:\users\Donald\AppData\Local\cache
    2014-01-02 16:19 . 2014-01-24 22:45 -------- d-----w- c:\users\Donald\AppData\Roaming\newnext.me
    2014-01-02 16:19 . 2014-01-02 16:19 -------- d-----w- c:\users\Donald\AppData\Local\genienext
    2014-01-02 16:19 . 2014-01-02 16:34 -------- d-----w- c:\users\Donald\AppData\Local\Mobogenie
    2014-01-02 16:19 . 2014-01-02 16:34 -------- d-----w- c:\program files (x86)\Mobogenie
    2014-01-02 16:17 . 2014-01-02 16:17 -------- d-----w- c:\program files (x86)\Torntv V6.0
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2014-01-03 04:49 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
    2014-01-03 04:49 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
    2014-01-03 03:18 . 2010-06-24 16:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2013-12-01 19:42 . 2011-09-30 14:03 90708896 ----a-w- c:\windows\system32\MRT.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{4C1F15A7-7BBA-4a87-BFA7-7F455E8AF665}]
    2013-10-20 21:35 160768 ----a-w- c:\program files\Maximum Converter\Extension32.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{83F2328D-0D6A-42B4-B0C4-02A929EDD4BE}]
    2013-12-04 19:46 147560 ----a-w- c:\program files (x86)\Highlightly\IE\HighlightlyClientIE.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D0C21091-FF8E-432C-9006-0540E81BA9D7}]
    2013-12-06 10:54 324048 ----a-w- c:\users\Donald\AppData\Local\GreatArcadeHits\GreatArcadeHitsIE.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg "= "c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-15 39408]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "BackupManagerTray "= "c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" [2009-08-21 244480]
    "StartCCC "= "c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-02 98304]
    "Camera Assistant Software "= "c:\program files (x86)\Video Web Camera\traybar.exe" [2009-04-13 630784]
    "LManager "= "c:\program files (x86)\Launch Manager\LManager.exe" [2009-08-27 1194504]
    "CLMLServer "= "c:\program files (x86)\Cyberlink\Power2Go\CLMLSvc.exe" [2009-06-04 103720]
    "RemoteControl8 "= "c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-16 91432]
    "GrooveMonitor "= "c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
    "EEventManager "= "c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328]
    "FUFAXRCV "= "c:\program files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe" [2011-03-09 495616]
    "FUFAXSTM "= "c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2011-03-09 856064]
    "APSDaemon "= "c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-14 59720]
    "HP Software Update "= "c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
    "Sendori Tray "= "c:\program files (x86)\Sendori\SendoriTray.exe" [2013-07-01 83232]
    "Adobe ARM "= "c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
    "QuickTime Task "= "c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
    "iTunesHelper "= "c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-11-02 152392]
    "mobilegeni daemon "= "c:\program files (x86)\Mobogenie\DaemonProcess.exe" [2013-12-26 761536]
    .
    c:\users\Donald\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Blitz Media Player.lnk - c:\program files (x86)\BlitzMediaPlayer\BlitzMediaPlayerApp.exe [2013-10-29 1069056]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin "= 5 (0x5)
    "ConsentPromptBehaviorUser "= 3 (0x3)
    "EnableUIADesktopToggle "= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux "=wdmaud.drv
    .
    R1 hlnfd;hlnfd;c:\windows\system32\drivers\hlnfd.sys;c:\windows\SYSNATIVE\drivers\hlnfd.sys [x]
    R2 consumerinput_update;ConsumerInput Update Service (consumerinput_update);c:\program files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe;c:\program files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe [x]
    R2 Maximum Converter Updater;Maximum Converter Updater;c:\program files\Maximum Converter\ExtensionUpdaterService.exe;c:\program files\Maximum Converter\ExtensionUpdaterService.exe [x]
    R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
    R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys;c:\windows\SYSNATIVE\DRIVERS\Rts516xIR.sys [x]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
    S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [x]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
    S2 Application Sendori;Application Sendori;c:\program files (x86)\Sendori\SendoriSvc.exe;c:\program files (x86)\Sendori\SendoriSvc.exe [x]
    S2 ePowerSvc;Acer ePower Service;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe [x]
    S2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [x]
    S2 Greg_Service;GRegService;c:\program files (x86)\Gateway\Registration\GregHSRW.exe;c:\program files (x86)\Gateway\Registration\GregHSRW.exe [x]
    S2 hlsvc;Highlightly Client Service;c:\program files (x86)\Highlightly\Service\hlsvc.exe;c:\program files (x86)\Highlightly\Service\hlsvc.exe [x]
    S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
    S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe;c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [x]
    S2 Service Sendori;Service Sendori;c:\program files (x86)\Sendori\Sendori.Service.exe;c:\program files (x86)\Sendori\Sendori.Service.exe [x]
    S2 sndappv2;sndappv2;c:\program files (x86)\Sendori\sndappv2.exe;c:\program files (x86)\Sendori\sndappv2.exe [x]
    S2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [x]
    S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys;c:\windows\SYSNATIVE\DRIVERS\CAXHWAZL.sys [x]
    S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
    S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2014-01-24 18:53 1211672 ----a-w- c:\program files (x86)\Google\Chrome\Application\32.0.1700.76\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2014-01-25 c:\windows\Tasks\CIMT_S-1-5-21-2489132201-484419006-807122641-1001.job
    - c:\program files (x86)\Consumer Input\Monitoring\dca-monitoring.exe [2013-12-19 21:59]
    .
    2014-01-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-08 18:12]
    .
    2014-01-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-08 18:12]
    .
    2014-01-25 c:\windows\Tasks\Torntv V6.0-codedownloader.job
    - c:\program files (x86)\Torntv V6.0\Torntv V6.0-codedownloader.exe [2014-01-02 16:17]
    .
    2014-01-25 c:\windows\Tasks\Torntv V6.0-enabler.job
    - c:\program files (x86)\Torntv V6.0\Torntv V6.0-enabler.exe [2014-01-02 16:17]
    .
    2014-01-25 c:\windows\Tasks\Torntv V6.0-updater.job
    - c:\program files (x86)\Torntv V6.0\Torntv V6.0-updater.exe [2014-01-02 16:17]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{11111111-1111-1111-1111-110411591160}]
    2014-01-02 16:17 965120 ----a-w- c:\program files (x86)\Torntv V6.0\Torntv V6.0-bho64.dll
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4C1F15A7-7BBA-4a87-BFA7-7F455E8AF665}]
    2013-10-20 21:35 198656 ----a-w- c:\program files\Maximum Converter\Extension64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "cAudioFilterAgent "= "c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2009-07-20 503864]
    "Acer ePower Management "= "c:\program files\Gateway\Gateway Power Management\ePowerTray.exe" [2009-08-06 828960]
    .
    ------- Supplementary Scan -------
    .
    uStart Page = https://www.google.com/
    uLocal Page = c:\windows\system32\blank.htm
    mDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv52_series&r=2736120995b6l0330z155a48i1t22n
    mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv52_series&r=2736120995b6l0330z155a48i1t22n
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.1.254
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-{3d86a75b-cb6b-4764-885d-ca6336f04ba2} - (no file)
    Toolbar-10 - (no file)
    Toolbar-10 - (no file)
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    AddRemove-Consumer Input Installer - c:\program files (x86)\Consumer Input\CIuninstall.exe
    AddRemove-Coupon Printer for Windows5.0.0.0 - c:\program files (x86)\Coupons\uninstall.exe
    AddRemove-ilividmoviestoolbarhaCR - c:\progra~2\MOVIES~1\Datamngr\SRTOOL~1\GC\uninstall.exe
    AddRemove-ilividmoviestoolbarhaIE - c:\progra~2\MOVIES~1\Datamngr\SRTOOL~2\IE\uninstall.exe
    AddRemove-Video Player - c:\program files (x86)\VideoPlayerV3\VideoPlayerV3beta7395\uninstall.exe
    AddRemove-Torch - c:\users\Donald\AppData\Local\Torch\uninstall.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @= "FlashBroker "
    "LocalizedString "= "@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe,-101 "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled "=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @= "c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @= "IFlashBroker5 "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @= "{00020424-0000-0000-C000-000000000046} "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
    "Version "= "1.0 "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @= "FlashBroker "
    "LocalizedString "= "@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101 "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled "=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @= "Shockwave Flash Object "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx "
    "ThreadingModel "= "Apartment "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @= "0 "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @= "ShockwaveFlash.ShockwaveFlash.11 "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1 "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @= "{D27CDB6B-AE6D-11cf-96B8-444553540000} "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @= "1.0 "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @= "ShockwaveFlash.ShockwaveFlash "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @= "Macromedia Flash Factory Object "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx "
    "ThreadingModel "= "Apartment "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @= "FlashFactory.FlashFactory.1 "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1 "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @= "{D27CDB6B-AE6D-11cf-96B8-444553540000} "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @= "1.0 "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @= "FlashFactory.FlashFactory "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @= "IFlashBroker5 "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @= "{00020424-0000-0000-C000-000000000046} "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
    "Version "= "1.0 "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
    @= "?????????????????? v1 "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
    @= "{E23FE9C6-778E-49D4-B537-38FCDE4887D8} "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
    @= "?????????????????? v2 "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
    @= "{9BE31822-FDAD-461B-AD51-BE1D1C159921} "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Nla\Cache\Intranet\*´]
    "Successes "=dword:e0000000
    "Failures "=dword:e0000001
    "{8E45E88F-C45F-40CD-9A7F-0BCFC34EAD72} "=hex:00,18,39,df,db,f9
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial "=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2014-01-25 09:45:54
    ComboFix-quarantined-files.txt 2014-01-25 14:45
    .
    Pre-Run: 243,139,604,480 bytes free
    Post-Run: 244,115,652,608 bytes free
    .
    - - End Of File - - 9127B97E0D0955AA8237C1EE94E60FE7
    5C616939100B85E558DA92B899A0FC36
     
  12. 2014/01/25
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Looks good.

    How is computer doing?

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator ".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    [​IMG] Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  13. 2014/01/25
    dutch

    dutch Well-Known Member Thread Starter

    Joined:
    2002/02/19
    Messages:
    117
    Likes Received:
    1
    Computer is running much better.
    Thanks so much.
    dutch
     
  14. 2014/01/25
    dutch

    dutch Well-Known Member Thread Starter

    Joined:
    2002/02/19
    Messages:
    117
    Likes Received:
    1
    # AdwCleaner v3.017 - Report created 25/01/2014 at 12:26:58
    # Updated 12/01/2014 by Xplode
    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Username : Donald - DONALD-PC
    # Running from : C:\Users\Donald\Desktop\adwcleaner.exe
    # Option : Clean

    ***** [ Services ] *****

    Service Deleted : hlsvc
    [#] Service Deleted : hlnfd

    ***** [ Files / Folders ] *****

    [#] Folder Deleted : C:\ProgramData\BitGuard
    [#] Folder Deleted : C:\ProgramData\Browser Manager
    [#] Folder Deleted : C:\ProgramData\BrowserProtect
    Folder Deleted : C:\Program Files (x86)\Highlightly
    Folder Deleted : C:\Program Files (x86)\Mobogenie
    Folder Deleted : C:\Program Files (x86)\PriceSparrow
    Folder Deleted : C:\Program Files (x86)\Torntv V6.0
    Folder Deleted : C:\Program Files\Highlightly
    Folder Deleted : C:\Windows\System32\ARFC
    Folder Deleted : C:\Users\Donald\AppData\Local\genienext
    Folder Deleted : C:\Users\Donald\AppData\Local\ilividmoviestoolbarha
    Folder Deleted : C:\Users\Donald\AppData\Local\Mobogenie
    Folder Deleted : C:\Users\Donald\AppData\LocalLow\ilividmoviestoolbarha
    Folder Deleted : C:\Users\Donald\AppData\LocalLow\Torntv V6.0
    Folder Deleted : C:\Users\Donald\AppData\Roaming\newnext.me
    Folder Deleted : C:\Users\Donald\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
    Folder Deleted : C:\Users\Donald\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\torch
    Folder Deleted : C:\Users\Donald\Documents\Mobogenie
    File Deleted : C:\Windows\System32\dmwu.exe
    File Deleted : C:\Windows\System32\ImhxxpComm.dll
    File Deleted : C:\Users\Donald\Desktop\Mobogenie.lnk
    File Deleted : C:\Users\Donald\Desktop\TornTV.lnk
    File Deleted : C:\Program Files (x86)\Mozilla Firefox\user.js
    File Deleted : C:\Windows\System32\Tasks\BrowserProtect
    File Deleted : C:\Windows\System32\Tasks\pricesparrowSWU
    File Deleted : C:\Windows\Tasks\Torntv V6.0-codedownloader.job
    File Deleted : C:\Windows\System32\Tasks\Torntv V6.0-codedownloader
    File Deleted : C:\Windows\Tasks\Torntv V6.0-enabler.job
    File Deleted : C:\Windows\System32\Tasks\Torntv V6.0-enabler
    File Deleted : C:\Windows\Tasks\Torntv V6.0-updater.job
    File Deleted : C:\Windows\System32\Tasks\Torntv V6.0-updater

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Value Deleted : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{336D0C35-8A85-403A-B9D2-65C292C39087}]
    Key Deleted : HKCU\Software\Classes\iLivid.torrent
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\pricesparrow.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\PCProxy.DataContainer
    Key Deleted : HKLM\SOFTWARE\Classes\pricesparrow.pricesparrowBHO
    Key Deleted : HKLM\SOFTWARE\Classes\pricesparrow.pricesparrowBHO.1
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchProtectINT_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchProtectINT_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Mobogenie.exe
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
    Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
    Value Deleted : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x64]
    Value Deleted : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x86]
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9DC8FA51-B596-4F77-802C-5B295919C205}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A57F7191-1E7F-4852-BAAF-F80A43E2687A}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{DD7C44CC-0F60-4FD9-A38F-5CF30D698AC2}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3E28F712-0D6C-4EE3-AC8C-8F060F5D7C33}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{60260024-AA48-4A2F-84DA-2C2DCB24AAD0}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6CE321DA-DC11-45C6-A0FC-4E8A7D978ABC}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6EEBC7FF-67DA-4B90-9251-C2C5696E4B48}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{74137531-80F7-406F-9543-7D11385FA8C8}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{832599B2-55BF-4437-8F3E-030CF5AEB262}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9B7B034B-944A-4261-B487-862F642F7615}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DD67706E-819E-4EBD-BF8D-6D6147CC7A49}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F62A4AF9-58B4-4FEC-89CC-D717A547D8E8}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{15527BF5-9729-49DC-889C-9F956983154C}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DD05B915-F77B-474A-9D42-9FEEAF5475C4}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{7BAB653D-88FB-4F60-AFC2-8E6FD59FAFF3}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A57F7191-1E7F-4852-BAAF-F80A43E2687A}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DCABB943-792E-44C4-9029-ECBEE6265AF9}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44141d66-1fa6-4c28-b2d9-07fd14352eb6}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{547e32d9-d44c-4e27-8eb1-38139385cb1b}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5c17b20f-6076-4378-9abe-687ace5b2ee5}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{70fc0ad7-e6e0-4273-8d17-63b240e194b2}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d8440e5c-16c7-4ada-855f-d069c4a64673}
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{3D86A75B-CB6B-4764-885D-CA6336F04BA2}]
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{15527BF5-9729-49DC-889C-9F956983154C}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DD05B915-F77B-474A-9D42-9FEEAF5475C4}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44141d66-1fa6-4c28-b2d9-07fd14352eb6}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{547e32d9-d44c-4e27-8eb1-38139385cb1b}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5c17b20f-6076-4378-9abe-687ace5b2ee5}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{70fc0ad7-e6e0-4273-8d17-63b240e194b2}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d8440e5c-16c7-4ada-855f-d069c4a64673}
    Key Deleted : HKCU\Software\AVG Secure Search
    Key Deleted : HKCU\Software\Ciuvo
    Key Deleted : HKCU\Software\AppDataLow\Software\Compete
    Key Deleted : HKCU\Software\AppDataLow\Software\Torntv V6.0
    Key Deleted : HKLM\Software\CompeteInc
    Key Deleted : HKLM\Software\Torntv V6.0
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3F2DC1E7-A56F-49D8-B0CF-DB2300594497}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mobogenie
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Torntv V6.0
    Key Deleted : [x64] HKLM\SOFTWARE\IB Updater
    Key Deleted : [x64] HKLM\SOFTWARE\wnlt
    Key Deleted : HKLM\Software\Classes\Installer\Features\7E1CD2F3F65A8D940BFCBD3200954479
    Key Deleted : HKLM\Software\Classes\Installer\Products\7E1CD2F3F65A8D940BFCBD3200954479

    ***** [ Browsers ] *****

    -\\ Internet Explorer v9.0.8112.16476


    -\\ Google Chrome v32.0.1700.76

    [ File : C:\Users\Donald\AppData\Local\Google\Chrome\User Data\Default\preferences ]

    Deleted : homepage
    Deleted : search_url
    Deleted : urls_to_restore_on_startup

    *************************

    AdwCleaner[R0].txt - [12218 octets] - [25/01/2014 12:25:28]
    AdwCleaner[S0].txt - [9778 octets] - [25/01/2014 12:26:58]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9838 octets] ##########
     
  15. 2014/01/25
    dutch

    dutch Well-Known Member Thread Starter

    Joined:
    2002/02/19
    Messages:
    117
    Likes Received:
    1
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.1.0 (01.07.2014:1)
    OS: Windows 7 Home Premium x64
    Ran by Donald on Sat 01/25/2014 at 13:24:24.47
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\compete



    ~~~ Files



    ~~~ Folders

    Failed to delete: [Folder] "C:\Program Files (x86)\consumer input "



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Sat 01/25/2014 at 13:34:37.09
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  16. 2014/01/25
    dutch

    dutch Well-Known Member Thread Starter

    Joined:
    2002/02/19
    Messages:
    117
    Likes Received:
    1
    OTL Extras logfile created on: 1/25/2014 2:02:59 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Donald\Desktop\More Virus Scanners
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.75 Gb Total Physical Memory | 2.46 Gb Available Physical Memory | 65.72% Memory free
    7.50 Gb Paging File | 6.06 Gb Available in Paging File | 80.89% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 286.27 Gb Total Space | 226.82 Gb Free Space | 79.23% Space Free | Partition Type: NTFS

    Computer Name: DONALD-PC | User Name: Donald | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-2489132201-484419006-807122641-1001\SOFTWARE\Classes\<extension>]
    .html [@ = TorchHTML.3VW6MS7O5VONPYLQHVG6UYKN44] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll ",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll ",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1 "
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1 ",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1 "
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0E22A0D2-ACA9-4798-AC35-67EA2F9228C3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{1EF9D639-C7D5-4DED-8E53-2DB13259C604}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{2898381D-CBBD-499E-825D-C36E66C9B993}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{38A83509-7C08-4719-A078-AEE1D5A543B7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{3A3B2437-F474-4470-89F7-398E4B14DDD1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{40D1DB59-1B63-40CF-A9DE-D41D1D07FA6F}" = lport=137 | protocol=17 | dir=in | app=system |
    "{4C182CFE-7BCD-43E0-B61E-314B89420402}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{52D482CF-804F-4288-806E-E9A0C5E80686}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{54CACE83-215E-4D71-BB9F-6642F5AAD4CE}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{5A3D366A-5EB5-46EB-9F6F-641B637623BA}" = lport=139 | protocol=6 | dir=in | app=system |
    "{5CF22800-40A6-499D-A205-5F41705E3C6A}" = lport=445 | protocol=6 | dir=in | app=system |
    "{6701C5FE-51C2-43E0-BE10-17E126D55485}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{6A06D516-0B38-4682-A8B7-E2C7EE525DF2}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{6FA2DB34-52E8-4BED-8737-441E808B7016}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{7BE3C60A-06E4-4DB2-B425-74D3CCBD1B75}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{85015C35-53F2-4368-ABD6-D75380F61CEE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{85644BEE-52C6-4159-A675-6F6B984C3741}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{8A264763-ADF2-405A-A9EF-9AA371A34952}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{8CA157F7-A521-4A3C-9675-1606D6161DDE}" = rport=139 | protocol=6 | dir=out | app=system |
    "{8E57E463-F293-4B7B-B63D-AE3467FBB367}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{9330A618-1C98-43E4-AB03-EEE46FED18C6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{94CB3C71-2787-4271-88C3-BA7015F5C391}" = rport=445 | protocol=6 | dir=out | app=system |
    "{9F191B19-820F-423B-A48D-3AD446335178}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{A1045C88-EA3C-4399-94C1-3952475936B6}" = rport=2869 | protocol=6 | dir=out | app=system |
    "{A528F4B3-0402-491A-BEBF-1FEA53270CB0}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
    "{B32673DE-C41D-4DEA-8172-9E45F752F03E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{C0151E73-383F-458A-9766-E14F52EA6900}" = rport=138 | protocol=17 | dir=out | app=system |
    "{C195F4E9-407E-448F-BC24-EAA812F47510}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{C6E668A0-7397-486B-80BB-2ABD6C66E0C2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{CCECECD2-A273-4C3A-A487-FECA4173CBD5}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
    "{D3CFE552-A454-4C6F-AF49-E55B855C0644}" = lport=138 | protocol=17 | dir=in | app=system |
    "{E8E8EF41-8434-4D03-9DB8-892F00DA0FA2}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{EDBC2E48-E1EB-4CD0-82F6-A952E970B184}" = rport=137 | protocol=17 | dir=out | app=system |
    "{FD4844E6-BD03-431E-B8C8-FFA7DEADE561}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{FDF18854-347E-48BF-86DF-F7106FEEB441}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{02BC95D6-2ED3-4AD2-9E6D-D6837C896630}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
    "{054354C6-C9E8-4D8C-B799-87BFB24D177B}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
    "{0625E8C9-42D2-4702-8E87-90CFD1834B2A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{0BD6B75B-C17B-4E67-A0D0-3C7B368FDCE2}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
    "{11BF7661-CAE4-43AC-819D-5F0832AC6935}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
    "{12181BB0-EA05-4E70-BDAB-84722FA191A0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{13DDFD10-CD5F-4679-B14D-C701DD6FDA87}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{290C5425-C3F2-43F8-A3EF-B13C9F997DD3}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
    "{329C9527-C66A-411A-8074-1643515D2AE7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{37D6577E-EC40-4EB8-AB09-92B356789323}" = dir=in | app=c:\users\donald\appdata\local\torch\application\torch.exe |
    "{38A839E0-A4ED-48D6-9B9C-3B16579172E8}" = dir=in | app=c:\program files (x86)\rosetta stone\rosetta stone version 3\rosettastoneversion3.exe |
    "{3B31B618-77B7-4110-8305-4AAF838C8572}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
    "{3BA1DCA3-82CE-44F2-A3C3-E831C44C8210}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd8\powerdvd8.exe |
    "{418309DF-C55B-4698-BFF6-54B4ADC551B0}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
    "{430E59D0-2D38-44A8-8B22-66E4BE7CFF7C}" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
    "{43B915DD-92D7-4D66-9FD7-CE3BEF17A4A4}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{46821BBA-B3AA-4CFF-96BC-612BFEC5A68F}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
    "{479E7131-8C83-4276-8110-8BB856100415}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "{47F56FF2-C2CF-44EB-B0B6-B37F3CD23F41}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{4CD6B7DD-E551-4857-ABBF-7CF59432093E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{4EE1F07D-FDC5-47F5-AD8E-38124ED04684}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{51DC3EFB-BD72-4EC9-9AED-92F0A0864D17}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
    "{5972FBEC-D057-45C8-838D-2FBA5F84CC44}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "{5BC2A93A-F4A8-4839-83CD-98FB7093ADD3}" = dir=in | app=c:\users\donald\appdata\local\torch\plugins\hola\hola_plugin.exe |
    "{5EF88605-AA59-4168-B574-95A3D70C9343}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{5FA71747-6C0A-4875-86E3-1737FF1F61EE}" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
    "{63B5C593-1AA6-4EA4-8724-F3B3DD714513}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{6692DA87-90D8-4E01-8535-076A39D259DB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{66ADA574-4045-47A2-AF3F-E6BEA3A31945}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{6A8EA264-7089-4E48-8D92-3100EA65E80D}" = protocol=17 | dir=in | app=c:\program files (x86)\movies toolbar\datamngr\srtool~1\ie\dtuser.exe |
    "{6E77D3F7-A8F9-44F6-93B1-4FF29AFF1288}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe |
    "{738430F3-2FD2-4FDA-A634-97E26E4A1525}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{744E3B28-9EC1-4F96-856F-92331513BBE4}" = protocol=6 | dir=out | app=c:\program files (x86)\rosetta stone\rosetta stone version 3\support\bin\win\rosettastoneltdservices.exe |
    "{77B5D0C9-DAA6-467D-8490-002690DB60ED}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
    "{77EF5576-116F-467B-B5A4-5A0630EA97DA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
    "{78681CB0-559E-47D2-BA94-9F21439DFF3D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{795F78D1-3E7E-44DD-98D4-3A934131ADA7}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{7A38030A-20AF-44F5-8D19-FA1D92A60691}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
    "{7CC7E1CD-245B-4C81-98E0-8FC3B7B9622F}" = dir=in | app=c:\users\donald\appdata\local\gcc\controller.exe |
    "{810C3B81-0B7B-46A6-B371-BE6C0D35E232}" = protocol=6 | dir=out | app=system |
    "{881A1500-A345-4F15-A1FC-1466669010A2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{8A50B4E9-2A19-4718-9C73-0E989C2BB048}" = protocol=6 | dir=in | app=c:\program files (x86)\movies toolbar\datamngr\srtool~1\ie\dtuser.exe |
    "{9058C707-0052-4938-8EAC-2D73FA42D470}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
    "{9516BFAD-5FC6-4D7E-AB80-B6326E6D44C0}" = protocol=17 | dir=in | app=c:\users\donald\appdata\local\ilivid\ilivid.exe |
    "{961679FE-A270-4D22-9BAA-A19FDAB4113E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
    "{9682988B-487D-439D-8D3F-9213C93D825F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
    "{9CBA7DDC-5F05-4D2E-9FB8-C5FDA7F2A199}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
    "{A21A9579-4664-4712-B35B-7F91AB946E9C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
    "{A595FC68-2538-471D-A149-307BA5A6DE45}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe |
    "{A7E26047-5749-444B-9294-42AC4C5989C0}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
    "{A7F334F8-B5D6-4878-ACEE-4B5A40DDAD5F}" = protocol=6 | dir=in | app=c:\users\donald\appdata\local\ilivid\ilivid.exe |
    "{A9D75663-F7D4-4111-A99F-302F36BE3F16}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{AA5112C2-F662-4053-ADE9-EFD561DEF3EA}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{AA9AC1E7-0F68-4647-A8E4-C799B3D7FA9A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{B1D2A8BE-A57C-481F-82F7-56E04CB9B6E4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{B4AAF9B3-0E81-424F-B946-D8D7AC0D804D}" = dir=in | app=c:\users\donald\appdata\local\temp\7zs2d54\setup\hpznui40.exe |
    "{B829ADF3-59A8-4952-85AF-3FD5F8C89673}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{BBE970B4-6464-42D3-84A1-1A0CBE0C7B41}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
    "{BC7555C1-87E3-4046-BDF1-7E84B207A7ED}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
    "{BD4DBA36-F12E-40A8-BA9C-5171D47178B0}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
    "{C5686FCC-029B-4646-92A9-AD3F9FD5BB6D}" = dir=in | app=c:\users\donald\appdata\local\torch\plugins\hola\hola_plugin_x64.exe |
    "{CD188DA1-8115-4A19-A213-E41674B33646}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{CD27A67B-32A2-4CED-90F4-02D732FDD122}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
    "{CD87EC27-4EE0-4E58-B478-CFA5DDC83798}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{D251C768-3888-4C84-91B1-C3D05A8D9F79}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{D7402D0A-B7CB-4125-85E1-FDA09A82C11B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
    "{DC9C279C-C330-451A-8FDD-C157B3C653D8}" = dir=in | app=c:\program files (x86)\rosetta stone\rosetta stone version 3\support\bin\win\rosettastoneltdservices.exe |
    "{DDF2C72A-D4F9-4883-AE86-20433D5CB29A}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
    "{DF1A10E4-A352-4B9E-98B5-0E533ECC20E5}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
    "{DF53AF2C-E0B2-46B5-BA5B-9177D8AA0B33}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{E5802D06-DB63-4A3D-819D-E22EA0CE45D5}" = protocol=6 | dir=in | app=d:\common\epsonnet setup\eneasyapp.exe |
    "{E707ACBB-C5E1-47AC-A5DE-53F06BA510C3}" = protocol=6 | dir=in | app=c:\program files (x86)\movies toolbar\datamngr\srtool~2\ie\dtuser.exe |
    "{E8762E7E-48C8-4A1D-9B20-84EF23227B79}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{EB453596-9B38-49C0-905C-4EC6777A9A8A}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{ECA387A9-FE05-47B1-848F-77626ACCCB53}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
    "{EE85906C-1634-4770-850A-760276F37E5D}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "{EF68967E-D350-4FEC-85CE-50E95D9638ED}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F1637171-D73E-4155-94E8-1A950D9CEEC0}" = protocol=17 | dir=in | app=c:\program files (x86)\movies toolbar\datamngr\srtool~2\ie\dtuser.exe |
    "{F93E69A6-8717-4DB7-B753-43D4EB2E99E2}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{FBE94490-16B6-4372-A645-01C4604C211C}" = protocol=6 | dir=out | app=c:\program files (x86)\rosetta stone\rosetta stone version 3\rosettastoneversion3.exe |
    "{FC6EA643-E1E0-4147-AAE9-4ED4AF5C91AA}" = protocol=17 | dir=in | app=d:\common\epsonnet setup\eneasyapp.exe |
    "{FF967BC0-E7D8-42D8-8E4D-81CAF2FB2A7F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "TCP Query User{172571CC-EB32-4620-AB00-D7E0F1D04890}C:\program files (x86)\torntv.com\torntv downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\torntv.com\torntv downloader.exe |
    "TCP Query User{1A2BD315-AD17-453A-AA23-DE8D6BFC0A50}C:\users\donald\desktop\zombehs\nazi zombies portable.exe" = protocol=6 | dir=in | app=c:\users\donald\desktop\zombehs\nazi zombies portable.exe |
    "TCP Query User{B7C50754-28A0-4600-A10A-4314D1C27911}C:\users\donald\desktop\zombehs\nazi zombies portable.exe" = protocol=6 | dir=in | app=c:\users\donald\desktop\zombehs\nazi zombies portable.exe |
    "TCP Query User{CAE9D52C-36C6-4A43-8F79-634D06B025E2}C:\users\donald\appdata\local\temp\temp1_redsn0w_win_0.9.10b1.zip\redsn0w_win_0.9.10b1\redsn0w.exe" = protocol=6 | dir=in | app=c:\users\donald\appdata\local\temp\temp1_redsn0w_win_0.9.10b1.zip\redsn0w_win_0.9.10b1\redsn0w.exe |
    "TCP Query User{FE8BFDBB-4907-4DCE-B9F4-FBB2C1116A01}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
    "UDP Query User{004B34E8-B9A3-4C68-87EA-AF11F44A36BC}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
    "UDP Query User{4DFFB1D5-5A90-4CF6-A67D-B62842E9364A}C:\program files (x86)\torntv.com\torntv downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\torntv.com\torntv downloader.exe |
    "UDP Query User{90CBD9A0-31C3-4668-852A-193AA68B82B9}C:\users\donald\desktop\zombehs\nazi zombies portable.exe" = protocol=17 | dir=in | app=c:\users\donald\desktop\zombehs\nazi zombies portable.exe |
    "UDP Query User{C76475B0-36D3-42AF-825D-D699994BD65F}C:\users\donald\appdata\local\temp\temp1_redsn0w_win_0.9.10b1.zip\redsn0w_win_0.9.10b1\redsn0w.exe" = protocol=17 | dir=in | app=c:\users\donald\appdata\local\temp\temp1_redsn0w_win_0.9.10b1.zip\redsn0w_win_0.9.10b1\redsn0w.exe |
    "UDP Query User{C99B5C07-46E7-445D-B486-842417433448}C:\users\donald\desktop\zombehs\nazi zombies portable.exe" = protocol=17 | dir=in | app=c:\users\donald\desktop\zombehs\nazi zombies portable.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{15E4B9CE-C5FB-40B3-A88B-6F210BF46DB7}" = AVG 2014
    "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
    "{2091774A-7740-D46F-92CF-D724CAEDF36A}" = ATI Catalyst Install Manager
    "{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}" = Apple Mobile Device Support
    "{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
    "{4C1F15A7-7BBA-4a87-BFA7-7F455E8AF665}_is1" = Maximum Converter 2.0.0.429
    "{68550918-63B5-4762-85CB-3C160AA4B213}" = HP Photosmart C4700 All-in-One Driver Software 14.0 Rel. 6
    "{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{814FA673-A085-403C-9545-747FC1495069}" = Epson Customer Participation
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8C775E70-A791-4DA8-BCC3-6AB7136F4484}" = Visual Studio 2012 x64 Redistributables
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{94CB2412-E3E2-0F43-7D0E-3657C1BC35C5}" = ccc-utility64
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{96F70DF8-160F-4F9C-9B9E-2A9B439B4EB9}" = Broadcom Gigabit NetLink Controller
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}" = iTunes
    "{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
    "CNXT_AUDIO_HDA" = Conexant HD Audio
    "CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
    "EPSON Artisan 837 Series" = EPSON Artisan 837 Series Printer Uninstall
    "HP Imaging Device Functions" = HP Imaging Device Functions 14.0
    "HP Smart Web Printing" = HP Smart Web Printing 4.60
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
    "HPExtendedCapabilities" = HP Customer Participation Program 14.0
    "SynTPDeinstKey" = Synaptics Pointing Device Driver

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
    "{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
    "{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
    "{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility
    "{10F63395-157F-4B93-AB4D-702A2FF11942}" = Epson Download Navigator
    "{12A1B519-5934-4508-ADBD-335347B0DC87}" = Video Web Camera
    "{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
    "{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
    "{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
    "{2B4F8863-523E-30C0-149A-3C9F80A9A757}" = CCC Help Greek
    "{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
    "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
    "{2F6FD75E-D396-892D-C594-707039B32532}" = Catalyst Control Center Core Implementation
    "{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
    "{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
    "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
    "{3BA61DDF-BFFA-D47B-E2B8-63A988BEBB67}" = CCC Help Japanese
    "{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
    "{3DB0448D-AD82-4923-B305-D001E521A964}" = Gateway Power Management
    "{3DFBF1D3-E64E-FE84-79AD-2624F41035DB}" = CCC Help Chinese Traditional
    "{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
    "{408BEDC6-EB6B-C39B-BCB6-303B219A6429}" = CCC Help Polish
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
    "{451F16B6-8AB1-3AEB-9E34-02D5D64273DA}" = CCC Help Korean
    "{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
    "{4ABA3BA4-8AD3-1AF1-6E39-8C87B82E8B59}" = CCC Help German
    "{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
    "{537DB9D6-1AB1-4CE9-8DE7-312256B49A98}" = PS_AIO_06_C4700_SW_Min
    "{57F06773-003E-1FD1-769A-9F2CF3127610}" = CCC Help Swedish
    "{5DADC37C-01AC-8BAF-2F2A-429F105C5C5C}" = CCC Help Portuguese
    "{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter
    "{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
    "{64A37FD3-E327-1A76-FA62-3E8942AE81B9}" = CCC Help Thai
    "{64BA551C-9AF6-495C-93F3-D1270E0045FC}" = Epson Connect
    "{6563E0BB-B825-29A0-99AB-8104DF707323}" = CCC Help Spanish
    "{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
    "{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
    "{6C67DC15-51A8-0BC8-02BF-A583656FE137}" = CCC Help English
    "{6DEEBB44-84B1-C707-57A4-258DC77728C3}" = CCC Help Czech
    "{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{7AFA9202-A886-0BCF-EAD7-F8ED280E865E}" = CCC Help Danish
    "{7CA066B5-55CE-D59B-03A0-A53DF9019AA3}" = CCC Help Chinese Standard
    "{7D0601EA-EA6E-E57E-812E-805EE6D634E9}" = Catalyst Control Center Localization All
    "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Gateway Recovery Management
    "{80F7CA44-F3A5-4853-8BA6-DDF57CD4F078}" = Rosetta Stone Version 3
    "{82809116-D1EE-443C-AE31-F19E709DDF7A}" = AMD USB Filter Driver
    "{84DF43A9-B19D-8D24-392B-5F7329B75320}" = CCC Help Hungarian
    "{89AAE614-5DBC-2302-735E-A26FF2F6D8B7}" = CCC Help Italian
    "{8B999A44-8314-493B-877E-A1DA5B54D9B8}" = Catalyst Control Center - Branding
    "{8D62AC98-5E6D-CCB5-228C-D02360BFD36A}" = Catalyst Control Center Graphics Full Existing
    "{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}" = Epson Event Manager
    "{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
    "{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{91CD7500-E12F-B706-12FE-F76E3AAA1309}" = ccc-core-static
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{96899F83-E250-84F8-C9A1-1DDC7ABB9F3E}" = CCC Help Norwegian
    "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
    "{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9A8E7B78-C845-F923-62FB-F4AA98C85E8D}" = CCC Help French
    "{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A6F3371F-325D-C9E0-7771-3916940EEAFC}" = CCC Help Turkish
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AAF89271-2594-468D-B578-96B2E30C41C4}" = eBay Worldwide
    "{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.06)
    "{B0EBF8E0-EA06-3A45-2B51-D88F7D54D156}" = CCC Help Finnish
    "{B5978DF3-8A04-4F22-AF67-8CCE52E04B13}" = C4700
    "{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
    "{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
    "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
    "{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
    "{C90D9ED6-E446-F493-D653-7A5B25924E3F}" = CCC Help Russian
    "{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
    "{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
    "{CF960A15-6AAF-E893-087C-1C60BEAE7E78}" = Catalyst Control Center Graphics Light
    "{D16A31F9-276D-4968-A753-FFEAC56995D0}" = Epson Print CD
    "{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
    "{DAADAEC7-F5FC-E4DC-35CB-945190A51C92}" = Catalyst Control Center Graphics Full New
    "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
    "{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
    "{EE171732-BEB4-4576-887D-CB62727F01CA}" = Gateway Updater
    "{EF338EAD-E894-68BD-33F2-F346B89E752A}" = Catalyst Control Center InstallProxy
    "{F3E6FD72-E693-4AAA-F770-461101773241}" = CCC Help Dutch
    "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
    "{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
    "{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
    "ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Blitz Media Player" = Blitz Media Player - a modern video player
    "Consumer Input Installer" = Consumer Input (remove only)
    "Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "EPSON PC-FAX Driver 2" = Epson PC-FAX Driver
    "EPSON Scanner" = EPSON Scan
    "Gateway InfoCentre" = Gateway InfoCentre
    "Gateway Registration" = Gateway Registration
    "Gateway Screensaver" = Gateway ScreenSaver
    "Gateway Welcome Center" = Welcome Center
    "GigaClicks Crawler" = GigaClicks Crawler
    "Google Chrome" = Google Chrome
    "Highlightly" = Highlightly
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "HP Photo Creations" = HP Photo Creations
    "Identity Card" = Identity Card
    "ilividmoviestoolbarhaCR" = Movies Toolbar for Chrome (Dist. by Bandoo Media, Inc.)
    "ilividmoviestoolbarhaIE" = Movies Toolbar for Internet Explorer (Dist. by Bandoo Media, Inc.)
    "InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
    "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
    "InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Gateway MyBackup
    "LManager" = Launch Manager
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
    "Sendori" = Sendori
    "SmartMusic 2011a" = SmartMusic 2011a
    "uTorrent" = µTorrent
    "Video Player" = Video Player
    "VLC media player" = VLC media player 2.0.4
    "WildTangent gateway Master Uninstall" = Gateway Games
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "Yahoo! Companion" = Yahoo! Toolbar

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-2489132201-484419006-807122641-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{856AD396-519D-4C7A-BED6-6785F64924BC}" = GreatArcadeHits

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 1/25/2014 2:35:18 PM | Computer Name = Donald-PC | Source = SendoriService | ID = 99
    Description = In the enable methodRetrieving the COM class factory for component
    with CLSID {6EEBC7FF-67DA-4B90-9251-C2C5696E4B48} failed due to the following error:
    80040154.

    Error - 1/25/2014 2:40:18 PM | Computer Name = Donald-PC | Source = SendoriService | ID = 99
    Description = In the enable methodRetrieving the COM class factory for component
    with CLSID {6EEBC7FF-67DA-4B90-9251-C2C5696E4B48} failed due to the following error:
    80040154.

    Error - 1/25/2014 2:45:18 PM | Computer Name = Donald-PC | Source = SendoriService | ID = 99
    Description = In the enable methodRetrieving the COM class factory for component
    with CLSID {6EEBC7FF-67DA-4B90-9251-C2C5696E4B48} failed due to the following error:
    80040154.

    Error - 1/25/2014 2:50:18 PM | Computer Name = Donald-PC | Source = SendoriService | ID = 99
    Description = In the enable methodRetrieving the COM class factory for component
    with CLSID {6EEBC7FF-67DA-4B90-9251-C2C5696E4B48} failed due to the following error:
    80040154.

    Error - 1/25/2014 2:55:18 PM | Computer Name = Donald-PC | Source = SendoriService | ID = 99
    Description = In the enable methodRetrieving the COM class factory for component
    with CLSID {6EEBC7FF-67DA-4B90-9251-C2C5696E4B48} failed due to the following error:
    80040154.

    Error - 1/25/2014 3:00:18 PM | Computer Name = Donald-PC | Source = SendoriService | ID = 99
    Description = In the enable methodRetrieving the COM class factory for component
    with CLSID {6EEBC7FF-67DA-4B90-9251-C2C5696E4B48} failed due to the following error:
    80040154.

    Error - 1/25/2014 3:05:18 PM | Computer Name = Donald-PC | Source = SendoriService | ID = 99
    Description = In the enable methodRetrieving the COM class factory for component
    with CLSID {6EEBC7FF-67DA-4B90-9251-C2C5696E4B48} failed due to the following error:
    80040154.

    Error - 1/25/2014 3:10:18 PM | Computer Name = Donald-PC | Source = SendoriService | ID = 99
    Description = In the enable methodRetrieving the COM class factory for component
    with CLSID {6EEBC7FF-67DA-4B90-9251-C2C5696E4B48} failed due to the following error:
    80040154.

    Error - 1/25/2014 3:15:18 PM | Computer Name = Donald-PC | Source = SendoriService | ID = 99
    Description = In the enable methodRetrieving the COM class factory for component
    with CLSID {6EEBC7FF-67DA-4B90-9251-C2C5696E4B48} failed due to the following error:
    80040154.

    [ OSession Events ]
    Error - 12/21/2013 7:50:01 PM | Computer Name = Donald-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0
    seconds with 0 seconds of active time. This session ended with a crash.


    < End of report >
     
  17. 2014/01/25
    dutch

    dutch Well-Known Member Thread Starter

    Joined:
    2002/02/19
    Messages:
    117
    Likes Received:
    1
    Computer runs 100% better but I still have the initial issue with group policy.
    Thanks,
    dutch
     
  18. 2014/01/25
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
  19. 2014/01/25
    dutch

    dutch Well-Known Member Thread Starter

    Joined:
    2002/02/19
    Messages:
    117
    Likes Received:
    1
    Sorry I thought for sure I posted it.
    Thanks again

    Just realized I didn't catch it was too long and it didn't post.



    OTL logfile created on: 1/25/2014 2:02:59 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Donald\Desktop\More Virus Scanners
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.75 Gb Total Physical Memory | 2.46 Gb Available Physical Memory | 65.72% Memory free
    7.50 Gb Paging File | 6.06 Gb Available in Paging File | 80.89% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 286.27 Gb Total Space | 226.82 Gb Free Space | 79.23% Space Free | Partition Type: NTFS

    Computer Name: DONALD-PC | User Name: Donald | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2014/01/25 12:22:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Donald\Desktop\More Virus Scanners\OTL.exe
    PRC - [2013/12/21 01:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2013/12/19 16:59:58 | 001,012,608 | ---- | M] () -- C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe
    PRC - [2013/07/01 14:28:16 | 000,196,896 | ---- | M] (Sendori, Inc.) -- C:\Program Files (x86)\Sendori\SendoriUp.exe
    PRC - [2013/07/01 14:28:16 | 000,119,072 | ---- | M] (Sendori, Inc.) -- C:\Program Files (x86)\Sendori\SendoriSvc.exe
    PRC - [2013/07/01 14:28:16 | 000,083,232 | ---- | M] (Sendori, Inc.) -- C:\Program Files (x86)\Sendori\SendoriTray.exe
    PRC - [2013/07/01 14:28:14 | 000,022,304 | ---- | M] (sendori) -- C:\Program Files (x86)\Sendori\Sendori.Service.exe
    PRC - [2011/03/08 23:00:00 | 000,856,064 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
    PRC - [2011/03/08 23:00:00 | 000,495,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
    PRC - [2010/10/12 12:56:40 | 000,979,328 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
    PRC - [2009/08/27 15:48:30 | 001,194,504 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
    PRC - [2009/08/20 19:26:00 | 000,244,480 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
    PRC - [2009/08/20 19:25:50 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
    PRC - [2009/06/04 08:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
    PRC - [2009/06/03 22:59:02 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe
    PRC - [2009/05/14 16:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
    PRC - [2009/04/16 01:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Cyberlink\PowerDVD8\PDVD8Serv.exe
    PRC - [2006/12/19 17:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe


    ========== Modules (No Company Name) ==========

    MOD - [2013/12/19 16:59:58 | 001,012,608 | ---- | M] () -- C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe
    MOD - [2013/10/20 16:35:20 | 000,160,768 | ---- | M] () -- C:\Program Files\Maximum Converter\Extension32.dll
    MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2009/06/03 22:59:14 | 000,013,096 | ---- | M] () -- c:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvcPS.dll
    MOD - [2009/06/03 22:59:02 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\Cyberlink\Power2Go\CLMediaLibrary.dll
    MOD - [2009/04/02 18:03:10 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll
    MOD - [2009/02/02 19:33:56 | 000,460,199 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\sqlite3.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - [2013/10/20 16:35:30 | 000,185,856 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Maximum Converter\ExtensionUpdaterService.exe -- (Maximum Converter Updater)
    SRV:64bit: - [2011/03/17 17:03:44 | 000,552,832 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe -- (EpsonCustomerParticipation)
    SRV:64bit: - [2009/08/05 23:30:58 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe -- (ePowerSvc)
    SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/07/03 20:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Stopped] -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe -- (Updater Service)
    SRV:64bit: - [2009/07/02 13:16:06 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV - [2013/12/21 01:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2013/07/01 14:28:16 | 000,119,072 | ---- | M] (Sendori, Inc.) [Auto | Running] -- C:\Program Files (x86)\Sendori\SendoriSvc.exe -- (Application Sendori)
    SRV - [2013/07/01 14:28:14 | 000,022,304 | ---- | M] (sendori) [Auto | Running] -- C:\Program Files (x86)\Sendori\Sendori.Service.exe -- (Service Sendori)
    SRV - [2013/07/01 14:28:12 | 003,623,200 | ---- | M] (Sendori) [Auto | Stopped] -- C:\Program Files (x86)\Sendori\sndappv2.exe -- (sndappv2)
    SRV - [2012/08/24 07:10:41 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2010/10/22 12:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
    SRV - [2009/08/20 19:25:50 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)
    SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2009/06/04 08:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe -- (Greg_Service)
    SRV - [2009/05/22 13:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe -- (GameConsoleService)
    SRV - [2009/05/14 16:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)
    SRV - [2009/04/29 14:21:18 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)
    SRV - [2006/12/19 17:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/12/13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2009/08/11 15:59:50 | 000,686,080 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
    DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/13 19:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
    DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
    DRV:64bit: - [2009/07/08 20:49:16 | 001,484,800 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
    DRV:64bit: - [2009/07/02 13:51:30 | 006,036,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
    DRV:64bit: - [2009/06/20 06:35:00 | 000,317,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
    DRV:64bit: - [2009/06/19 21:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E)
    DRV:64bit: - [2009/06/18 23:12:32 | 000,272,432 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
    DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
    DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
    DRV:64bit: - [2009/06/10 15:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2009/06/10 15:35:35 | 000,620,544 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
    DRV:64bit: - [2009/06/10 15:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
    DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/06/05 05:20:26 | 000,114,192 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
    DRV:64bit: - [2009/05/05 18:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
    DRV:64bit: - [2009/05/05 18:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
    DRV:64bit: - [2009/05/05 00:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
    DRV:64bit: - [2009/04/29 14:21:08 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)
    DRV:64bit: - [2009/04/03 08:39:58 | 000,034,872 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
    DRV:64bit: - [2009/02/13 01:24:56 | 001,485,824 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)
    DRV:64bit: - [2009/02/13 01:20:56 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL)
    DRV:64bit: - [2009/02/13 01:19:34 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)
    DRV:64bit: - [2006/06/18 09:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
    DRV - [2009/09/02 12:58:08 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR)
    DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv52_series&r=2736120995b6l0330z155a48i1t22n
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv52_series&r=2736120995b6l0330z155a48i1t22n
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv52_series&r=2736120995b6l0330z155a48i1t22n
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-21-2489132201-484419006-807122641-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
    IE - HKU\S-1-5-21-2489132201-484419006-807122641-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-21-2489132201-484419006-807122641-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-2489132201-484419006-807122641-1001\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW_enUS359
    IE - HKU\S-1-5-21-2489132201-484419006-807122641-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKU\S-1-5-21-2489132201-484419006-807122641-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-2489132201-484419006-807122641-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


    ========== FireFox ==========

    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4C1F15A7-7BBA-4a87-BFA7-7F455E8AF665}: C:\PROGRAM FILES\MAXIMUM CONVERTER\FIREFOX [2013/12/24 01:40:05 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/04/13 21:06:43 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4C1F15A7-7BBA-4a87-BFA7-7F455E8AF665}: C:\Program Files\Maximum Converter\Firefox [2013/12/24 01:40:05 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ext@VideoPlayerV3beta7395.net: C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta7395\ff
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/04/13 21:06:43 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{B21F5E31-B8E8-41CD-B74C-168A71A10E49}: C:\Users\Donald\AppData\Local\GreatArcadeHits\{B21F5E31-B8E8-41CD-B74C-168A71A10E49}\ [2013/12/24 01:38:32 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\ConsumerInput@Compete: C:\Program Files (x86)\Consumer Input\Firefox\ciff-3.2.0-12171.xpi

    [2012/12/11 19:44:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    File not found (No name found) -- C:\PROGRAM FILES (X86)\VIDEOPLAYERV3\VIDEOPLAYERV3BETA7395\FF

    ========== Chrome ==========

    CHR - default_search_provider: ()
    CHR - default_search_provider: search_url =
    CHR - default_search_provider: suggest_url =
    CHR - homepage: http://www.google.com
    CHR - Extension: No name found = C:\Users\Donald\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
    CHR - Extension: No name found = C:\Users\Donald\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
    CHR - Extension: No name found = C:\Users\Donald\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
    CHR - Extension: No name found = C:\Users\Donald\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
    CHR - Extension: No name found = C:\Users\Donald\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: No name found = C:\Users\Donald\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
    CHR - Extension: No name found = C:\Users\Donald\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmclajginlihohopoeofghddnhpplhom\1.9.0.0_0\
    CHR - Extension: No name found = C:\Users\Donald\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: No name found = C:\Users\Donald\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
    CHR - Extension: No name found = C:\Users\Donald\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
    CHR - Extension: No name found = C:\Users\Donald\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.0_0\
    CHR - Extension: No name found = C:\Users\Donald\AppData\Local\Google\Chrome\User Data\Default\Extensions\picicfdalhmohgcfkpenfgblnijmnagl\2.0.0.429_0\
    CHR - Extension: No name found = C:\Users\Donald\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2014/01/25 09:42:42 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (Torntv V6.0) - {11111111-1111-1111-1111-110411591160} - C:\Program Files (x86)\Torntv V6.0\Torntv V6.0-bho64.dll File not found
    O2:64bit: - BHO: (Maximum Converter) - {4C1F15A7-7BBA-4a87-BFA7-7F455E8AF665} - C:\Program Files\Maximum Converter\Extension64.dll ()
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O2 - BHO: (Maximum Converter) - {4C1F15A7-7BBA-4a87-BFA7-7F455E8AF665} - C:\Program Files\Maximum Converter\Extension32.dll ()
    O2 - BHO: (Highlightly) - {83F2328D-0D6A-42B4-B0C4-02A929EDD4BE} - C:\Program Files (x86)\Highlightly\IE\HighlightlyClientIE.dll File not found
    O2 - BHO: (GreatArcadeHits Add-on) - {D0C21091-FF8E-432C-9006-0540E81BA9D7} - C:\Users\Donald\AppData\Local\GreatArcadeHits\GreatArcadeHitsIE.dll (GreatArcadeHits)
    O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O3:64bit: - HKU\S-1-5-21-2489132201-484419006-807122641-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe (Acer Incorporated)
    O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)
    O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files (x86)\Video Web Camera\traybar.exe (Chicony)
    O4 - HKLM..\Run: [CLMLServer] c:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe (CyberLink)
    O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
    O4 - HKLM..\Run: [FUFAXRCV] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION)
    O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
    O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
    O4 - HKLM..\Run: [RemoteControl8] c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [Sendori Tray] C:\Program Files (x86)\Sendori\SendoriTray.exe (Sendori, Inc.)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - Startup: C:\Users\Donald\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Blitz Media Player.lnk = C:\Program Files (x86)\BlitzMediaPlayer\BlitzMediaPlayerApp.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2489132201-484419006-807122641-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2489132201-484419006-807122641-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{34A0A06F-0022-4D97-8A24-D04A0C1B7361}: DhcpNameServer = 192.32.12.29
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8E45E88F-C45F-40CD-9A7F-0BCFC34EAD72}: DhcpNameServer = 192.168.1.254
    O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2014/01/25 12:25:24 | 000,000,000 | ---D | C] -- C:\AdwCleaner
    [2014/01/25 12:22:02 | 001,037,068 | ---- | C] (Thisisu) -- C:\Users\Donald\Desktop\JRT.exe
    [2014/01/25 12:20:50 | 000,000,000 | ---D | C] -- C:\Users\Donald\Desktop\More Virus Scanners
    [2014/01/25 09:46:01 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2014/01/25 09:27:07 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2014/01/25 09:27:07 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2014/01/25 09:27:07 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2014/01/25 09:26:57 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2014/01/25 09:01:50 | 012,217,544 | ---- | C] (OPSWAT, Inc.) -- C:\Users\Donald\Desktop\AppRemover.exe
    [2014/01/25 08:52:13 | 005,175,240 | R--- | C] (Swearware) -- C:\Users\Donald\Desktop\ComboFix.exe
    [2014/01/24 21:54:06 | 000,000,000 | ---D | C] -- C:\Users\Donald\Desktop\RK_Quarantine
    [2014/01/10 09:35:09 | 000,000,000 | ---D | C] -- C:\Users\Donald\AppData\Roaming\TuneUp Software
    [2014/01/10 08:28:59 | 000,119,000 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
    [2014/01/10 08:26:25 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
    [2014/01/10 08:26:13 | 000,000,000 | ---D | C] -- C:\Users\Donald\Desktop\mbar
    [2014/01/10 06:34:48 | 000,000,000 | ---D | C] -- C:\Users\Donald\AppData\Local\MFAData
    [2014/01/10 06:34:48 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
    [2014/01/10 06:33:28 | 000,000,000 | ---D | C] -- C:\Users\Donald\Desktop\AVG 2014
    [2014/01/02 22:49:35 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys
    [2014/01/02 22:49:35 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll
    [2014/01/02 22:20:34 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
    [2014/01/02 22:17:32 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll
    [2014/01/02 22:17:32 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll
    [2014/01/02 22:17:31 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll
    [2014/01/02 22:17:31 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
    [2014/01/02 21:15:41 | 000,000,000 | ---D | C] -- C:\Users\Donald\AppData\Local\Windows Live
    [2014/01/02 21:06:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    [2014/01/02 21:04:15 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
    [2014/01/02 21:04:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
    [2014/01/02 20:34:18 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
    [2014/01/02 20:32:50 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
    [2014/01/02 20:28:37 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
    [2014/01/02 20:28:37 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
    [2014/01/02 20:28:35 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
    [2014/01/02 20:28:34 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
    [2014/01/02 20:28:34 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
    [2014/01/02 20:28:34 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
    [2014/01/02 20:28:33 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
    [2014/01/02 20:28:33 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
    [2014/01/02 20:28:32 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
    [2014/01/02 20:28:32 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
    [2014/01/02 20:28:31 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
    [2014/01/02 20:28:30 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
    [2014/01/02 20:28:27 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
    [2014/01/02 20:28:27 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
    [2014/01/02 20:28:27 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
    [2014/01/02 20:23:55 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
    [2014/01/02 20:23:55 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
    [2014/01/02 20:23:55 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
    [2014/01/02 20:23:55 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
    [2014/01/02 20:22:14 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll
    [2014/01/02 20:22:14 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll
    [2014/01/02 20:22:13 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll
    [2014/01/02 20:22:13 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe
    [2014/01/02 19:21:20 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
    [2014/01/02 19:18:36 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
    [2014/01/02 19:18:36 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
    [2014/01/02 18:56:34 | 001,942,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll
    [2014/01/02 18:56:34 | 000,048,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netfxperf.dll
    [2014/01/02 18:56:21 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll
    [2014/01/02 18:56:15 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys
    [2014/01/02 18:56:15 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll
    [2014/01/02 18:56:14 | 001,838,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
    [2014/01/02 18:56:06 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40.dll
    [2014/01/02 18:56:06 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40u.dll
    [2014/01/02 18:56:00 | 014,633,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
    [2014/01/02 18:55:58 | 000,902,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
    [2014/01/02 18:55:57 | 003,205,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mmcndmgr.dll
    [2014/01/02 18:55:56 | 000,485,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll
    [2014/01/02 18:55:55 | 004,120,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll
    [2014/01/02 18:55:55 | 000,488,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll
    [2014/01/02 18:55:55 | 000,423,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
    [2014/01/02 18:55:55 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe
    [2014/01/02 18:55:55 | 000,359,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe
    [2014/01/02 18:55:54 | 003,008,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xpsservices.dll
    [2014/01/02 18:55:53 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
    [2014/01/02 18:55:53 | 000,327,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
    [2014/01/02 18:55:52 | 001,219,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll
    [2014/01/02 18:55:51 | 002,086,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll
    [2014/01/02 18:55:51 | 000,322,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
    [2014/01/02 18:55:49 | 000,263,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\spwizui.dll
    [2014/01/02 18:55:47 | 003,207,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
    [2014/01/02 18:55:47 | 001,556,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RacEngn.dll
    [2014/01/02 18:55:47 | 001,340,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\diagperf.dll
    [2014/01/02 18:55:47 | 001,197,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskschd.dll
    [2014/01/02 18:55:46 | 001,866,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ExplorerFrame.dll
    [2014/01/02 18:55:46 | 001,753,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vssapi.dll
    [2014/01/02 18:55:45 | 003,860,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIRibbon.dll
    [2014/01/02 18:55:45 | 001,334,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CertEnroll.dll
    [2014/01/02 18:55:45 | 001,326,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\NaturalLanguage6.dll
    [2014/01/02 18:55:45 | 000,299,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mcupdate_GenuineIntel.dll
    [2014/01/02 18:55:44 | 011,410,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
    [2014/01/02 18:55:42 | 003,027,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVCORE.DLL
    [2014/01/02 18:55:41 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHost.exe
    [2014/01/02 18:55:41 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHostProxy.dll
    [2014/01/02 18:55:40 | 000,320,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHost.exe
    [2014/01/02 18:55:40 | 000,109,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHostProxy.dll
    [2014/01/02 18:55:39 | 003,957,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WinSAT.exe
    [2014/01/02 18:55:39 | 001,975,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CertEnroll.dll
    [2014/01/02 18:55:39 | 000,598,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\spinstall.exe
    [2014/01/02 18:55:39 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\spreview.exe
    [2014/01/02 18:55:39 | 000,274,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpdd.dll
    [2014/01/02 18:55:38 | 001,888,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
    [2014/01/02 18:55:37 | 002,067,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d9.dll
    [2014/01/02 18:55:36 | 001,115,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RacEngn.dll
    [2014/01/02 18:55:36 | 000,867,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFolder.dll
    [2014/01/02 18:55:35 | 005,066,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\AuthFWSnapin.dll
    [2014/01/02 18:55:35 | 005,066,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AuthFWSnapin.dll
    [2014/01/02 18:55:33 | 003,391,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dbgeng.dll
    [2014/01/02 18:55:33 | 001,632,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dwmcore.dll
    [2014/01/02 18:55:31 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ExplorerFrame.dll
    [2014/01/02 18:55:30 | 000,958,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\actxprxy.dll
    [2014/01/02 18:55:30 | 000,750,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWorkspace.dll
    [2014/01/02 18:55:28 | 001,116,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
    [2014/01/02 18:55:27 | 001,244,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imapi2fs.dll
    [2014/01/02 18:55:27 | 000,787,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
    [2014/01/02 18:55:27 | 000,695,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netlogon.dll
    [2014/01/02 18:55:26 | 001,212,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\propsys.dll
    [2014/01/02 18:55:25 | 001,900,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\setupapi.dll
    [2014/01/02 18:55:25 | 000,505,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskschd.dll
    [2014/01/02 18:55:24 | 001,927,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
    [2014/01/02 18:55:24 | 001,281,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\werconcpl.dll
    [2014/01/02 18:55:24 | 000,720,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbc32.dll
    [2014/01/02 18:55:24 | 000,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskeng.exe
    [2014/01/02 18:55:23 | 001,049,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
    [2014/01/02 18:55:23 | 001,008,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\user32.dll
    [2014/01/02 18:55:22 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certmgr.dll
    [2014/01/02 18:55:21 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scavengeui.dll
    [2014/01/02 18:55:20 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wer.dll
    [2014/01/02 18:55:20 | 000,342,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certcli.dll
    [2014/01/02 18:55:19 | 000,758,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceApi.dll
    [2014/01/02 18:55:19 | 000,457,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdrm.dll
    [2014/01/02 18:55:19 | 000,299,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsmf.dll
    [2014/01/02 18:55:19 | 000,210,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll
    [2014/01/02 18:55:18 | 001,509,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdtctm.dll
    [2014/01/02 18:55:18 | 001,371,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dwmcore.dll
    [2014/01/02 18:55:18 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shlwapi.dll
    [2014/01/02 18:55:18 | 000,295,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\framedynos.dll
    [2014/01/02 18:55:17 | 002,652,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netshell.dll
    [2014/01/02 18:55:17 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbc32.dll
    [2014/01/02 18:55:17 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmicmiplugin.dll
    [2014/01/02 18:55:17 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tcpmonui.dll
    [2014/01/02 18:55:16 | 000,658,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
    [2014/01/02 18:55:16 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comdlg32.dll
    [2014/01/02 18:55:16 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcfgx.dll
    [2014/01/02 18:55:16 | 000,390,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe
    [2014/01/02 18:55:16 | 000,343,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsm.exe
    [2014/01/02 18:55:16 | 000,297,984 | ---- | C] (Microsoft Corporation) --
     
  20. 2014/01/25
    dutch

    dutch Well-Known Member Thread Starter

    Joined:
    2002/02/19
    Messages:
    117
    Likes Received:
    1
    C:\Windows\SysNative\ws2_32.dll
    [2014/01/02 18:55:15 | 002,055,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Query.dll
    [2014/01/02 18:55:15 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\TSWorkspace.dll
    [2014/01/02 18:55:15 | 000,481,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpps.dll
    [2014/01/02 18:55:15 | 000,422,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drvstore.dll
    [2014/01/02 18:55:15 | 000,342,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apphelp.dll
    [2014/01/02 18:55:14 | 002,543,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpdshext.dll
    [2014/01/02 18:55:14 | 000,897,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\azroles.dll
    [2014/01/02 18:55:14 | 000,270,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsmf.dll
    [2014/01/02 18:55:14 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dot3api.dll
    [2014/01/02 18:55:13 | 001,098,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Vault.dll
    [2014/01/02 18:55:13 | 000,758,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\samsrv.dll
    [2014/01/02 18:55:13 | 000,345,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cmd.exe
    [2014/01/02 18:55:13 | 000,281,600 | ---- | C] (Microsoft) -- C:\Windows\SysNative\DShowRdpFilter.dll
    [2014/01/02 18:55:13 | 000,266,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\QAGENT.DLL
    [2014/01/02 18:55:12 | 002,522,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dbgeng.dll
    [2014/01/02 18:55:12 | 000,653,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lpksetup.exe
    [2014/01/02 18:55:11 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
    [2014/01/02 18:55:11 | 000,406,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcfgx.dll
    [2014/01/02 18:55:10 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
    [2014/01/02 18:55:10 | 001,190,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
    [2014/01/02 18:55:10 | 000,582,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sxs.dll
    [2014/01/02 18:55:09 | 001,808,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pnidui.dll
    [2014/01/02 18:55:09 | 000,584,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ipsmsnap.dll
    [2014/01/02 18:55:09 | 000,473,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskcomp.dll
    [2014/01/02 18:55:09 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfds.dll
    [2014/01/02 18:55:09 | 000,312,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wldap32.dll
    [2014/01/02 18:55:09 | 000,272,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mcbuilder.exe
    [2014/01/02 18:55:09 | 000,252,928 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\DShowRdpFilter.dll
    [2014/01/02 18:55:09 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\upnp.dll
    [2014/01/02 18:55:08 | 002,151,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mmcndmgr.dll
    [2014/01/02 18:55:08 | 001,158,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webservices.dll
    [2014/01/02 18:55:08 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\hgprint.dll
    [2014/01/02 18:55:07 | 000,732,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\imapi2fs.dll
    [2014/01/02 18:55:07 | 000,049,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netfxperf.dll
    [2014/01/02 18:55:06 | 001,792,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
    [2014/01/02 18:55:06 | 000,933,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sqlsrv32.dll
    [2014/01/02 18:55:06 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsta.dll
    [2014/01/02 18:55:05 | 000,403,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll
    [2014/01/02 18:55:05 | 000,345,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fveapi.dll
    [2014/01/02 18:55:05 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mcbuilder.exe
    [2014/01/02 18:55:05 | 000,183,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prncache.dll
    [2014/01/02 18:55:05 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dot3api.dll
    [2014/01/02 18:55:04 | 001,243,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMNetMgr.dll
    [2014/01/02 18:55:04 | 001,009,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mcmde.dll
    [2014/01/02 18:55:04 | 000,285,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\schtasks.exe
    [2014/01/02 18:55:03 | 001,712,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xpsservices.dll
    [2014/01/02 18:55:03 | 001,555,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certmgr.dll
    [2014/01/02 18:55:03 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlanpref.dll
    [2014/01/02 18:55:03 | 000,323,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvstore.dll
    [2014/01/02 18:55:03 | 000,263,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vpnike.dll
    [2014/01/02 18:55:03 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\userenv.dll
    [2014/01/02 18:55:02 | 000,630,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\evr.dll
    [2014/01/02 18:55:02 | 000,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\photowiz.dll
    [2014/01/02 18:55:01 | 002,262,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SyncCenter.dll
    [2014/01/02 18:55:01 | 002,072,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPEncEn.dll
    [2014/01/02 18:55:01 | 001,082,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sppobjs.dll
    [2014/01/02 18:55:01 | 001,024,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll
    [2014/01/02 18:55:01 | 000,605,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpeffects.dll
    [2014/01/02 18:55:01 | 000,412,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
    [2014/01/02 18:55:01 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cmd.exe
    [2014/01/02 18:55:01 | 000,296,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioSes.dll
    [2014/01/02 18:55:01 | 000,279,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\framedyn.dll
    [2014/01/02 18:55:00 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
    [2014/01/02 18:55:00 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll
    [2014/01/02 18:54:59 | 000,501,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WinSATAPI.dll
    [2014/01/02 18:54:59 | 000,296,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfds.dll
    [2014/01/02 18:54:59 | 000,206,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\framedynos.dll
    [2014/01/02 18:54:59 | 000,171,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fde.dll
    [2014/01/02 18:54:58 | 000,551,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localsec.dll
    [2014/01/02 18:54:58 | 000,503,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imapi2.dll
    [2014/01/02 18:54:58 | 000,324,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netdiagfx.dll
    [2014/01/02 18:54:58 | 000,298,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\bcryptprimitives.dll
    [2014/01/02 18:54:58 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\stobject.dll
    [2014/01/02 18:54:58 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\credui.dll
    [2014/01/02 18:54:58 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
    [2014/01/02 18:54:57 | 000,762,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\azroles.dll
    [2014/01/02 18:54:57 | 000,253,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tcpipcfg.dll
    [2014/01/02 18:54:57 | 000,244,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\spp.dll
    [2014/01/02 18:54:57 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\QSHVHOST.DLL
    [2014/01/02 18:54:57 | 000,166,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetpp.dll
    [2014/01/02 18:54:57 | 000,165,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netid.dll
    [2014/01/02 18:54:57 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll
    [2014/01/02 18:54:57 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\davclnt.dll
    [2014/01/02 18:54:56 | 001,050,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\printui.dll
    [2014/01/02 18:54:56 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\biocpl.dll
    [2014/01/02 18:54:56 | 000,378,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msinfo32.exe
    [2014/01/02 18:54:55 | 002,755,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\themeui.dll
    [2014/01/02 18:54:55 | 000,571,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mspbda.dll
    [2014/01/02 18:54:55 | 000,477,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PhotoScreensaver.scr
    [2014/01/02 18:54:55 | 000,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scansetting.dll
    [2014/01/02 18:54:55 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe
    [2014/01/02 18:54:54 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wusa.exe
    [2014/01/02 18:54:53 | 000,854,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dbghelp.dll
    [2014/01/02 18:54:53 | 000,625,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mscms.dll
    [2014/01/02 18:54:53 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll
    [2014/01/02 18:54:53 | 000,442,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winspool.drv
    [2014/01/02 18:54:53 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll
    [2014/01/02 18:54:53 | 000,187,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpchttp.dll
    [2014/01/02 18:54:53 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IPHLPAPI.DLL
    [2014/01/02 18:54:53 | 000,144,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\basecsp.dll
    [2014/01/02 18:54:53 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aitagent.exe
    [2014/01/02 18:54:52 | 000,934,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FirewallControlPanel.dll
    [2014/01/02 18:54:52 | 000,405,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wisptis.exe
    [2014/01/02 18:54:52 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll
    [2014/01/02 18:54:52 | 000,199,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PkgMgr.exe
    [2014/01/02 18:54:51 | 000,776,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\calc.exe
    [2014/01/02 18:54:51 | 000,488,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\evr.dll
    [2014/01/02 18:54:51 | 000,418,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sppwinob.dll
    [2014/01/02 18:54:51 | 000,335,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WinSATAPI.dll
    [2014/01/02 18:54:51 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskcomp.dll
    [2014/01/02 18:54:51 | 000,186,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ocsetup.exe
    [2014/01/02 18:54:51 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ocsetapi.dll
    [2014/01/02 18:54:50 | 000,780,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ci.dll
    [2014/01/02 18:54:50 | 000,459,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DXP.dll
    [2014/01/02 18:54:50 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\eapp3hst.dll
    [2014/01/02 18:54:49 | 002,983,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIRibbon.dll
    [2014/01/02 18:54:49 | 000,850,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mmsys.cpl
    [2014/01/02 18:54:49 | 000,778,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sqlsrv32.dll
    [2014/01/02 18:54:49 | 000,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\eapphost.dll
    [2014/01/02 18:54:49 | 000,264,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\upnp.dll
    [2014/01/02 18:54:49 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mprapi.dll
    [2014/01/02 18:54:49 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll
    [2014/01/02 18:54:49 | 000,128,000 | ---- | C] (Microsoft) -- C:\Windows\SysNative\Robocopy.exe
    [2014/01/02 18:54:49 | 000,078,720 | ---- | C] (Hewlett-Packard Company) -- C:\Windows\SysNative\drivers\HpSAMD.sys
    [2014/01/02 18:54:48 | 002,494,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netshell.dll
    [2014/01/02 18:54:48 | 001,457,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DxpTaskSync.dll
    [2014/01/02 18:54:48 | 000,263,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\hal.dll
    [2014/01/02 18:54:48 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\thumbcache.dll
    [2014/01/02 18:54:47 | 002,851,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\themeui.dll
    [2014/01/02 18:54:47 | 001,160,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSMPEG2ENC.DLL
    [2014/01/02 18:54:47 | 000,658,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PerfCenterCPL.dll
    [2014/01/02 18:54:47 | 000,429,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\puiobj.dll
    [2014/01/02 18:54:47 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scecli.dll
    [2014/01/02 18:54:47 | 000,179,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Classpnp.sys
    [2014/01/02 18:54:47 | 000,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dwmredir.dll
    [2014/01/02 18:54:47 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prncache.dll
    [2014/01/02 18:54:47 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msasn1.dll
    [2014/01/02 18:54:46 | 000,932,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\printui.dll
    [2014/01/02 18:54:46 | 000,675,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DXPTaskRingtone.dll
    [2014/01/02 18:54:46 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\onex.dll
    [2014/01/02 18:54:45 | 000,352,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpeffects.dll
    [2014/01/02 18:54:45 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\net1.exe
    [2014/01/02 18:54:45 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rpchttp.dll
    [2014/01/02 18:54:44 | 001,363,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wdc.dll
    [2014/01/02 18:54:44 | 000,406,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scesrv.dll
    [2014/01/02 18:54:44 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scansetting.dll
    [2014/01/02 18:54:43 | 001,120,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sdengin2.dll
    [2014/01/02 18:54:43 | 000,799,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msftedit.dll
    [2014/01/02 18:54:43 | 000,691,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\VAN.dll
    [2014/01/02 18:54:43 | 000,483,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\StructuredQuery.dll
    [2014/01/02 18:54:43 | 000,475,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlangpui.dll
    [2014/01/02 18:54:42 | 001,689,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcenter.dll
    [2014/01/02 18:54:42 | 000,462,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wiadefui.dll
    [2014/01/02 18:54:42 | 000,411,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlangpui.dll
    [2014/01/02 18:54:42 | 000,273,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SndVol.exe
    [2014/01/02 18:54:42 | 000,239,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dskquoui.dll
    [2014/01/02 18:54:42 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\samcli.dll
    [2014/01/02 18:54:42 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wscapi.dll
    [2014/01/02 18:54:41 | 001,750,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pnidui.dll
    [2014/01/02 18:54:41 | 000,340,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srchadmin.dll
    [2014/01/02 18:54:41 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\QSHVHOST.DLL
    [2014/01/02 18:54:41 | 000,112,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
    [2014/01/02 18:54:41 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\QUTIL.DLL
    [2014/01/02 18:54:41 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\regapi.dll
    [2014/01/02 18:54:40 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
    [2014/01/02 18:54:39 | 002,146,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SyncCenter.dll
    [2014/01/02 18:54:39 | 000,782,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webservices.dll
    [2014/01/02 18:54:39 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appwiz.cpl
    [2014/01/02 18:54:39 | 000,684,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TabletPC.cpl
    [2014/01/02 18:54:39 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rastls.dll
    [2014/01/02 18:54:39 | 000,248,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe
    [2014/01/02 18:54:39 | 000,225,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netdiagfx.dll
    [2014/01/02 18:54:39 | 000,124,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fde.dll
    [2014/01/02 18:54:39 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\setupcl.exe
    [2014/01/02 18:54:39 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe
    [2014/01/02 18:54:39 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wscapi.dll
    [2014/01/02 18:54:38 | 000,560,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll
    [2014/01/02 18:54:38 | 000,215,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netiohlp.dll
    [2014/01/02 18:54:37 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\hgcpl.dll
    [2014/01/02 18:54:37 | 000,300,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msconfig.exe
    [2014/01/02 18:54:37 | 000,166,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\basecsp.dll
    [2014/01/02 18:54:37 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mimefilt.dll
    [2014/01/02 18:54:36 | 000,830,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMPEG2ENC.DLL
    [2014/01/02 18:54:36 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AuxiliaryDisplayCpl.dll
    [2014/01/02 18:54:36 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\clusapi.dll
    [2014/01/02 18:54:36 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fdeploy.dll
    [2014/01/02 18:54:36 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsmproxy.dll
    [2014/01/02 18:54:35 | 000,633,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\riched20.dll
    [2014/01/02 18:54:35 | 000,392,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\imapi2.dll
    [2014/01/02 18:54:35 | 000,372,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mtxclu.dll
    [2014/01/02 18:54:35 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll
    [2014/01/02 18:54:34 | 000,630,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DXPTaskRingtone.dll
    [2014/01/02 18:54:34 | 000,118,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnscmmc.dll
    [2014/01/02 18:54:33 | 001,624,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPEncEn.dll
    [2014/01/02 18:54:33 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\powercpl.dll
    [2014/01/02 18:54:33 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sharemediacpl.dll
    [2014/01/02 18:54:33 | 000,199,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\onex.dll
    [2014/01/02 18:54:33 | 000,186,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\logoncli.dll
    [2014/01/02 18:54:33 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RpcRtRemote.dll
    [2014/01/02 18:54:32 | 002,250,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SensorsCpl.dll
    [2014/01/02 18:54:32 | 002,193,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\themecpl.dll
    [2014/01/02 18:54:32 | 001,077,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Narrator.exe
    [2014/01/02 18:54:32 | 000,658,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\autofmt.exe
    [2014/01/02 18:54:32 | 000,359,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\eudcedit.exe
    [2014/01/02 18:54:32 | 000,355,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Faultrep.dll
    [2014/01/02 18:54:32 | 000,188,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netjoin.dll
    [2014/01/02 18:54:32 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nci.dll
    [2014/01/02 18:54:32 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\hbaapi.dll
    [2014/01/02 18:54:31 | 000,777,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\autochk.exe
    [2014/01/02 18:54:31 | 000,668,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\autochk.exe
    [2014/01/02 18:54:31 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
    [2014/01/02 18:54:31 | 000,232,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sppcomapi.dll
    [2014/01/02 18:54:31 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msutb.dll
    [2014/01/02 18:54:31 | 000,166,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netiohlp.dll
    [2014/01/02 18:54:31 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cabview.dll
    [2014/01/02 18:54:31 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vpnikeapi.dll
    [2014/01/02 18:54:31 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\proquota.exe
    [2014/01/02 18:54:30 | 000,793,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\autoconv.exe
    [2014/01/02 18:54:30 | 000,763,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\autofmt.exe
    [2014/01/02 18:54:30 | 000,679,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\autoconv.exe
    [2014/01/02 18:54:30 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ipsmsnap.dll
    [2014/01/02 18:54:30 | 000,303,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msinfo32.exe
    [2014/01/02 18:54:30 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\regapi.dll
    [2014/01/02 18:54:30 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mimefilt.dll
    [2014/01/02 18:54:29 | 001,264,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sdclt.exe
    [2014/01/02 18:54:29 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpd_ci.dll
    [2014/01/02 18:54:29 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nshipsec.dll
    [2014/01/02 18:54:29 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\powercpl.dll
    [2014/01/02 18:54:29 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\srchadmin.dll
    [2014/01/02 18:54:29 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\eapphost.dll
    [2014/01/02 18:54:29 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\framedyn.dll
    [2014/01/02 18:54:29 | 000,181,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tcpipcfg.dll
    [2014/01/02 18:54:29 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\schtasks.exe
    [2014/01/02 18:54:29 | 000,168,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\bcdsrv.dll
    [2014/01/02 18:54:29 | 000,130,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shsetup.dll
    [2014/01/02 18:54:29 | 000,126,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\audiodg.exe
    [2014/01/02 18:54:29 | 000,116,224 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll
    [2014/01/02 18:54:27 | 000,414,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlanui.dll
    [2014/01/02 18:54:27 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msihnd.dll
    [2014/01/02 18:54:27 | 000,222,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanconn.dll
    [2014/01/02 18:54:27 | 000,171,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\scsiport.sys
    [2014/01/02 18:54:27 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prntvpt.dll
    [2014/01/02 18:54:27 | 000,155,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mscorier.dll
    [2014/01/02 18:54:27 | 000,154,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mscorier.dll
    [2014/01/02 18:54:26 | 000,933,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SmiEngine.dll
    [2014/01/02 18:54:26 | 000,905,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mmsys.cpl
    [2014/01/02 18:54:26 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontext.dll
    [2014/01/02 18:54:26 | 000,665,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\AuxiliaryDisplayCpl.dll
    [2014/01/02 18:54:26 | 000,171,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\QAGENT.DLL
    [2014/01/02 18:54:25 | 001,066,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Display.dll
    [2014/01/02 18:54:25 | 000,749,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\batmeter.dll
    [2014/01/02 18:54:25 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
    [2014/01/02 18:54:25 | 000,211,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mprddm.dll
    [2014/01/02 18:54:25 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netid.dll
    [2014/01/02 18:54:25 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidclass.sys
    [2014/01/02 18:54:24 | 001,227,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wdc.dll
    [2014/01/02 18:54:24 | 000,957,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mblctr.exe
    [2014/01/02 18:54:24 | 000,307,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scesrv.dll
    [2014/01/02 18:54:24 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpsrcwp.dll
    [2014/01/02 18:54:23 | 002,217,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\bootres.dll
    [2014/01/02 18:54:23 | 001,326,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlanpref.dll
    [2014/01/02 18:54:23 | 001,202,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DiagCpl.dll
    [2014/01/02 18:54:23 | 001,003,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMNetMgr.dll
    [2014/01/02 18:54:23 | 000,933,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Vault.dll
    [2014/01/02 18:54:23 | 000,625,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usercpl.dll
    [2014/01/02 18:54:23 | 000,372,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rastls.dll
    [2014/01/02 18:54:23 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\untfs.dll
    [2014/01/02 18:54:23 | 000,098,816 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\Robocopy.exe
    [2014/01/02 18:54:23 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nci.dll
    [2014/01/02 18:54:23 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rtutils.dll
    [2014/01/02 18:54:22 | 000,812,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpccpl.dll
    [2014/01/02 18:54:22 | 000,433,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MCEWMDRMNDBootstrap.dll
    [2014/01/02 18:54:22 | 000,250,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ksproxy.ax
    [2014/01/02 18:54:22 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSTPager.ax
    [2014/01/02 18:54:21 | 001,400,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DxpTaskSync.dll
    [2014/01/02 18:54:21 | 001,040,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Display.dll
    [2014/01/02 18:54:21 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mtxclu.dll
    [2014/01/02 18:54:21 | 000,227,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskmgr.exe
    [2014/01/02 18:54:21 | 000,225,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SndVolSSO.dll
    [2014/01/02 18:54:21 | 000,211,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rasppp.dll
    [2014/01/02 18:54:21 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dot3cfg.dll
    [2014/01/02 18:54:20 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\puiobj.dll
    [2014/01/02 18:54:20 | 000,279,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxdiagn.dll
    [2014/01/02 18:54:20 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
    [2014/01/02 18:54:20 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll
    [2014/01/02 18:54:20 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\hbaapi.dll
    [2014/01/02 18:54:20 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\userinit.exe
    [2014/01/02 18:54:19 | 000,416,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prnfldr.dll
    [2014/01/02 18:54:19 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\termmgr.dll
    [2014/01/02 18:54:19 | 000,300,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pdh.dll
    [2014/01/02 18:54:19 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\eudcedit.exe
    [2014/01/02 18:54:19 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskmgr.exe
    [2014/01/02 18:54:19 | 000,115,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WPDShServiceObj.dll
    [2014/01/02 18:54:19 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\proquota.exe
    [2014/01/02 18:54:18 | 000,403,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\untfs.dll
    [2014/01/02 18:54:18 | 000,268,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSAC3ENC.DLL
    [2014/01/02 18:54:18 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rasppp.dll
    [2014/01/02 18:54:18 | 000,155,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ataport.sys
    [2014/01/02 18:54:18 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\logoncli.dll
    [2014/01/02 18:54:18 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\shsetup.dll
    [2014/01/02 18:54:17 | 003,745,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\accessibilitycpl.dll
    [2014/01/02 18:54:17 | 000,856,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\FirewallControlPanel.dll
    [2014/01/02 18:54:17 | 000,649,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\appwiz.cpl
    [2014/01/02 18:54:17 | 000,416,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wiadefui.dll
    [2014/01/02 18:54:17 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sppcomapi.dll
    [2014/01/02 18:54:17 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cabview.dll
    [2014/01/02 18:54:17 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\userinit.exe
    [2014/01/02 18:54:16 | 002,202,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SensorsCpl.dll
    [2014/01/02 18:54:16 | 002,157,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\themecpl.dll
    [2014/01/02 18:54:15 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PhotoScreensaver.scr
    [2014/01/02 18:54:15 | 000,366,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\zipfldr.dll
    [2014/01/02 18:54:15 | 000,349,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\slui.exe
    [2014/01/02 18:54:15 | 000,335,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msieftp.dll
    [2014/01/02 18:54:15 | 000,312,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\hgcpl.dll
    [2014/01/02 18:54:15 | 000,233,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\defaultlocationcpl.dll
    [2014/01/02 18:54:15 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\FWPUCLNT.DLL
    [2014/01/02 18:54:15 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscmmc.dll
    [2014/01/02 18:54:14 | 000,769,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sud.dll
    [2014/01/02 18:54:14 | 000,175,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scecli.dll
    [2014/01/02 18:54:13 | 002,146,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\networkmap.dll
    [2014/01/02 18:54:13 | 001,065,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptui.dll
    [2014/01/02 18:54:13 | 000,828,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontext.dll
    [2014/01/02 18:54:13 | 000,508,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DeviceCenter.dll
    [2014/01/02 18:54:13 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\localsec.dll
    [2014/01/02 18:54:13 | 000,268,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mprddm.dll
    [2014/01/02 18:54:13 | 000,221,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OnLineIDCpl.dll
    [2014/01/02 18:54:13 | 000,080,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mscories.dll
    [2014/01/02 18:54:12 | 000,780,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ActionCenter.dll
    [2014/01/02 18:54:12 | 000,600,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PerfCenterCPL.dll
    [2014/01/02 18:54:12 | 000,600,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\usercpl.dll
    [2014/01/02 18:54:12 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
    [2014/01/02 18:54:12 | 000,410,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlanui.dll
    [2014/01/02 18:54:12 | 000,373,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\intl.cpl
    [2014/01/02 18:54:12 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskbarcpl.dll
    [2014/01/02 18:54:12 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SndVolSSO.dll
    [2014/01/02 18:54:12 | 000,172,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\twext.dll
    [2014/01/02 18:54:11 | 001,644,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcenter.dll
    [2014/01/02 18:54:11 | 000,898,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OobeFldr.dll
    [2014/01/02 18:54:11 | 000,740,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\batmeter.dll
    [2014/01/02 18:54:11 | 000,638,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VAN.dll
    [2014/01/02 18:54:11 | 000,346,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\bcdedit.exe
    [2014/01/02 18:54:11 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SndVol.exe
    [2014/01/02 18:54:11 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\uxlib.dll
    [2014/01/02 18:54:11 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\recovery.dll
    [2014/01/02 18:54:11 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prntvpt.dll
    [2014/01/02 18:54:10 | 000,701,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dsuiext.dll
    [2014/01/02 18:54:10 | 000,472,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\azroleui.dll
    [2014/01/02 18:54:10 | 000,345,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MediaMetadataHandler.dll
    [2014/01/02 18:54:10 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cca.dll
    [2014/01/02 18:54:10 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\isoburn.exe
    [2014/01/02 18:54:10 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\w32tm.exe
    [2014/01/02 18:54:09 | 003,727,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\accessibilitycpl.dll
    [2014/01/02 18:54:09 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sdcpl.dll
    [2014/01/02 18:54:09 | 000,721,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\bthprops.cpl
    [2014/01/02 18:54:09 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\spwizeng.dll
    [2014/01/02 18:54:09 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\azroleui.dll
    [2014/01/02 18:54:09 | 000,304,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\efscore.dll
    [2014/01/02 18:54:09 | 000,238,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\recdisc.exe
    [2014/01/02 18:54:09 | 000,200,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\syncui.dll
    [2014/01/02 18:54:09 | 000,196,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\VBICodec.ax
    [2014/01/02 18:54:09 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fdeploy.dll
    [2014/01/02 18:54:09 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tzutil.exe
    [2014/01/02 18:54:09 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sisbkup.dll
    [2014/01/02 18:54:08 | 001,003,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptui.dll
    [2014/01/02 18:54:08 | 000,516,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\main.cpl
    [2014/01/02 18:54:08 | 000,460,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certcli.dll
    [2014/01/02 18:54:08 | 000,451,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shwebsvc.dll
    [2014/01/02 18:54:08 | 000,419,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\systemcpl.dll
    [2014/01/02 18:54:08 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSAC3ENC.DLL
    [2014/01/02 18:54:08 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netplwiz.dll
    [2014/01/02 18:54:08 | 000,186,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adsldp.dll
    [2014/01/02 18:54:08 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netjoin.dll
    [2014/01/02 18:54:08 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\autoplay.dll
    [2014/01/02 18:54:08 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\httpapi.dll
    [2014/01/02 18:54:07 | 002,130,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\networkmap.dll
    [2014/01/02 18:54:07 | 000,549,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ActionCenterCPL.dll
    [2014/01/02 18:54:07 | 000,414,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlanmsm.dll
    [2014/01/02 18:54:07 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Faultrep.dll
    [2014/01/02 18:54:07 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wusa.exe
    [2014/01/02 18:54:07 | 000,312,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MCEWMDRMNDBootstrap.dll
    [2014/01/02 18:54:07 | 000,207,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sysclass.dll
    [2014/01/02 18:54:07 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AuxiliaryDisplayServices.dll
    [2014/01/02 18:54:07 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncryptui.dll
    [2014/01/02 18:54:06 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\spwizeng.dll
    [2014/01/02 18:54:06 | 000,395,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prnfldr.dll
    [2014/01/02 18:54:06 | 000,240,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MFPlay.dll
    [2014/01/02 18:54:06 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\OnLineIDCpl.dll
    [2014/01/02 18:54:06 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ksxbar.ax
    [2014/01/02 18:54:05 | 000,755,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sud.dll
    [2014/01/02 18:54:05 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ActionCenter.dll
    [2014/01/02 18:54:05 | 000,474,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sysmon.ocx
    [2014/01/02 18:54:05 | 000,421,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\termmgr.dll
    [2014/01/02 18:54:05 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msieftp.dll
    [2014/01/02 18:54:05 | 000,295,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\photowiz.dll
    [2014/01/02 18:54:05 | 000,266,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MediaMetadataHandler.dll
    [2014/01/02 18:54:05 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vdsutil.dll
    [2014/01/02 18:54:04 | 000,641,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscp.dll
    [2014/01/02 18:54:04 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sysmon.ocx
    [2014/01/02 18:54:04 | 000,279,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sethc.exe
    [2014/01/02 18:54:04 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iprtrmgr.dll
    [2014/01/02 18:54:04 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\defaultlocationcpl.dll
    [2014/01/02 18:54:03 | 000,692,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\bthprops.cpl
    [2014/01/02 18:54:03 | 000,446,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sqlcese30.dll
    [2014/01/02 18:54:03 | 000,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\shwebsvc.dll
    [2014/01/02 18:54:03 | 000,345,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\intl.cpl
    [2014/01/02 18:54:03 | 000,313,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ReAgent.dll
    [2014/01/02 18:54:03 | 000,281,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iprtrmgr.dll
    [2014/01/02 18:54:03 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SmartcardCredentialProvider.dll
    [2014/01/02 18:54:03 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ifsutil.dll
    [2014/01/02 18:54:03 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntlanman.dll
    [2014/01/02 18:54:03 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dot3cfg.dll
    [2014/01/02 18:54:03 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpd3d.dll
    [2014/01/02 18:54:03 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll
    [2014/01/02 18:54:03 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ftp.exe
    [2014/01/02 18:54:03 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sisbkup.dll
    [2014/01/02 18:54:02 | 000,537,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ActionCenterCPL.dll
    [2014/01/02 18:54:02 | 000,333,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ssText3d.scr
    [2014/01/02 18:54:02 | 000,321,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\unimdm.tsp
    [2014/01/02 18:54:02 | 000,282,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iTVData.dll
    [2014/01/02 18:54:02 | 000,205,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\efscore.dll
    [2014/01/02 18:54:02 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UserAccountControlSettings.dll
    [2014/01/02 18:54:01 | 000,781,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmdrmsdk.dll
    [2014/01/02 18:54:01 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpmde.dll
    [2014/01/02 18:54:01 | 000,495,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drmmgrtn.dll
    [2014/01/02 18:54:01 | 000,484,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DeviceCenter.dll
    [2014/01/02 18:54:01 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dskquoui.dll
    [2014/01/02 18:54:01 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\syncui.dll
    [2014/01/02 18:54:01 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\autoplay.dll
    [2014/01/02 18:54:01 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srvcli.dll
    [2014/01/02 18:54:01 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSTPager.ax
    [2014/01/02 18:54:01 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\slwga.dll
    [2014/01/02 18:54:00 | 000,859,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\OobeFldr.dll
    [2014/01/02 18:54:00 | 000,344,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntprint.dll
    [2014/01/02 18:54:00 | 000,255,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wavemsp.dll
    [2014/01/02 18:54:00 | 000,225,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DevicePairingFolder.dll
    [2014/01/02 18:54:00 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\NAPHLPR.DLL
    [2014/01/02 18:54:00 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nslookup.exe
    [2014/01/02 18:53:59 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\blackbox.dll
    [2014/01/02 18:53:59 | 000,656,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nshwfp.dll
    [2014/01/02 18:53:59 | 000,410,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\systemcpl.dll
    [2014/01/02 18:53:59 | 000,297,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntprint.dll
    [2014/01/02 18:53:59 | 000,270,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srrstr.dll
    [2014/01/02 18:53:59 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sethc.exe
    [2014/01/02 18:53:59 | 000,175,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\bcdboot.exe
    [2014/01/02 18:53:59 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\powercfg.cpl
    [2014/01/02 18:53:59 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
    [2014/01/02 18:53:59 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\acppage.dll
    [2014/01/02 18:53:58 | 001,672,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\networkexplorer.dll
    [2014/01/02 18:53:58 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpx.dll
    [2014/01/02 18:53:58 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\activeds.dll
    [2014/01/02 18:53:58 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ksproxy.ax
    [2014/01/02 18:53:58 | 000,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpsrcwp.dll
    [2014/01/02 18:53:58 | 000,175,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netplwiz.dll
    [2014/01/02 18:53:58 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\NAPHLPR.DLL
    [2014/01/02 18:53:58 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sppnp.dll
    [2014/01/02 18:53:58 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\migisol.dll
    [2014/01/02 18:53:58 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll
    [2014/01/02 18:53:57 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfrgui.exe
    [2014/01/02 18:53:57 | 000,346,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nshipsec.dll
    [2014/01/02 18:53:57 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\remotepg.dll
    [2014/01/02 18:53:57 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kstvtune.ax
    [2014/01/02 18:53:57 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cabinet.dll
    [2014/01/02 18:53:57 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\isoburn.exe
    [2014/01/02 18:53:57 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wkscli.dll
    [2014/01/02 18:53:57 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\httpapi.dll
    [2014/01/02 18:53:56 | 000,592,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msftedit.dll
    [2014/01/02 18:53:56 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlanmsm.dll
    [2014/01/02 18:53:56 | 000,358,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpdxm.dll
    [2014/01/02 18:53:56 | 000,333,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dot3ui.dll
    [2014/01/02 18:53:56 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ReAgent.dll
    [2014/01/02 18:53:56 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wavemsp.dll
    [2014/01/02 18:53:56 | 000,217,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WinSCard.dll
    [2014/01/02 18:53:56 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll
    [2014/01/02 18:53:56 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\net1.exe
    [2014/01/02 18:53:56 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wsnmp32.dll
    [2014/01/02 18:53:56 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ftp.exe
    [2014/01/02 18:53:55 | 000,840,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\blackbox.dll
    [2014/01/02 18:53:55 | 000,685,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dsuiext.dll
    [2014/01/02 18:53:55 | 000,636,416 | ---- | C] (Microsoft Corporation) --
     
  21. 2014/01/25
    dutch

    dutch Well-Known Member Thread Starter

    Joined:
    2002/02/19
    Messages:
    117
    Likes Received:
    1
    C:\Windows\SysNative\wmdrmdev.dll
    [2014/01/02 18:53:55 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wvc.dll
    [2014/01/02 18:53:55 | 000,586,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfrgui.exe
    [2014/01/02 18:53:55 | 000,444,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wvc.dll
    [2014/01/02 18:53:55 | 000,406,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wimgapi.dll
    [2014/01/02 18:53:55 | 000,293,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wsqmcons.exe
    [2014/01/02 18:53:55 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll
    [2014/01/02 18:53:55 | 000,197,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ocsetup.exe
    [2014/01/02 18:53:55 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tzutil.exe
    [2014/01/02 18:53:55 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WerFaultSecure.exe
    [2014/01/02 18:53:54 | 000,281,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\unimdm.tsp
    [2014/01/02 18:53:54 | 000,258,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
    [2014/01/02 18:53:54 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PkgMgr.exe
    [2014/01/02 18:53:54 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstask.dll
    [2014/01/02 18:53:54 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\twext.dll
    [2014/01/02 18:53:54 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mapistub.dll
    [2014/01/02 18:53:54 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mapi32.dll
    [2014/01/02 18:53:53 | 001,911,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OpcServices.dll
    [2014/01/02 18:53:53 | 000,899,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Bubbles.scr
    [2014/01/02 18:53:53 | 000,497,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\main.cpl
    [2014/01/02 18:53:53 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qasf.dll
    [2014/01/02 18:53:53 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qcap.dll
    [2014/01/02 18:53:53 | 000,113,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setupugc.exe
    [2014/01/02 18:53:53 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\unimdmat.dll
    [2014/01/02 18:53:53 | 000,051,200 | ---- | C] (Twain Working Group) -- C:\Windows\twain_32.dll
    [2014/01/02 18:53:53 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iscsium.dll
    [2014/01/02 18:53:53 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe
    [2014/01/02 18:53:52 | 000,363,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\diskraid.exe
    [2014/01/02 18:53:52 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ifsutil.dll
    [2014/01/02 18:53:52 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\uxlib.dll
    [2014/01/02 18:53:52 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\slwga.dll
    [2014/01/02 18:53:51 | 000,616,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmdrmsdk.dll
    [2014/01/02 18:53:51 | 000,293,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ssText3d.scr
    [2014/01/02 18:53:51 | 000,242,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Mystify.scr
    [2014/01/02 18:53:51 | 000,241,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Ribbons.scr
    [2014/01/02 18:53:51 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvfw32.dll
    [2014/01/02 18:53:51 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nslookup.exe
    [2014/01/02 18:53:51 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mciavi32.dll
    [2014/01/02 18:53:51 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\muifontsetup.dll
    [2014/01/02 18:53:50 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscp.dll
    [2014/01/02 18:53:50 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsAnytimeUpgradeResults.exe
    [2014/01/02 18:53:50 | 000,230,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\clusapi.dll
    [2014/01/02 18:53:50 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpencom.dll
    [2014/01/02 18:53:50 | 000,211,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DevicePairingFolder.dll
    [2014/01/02 18:53:50 | 000,172,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\perfmon.exe
    [2014/01/02 18:53:50 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpshell.dll
    [2014/01/02 18:53:50 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AzSqlExt.dll
    [2014/01/02 18:53:49 | 001,087,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dbghelp.dll
    [2014/01/02 18:53:49 | 000,623,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FXSAPI.dll
    [2014/01/02 18:53:49 | 000,327,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wimserv.exe
    [2014/01/02 18:53:49 | 000,318,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\raschap.dll
    [2014/01/02 18:53:49 | 000,276,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\diskraid.exe
    [2014/01/02 18:53:49 | 000,254,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qasf.dll
    [2014/01/02 18:53:49 | 000,213,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ActionQueue.dll
    [2014/01/02 18:53:49 | 000,186,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpencom.dll
    [2014/01/02 18:53:49 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\perfmon.exe
    [2014/01/02 18:53:49 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\remotepg.dll
    [2014/01/02 18:53:49 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tlscsp.dll
    [2014/01/02 18:53:49 | 000,071,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\bfsvc.exe
    [2014/01/02 18:53:49 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\umb.dll
    [2014/01/02 18:53:49 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\runonce.exe
    [2014/01/02 18:53:49 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\NAPCRYPT.DLL
    [2014/01/02 18:53:49 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\acppage.dll
    [2014/01/02 18:53:49 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netutils.dll
    [2014/01/02 18:53:48 | 001,232,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMADMOD.DLL
    [2014/01/02 18:53:48 | 000,402,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drmmgrtn.dll
    [2014/01/02 18:53:48 | 000,337,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\raschap.dll
    [2014/01/02 18:53:48 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpdwcn.dll
    [2014/01/02 18:53:48 | 000,202,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\input.dll
    [2014/01/02 18:53:48 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wiavideo.dll
    [2014/01/02 18:53:48 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\QUTIL.DLL
    [2014/01/02 18:53:48 | 000,046,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\NAPCRYPT.DLL
    [2014/01/02 18:53:48 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\syssetup.dll
    [2014/01/02 18:53:47 | 001,111,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\onexui.dll
    [2014/01/02 18:53:47 | 000,666,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVSDECD.DLL
    [2014/01/02 18:53:47 | 000,299,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpdxm.dll
    [2014/01/02 18:53:47 | 000,238,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstask.dll
    [2014/01/02 18:53:47 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iTVData.dll
    [2014/01/02 18:53:47 | 000,198,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wpdwcn.dll
    [2014/01/02 18:53:47 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vdsbas.dll
    [2014/01/02 18:53:47 | 000,174,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ocsetapi.dll
    [2014/01/02 18:53:47 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vdsbas.dll
    [2014/01/02 18:53:47 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MdSched.exe
    [2014/01/02 18:53:47 | 000,133,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Kswdmcap.ax
    [2014/01/02 18:53:47 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UserAccountControlSettings.dll
    [2014/01/02 18:53:47 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\runonce.exe
    [2014/01/02 18:53:47 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PrintIsolationProxy.dll
    [2014/01/02 18:53:47 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vpnikeapi.dll
    [2014/01/02 18:53:46 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nltest.exe
    [2014/01/02 18:53:46 | 000,232,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\bitsadmin.exe
    [2014/01/02 18:53:46 | 000,210,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxdiagn.dll
    [2014/01/02 18:53:46 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rmcast.sys
    [2014/01/02 18:53:46 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\logagent.exe
    [2014/01/02 18:53:45 | 000,527,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmdrmnet.dll
    [2014/01/02 18:53:45 | 000,507,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmdrmdev.dll
    [2014/01/02 18:53:45 | 000,431,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WPDSp.dll
    [2014/01/02 18:53:45 | 000,242,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\eapp3hst.dll
    [2014/01/02 18:53:45 | 000,186,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\bitsadmin.exe
    [2014/01/02 18:53:45 | 000,181,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qcap.dll
    [2014/01/02 18:53:45 | 000,176,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFPlay.dll
    [2014/01/02 18:53:45 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shacct.dll
    [2014/01/02 18:53:45 | 000,124,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\QSVRMGMT.DLL
    [2014/01/02 18:53:45 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll
    [2014/01/02 18:53:45 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\shacct.dll
    [2014/01/02 18:53:45 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpshell.dll
    [2014/01/02 18:53:45 | 000,104,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\logman.exe
    [2014/01/02 18:53:45 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tabcal.exe
    [2014/01/02 18:53:45 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vss_ps.dll
    [2014/01/02 18:53:45 | 000,046,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cscapi.dll
    [2014/01/02 18:53:45 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\lsmproxy.dll
    [2014/01/02 18:53:44 | 000,978,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMSPDMOD.DLL
    [2014/01/02 18:53:44 | 000,878,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Bubbles.scr
    [2014/01/02 18:53:44 | 000,325,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msnetobj.dll
    [2014/01/02 18:53:44 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sqlcese30.dll
    [2014/01/02 18:53:44 | 000,250,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdv.dll
    [2014/01/02 18:53:44 | 000,224,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceSyncProvider.dll
    [2014/01/02 18:53:44 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mprapi.dll
    [2014/01/02 18:53:44 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll
    [2014/01/02 18:53:44 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll
    [2014/01/02 18:53:44 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\unimdmat.dll
    [2014/01/02 18:53:44 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpd3d.dll
    [2014/01/02 18:53:44 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iscsium.dll
    [2014/01/02 18:53:43 | 001,160,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\OpcServices.dll
    [2014/01/02 18:53:43 | 000,435,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceStatus.dll
    [2014/01/02 18:53:43 | 000,427,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PortableDeviceStatus.dll
    [2014/01/02 18:53:43 | 000,350,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WPDSp.dll
    [2014/01/02 18:53:43 | 000,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dot3ui.dll
    [2014/01/02 18:53:43 | 000,236,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pdh.dll
    [2014/01/02 18:53:43 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Ribbons.scr
    [2014/01/02 18:53:43 | 000,183,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PortableDeviceSyncProvider.dll
    [2014/01/02 18:53:43 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\powercfg.cpl
    [2014/01/02 18:53:43 | 000,130,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\desk.cpl
    [2014/01/02 18:53:43 | 000,121,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fphc.dll
    [2014/01/02 18:53:43 | 000,099,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\QSVRMGMT.DLL
    [2014/01/02 18:53:43 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\kstvtune.ax
    [2014/01/02 18:53:43 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\logman.exe
    [2014/01/02 18:53:43 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\spbcd.dll
    [2014/01/02 18:53:43 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\olethk32.dll
    [2014/01/02 18:53:43 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncryptui.dll
    [2014/01/02 18:53:42 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMADMOD.DLL
    [2014/01/02 18:53:42 | 000,392,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
    [2014/01/02 18:53:42 | 000,318,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
    [2014/01/02 18:53:42 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Mystify.scr
    [2014/01/02 18:53:42 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\amstream.dll
    [2014/01/02 18:53:42 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mapistub.dll
    [2014/01/02 18:53:42 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\takeown.exe
    [2014/01/02 18:53:42 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PnPUnattend.exe
    [2014/01/02 18:53:42 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\utildll.dll
    [2014/01/02 18:53:41 | 001,148,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IMJP10.IME
    [2014/01/02 18:53:41 | 000,541,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVSDECD.DLL
    [2014/01/02 18:53:41 | 000,153,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VBICodec.ax
    [2014/01/02 18:53:41 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EhStorAPI.dll
    [2014/01/02 18:53:41 | 000,115,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dot3msm.dll
    [2014/01/02 18:53:41 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wiavideo.dll
    [2014/01/02 18:53:41 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Kswdmcap.ax
    [2014/01/02 18:53:41 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fphc.dll
    [2014/01/02 18:53:41 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\avifil32.dll
    [2014/01/02 18:53:41 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\takeown.exe
    [2014/01/02 18:53:41 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\HotStartUserAgent.dll
    [2014/01/02 18:53:40 | 000,436,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmdrmnet.dll
    [2014/01/02 18:53:40 | 000,283,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdv.dll
    [2014/01/02 18:53:40 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cmstp.exe
    [2014/01/02 18:53:40 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\QCLIPROV.DLL
    [2014/01/02 18:53:40 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\djoin.exe
    [2014/01/02 18:53:40 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shimgvw.dll
    [2014/01/02 18:53:40 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nrpsrv.dll
    [2014/01/02 18:53:39 | 000,265,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msnetobj.dll
    [2014/01/02 18:53:39 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sppinst.dll
    [2014/01/02 18:53:39 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\QCLIPROV.DLL
    [2014/01/02 18:53:39 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CertPolEng.dll
    [2014/01/02 18:53:39 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cca.dll
    [2014/01/02 18:53:39 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WavDest.dll
    [2014/01/02 18:53:38 | 000,739,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMSPDMOD.DLL
    [2014/01/02 18:53:38 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setupcln.dll
    [2014/01/02 18:53:38 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cmstp.exe
    [2014/01/02 18:53:38 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fdProxy.dll
    [2014/01/02 18:53:38 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MuiUnattend.exe
    [2014/01/02 18:53:38 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vfwwdm32.dll
    [2014/01/02 18:53:38 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wsnmp32.dll
    [2014/01/02 18:53:38 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MultiDigiMon.exe
    [2014/01/02 18:53:38 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pdhui.dll
    [2014/01/02 18:53:37 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\itircl.dll
    [2014/01/02 18:53:37 | 000,176,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msorcl32.dll
    [2014/01/02 18:53:37 | 000,166,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\diskpart.exe
    [2014/01/02 18:53:37 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iscsicli.exe
    [2014/01/02 18:53:37 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iscsicli.exe
    [2014/01/02 18:53:37 | 000,143,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mydocs.dll
    [2014/01/02 18:53:37 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\desk.cpl
    [2014/01/02 18:53:37 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mobsync.exe
    [2014/01/02 18:53:37 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\spbcd.dll
    [2014/01/02 18:53:37 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\g711codc.ax
    [2014/01/02 18:53:37 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wkscli.dll
    [2014/01/02 18:53:37 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbisurf.ax
    [2014/01/02 18:53:37 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\relog.exe
    [2014/01/02 18:53:37 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\relog.exe
    [2014/01/02 18:53:37 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\AzSqlExt.dll
    [2014/01/02 18:53:37 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netiougc.exe
    [2014/01/02 18:53:37 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\BWUnpairElevated.dll
    [2014/01/02 18:53:37 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sscore.dll
    [2014/01/02 18:53:36 | 000,306,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe
    [2014/01/02 18:53:36 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
    [2014/01/02 18:53:36 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\itircl.dll
    [2014/01/02 18:53:36 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mydocs.dll
    [2014/01/02 18:53:36 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\diskpart.exe
    [2014/01/02 18:53:36 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dot3msm.dll
    [2014/01/02 18:53:36 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
    [2014/01/02 18:53:36 | 000,071,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\resutils.dll
    [2014/01/02 18:53:36 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\amstream.dll
    [2014/01/02 18:53:36 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rastapi.dll
    [2014/01/02 18:53:36 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdmo.dll
    [2014/01/02 18:53:36 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netbtugc.exe
    [2014/01/02 18:53:35 | 001,027,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IMJP10.IME
    [2014/01/02 18:53:35 | 000,434,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FXSTIFF.dll
    [2014/01/02 18:53:35 | 000,278,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
    [2014/01/02 18:53:35 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpps.dll
    [2014/01/02 18:53:35 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\eappgnui.dll
    [2014/01/02 18:53:35 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\eappgnui.dll
    [2014/01/02 18:53:35 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
    [2014/01/02 18:53:35 | 000,071,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\findstr.exe
    [2014/01/02 18:53:35 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CertPolEng.dll
    [2014/01/02 18:53:35 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ksxbar.ax
    [2014/01/02 18:53:35 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mciqtz32.dll
    [2014/01/02 18:53:35 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\choice.exe
    [2014/01/02 18:53:35 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe
    [2014/01/02 18:53:35 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WerFaultSecure.exe
    [2014/01/02 18:53:35 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ReAgentc.exe
    [2014/01/02 18:53:35 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\syssetup.dll
    [2014/01/02 18:53:34 | 001,080,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\onexui.dll
    [2014/01/02 18:53:34 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
    [2014/01/02 18:53:34 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sppc.dll
    [2014/01/02 18:53:34 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mobsync.exe
    [2014/01/02 18:53:34 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tlscsp.dll
    [2014/01/02 18:53:34 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\findstr.exe
    [2014/01/02 18:53:34 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\luainstall.dll
    [2014/01/02 18:53:34 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mciqtz32.dll
    [2014/01/02 18:53:34 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\schedcli.dll
    [2014/01/02 18:53:33 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RDPENCDD.dll
    [2014/01/02 18:53:33 | 000,121,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sppc.dll
    [2014/01/02 18:53:33 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll
    [2014/01/02 18:53:33 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\manage-bde.exe
    [2014/01/02 18:53:33 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetmib1.dll
    [2014/01/02 18:53:33 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\repair-bde.exe
    [2014/01/02 18:53:33 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\luainstall.dll
    [2014/01/02 18:53:33 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wdiasqmmodule.dll
    [2014/01/02 18:53:33 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\shimgvw.dll
    [2014/01/02 18:53:33 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\unlodctr.exe
    [2014/01/02 18:53:33 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msdmo.dll
    [2014/01/02 18:53:33 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\spopk.dll
    [2014/01/02 18:53:33 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\spopk.dll
    [2014/01/02 18:53:33 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\muifontsetup.dll
    [2014/01/02 18:53:32 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbcconf.dll
    [2014/01/02 18:53:32 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetmib1.dll
    [2014/01/02 18:53:32 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\g711codc.ax
    [2014/01/02 18:53:32 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FXSMON.dll
    [2014/01/02 18:53:32 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbcconf.dll
    [2014/01/02 18:53:32 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vbisurf.ax
    [2014/01/02 18:53:32 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elsTrans.dll
    [2014/01/02 18:53:32 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdprefdrvapi.dll
    [2014/01/02 18:53:32 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fixmapi.exe
    [2014/01/02 18:53:31 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIRibbonRes.dll
    [2014/01/02 18:53:31 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIRibbonRes.dll
    [2014/01/02 18:53:31 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dsauth.dll
    [2014/01/02 18:53:31 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wups.dll
    [2014/01/02 18:53:31 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\LogonUI.exe
    [2014/01/02 18:53:31 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\tdi.sys
    [2014/01/02 18:53:31 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TRAPI.dll
    [2014/01/02 18:53:31 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\perfts.dll
    [2014/01/02 18:53:30 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\napdsnap.dll
    [2014/01/02 18:53:30 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cscdll.dll
    [2014/01/02 18:53:30 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdprefdrvapi.dll
    [2014/01/02 18:53:30 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elsTrans.dll
    [2014/01/02 18:53:30 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\TRAPI.dll
    [2014/01/02 18:53:30 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FXSUNATD.exe
    [2014/01/02 18:53:29 | 000,457,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imkr80.ime
    [2014/01/02 18:53:29 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\napdsnap.dll
    [2014/01/02 18:53:29 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbrpm.sys
    [2014/01/02 18:53:29 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dsauth.dll
    [2014/01/02 18:53:29 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\bitsperf.dll
    [2014/01/02 18:53:29 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\bitsperf.dll
    [2014/01/02 18:53:29 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\schedcli.dll
    [2014/01/02 18:53:28 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\imkr80.ime
    [2014/01/02 18:53:28 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shgina.dll
    [2014/01/02 18:53:28 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wsdchngr.dll
    [2014/01/02 18:53:28 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wsdchngr.dll
    [2014/01/02 18:53:28 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\shgina.dll
    [2014/01/02 18:53:28 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sscore.dll
    [2014/01/02 18:53:28 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\riched32.dll
    [2014/01/02 18:53:27 | 000,032,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\USBCAMD2.sys
    [2014/01/02 18:53:26 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wshirda.dll
    [2014/01/02 18:53:25 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wshirda.dll
    [2014/01/02 18:53:25 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\riched32.dll
    [2014/01/02 18:53:25 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcfgex.dll
    [2014/01/02 18:53:24 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\C_ISCII.DLL
    [2014/01/02 18:53:24 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\spwmp.dll
    [2014/01/02 18:53:24 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\spwmp.dll
    [2014/01/02 18:53:23 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shunimpl.dll
    [2014/01/02 18:53:23 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\C_ISCII.DLL
    [2014/01/02 18:53:23 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDTUF.DLL
    [2014/01/02 18:53:23 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDTUF.DLL
    [2014/01/02 18:53:23 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdxm.ocx
    [2014/01/02 18:53:23 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxmasf.dll
    [2014/01/02 18:53:23 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msdxm.ocx
    [2014/01/02 18:53:23 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxmasf.dll
    [2014/01/02 18:53:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-ums-l1-1-0.dll
    [2014/01/02 18:53:22 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
    [2014/01/02 18:53:22 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
    [2014/01/02 18:53:22 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDTUQ.DLL
    [2014/01/02 18:53:22 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDSG.DLL
    [2014/01/02 18:53:22 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kbdlk41a.dll
    [2014/01/02 18:53:22 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDGKL.DLL
    [2014/01/02 18:53:22 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDTUQ.DLL
    [2014/01/02 18:53:22 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDSG.DLL
    [2014/01/02 18:53:22 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDSF.DLL
    [2014/01/02 18:53:22 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDPO.DLL
    [2014/01/02 18:53:22 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDNEPR.DLL
    [2014/01/02 18:53:22 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\kbdlk41a.dll
    [2014/01/02 18:53:22 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDINTAM.DLL
    [2014/01/02 18:53:22 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDINBEN.DLL
    [2014/01/02 18:53:22 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDGR1.DLL
    [2014/01/02 18:53:22 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDGR1.DLL
    [2014/01/02 18:53:22 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDGKL.DLL
    [2014/01/02 18:53:21 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDCZ1.DLL
    [2014/01/02 18:53:21 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDCZ1.DLL
    [2014/01/02 18:53:21 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDUS.DLL
    [2014/01/02 18:53:21 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDUGHR1.DLL
    [2014/01/02 18:53:21 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDTURME.DLL
    [2014/01/02 18:53:21 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDTAJIK.DLL
    [2014/01/02 18:53:21 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDSF.DLL
    [2014/01/02 18:53:21 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDPO.DLL
    [2014/01/02 18:53:21 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDNEPR.DLL
    [2014/01/02 18:53:21 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDMON.DLL
    [2014/01/02 18:53:21 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDMAORI.DLL
    [2014/01/02 18:53:21 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDLT1.DLL
    [2014/01/02 18:53:21 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDINTEL.DLL
    [2014/01/02 18:53:21 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDINTAM.DLL
    [2014/01/02 18:53:21 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDINORI.DLL
    [2014/01/02 18:53:21 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDINMAR.DLL
    [2014/01/02 18:53:21 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDINKAN.DLL
    [2014/01/02 18:53:21 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDINHIN.DLL
    [2014/01/02 18:53:21 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDINBEN.DLL
    [2014/01/02 18:53:21 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDBULG.DLL
    [2014/01/02 18:53:21 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDBLR.DLL
    [2014/01/02 18:53:21 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDBASH.DLL
    [2014/01/02 18:53:21 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDUS.DLL
    [2014/01/02 18:53:21 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDUGHR1.DLL
    [2014/01/02 18:53:21 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDTURME.DLL
    [2014/01/02 18:53:21 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDTAJIK.DLL
    [2014/01/02 18:53:21 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDMON.DLL
    [2014/01/02 18:53:21 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDMAORI.DLL
    [2014/01/02 18:53:21 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDLT1.DLL
    [2014/01/02 18:53:21 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDINTEL.DLL
    [2014/01/02 18:53:21 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDGEO.DLL
    [2014/01/02 18:53:21 | 000,006,656 | ---- | C] (Microsoft Corporation) --
     

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.