+ All Categories
Home > Documents > TRLOG

TRLOG

Date post: 13-Jul-2015
Category:

Documents
Upload: sunni-lalkaar
View: 25 times
Download: 0 times
Download Report this document
Share this document with a friend
Popular Tags:
c nocrashserver c
key value
startup c
atboottime c
sunjavaupdatesched value
msc value data
apnupdater value data
avgnt value data

of 177

Download
Transcript

***** NORMAL SCAN FOR ACTIVE MALWARE ***** Trojan Remover Ver 6.7.6.2565. For information, email [email protected] [Unregistered version] Scan started at: 8:55:28 PM 04 Dec 2011 Using Database v7291 Operating System: Windows 7 Ultimate [Build: 6.1.7600] File System: NTFS User Account Control is DISABLED. UserData directory: C:\Users\PAKISTAN\AppData\Roaming\Simply Super Software\Troj an Remover\ Database directory: C:\Program Files\Trojan Remover\ Logfile directory: C:\Users\PAKISTAN\Documents\Simply Super Software\Trojan Rem over Logfiles\ Program directory: C:\Program Files\Trojan Remover\ Running with Administrator privileges ************************************************************ The following Anti-Malware program(s) are loaded: Avira AntiVir ************************************************************ ************************************************************ 8:55:29 PM: ----- SCANNING FOR ROOTKIT SERVICES ----No hidden Services were detected. ************************************************************ 8:55:30 PM: Scanning -----WINDOWS REGISTRY-----------------------Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon -------------------Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon This key's "Shell" value calls the following program(s): Key value: [explorer.exe] File: explorer.exe C:\Windows\explorer.exe 2613248 bytes Created: 7/14/2009 4:41 AM Modified: 7/14/2009 6:14 AM Company: Microsoft Corporation ---------This key's "Userinit" value calls the following program(s): Key value: [C:\Windows\system32\userinit.exe,] File: C:\Windows\system32\userinit.exe C:\Windows\system32\userinit.exe 26112 bytes Created: 7/14/2009 4:34 AM Modified: 7/14/2009 6:14 AM Company: Microsoft Corporation ----------------------------Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows -------------------Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Value Name: load -------------------Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Value Name: USB Antivirus Value Data: C:\Program Files\USB Disk Security\USBGuard.exe

C:\Program Files\USB Disk Security\USBGuard.exe 798720 bytes Created: 10/14/2011 8:59 AM Modified: 3/27/2008 11:35 AM Company: http://www.zbshareware.com -------------------Value Name: QuickTime Task Value Data: "C:\Program Files\QuickTime\QTTask.exe" -atboottime C:\Program Files\QuickTime\QTTask.exe 421888 bytes Created: 7/5/2011 6:36 PM Modified: 7/5/2011 6:36 PM Company: Apple Inc. -------------------Value Name: SunJavaUpdateSched Value Data: "C:\Program Files\Common Files\Java\Java Update\jusched.exe" C:\Program Files\Common Files\Java\Java Update\jusched.exe 254696 bytes Created: 6/9/2011 1:06 PM Modified: 6/9/2011 1:06 PM Company: Sun Microsystems, Inc. -------------------Value Name: MSC Value Data: "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runk ey c:\Program Files\Microsoft Security Client\msseces.exe 997920 bytes Created: 6/15/2011 3:16 PM Modified: 6/15/2011 3:16 PM Company: Microsoft Corporation -------------------Value Name: Corel Graphics Suite 1117 Value Data: C:\Program Files\Corel\Corel Graphics 11\Register\registration.exe / title="Corel Graphics Suite 11" /date=112611 serial=DR11CRD-0012082-DGW C:\Program Files\Corel\Corel Graphics 11\Register\registration.exe [file not fou nd to scan] -------------------Value Name: Value Data: Blank entry: [] -------------------Value Name: ApnUpdater Value Data: "C:\Program Files\Ask.com\Updater\Updater.exe" C:\Program Files\Ask.com\Updater\Updater.exe 901800 bytes Created: 11/21/2011 2:18 AM Modified: 11/21/2011 2:18 AM Company: {StringFileInfo_CompanyName} -------------------Value Name: avgnt Value Data: "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min C:\Program Files\Avira\AntiVir Desktop\avgnt.exe 258512 bytes Created: 12/31/2011 8:57 AM Modified: 10/11/2011 3:00 PM Company: Avira Operations GmbH & Co. KG -------------------Value Name: IMMON Value Data: "C:\Program Files\IM Magician\Vicamon.exe" C:\Program Files\IM Magician\Vicamon.exe

143360 bytes Created: 1/1/2012 11:16 AM Modified: 5/7/2009 10:58 AM Company: Vimisoft Studio --------------------------------------Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce This Registry Key appears to be empty -------------------Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run Value Name: Facebook Update Value Data: "C:\Users\PAKISTAN\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver C:\Users\PAKISTAN\AppData\Local\Facebook\Update\FacebookUpdate.exe 137536 bytes Created: 10/21/2011 4:48 PM Modified: 10/21/2011 4:48 PM Company: Facebook Inc. -------------------Value Name: DownloadAccelerator Value Data: "C:\Program Files\DAP\DAP.EXE" /STARTUP C:\Program Files\DAP\DAP.EXE 2975920 bytes Created: 10/14/2011 8:58 AM Modified: 10/29/2011 6:30 AM Company: SpeedBit Ltd. -------------------Value Name: Mobile Partner Value Data: "C:\Program Files\Broadband\Broadband.exe" C:\Program Files\Broadband\Broadband.exe 536576 bytes Created: 12/23/2011 6:20 AM Modified: 12/23/2011 6:20 AM Company: TODO: --------------------------------------Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce This Registry Key appears to be empty ************************************************************ 8:55:33 PM: Scanning -----SHELLEXECUTEHOOKS----ShellExecuteHooks key is empty ************************************************************ 8:55:33 PM: Scanning -----HIDDEN REGISTRY ENTRIES----Taskdir check completed ---------No Hidden File-loading Registry Entries found ---------************************************************************ 8:55:34 PM: Scanning -----ACTIVE SCREENSAVER----ScreenSaver: C:\Windows\system32\scrnsave.scr C:\Windows\system32\scrnsave.scr 10240 bytes Created: 7/14/2009 4:41 AM Modified: 7/14/2009 6:14 AM Company: Microsoft Corporation --------------------

************************************************************ 8:55:34 PM: Scanning ----- REGISTRY ACTIVE SETUP KEYS ----Key: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} Path: "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",Bran dIEActiveSetup SIGNUP C:\Windows\System32\rundll32.exe 44544 bytes Created: 7/14/2009 4:41 AM Modified: 7/14/2009 6:14 AM Company: Microsoft Corporation ---------************************************************************ 8:55:41 PM: Scanning ----- SERVICEDLL REGISTRY KEYS ----Key: AppIDSvc Path: %SystemRoot%\System32\appidsvc.dll C:\Windows\System32\appidsvc.dll 27648 bytes Created: 7/14/2009 4:36 AM Modified: 7/14/2009 6:14 AM Company: Microsoft Corporation -------------------Key: AxInstSV Path: %SystemRoot%\System32\AxInstSV.dll C:\Windows\System32\AxInstSV.dll 88064 bytes Created: 7/14/2009 4:33 AM Modified: 7/14/2009 6:14 AM Company: Microsoft Corporation -------------------Key: BDESVC Path: %SystemRoot%\System32\bdesvc.dll C:\Windows\System32\bdesvc.dll 76800 bytes Created: 7/14/2009 4:12 AM Modified: 7/14/2009 6:14 AM Company: Microsoft Corporation -------------------Key: bthserv Path: %SystemRoot%\system32\bthserv.dll C:\Windows\system32\bthserv.dll 64512 bytes Created: 7/14/2009 4:51 AM Modified: 7/14/2009 6:15 AM Company: Microsoft Corporation -------------------Key: defragsvc Path: %Systemroot%\System32\defragsvc.dll C:\Windows\System32\defragsvc.dll 218624 bytes Created: 7/14/2009 4:23 AM Modified: 7/14/2009 6:15 AM Company: Microsoft Corporation -------------------Key: Dhcp Path: %SystemRoot%\system32\dhcpcore.dll C:\Windows\system32\dhcpcore.dll 253440 bytes Created: 7/14/2009 4:12 AM Modified: 7/14/2009 6:15 AM

Company: Microsoft Corporation -------------------Key: FontCache Path: %SystemRoot%\system32\FntCache.dll C:\Windows\system32\FntCache.dll 797696 bytes Created: 7/14/2009 4:25 AM Modified: 7/14/2009 6:15 AM Company: Microsoft Corporation -------------------Key: HomeGroupListener Path: %SystemRoot%\system32\ListSvc.dll C:\Windows\system32\ListSvc.dll 194560 bytes Created: 7/14/2009 4:39 AM Modified: 7/14/2009 6:15 AM Company: Microsoft Corporation -------------------Key: HomeGroupProvider Path: %SystemRoot%\system32\provsvc.dll C:\Windows\system32\provsvc.dll 165376 bytes Created: 7/14/2009 4:39 AM Modified: 7/14/2009 6:16 AM Company: Microsoft Corporation -------------------Key: p2pimsvc Path: %SystemRoot%\system32\pnrpsvc.dll C:\Windows\system32\pnrpsvc.dll 269824 bytes Created: 7/14/2009 4:56 AM Modified: 7/14/2009 6:16 AM Company: Microsoft Corporation -------------------Key: PeerDistSvc Path: %SystemRoot%\system32\peerdistsvc.dll C:\Windows\system32\peerdistsvc.dll 1004544 bytes Created: 7/14/2009 4:56 AM Modified: 7/14/2009 6:16 AM Company: Microsoft Corporation -------------------Key: PNRPAutoReg Path: %SystemRoot%\system32\pnrpauto.dll C:\Windows\system32\pnrpauto.dll 20480 bytes Created: 7/14/2009 4:56 AM Modified: 7/14/2009 6:16 AM Company: Microsoft Corporation -------------------Key: PNRPsvc Path: %SystemRoot%\system32\pnrpsvc.dll C:\Windows\system32\pnrpsvc.dll 269824 bytes Created: 7/14/2009 4:56 AM Modified: 7/14/2009 6:16 AM Company: Microsoft Corporation -------------------Key: Power Path: %SystemRoot%\system32\umpo.dll

C:\Windows\system32\umpo.dll 119808 bytes Created: 7/14/2009 4:16 AM Modified: 7/14/2009 6:16 AM Company: Microsoft Corporation -------------------Key: RpcEptMapper Path: %SystemRoot%\System32\RpcEpMap.dll C:\Windows\System32\RpcEpMap.dll 43520 bytes Created: 7/14/2009 4:12 AM Modified: 7/14/2009 6:16 AM Company: Microsoft Corporation -------------------Key: SensrSvc Path: %SystemRoot%\system32\sensrsvc.dll C:\Windows\system32\sensrsvc.dll 25088 bytes Created: 7/14/2009 4:45 AM Modified: 7/14/2009 6:16 AM Company: Microsoft Corporation -------------------Key: sppuinotify Path: %SystemRoot%\system32\sppuinotify.dll C:\Windows\system32\sppuinotify.dll 53760 bytes Created: 7/14/2009 4:36 AM Modified: 7/14/2009 6:16 AM Company: Microsoft Corporation -------------------Key: Themes Path: %SystemRoot%\system32\themeservice.dll C:\Windows\system32\themeservice.dll 37376 bytes Created: 7/14/2009 4:39 AM Modified: 7/14/2009 6:16 AM Company: Microsoft Corporation -------------------Key: WbioSrvc Path: %SystemRoot%\System32\wbiosrvc.dll C:\Windows\System32\wbiosrvc.dll 151552 bytes Created: 7/14/2009 4:37 AM Modified: 7/14/2009 6:16 AM Company: Microsoft Corporation -------------------Key: WwanSvc Path: %SystemRoot%\System32\wwansvc.dll C:\Windows\System32\wwansvc.dll 185856 bytes Created: 7/14/2009 4:56 AM Modified: 7/14/2009 6:16 AM Company: Microsoft Corporation -------------------************************************************************ 8:56:01 PM: Scanning ----- SERVICES REGISTRY KEYS ----Key: 1394ohci ImagePath: \SystemRoot\system32\DRIVERS\1394ohci.sys C:\Windows\system32\DRIVERS\1394ohci.sys

163328 bytes Created: 7/14/2009 4:52 AM Modified: 7/14/2009 4:52 AM Company: Microsoft Corporation ---------Key: AcpiPmi ImagePath: \SystemRoot\system32\DRIVERS\acpipmi.sys C:\Windows\system32\DRIVERS\acpipmi.sys 9728 bytes Created: 7/14/2009 4:16 AM Modified: 7/14/2009 4:16 AM Company: Microsoft Corporation ---------Key: ALCXWDM ImagePath: system32\drivers\RTKVAC.SYS C:\Windows\system32\drivers\RTKVAC.SYS 4172832 bytes Created: 6/18/2009 7:45 PM Modified: 6/18/2009 7:45 PM Company: Realtek Semiconductor Corp. ---------Key: AmdPPM ImagePath: \SystemRoot\system32\DRIVERS\amdppm.sys C:\Windows\system32\DRIVERS\amdppm.sys 52736 bytes Created: 7/14/2009 4:11 AM Modified: 7/14/2009 4:11 AM Company: Microsoft Corporation ---------Key: amdsata ImagePath: \SystemRoot\system32\DRIVERS\amdsata.sys C:\Windows\system32\DRIVERS\amdsata.sys 79952 bytes Created: 6/11/2009 2:19 AM Modified: 7/14/2009 6:26 AM Company: Advanced Micro Devices ---------Key: amdsbs ImagePath: \SystemRoot\system32\DRIVERS\amdsbs.sys C:\Windows\system32\DRIVERS\amdsbs.sys 159312 bytes Created: 6/11/2009 2:20 AM Modified: 7/14/2009 6:26 AM Company: AMD Technologies Inc. ---------Key: amdxata ImagePath: system32\DRIVERS\amdxata.sys C:\Windows\system32\DRIVERS\amdxata.sys 23616 bytes Created: 7/14/2009 3:09 AM Modified: 7/14/2009 6:26 AM Company: Advanced Micro Devices ---------Key: AntiVirSchedulerService ImagePath: "C:\Program Files\Avira\AntiVir Desktop\sched.exe" C:\Program Files\Avira\AntiVir Desktop\sched.exe 86224 bytes Created: 12/31/2011 8:57 AM Modified: 10/11/2011 3:00 PM Company: Avira Operations GmbH & Co. KG

---------Key: AntiVirService ImagePath: "C:\Program Files\Avira\AntiVir Desktop\avguard.exe" C:\Program Files\Avira\AntiVir Desktop\avguard.exe 110032 bytes Created: 12/31/2011 8:57 AM Modified: 10/11/2011 3:00 PM Company: Avira Operations GmbH & Co. KG ---------Key: AntiVirWebService ImagePath: "C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE" C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE 463824 bytes Created: 12/31/2011 8:57 AM Modified: 10/11/2011 3:00 PM Company: Avira Operations GmbH & Co. KG ---------Key: AppID ImagePath: \SystemRoot\system32\drivers\appid.sys C:\Windows\system32\drivers\appid.sys 50176 bytes Created: 7/14/2009 4:36 AM Modified: 7/14/2009 4:36 AM Company: Microsoft Corporation ---------Key: avgntflt ImagePath: system32\DRIVERS\avgntflt.sys C:\Windows\system32\DRIVERS\avgntflt.sys 74640 bytes Created: 12/31/2011 8:57 AM Modified: 10/11/2011 3:00 PM Company: Avira GmbH ---------Key: avipbb ImagePath: system32\DRIVERS\avipbb.sys C:\Windows\system32\DRIVERS\avipbb.sys 134856 bytes Created: 12/31/2011 8:57 AM Modified: 1/1/2012 9:00 AM Company: Avira GmbH ---------Key: avkmgr ImagePath: system32\DRIVERS\avkmgr.sys C:\Windows\system32\DRIVERS\avkmgr.sys 36000 bytes Created: 12/31/2011 8:57 AM Modified: 10/11/2011 3:00 PM Company: Avira GmbH ---------Key: awhfxjhi ImagePath: \??\C:\Windows\system32\drivers\awhfxjhi.sys C:\Windows\system32\drivers\awhfxjhi.sys [file not found to scan] ---------Key: b06bdrv ImagePath: \SystemRoot\system32\DRIVERS\bxvbdx.sys C:\Windows\system32\DRIVERS\bxvbdx.sys 430080 bytes Created: 6/11/2009 2:17 AM Modified: 7/14/2009 3:02 AM Company: Broadcom Corporation

---------Key: b57nd60x ImagePath: system32\DRIVERS\b57nd60x.sys C:\Windows\system32\DRIVERS\b57nd60x.sys 229888 bytes Created: 7/14/2009 3:02 AM Modified: 7/14/2009 3:02 AM Company: Broadcom Corporation ---------Key: blbdrive ImagePath: system32\DRIVERS\blbdrive.sys C:\Windows\system32\DRIVERS\blbdrive.sys 35328 bytes Created: 7/14/2009 4:23 AM Modified: 7/14/2009 4:23 AM Company: Microsoft Corporation ---------Key: CmBatt ImagePath: \SystemRoot\system32\DRIVERS\CmBatt.sys C:\Windows\system32\DRIVERS\CmBatt.sys 14080 bytes Created: 7/14/2009 4:19 AM Modified: 7/14/2009 4:19 AM Company: Microsoft Corporation ---------Key: CNG ImagePath: System32\Drivers\cng.sys C:\Windows\System32\Drivers\cng.sys 369568 bytes Created: 7/14/2009 4:32 AM Modified: 7/14/2009 6:17 AM Company: Microsoft Corporation ---------Key: CompositeBus ImagePath: system32\DRIVERS\CompositeBus.sys C:\Windows\system32\DRIVERS\CompositeBus.sys 31232 bytes Created: 7/14/2009 4:45 AM Modified: 7/14/2009 4:45 AM Company: Microsoft Corporation ---------Key: crcdisk ImagePath: \SystemRoot\system32\DRIVERS\crcdisk.sys C:\Windows\system32\DRIVERS\crcdisk.sys 22096 bytes Created: 7/14/2009 4:46 AM Modified: 7/14/2009 6:20 AM Company: Microsoft Corporation ---------Key: discache ImagePath: System32\drivers\discache.sys C:\Windows\System32\drivers\discache.sys 32256 bytes Created: 7/14/2009 4:24 AM Modified: 7/14/2009 4:24 AM Company: Microsoft Corporation ---------Key: djjxwasc ImagePath: \??\C:\Windows\system32\drivers\djjxwasc.sys C:\Windows\system32\drivers\djjxwasc.sys [file not found to scan]

---------Key: ebdrv ImagePath: \SystemRoot\system32\DRIVERS\evbdx.sys C:\Windows\system32\DRIVERS\evbdx.sys 3100160 bytes Created: 6/11/2009 2:17 AM Modified: 7/14/2009 3:02 AM Company: Broadcom Corporation ---------Key: exvcfxgw ImagePath: \??\C:\Windows\system32\drivers\exvcfxgw.sys C:\Windows\system32\drivers\exvcfxgw.sys [file not found to scan] ---------Key: flpydisk ImagePath: \SystemRoot\system32\DRIVERS\flpydisk.sys C:\Windows\system32\DRIVERS\flpydisk.sys 19968 bytes Created: 7/14/2009 4:45 AM Modified: 7/14/2009 4:45 AM Company: Microsoft Corporation ---------Key: FsDepends ImagePath: System32\drivers\FsDepends.sys C:\Windows\System32\drivers\FsDepends.sys 46160 bytes Created: 7/14/2009 4:15 AM Modified: 7/14/2009 6:20 AM Company: Microsoft Corporation ---------Key: gupdate ImagePath: C:\Program Files\Google\Update\GoogleUpdate.exe /svc C:\Program Files\Google\Update\GoogleUpdate.exe 136176 bytes Created: 11/8/2011 11:43 AM Modified: 11/8/2011 11:43 AM Company: Google Inc. ---------Key: gupdatem ImagePath: C:\Program Files\Google\Update\GoogleUpdate.exe /medsvc C:\Program Files\Google\Update\GoogleUpdate.exe 136176 bytes Created: 11/8/2011 11:43 AM Modified: 11/8/2011 11:43 AM Company: Google Inc. ---------Key: hcw85cir ImagePath: \SystemRoot\system32\drivers\hcw85cir.sys C:\Windows\system32\drivers\hcw85cir.sys 26624 bytes Created: 7/14/2009 3:54 AM Modified: 7/14/2009 3:54 AM Company: Hauppauge Computer Works, Inc. ---------Key: HidBatt ImagePath: \SystemRoot\system32\DRIVERS\HidBatt.sys C:\Windows\system32\DRIVERS\HidBatt.sys 21504 bytes Created: 7/14/2009 4:19 AM Modified: 7/14/2009 4:19 AM Company: Microsoft Corporation

---------Key: HpSAMD ImagePath: \SystemRoot\system32\DRIVERS\HpSAMD.sys C:\Windows\system32\DRIVERS\HpSAMD.sys 67152 bytes Created: 7/14/2009 3:09 AM Modified: 7/14/2009 6:20 AM Company: Hewlett-Packard Company ---------Key: hwdatacard ImagePath: system32\DRIVERS\ewusbmdm.sys C:\Windows\system32\DRIVERS\ewusbmdm.sys 102912 bytes Created: 12/23/2011 6:21 AM Modified: 9/10/2009 3:31 PM Company: Huawei Technologies Co., Ltd. ---------Key: hwpolicy ImagePath: System32\drivers\hwpolicy.sys C:\Windows\System32\drivers\hwpolicy.sys 13904 bytes Created: 7/14/2009 4:11 AM Modified: 7/14/2009 6:20 AM Company: Microsoft Corporation ---------Key: hwusbdev ImagePath: system32\DRIVERS\ewusbdev.sys C:\Windows\system32\DRIVERS\ewusbdev.sys 101120 bytes Created: 12/23/2011 6:21 AM Modified: 10/12/2009 3:22 PM Company: Huawei Technologies Co., Ltd. ---------Key: intelppm ImagePath: \SystemRoot\system32\DRIVERS\intelppm.sys C:\Windows\system32\DRIVERS\intelppm.sys 53760 bytes Created: 7/14/2009 4:11 AM Modified: 7/14/2009 4:11 AM Company: Microsoft Corporation ---------Key: iScsiPrt ImagePath: \SystemRoot\system32\DRIVERS\msiscsi.sys C:\Windows\system32\DRIVERS\msiscsi.sys 186960 bytes Created: 7/14/2009 4:46 AM Modified: 7/14/2009 6:20 AM Company: Microsoft Corporation ---------Key: kbdhid ImagePath: \SystemRoot\system32\DRIVERS\kbdhid.sys C:\Windows\system32\DRIVERS\kbdhid.sys 28160 bytes Created: 7/14/2009 4:45 AM Modified: 7/14/2009 4:45 AM Company: Microsoft Corporation ---------Key: KSecPkg ImagePath: System32\Drivers\ksecpkg.sys C:\Windows\System32\Drivers\ksecpkg.sys

133200 bytes Created: 7/14/2009 4:34 AM Modified: 7/14/2009 6:20 AM Company: Microsoft Corporation ---------Key: LSI_FC ImagePath: \SystemRoot\system32\DRIVERS\lsi_fc.sys C:\Windows\system32\DRIVERS\lsi_fc.sys 95824 bytes Created: 7/14/2009 3:09 AM Modified: 7/14/2009 6:20 AM Company: LSI Corporation ---------Key: LSI_SAS ImagePath: \SystemRoot\system32\DRIVERS\lsi_sas.sys C:\Windows\system32\DRIVERS\lsi_sas.sys 89168 bytes Created: 7/14/2009 3:09 AM Modified: 7/14/2009 6:20 AM Company: LSI Corporation ---------Key: LSI_SAS2 ImagePath: \SystemRoot\system32\DRIVERS\lsi_sas2.sys C:\Windows\system32\DRIVERS\lsi_sas2.sys 54864 bytes Created: 7/14/2009 3:09 AM Modified: 7/14/2009 6:20 AM Company: LSI Corporation ---------Key: LSI_SCSI ImagePath: \SystemRoot\system32\DRIVERS\lsi_scsi.sys C:\Windows\system32\DRIVERS\lsi_scsi.sys 96848 bytes Created: 7/14/2009 3:09 AM Modified: 7/14/2009 6:20 AM Company: LSI Corporation ---------Key: MpFilter ImagePath: system32\DRIVERS\MpFilter.sys C:\Windows\system32\DRIVERS\MpFilter.sys 165648 bytes Created: 4/18/2011 1:18 PM Modified: 4/18/2011 1:18 PM Company: Microsoft Corporation ---------Key: MpKsl175ac0df ImagePath: \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates \{5CE904C5-2D9B-420D-A218-479DDDAF1220}\MpKsl175ac0df.sys c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5CE904C5-2D9B -420D-A218-479DDDAF1220}\MpKsl175ac0df.sys [file not found to scan] ---------Key: MpKsl19b7cb5c ImagePath: \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates \{63FC53AE-0C80-4781-A0F2-D285951B5C1C}\MpKsl19b7cb5c.sys c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{63FC53AE-0C80 -4781-A0F2-D285951B5C1C}\MpKsl19b7cb5c.sys [file not found to scan] ---------Key: MpKsl292c9fc4 ImagePath: \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates \{C2E8B41D-8A3B-440A-94E5-ADC0E3405A30}\MpKsl292c9fc4.sys

c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C2E8B41D-8A3B -440A-94E5-ADC0E3405A30}\MpKsl292c9fc4.sys [file not found to scan] ---------Key: MpKsl2ed2d473 ImagePath: \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates \{FEDAB18A-7B52-47C7-8216-D8E2B3F38CB6}\MpKsl2ed2d473.sys c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FEDAB18A-7B52 -47C7-8216-D8E2B3F38CB6}\MpKsl2ed2d473.sys [file not found to scan] ---------Key: MpKsl41b47353 ImagePath: \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates \{4E6B76EC-3692-4C80-A00B-FB2A4A817156}\MpKsl41b47353.sys c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4E6B76EC-3692 -4C80-A00B-FB2A4A817156}\MpKsl41b47353.sys [file not found to scan] ---------Key: MpKsl42564376 ImagePath: \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates \{A1890F5B-444C-4721-85E5-2D8B0E3D7118}\MpKsl42564376.sys c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A1890F5B-444C -4721-85E5-2D8B0E3D7118}\MpKsl42564376.sys [file not found to scan] ---------Key: MpKsl43dec7fa ImagePath: \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates \{0BA28B78-A5AB-4621-AB03-331336B8C789}\MpKsl43dec7fa.sys c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0BA28B78-A5AB -4621-AB03-331336B8C789}\MpKsl43dec7fa.sys [file not found to scan] ---------Key: MpKsl4827cce2 ImagePath: \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates \{FA200FC3-0ACF-4696-B54F-C617A393F3F2}\MpKsl4827cce2.sys c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FA200FC3-0ACF -4696-B54F-C617A393F3F2}\MpKsl4827cce2.sys [file not found to scan] ---------Key: MpKsl4af71ab5 ImagePath: \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates \{125D1778-DD71-426D-9BB3-F65A9923CA17}\MpKsl4af71ab5.sys c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{125D1778-DD71 -426D-9BB3-F65A9923CA17}\MpKsl4af71ab5.sys [file not found to scan] ---------Key: MpKsl5ac8e01c ImagePath: \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates \{EC9E497F-B5E8-44D0-B086-3AF9A4221A07}\MpKsl5ac8e01c.sys c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EC9E497F-B5E8 -44D0-B086-3AF9A4221A07}\MpKsl5ac8e01c.sys [file not found to scan] ---------Key: MpKsl5cc2f1c0 ImagePath: \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates \{5CE904C5-2D9B-420D-A218-479DDDAF1220}\MpKsl5cc2f1c0.sys c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5CE904C5-2D9B -420D-A218-479DDDAF1220}\MpKsl5cc2f1c0.sys [file not found to scan] ---------Key: MpKsl611ac31f ImagePath: \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates \{E4A015ED-FE16-4385-96B4-862985D2FFFC}\MpKsl611ac31f.sys c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E4A015ED-FE16 -4385-96B4-862985D2FFFC}\MpKsl611ac31f.sys [file not found to scan] ---------Key: MpKsl65972984 ImagePath: \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates \{89274BDA-1166-4961-AA83-49BE6A9B35DC}\MpKsl65972984.sys

c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{89274BDA-1166 -4961-AA83-49BE6A9B35DC}\MpKsl65972984.sys [file not found to scan] ---------Key: MpKsl6780b090 ImagePath: \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates \{E7D97244-3332-48C5-AEEF-555B63449487}\MpKsl6780b090.sys c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E7D97244-3332 -48C5-AEEF-555B63449487}\MpKsl6780b090.sys [file not found to scan] ---------Key: MpKsl6ce2c32c ImagePath: \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates \{F04B1274-39FA-497F-96A1-1113653CD37C}\MpKsl6ce2c32c.sys c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F04B1274-39FA -497F-96A1-1113653CD37C}\MpKsl6ce2c32c.sys [file not found to scan] ---------Key: MpKsl6d167de1 ImagePath: \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates \{FA6905F5-3F3B-402C-9EA0-26F7537EB4E3}\MpKsl6d167de1.sys c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FA6905F5-3F3B -402C-9EA0-26F7537EB4E3}\MpKsl6d167de1.sys [file not found to scan] ---------Key: MpKsl6ddfbb59 ImagePath: \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates \{FB066597-4A54-40D8-8EFE-5AC154F5D4A7}\MpKsl6ddfbb59.sys c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FB066597-4A54 -40D8-8EFE-5AC154F5D4A7}\MpKsl6ddfbb59.sys [file not found to scan] ---------Key: MpKsl6e9cc13c ImagePath: \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates \{5ADD0A21-979F-4C7F-A9B5-479DBC12613F}\MpKsl6e9cc13c.sys c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5ADD0A21-979F -4C7F-A9B5-479DBC12613F}\MpKsl6e9cc13c.sys [file not found to scan] ---------Key: MpKsl732c6e5b ImagePath: \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates \{E6FFDF5F-3F32-4295-A28B-415DB46AD9BA}\MpKsl732c6e5b.sys c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E6FFDF5F-3F32 -4295-A28B-415DB46AD9BA}\MpKsl732c6e5b.sys [file not found to scan] ---------Key: MpKsl77164ad8 ImagePath: \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates \{AE29A31E-1183-4CB2-9700-B161DDDB0700}\MpKsl77164ad8.sys c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AE29A31E-1183 -4CB2-9700-B161DDDB0700}\MpKsl77164ad8.sys [file not found to scan] ---------Key: MpKsl7a7ef606 ImagePath: \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates \{F9F948D5-68FF-4642-8AE8-44F93EDF9F61}\MpKsl7a7ef606.sys c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F9F948D5-68FF -4642-8AE8-44F93EDF9F61}\MpKsl7a7ef606.sys [file not found to scan] ---------Key: MpKsl7e18e2f1 ImagePath: \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates \{FEDAB18A-7B52-47C7-8216-D8E2B3F38CB6}\MpKsl7e18e2f1.sys c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FEDAB18A-7B52 -47C7-8216-D8E2B3F38CB6}\MpKsl7e18e2f1.sys [file not found to scan] ---------Key: MpKsl7ef1c63a ImagePath: \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates \{4E6B76EC-3692-4C80-A00B-FB2A4A817156}\MpKsl7ef1c63a.sys

c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4E6B76EC-3692 -4C80-A00B-FB2A4A817156}\MpKsl7ef1c63a.sys [file not found to scan] ---------Key: MpKsl835cd987 ImagePath: \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates \{E6FFDF5F-3F32-4295-A28B-415DB46AD9BA}\MpKsl835cd987.sys c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E6FFDF5F-3F32 -4295-A28B-415DB46AD9BA}\MpKsl835cd987.sys [file not found to scan] ---------Key: MpKsl86faea71 ImagePath: \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates \{1801E2FC-6C49-4AB0-B29A-D5513E9AB219}\MpKsl86faea71.sys c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1801E2FC-6C49 -4AB0-B29A-D5513E9AB219}\MpKsl86faea71.sys [file not found to scan] ---------Key: MpKsl887ded04 ImagePath: \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates \{4E6B76EC-3692-4C80-A00B-FB2A4A817156}\MpKsl887ded04.sys c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4E6B76EC-3692 -4C80-A00B-FB2A4A817156}\MpKsl887ded04.sys [file not found to scan] ---------Key: MpKsl96f50f1a ImagePath: \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates \{FA200FC3-0ACF-4696-B54F-C617A393F3F2}\MpKsl96f50f1a.sys c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FA200FC3-0ACF -4696-B54F-C617A393F3F2}\MpKsl96f50f1a.sys [file not found to scan] ---------Key: MpKsl9834e373 ImagePath: \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates \{0BA28B78-A5AB-4621-AB03-331336B8C789}\MpKsl9834e373.sys c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0BA28B78-A5AB -4621-AB03-331336B8C789}\MpKsl9834e373.sys [file not found to scan] ---------Key: MpKsl9b9925f7 ImagePath: \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates \{87A2B06F-AEDB-4DC3-9E40-01F765CF0574}\MpKsl9b9925f7.sys c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{87A2B06F-AEDB -4DC3-9E40-01F765CF0574}\MpKsl9b9925f7.sys [file not found to scan] ---------Key: MpKsla40f86f2 ImagePath: \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates \{D93F9AEA-0FB3-43DE-BC08-4D52ADDC31C3}\MpKsla40f86f2.sys c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D93F9AEA-0FB3 -43DE-BC08-4D52ADDC31C3}\MpKsla40f86f2.sys [file not found to scan] ---------Key: MpKsla4270d7e ImagePath: \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates \{A8F1F9E2-A163-4A96-986C-DBB1BEFCFB45}\MpKsla4270d7e.sys c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A8F1F9E2-A163 -4A96-986C-DBB1BEFCFB45}\MpKsla4270d7e.sys [file not found to scan] ---------Key: MpKsla90dfa44 ImagePath: \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates \{F04B1274-39FA-497F-96A1-1113653CD37C}\MpKsla90dfa44.sys c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F04B1274-39FA -497F-96A1-1113653CD37C}\MpKsla90dfa44.sys [file not found to scan] ---------Key: MpKslaed93a83 ImagePath: \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates \{E6FFDF5F-3F32-4295-A28B-415DB46AD9BA}\MpKslaed93a83.sys

c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E6FFDF5F-3F32 -4295-A28B-415DB46AD9BA}\MpKslaed93a83.sys [file not found to scan] ---------Key: MpKslb3ec5bfc ImagePath: \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates \{89274BDA-1166-4961-AA83-49BE6A9B35DC}\MpKslb3ec5bfc.sys c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{89274BDA-1166 -4961-AA83-49BE6A9B35DC}\MpKslb3ec5bfc.sys [file not found to scan] ---------Key: MpKslba40cab8 ImagePath: \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates \{0BA28B78-A5AB-4621-AB03-331336B8C789}\MpKslba40cab8.sys c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0BA28B78-A5AB -4621-AB03-331336B8C789}\MpKslba40cab8.sys [file not found to scan] ---------Key: MpKslbab8d99a ImagePath: \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates \{4E7C2127-2E95-4952-B1E6-230052398D9B}\MpKslbab8d99a.sys c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4E7C2127-2E95 -4952-B1E6-230052398D9B}\MpKslbab8d99a.sys 29904 bytes Created: 1/6/2012 1:35 PM Modified: 1/6/2012 1:35 PM Company: Microsoft Corporation ---------Key: MpKslc726619e ImagePath: \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates \{E7D97244-3332-48C5-AEEF-555B63449487}\MpKslc726619e.sys c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E7D97244-3332 -48C5-AEEF-555B63449487}\MpKslc726619e.sys [file not found to scan] ---------Key: MpKslc812cda5 ImagePath: \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates \{FA6905F5-3F3B-402C-9EA0-26F7537EB4E3}\MpKslc812cda5.sys c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FA6905F5-3F3B -402C-9EA0-26F7537EB4E3}\MpKslc812cda5.sys [file not found to scan] ---------Key: MpKslcd559a54 ImagePath: \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates \{4E7C2127-2E95-4952-B1E6-230052398D9B}\MpKslcd559a54.sys c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4E7C2127-2E95 -4952-B1E6-230052398D9B}\MpKslcd559a54.sys 29904 bytes Created: 1/6/2012 8:44 PM Modified: 1/6/2012 8:44 PM Company: Microsoft Corporation ---------Key: MpKsld1a9a4bd ImagePath: \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates \{4E6B76EC-3692-4C80-A00B-FB2A4A817156}\MpKsld1a9a4bd.sys c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4E6B76EC-3692 -4C80-A00B-FB2A4A817156}\MpKsld1a9a4bd.sys [file not found to scan] ---------Key: MpKsld5011512 ImagePath: \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates \{4E7C2127-2E95-4952-B1E6-230052398D9B}\MpKsld5011512.sys c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4E7C2127-2E95 -4952-B1E6-230052398D9B}\MpKsld5011512.sys 29904 bytes Created: 1/6/2012 8:29 PM

Modified: 1/6/2012 8:29 PM Company: Microsoft Corporation ---------Key: MpKsld6bc2ace ImagePath: \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates \{41075F48-D9B6-4BEB-8D4B-635A65B8ADDF}\MpKsld6bc2ace.sys c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{41075F48-D9B6 -4BEB-8D4B-635A65B8ADDF}\MpKsld6bc2ace.sys [file not found to scan] ---------Key: MpKsldab91f44 ImagePath: \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates \{A1890F5B-444C-4721-85E5-2D8B0E3D7118}\MpKsldab91f44.sys c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A1890F5B-444C -4721-85E5-2D8B0E3D7118}\MpKsldab91f44.sys [file not found to scan] ---------Key: MpKsldb078f3b ImagePath: \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates \{18376A16-6A89-4431-9AAE-7757B1860F0B}\MpKsldb078f3b.sys c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{18376A16-6A89 -4431-9AAE-7757B1860F0B}\MpKsldb078f3b.sys [file not found to scan] ---------Key: MpKslde1c2bee ImagePath: \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates \{4E7C2127-2E95-4952-B1E6-230052398D9B}\MpKslde1c2bee.sys c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4E7C2127-2E95 -4952-B1E6-230052398D9B}\MpKslde1c2bee.sys 29904 bytes Created: 1/6/2012 8:12 AM Modified: 1/6/2012 8:12 AM Company: Microsoft Corporation ---------Key: MpKsle40809dc ImagePath: \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates \{BBDC0D42-7802-440D-A612-6A7B59ED49B6}\MpKsle40809dc.sys c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BBDC0D42-7802 -440D-A612-6A7B59ED49B6}\MpKsle40809dc.sys [file not found to scan] ---------Key: MpKsle6b3f7f6 ImagePath: \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates \{F82BC6C4-990C-4822-A000-19C5D52A07F5}\MpKsle6b3f7f6.sys c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F82BC6C4-990C -4822-A000-19C5D52A07F5}\MpKsle6b3f7f6.sys [file not found to scan] ---------Key: MpKsled7ad05b ImagePath: \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates \{4B60937A-DEE2-41F6-BDC3-0166B4DA7921}\MpKsled7ad05b.sys c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4B60937A-DEE2 -41F6-BDC3-0166B4DA7921}\MpKsled7ad05b.sys [file not found to scan] ---------Key: MpKslf8aafc7a ImagePath: \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates \{0BA28B78-A5AB-4621-AB03-331336B8C789}\MpKslf8aafc7a.sys c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0BA28B78-A5AB -4621-AB03-331336B8C789}\MpKslf8aafc7a.sys [file not found to scan] ---------Key: MpNWMon ImagePath: system32\DRIVERS\MpNWMon.sys C:\Windows\system32\DRIVERS\MpNWMon.sys 43392 bytes Created: 4/18/2011 1:18 PM

Modified: 4/18/2011 1:18 PM Company: Microsoft Corporation ---------Key: mshidkmdf ImagePath: \SystemRoot\System32\drivers\mshidkmdf.sys C:\Windows\System32\drivers\mshidkmdf.sys 4096 bytes Created: 7/14/2009 4:51 AM Modified: 7/14/2009 4:51 AM Company: Microsoft Corporation ---------Key: MsMpSvc ImagePath: "c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe" c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe 11736 bytes Created: 4/27/2011 3:39 PM Modified: 4/27/2011 3:39 PM Company: Microsoft Corporation ---------Key: MTConfig ImagePath: \SystemRoot\system32\DRIVERS\MTConfig.sys C:\Windows\system32\DRIVERS\MTConfig.sys 12288 bytes Created: 7/14/2009 4:46 AM Modified: 7/14/2009 4:46 AM Company: Microsoft Corporation ---------Key: NdisCap ImagePath: system32\DRIVERS\ndiscap.sys C:\Windows\system32\DRIVERS\ndiscap.sys 27136 bytes Created: 7/14/2009 4:52 AM Modified: 7/14/2009 4:52 AM Company: Microsoft Corporation ---------Key: Nero BackItUp Scheduler 4.0 ImagePath: C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe 935208 bytes Created: 7/20/2009 11:51 AM Modified: 7/20/2009 11:51 AM Company: Nero AG ---------Key: nhdlxgxv ImagePath: \??\C:\Windows\system32\drivers\nhdlxgxv.sys C:\Windows\system32\drivers\nhdlxgxv.sys [file not found to scan] ---------Key: NisDrv ImagePath: system32\DRIVERS\NisDrvWFP.sys C:\Windows\system32\DRIVERS\NisDrvWFP.sys 65024 bytes Created: 4/27/2011 3:25 PM Modified: 4/27/2011 3:25 PM Company: Microsoft Corporation ---------Key: NisSrv ImagePath: "c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe" c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe 208944 bytes Created: 4/27/2011 3:39 PM

Modified: 4/27/2011 3:39 PM Company: Microsoft Corporation ---------Key: nlsX86cc ImagePath: C:\Windows\system32\NLSSRV32.EXE C:\Windows\system32\NLSSRV32.EXE 68928 bytes Created: 9/24/2011 3:03 PM Modified: 9/24/2011 3:03 PM Company: Nalpeiron Ltd. ---------Key: pcw ImagePath: System32\drivers\pcw.sys C:\Windows\System32\drivers\pcw.sys 43088 bytes Created: 7/14/2009 4:11 AM Modified: 7/14/2009 6:19 AM Company: Microsoft Corporation ---------Key: pfc ImagePath: system32\drivers\pfc.sys C:\Windows\system32\drivers\pfc.sys 10368 bytes Created: 1/1/2012 1:04 PM Modified: 1/1/2012 1:04 PM Company: Padus, Inc. ---------Key: pnfaiizi ImagePath: \??\C:\Windows\system32\drivers\pnfaiizi.sys C:\Windows\system32\drivers\pnfaiizi.sys [file not found to scan] ---------Key: qagrlmyw ImagePath: \??\C:\Windows\system32\drivers\qagrlmyw.sys C:\Windows\system32\drivers\qagrlmyw.sys [file not found to scan] ---------Key: qrneyrxl ImagePath: \??\C:\Windows\system32\drivers\qrneyrxl.sys C:\Windows\system32\drivers\qrneyrxl.sys [file not found to scan] ---------Key: RasAgileVpn ImagePath: system32\DRIVERS\AgileVpn.sys C:\Windows\system32\DRIVERS\AgileVpn.sys 49152 bytes Created: 7/14/2009 4:55 AM Modified: 7/14/2009 4:55 AM Company: Microsoft Corporation ---------Key: rdpbus ImagePath: system32\DRIVERS\rdpbus.sys C:\Windows\system32\DRIVERS\rdpbus.sys 18944 bytes Created: 7/14/2009 5:02 AM Modified: 7/14/2009 5:02 AM Company: Microsoft Corporation ---------Key: RDPREFMP ImagePath: system32\drivers\rdprefmp.sys C:\Windows\system32\drivers\rdprefmp.sys 7168 bytes Created: 7/14/2009 5:01 AM

Modified: 7/14/2009 5:01 AM Company: Microsoft Corporation ---------Key: rdyboost ImagePath: System32\drivers\rdyboost.sys C:\Windows\System32\drivers\rdyboost.sys 173648 bytes Created: 7/14/2009 4:22 AM Modified: 7/14/2009 6:19 AM Company: Microsoft Corporation ---------Key: s3cap ImagePath: \SystemRoot\system32\DRIVERS\vms3cap.sys C:\Windows\system32\DRIVERS\vms3cap.sys 5632 bytes Created: 7/14/2009 12:47 PM Modified: 7/14/2009 4:28 AM Company: Microsoft Corporation ---------Key: scfilter ImagePath: System32\DRIVERS\scfilter.sys C:\Windows\System32\DRIVERS\scfilter.sys 26624 bytes Created: 7/14/2009 4:33 AM Modified: 7/14/2009 4:33 AM Company: Microsoft Corporation ---------Key: sppsvc ImagePath: %SystemRoot%\system32\sppsvc.exe C:\Windows\system32\sppsvc.exe 3179520 bytes Created: 7/14/2009 5:41 AM Modified: 7/14/2009 6:14 AM Company: Microsoft Corporation ---------Key: srijevoz ImagePath: \??\C:\Windows\system32\drivers\srijevoz.sys C:\Windows\system32\drivers\srijevoz.sys [file not found to scan] ---------Key: ssmdrv ImagePath: system32\DRIVERS\ssmdrv.sys C:\Windows\system32\DRIVERS\ssmdrv.sys 28520 bytes Created: 12/31/2011 8:57 AM Modified: 6/17/2010 3:14 PM Company: Avira GmbH ---------Key: stexstor ImagePath: \SystemRoot\system32\DRIVERS\stexstor.sys C:\Windows\system32\DRIVERS\stexstor.sys 21072 bytes Created: 7/14/2009 3:09 AM Modified: 7/14/2009 6:19 AM Company: Promise Technology ---------Key: storflt ImagePath: system32\DRIVERS\vmstorfl.sys C:\Windows\system32\DRIVERS\vmstorfl.sys 40896 bytes Created: 7/14/2009 12:47 PM

Modified: 7/14/2009 6:19 AM Company: Microsoft Corporation ---------Key: storvsc ImagePath: \SystemRoot\system32\DRIVERS\storvsc.sys C:\Windows\system32\DRIVERS\storvsc.sys 28224 bytes Created: 7/14/2009 12:47 PM Modified: 7/14/2009 6:19 AM Company: Microsoft Corporation ---------Key: taphss ImagePath: system32\DRIVERS\taphss.sys C:\Windows\system32\DRIVERS\taphss.sys 32768 bytes Created: 7/26/2011 10:49 PM Modified: 7/26/2011 10:49 PM Company: AnchorFree Inc ---------Key: UmPass ImagePath: \SystemRoot\system32\DRIVERS\umpass.sys C:\Windows\system32\DRIVERS\umpass.sys 8192 bytes Created: 7/14/2009 4:51 AM Modified: 7/14/2009 4:51 AM Company: Microsoft Corporation ---------Key: usbuhci ImagePath: \SystemRoot\system32\DRIVERS\usbuhci.sys C:\Windows\system32\DRIVERS\usbuhci.sys 24064 bytes Created: 7/14/2009 4:51 AM Modified: 7/14/2009 4:51 AM Company: Microsoft Corporation ---------Key: usbvideo ImagePath: System32\Drivers\usbvideo.sys C:\Windows\System32\Drivers\usbvideo.sys 146176 bytes Created: 7/14/2009 4:51 AM Modified: 7/14/2009 4:51 AM Company: Microsoft Corporation ---------Key: vdrvroot ImagePath: system32\DRIVERS\vdrvroot.sys C:\Windows\system32\DRIVERS\vdrvroot.sys 32832 bytes Created: 7/14/2009 4:46 AM Modified: 7/14/2009 6:19 AM Company: Microsoft Corporation ---------Key: vhdmp ImagePath: \SystemRoot\system32\DRIVERS\vhdmp.sys C:\Windows\system32\DRIVERS\vhdmp.sys 159824 bytes Created: 7/14/2009 4:46 AM Modified: 7/14/2009 6:19 AM Company: Microsoft Corporation ---------Key: vmbus

ImagePath: \SystemRoot\system32\DRIVERS\vmbus.sys C:\Windows\system32\DRIVERS\vmbus.sys 175824 bytes Created: 7/14/2009 12:47 PM Modified: 7/14/2009 6:19 AM Company: Microsoft Corporation ---------Key: VMBusHID ImagePath: \SystemRoot\system32\DRIVERS\VMBusHID.sys C:\Windows\system32\DRIVERS\VMBusHID.sys 17920 bytes Created: 7/14/2009 12:47 PM Modified: 7/14/2009 4:28 AM Company: Microsoft Corporation ---------Key: vwifibus ImagePath: \SystemRoot\System32\drivers\vwifibus.sys C:\Windows\System32\drivers\vwifibus.sys 19968 bytes Created: 7/14/2009 4:52 AM Modified: 7/14/2009 4:52 AM Company: Microsoft Corporation ---------Key: WfpLwf ImagePath: system32\DRIVERS\wfplwf.sys C:\Windows\system32\DRIVERS\wfplwf.sys 9728 bytes Created: 7/14/2009 4:53 AM Modified: 7/14/2009 4:53 AM Company: Microsoft Corporation ---------Key: WIMMount ImagePath: system32\drivers\wimmount.sys C:\Windows\system32\drivers\wimmount.sys 19008 bytes Created: 7/14/2009 4:17 AM Modified: 7/14/2009 6:19 AM Company: Microsoft Corporation ---------************************************************************ 8:56:52 PM: Scanning -----VXD ENTRIES----************************************************************ 8:56:52 PM: Scanning ----- WINLOGON\NOTIFY DLLS ----No WINLOGON\NOTIFY DLLs found to scan ************************************************************ 8:56:53 PM: Scanning ----- CONTEXTMENUHANDLERS ----Key: BriefcaseMenu CLSID: {85BBD920-42A0-1069-A2E4-08002B30309D} Path: %SystemRoot%\system32\syncui.dll C:\Windows\system32\syncui.dll 158720 bytes Created: 7/14/2009 4:39 AM Modified: 7/14/2009 6:16 AM Company: Microsoft Corporation ---------Key: DAP_ShredMenu CLSID: {BED4C38B-F765-45AC-8C56-613F76BBF43E}

Path: C:\PROGRA~1\DAP\PRIVAC~1\DAPCTX~1.DLL C:\PROGRA~1\DAP\PRIVAC~1\DAPCTX~1.DLL 55472 bytes Created: 10/14/2011 8:58 AM Modified: 10/14/2011 8:58 AM Company: Speedbit Ltd. ---------Key: EPP CLSID: {09A47860-11B0-4DA5-AFA5-26D86198A780} Path: c:\PROGRA~1\MICROS~4\shellext.dll c:\PROGRA~1\MICROS~4\shellext.dll 301128 bytes Created: 6/15/2011 3:16 PM Modified: 6/15/2011 3:16 PM Company: Microsoft Corporation ---------Key: Sharing CLSID: {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} Path: %SystemRoot%\system32\ntshrui.dll C:\Windows\system32\ntshrui.dll 442880 bytes Created: 7/14/2009 4:41 AM Modified: 7/14/2009 6:16 AM Company: Microsoft Corporation ---------Key: Shell Extension for Malware scanning CLSID: {45AC2688-0253-4ED8-97DE-B5370FA7D48A} Path: C:\Program Files\Avira\AntiVir Desktop\shlext.dll C:\Program Files\Avira\AntiVir Desktop\shlext.dll 150480 bytes Created: 12/31/2011 8:57 AM Modified: 10/11/2011 3:00 PM Company: Avira Operations GmbH & Co. KG ---------************************************************************ 8:56:56 PM: Scanning ----- FOLDER\COLUMNHANDLERS ----Key: {B2F55D43-C7A4-4B7C-90D7-7A860DFA9F2A} File: C:\Program Files\Tracker Software\Shell Extensions\XCShInfo.dll C:\Program Files\Tracker Software\Shell Extensions\XCShInfo.dll 5972760 bytes Created: 10/29/2011 4:30 PM Modified: 1/11/2011 12:18 PM Company: Tracker Software Products Ltd. ---------************************************************************ 8:56:58 PM: Scanning ----- BROWSER HELPER OBJECTS ----Key: {02478D38-C3F9-4EFB-9B51-7695ECA05670} BHO: C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll 439872 bytes Created: 1/1/2012 1:06 PM Modified: 6/6/2006 9:28 AM Company: Yahoo! Inc. ---------Key: {389943B0-C3A2-4E69-82CB-8596A84CB3DC} BHO: C:\Program Files\SearchPredict\SearchPredict.dll C:\Program Files\SearchPredict\SearchPredict.dll 498840 bytes

Created: 10/14/2011 8:58 AM Modified: 6/28/2011 5:41 PM Company: SpeedBit Ltd. ---------Key: {92A9ACF4-9333-43AE-9698-DB283326F87F} BHO: C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll 2660016 bytes Created: 10/14/2011 8:58 AM Modified: 10/15/2011 8:25 PM Company: ---------Key: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} BHO: C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll 3844768 bytes Created: 11/29/2011 6:22 AM Modified: 11/29/2011 6:22 AM Company: Skype Technologies S.A. ---------Key: {D4027C7F-154A-4066-A1AD-4243D8127440} BHO: C:\Program Files\Ask.com\GenericAskToolbar.dll C:\Program Files\Ask.com\GenericAskToolbar.dll 1515688 bytes Created: 11/21/2011 2:18 AM Modified: 11/21/2011 2:18 AM Company: Ask ---------Key: {DBC80044-A445-435b-BC74-9C25C1C588A9} BHO: C:\Program Files\Java\jre6\bin\jp2ssv.dll C:\Program Files\Java\jre6\bin\jp2ssv.dll 42272 bytes Created: 10/7/2011 11:23 AM Modified: 10/7/2011 11:23 AM Company: Sun Microsystems, Inc. ---------Key: {FF6C3CF0-4B15-11D1-ABED-709549C10000} BHO: C:\PROGRA~1\DAP\DAPIEL~1.DLL C:\PROGRA~1\DAP\DAPIEL~1.DLL 141568 bytes Created: 10/14/2011 11:31 AM Modified: 10/14/2011 11:31 AM Company: SpeedBit Ltd. ---------Key: {FF7C3CF0-4B15-11D1-ABED-709549C10000} BHO: C:\Program Files\SpeedBit Video Downloader\Toolbar\grabber.dll C:\Program Files\SpeedBit Video Downloader\Toolbar\grabber.dll 356024 bytes Created: 10/14/2011 8:58 AM Modified: 10/15/2011 8:25 PM Company: SpeedBit ---------************************************************************ 8:57:01 PM: Scanning ----- SHELLSERVICEOBJECTS ----************************************************************ 8:57:02 PM: Scanning ----- SHAREDTASKSCHEDULER ENTRIES ----No SharedTaskScheduler entries found to scan

************************************************************ 8:57:02 PM: Scanning ----- IMAGEFILE DEBUGGERS ----No "Debugger" entries found. ************************************************************ 8:57:02 PM: Scanning ----- APPINIT_DLLS ----The following AppInitDLLs entry is hidden/stealthed: AppInitDLLs entry = [ ] ************************************************************ 8:57:03 PM: Scanning ----- SECURITY PROVIDER DLLS ----************************************************************ 8:57:03 PM: Scanning ------ COMMON STARTUP GROUP -----[C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup] The Common Startup Group attempts to load the following file(s) at boot time: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -HS- 174 bytes Created: 7/14/2009 9:41 AM Modified: 7/14/2009 9:41 AM Company: [no info] -------------------************************************************************ 8:57:04 PM: Scanning ----- USER STARTUP GROUPS ----Checking Startup Group for: PAKISTAN [C:\Users\PAKISTAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup ] C:\Users\PAKISTAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ desktop.ini -HS- 174 bytes Created: 10/14/2011 8:50 AM Modified: 10/14/2011 8:50 AM Company: [no info] ----------------------------************************************************************ 8:57:04 PM: Scanning ----- SCHEDULED TASKS ----Taskname: FacebookUpdateTaskUserS-1-5-21-184243364-3962860275-1713924723-10 00Core.job File: C:\Users\PAKISTAN\AppData\Local\Facebook\Update\FacebookUpdate.ex e C:\Users\PAKISTAN\AppData\Local\Facebook\Update\FacebookUpdate.exe 137536 bytes Created: 10/21/2011 4:48 PM Modified: 10/21/2011 4:48 PM Company: Facebook Inc. Parameters: /c /nocrashserver Next Run Time: 12/5/2011 4:53:00 PM Status: The task is ready to run at its next scheduled time Creator: PAKISTAN Comments: Keeps your Facebook software up to date. If this task is disabled or stopped, your Facebook software will not be kept up to date, meaning securit y vulnerabilities that may arise cannot be fixed and features may not work. This task uninstalls itself when there is no Facebook software using it. ---------Taskname: FacebookUpdateTaskUserS-1-5-21-184243364-3962860275-1713924723-10 00UA.job File: C:\Users\PAKISTAN\AppData\Local\Facebook\Update\FacebookUpdate.ex

e C:\Users\PAKISTAN\AppData\Local\Facebook\Update\FacebookUpdate.exe 137536 bytes Created: 10/21/2011 4:48 PM Modified: 10/21/2011 4:48 PM Company: Facebook Inc. Parameters: /ua /installsource scheduler Next Run Time: 12/4/2011 10:54:00 PM Status: The task is ready to run at its next scheduled time Creator: PAKISTAN Comments: Keeps your Facebook software up to date. If this task is disabled or stopped, your Facebook software will not be kept up to date, meaning securit y vulnerabilities that may arise cannot be fixed and features may not work. This task uninstalls itself when there is no Facebook software using it. ---------Taskname: GoogleUpdateTaskMachineCore.job File: C:\Program Files\Google\Update\GoogleUpdate.exe C:\Program Files\Google\Update\GoogleUpdate.exe 136176 bytes Created: 11/8/2011 11:43 AM Modified: 11/8/2011 11:43 AM Company: Google Inc. Parameters: /c Next Run Time: 12/5/2011 11:48:00 AM Status: The task is ready to run at its next scheduled time Creator: PAKISTAN Comments: Keeps your Google software up to date. If this task is disabled o r stopped, your Google software will not be kept up to date, meaning security vu lnerabilities that may arise cannot be fixed and features may not work. This tas k uninstalls itself when there is no Google software using it. ---------Taskname: GoogleUpdateTaskMachineUA.job File: C:\Program Files\Google\Update\GoogleUpdate.exe C:\Program Files\Google\Update\GoogleUpdate.exe 136176 bytes Created: 11/8/2011 11:43 AM Modified: 11/8/2011 11:43 AM Company: Google Inc. Parameters: /ua /installsource scheduler Next Run Time: 12/4/2011 9:48:00 PM Status: The task is ready to run at its next scheduled time Creator: PAKISTAN Comments: Keeps your Google software up to date. If this task is disabled o r stopped, your Google software will not be kept up to date, meaning security vu lnerabilities that may arise cannot be fixed and features may not work. This tas k uninstalls itself when there is no Google software using it. ---------************************************************************ 8:57:06 PM: Scanning ----- SHELLICONOVERLAYIDENTIFIERS ----Key: EnhancedStorageShell CLSID: {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} File: %SystemRoot%\system32\EhStorShell.dll C:\Windows\system32\EhStorShell.dll 189952 bytes Created: 7/14/2009 4:45 AM Modified: 7/14/2009 6:15 AM Company: Microsoft Corporation ---------Key: SharingPrivate

CLSID: {08244EE6-92F0-47f2-9FC9-929BAA2E7235} File: %SystemRoot%\system32\ntshrui.dll C:\Windows\system32\ntshrui.dll - file already scanned ---------************************************************************ 8:57:08 PM: ----- ADDITIONAL CHECKS ----Heuristic checks for hidden files/drivers completed ---------Layered Service Provider entries checks completed ---------Windows Explorer Policies checks completed ---------Desktop Wallpaper: C:\Users\PAKISTAN\AppData\Roaming\Microsoft\Windows\Themes\Tr anscodedWallpaper.jpg C:\Users\PAKISTAN\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.j pg 1149968 bytes Created: 2/20/2011 3:24 PM Modified: 12/25/2011 9:05 AM Company: [no info] ---------Web Desktop Wallpaper entry is blank ---------DNS Server information: Interface: NameServers: 119.159.255.36 203.99.163.240 Checks for rogue DNS NameServers completed ------------------Additional checks completed ************************************************************ 8:57:09 PM: Scanning ----- RUNNING PROCESSES ----C:\Windows\System32\smss.exe 69632 bytes Created: 7/14/2009 4:11 AM Modified: 7/14/2009 6:14 AM Company: Microsoft Corporation -------------------C:\Windows\system32\csrss.exe 6144 bytes Created: 7/14/2009 4:11 AM Modified: 7/14/2009 6:14 AM Company: Microsoft Corporation -------------------C:\Windows\system32\wininit.exe 96256 bytes Created: 7/14/2009 4:36 AM Modified: 7/14/2009 6:14 AM Company: Microsoft Corporation -------------------C:\Windows\system32\csrss.exe - file already scanned -------------------C:\Windows\system32\services.exe 259072 bytes Created: 7/14/2009 4:11 AM Modified: 7/14/2009 6:14 AM Company: Microsoft Corporation

-------------------C:\Windows\system32\lsass.exe 22528 bytes Created: 7/14/2009 4:11 AM Modified: 7/14/2009 6:14 AM Company: Microsoft Corporation -------------------C:\Windows\system32\lsm.exe 261120 bytes Created: 7/14/2009 5:02 AM Modified: 7/14/2009 6:14 AM Company: Microsoft Corporation -------------------C:\Windows\system32\winlogon.exe 285696 bytes Created: 7/14/2009 4:37 AM Modified: 7/14/2009 6:14 AM Company: Microsoft Corporation -------------------C:\Windows\system32\svchost.exe 20992 bytes Created: 7/14/2009 4:19 AM Modified: 7/14/2009 6:14 AM Company: Microsoft Corporation -------------------C:\Windows\system32\svchost.exe - file already scanned -------------------c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe - file alread y scanned -------------------C:\Windows\system32\Ati2evxx.exe 684032 bytes Created: 6/3/2008 3:33 AM Modified: 6/3/2008 3:33 AM Company: ATI Technologies Inc. -------------------C:\Windows\System32\svchost.exe - file already scanned -------------------C:\Windows\System32\svchost.exe - file already scanned -------------------C:\Windows\system32\svchost.exe - file already scanned -------------------C:\Windows\system32\svchost.exe - file already scanned -------------------C:\Windows\system32\Ati2evxx.exe - file already scanned -------------------C:\Windows\system32\svchost.exe - file already scanned -------------------C:\Windows\System32\spoolsv.exe 316416 bytes Created: 7/14/2009 5:18 AM Modified: 7/14/2009 6:14 AM Company: Microsoft Corporation -------------------C:\Program Files\Avira\AntiVir Desktop\sched.exe - file already scanned -------------------C:\Windows\system32\Dwm.exe 92672 bytes Created: 7/14/2009 4:24 AM Modified: 7/14/2009 6:14 AM

Company: Microsoft Corporation -------------------C:\Windows\Explorer.EXE - file already scanned -------------------C:\Windows\system32\svchost.exe - file already scanned -------------------C:\Program Files\USB Disk Security\USBGuard.exe - file already scanned -------------------C:\Program Files\Common Files\Java\Java Update\jusched.exe - file already scanne d -------------------C:\Program Files\Microsoft Security Client\msseces.exe - file already scanned -------------------C:\Program Files\Ask.com\Updater\Updater.exe - file already scanned -------------------C:\Program Files\Avira\AntiVir Desktop\avgnt.exe - file already scanned -------------------C:\Windows\system32\taskhost.exe 49152 bytes Created: 7/14/2009 4:19 AM Modified: 7/14/2009 6:14 AM Company: Microsoft Corporation -------------------C:\Program Files\Avira\AntiVir Desktop\avguard.exe - file already scanned -------------------C:\Program Files\IM Magician\vicamon.exe - file already scanned -------------------C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe - file already scanned -------------------C:\Program Files\DAP\DAP.exe - file already scanned -------------------C:\Windows\system32\NLSSRV32.EXE - file already scanned -------------------C:\Program Files\Broadband\Broadband.exe - file already scanned -------------------C:\Program Files\Avira\AntiVir Desktop\avshadow.exe 80336 bytes Created: 12/31/2011 8:57 AM Modified: 10/11/2011 3:00 PM Company: Avira Operations GmbH & Co. KG -------------------C:\Windows\system32\conhost.exe 271360 bytes Created: 7/14/2009 4:25 AM Modified: 7/14/2009 6:14 AM Company: Microsoft Corporation -------------------C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE - file already scanned -------------------C:\Windows\system32\SearchIndexer.exe 428032 bytes Created: 7/14/2009 5:14 AM Modified: 7/14/2009 6:14 AM Company: Microsoft Corporation -------------------C:\Windows\system32\svchost.exe - file already scanned -------------------c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe - file already scanned

-------------------C:\Windows\system32\wbem\wmiprvse.exe 254976 bytes Created: 7/14/2009 4:30 AM Modified: 7/14/2009 6:14 AM Company: Microsoft Corporation -------------------C:\Windows\System32\svchost.exe - file already scanned -------------------C:\Program Files\Trojan Remover\Rmvtrjan.exe FileSize: 2933624 [This is a Trojan Remover component] -------------------C:\Windows\system32\SearchProtocolHost.exe 164352 bytes Created: 7/14/2009 5:14 AM Modified: 7/14/2009 6:14 AM Company: Microsoft Corporation -------------------C:\Windows\system32\SearchFilterHost.exe 86528 bytes Created: 7/14/2009 5:13 AM Modified: 7/14/2009 6:14 AM Company: Microsoft Corporation -------------------************************************************************ 8:57:22 PM: Checking HOSTS file No malicious entries were found in the HOSTS file ************************************************************ ------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS -----HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page": http://home.allgameshome.com/ HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page": C:\Windows\System32\blank.htm HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page": http://go.microsoft.com/fwlink/?LinkId=54896 HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL": http://go.microsoft.com/fwlink/?LinkId=69157 HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL": http://go.microsoft.com/fwlink/?LinkId=54896 HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page": http://www.ask.com/?l=dis&o=APN10023&gct=hp HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page": C:\Windows\system32\blank.htm HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page": http://go.microsoft.com/fwlink/?LinkId=54896 ************************************************************ === NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES === Scan completed at: 8:57:23 PM 04 Dec 2011 Total Scan time: 00:01:53 ************************************************************ ***** NORMAL SCAN FOR ACTIVE MALWARE ***** Trojan Remover Ver 6.7.6.2565. For information, email [email protected] [Unregistered version] Scan started at: 11:07:52 PM 15 Nov 2011

Using Database v7291 Operating System: Windows 7 Ultimate [Build: 6.1.7600] File System: NTFS User Account Control is DISABLED. UserData directory: C:\Users\PAKISTAN\AppData\Roaming\Simply Super Software\Troj an Remover\ Database directory: C:\Program Files\Trojan Remover\ Logfile directory: C:\Users\PAKISTAN\Documents\Simply Super Software\Trojan Rem over Logfiles\ Program directory: C:\Program Files\Trojan Remover\ Running with Administrator privileges ************************************************************ The following Anti-Malware program(s) are loaded: Avast! Antivirus Avira AntiVir ************************************************************ ************************************************************ 11:07:53 PM: ----- SCANNING FOR ROOTKIT SERVICES ----No hidden Services were detected. ************************************************************ 11:07:56 PM: Scanning -----WINDOWS REGISTRY-----------------------Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon -------------------Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon This key's "Shell" value calls the following program(s): Key value: [explorer.exe] File: explorer.exe C:\Windows\explorer.exe 2613248 bytes Created: 7/14/2009 4:41 AM Modified: 7/14/2009 6:14 AM Company: Microsoft Corporation ---------This key's "Userinit" value calls the following program(s): Key value: [C:\Windows\system32\userinit.exe,] File: C:\Windows\system32\userinit.exe C:\Windows\system32\userinit.exe 26112 bytes Created: 7/14/2009 4:34 AM Modified: 7/14/2009 6:14 AM Company: Microsoft Corporation ----------------------------Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows -------------------Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Value Name: load -------------------Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Value Name: USB Antivirus Value Data: C:\Program Files\USB Disk Security\USBGuard.exe C:\Program Files\USB Disk Security\USBGuard.exe 798720 bytes Created: 10/14/2011 8:59 AM

Modified: 3/27/2008 11:35 AM Company: http://www.zbshareware.com -------------------Value Name: QuickTime Task Value Data: "C:\Program Files\QuickTime\QTTask.exe" -atboottime C:\Program Files\QuickTime\QTTask.exe 421888 bytes Created: 7/5/2011 6:36 PM Modified: 7/5/2011 6:36 PM Company: Apple Inc. -------------------Value Name: SunJavaUpdateSched Value Data: "C:\Program Files\Common Files\Java\Java Update\jusched.exe" C:\Program Files\Common Files\Java\Java Update\jusched.exe 254696 bytes Created: 6/9/2011 1:06 PM Modified: 6/9/2011 1:06 PM Company: Sun Microsystems, Inc. -------------------Value Name: MSC Value Data: "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runk ey c:\Program Files\Microsoft Security Client\msseces.exe 997920 bytes Created: 6/15/2011 3:16 PM Modified: 6/15/2011 3:16 PM Company: Microsoft Corporation -------------------Value Name: avgnt Value Data: "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min C:\Program Files\Avira\AntiVir Desktop\avgnt.exe 258512 bytes Created: 11/1/2011 10:59 AM Modified: 10/19/2011 5:03 PM Company: Avira Operations GmbH & Co. KG -------------------Value Name: Corel Graphics Suite 1117 Value Data: C:\Program Files\Corel\Corel Graphics 11\Register\registration.exe / title="Corel Graphics Suite 11" /date=112611 serial=DR11CRD-0012082-DGW C:\Program Files\Corel\Corel Graphics 11\Register\registration.exe [file not fou nd to scan] -------------------Value Name: avast! Value Data: "C:\Program Files\Alwil Software\Avast4\ashDisp.exe" C:\Program Files\Alwil Software\Avast4\ashDisp.exe 81000 bytes Created: 11/15/2011 9:36 AM Modified: 11/25/2009 4:51 AM Company: ALWIL Software --------------------------------------Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce This Registry Key appears to be empty -------------------Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run Value Name: Facebook Update Value Data: "C:\Users\PAKISTAN\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver C:\Users\PAKISTAN\AppData\Local\Facebook\Update\FacebookUpdate.exe 137536 bytes

Created: 10/21/2011 4:48 PM Modified: 10/21/2011 4:48 PM Company: Facebook Inc. -------------------Value Name: DownloadAccelerator Value Data: "C:\Program Files\DAP\DAP.EXE" /STARTUP C:\Program Files\DAP\DAP.EXE 2975920 bytes Created: 10/14/2011 8:58 AM Modified: 10/29/2011 6:30 AM Company: SpeedBit Ltd. -------------------Value Name: Sidebar Value Data: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun C:\Program Files\Windows Sidebar\sidebar.exe 1173504 bytes Created: 7/14/2009 4:41 AM Modified: 7/14/2009 6:14 AM Company: Microsoft Corporation -------------------Value Name: IDMan Value Data: C:\Program Files\Internet Download Manager\IDMan.exe /onboot C:\Program Files\Internet Download Manager\IDMan.exe 3437976 bytes Created: 11/14/2011 6:39 PM Modified: 11/14/2011 4:52 PM Company: Tonec Inc. -------------------Value Name: Mobile Partner Value Data: "C:\Program Files\Broadband\Broadband.exe" C:\Program Files\Broadband\Broadband.exe 536576 bytes Created: 12/23/2011 6:20 AM Modified: 12/23/2011 6:20 AM Company: TODO: --------------------------------------Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce This Registry Key appears to be empty ************************************************************ 11:07:59 PM: Scanning -----SHELLEXECUTEHOOKS----ShellExecuteHooks key is empty ************************************************************ 11:07:59 PM: Scanning -----HIDDEN REGISTRY ENTRIES----Taskdir check completed ---------No Hidden File-loading Registry Entries found ---------************************************************************ 11:08:00 PM: Scanning -----ACTIVE SCREENSAVER----ScreenSaver: C:\Windows\system32\scrnsave.scr C:\Windows\system32\scrnsave.scr 10240 bytes Created: 7/14/2009 4:41 AM Modified: 7/14/2009 6:14 AM Company: Microsoft Corporation --------------------

************************************************************ 11:08:00 PM: Scanning ----- REGISTRY ACTIVE SETUP KEYS ----Key: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} Path: "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",Bran dIEActiveSetup SIGNUP C:\Windows\System32\rundll32.exe 44544 bytes Created: 7/14/2009 4:41 AM Modified: 7/14/2009 6:14 AM Company: Microsoft Corporation ---------************************************************************ 11:08:01 PM: Scanning ----- SERVICEDLL REGISTRY KEYS ----Key: AppIDSvc Path: %SystemRoot%\System32\appidsvc.dll C:\Windows\System32\appidsvc.dll 27648 bytes Created: 7/14/2009 4:36 AM Modified: 7/14/2009 6:14 AM Company: Microsoft Corporation -------------------Key: AxInstSV Path: %SystemRoot%\System32\AxInstSV.dll C:\Windows\System32\AxInstSV.dll 88064 bytes Created: 7/14/2009 4:33 AM Modified: 7/14/2009 6:14 AM Company: Microsoft Corporation -------------------Key: BDESVC Path: %SystemRoot%\System32\bdesvc.dll C:\Windows\System32\bdesvc.dll 76800 bytes Created: 7/14/2009 4:12 AM Modified: 7/14/2009 6:14 AM Company: Microsoft Corporation -------------------Key: bthserv Path: %SystemRoot%\system32\bthserv.dll C:\Windows\system32\bthserv.dll 64512 bytes Created: 7/14/2009 4:51 AM Modified: 7/14/2009 6:15 AM Company: Microsoft Corporation -------------------Key: defragsvc Path: %Systemroot%\System32\defragsvc.dll C:\Windows\System32\defragsvc.dll 218624 bytes Created: 7/14/2009 4:23 AM Modified: 7/14/2009 6:15 AM Company: Microsoft Corporation -------------------Key: Dhcp Path: %SystemRoot%\system32\dhcpcore.dll C:\Windows\system32\dhcpcore.dll 253440 bytes Created: 7/14/2009 4:12 AM

Modified: 7/14/2009 6:15 AM Company: Microsoft Corporation -------------------Key: FontCache Path: %SystemRoot%\system32\FntCache.dll C:\Windows\system32\FntCache.dll 797696 bytes Created: 7/14/2009 4:25 AM Modified: 7/14/2009 6:15 AM Company: Microsoft Corporation -------------------Key: HomeGroupListener Path: %SystemRoot%\system32\ListSvc.dll C:\Windows\system32\ListSvc.dll 194560 bytes Created: 7/14/2009 4:39 AM Modified: 7/14/2009 6:15 AM Company: Microsoft Corporation -------------------Key: HomeGroupProvider Path: %SystemRoot%\system32\provsvc.dll C:\Windows\system32\provsvc.dll 165376 bytes Created: 7/14/2009 4:39 AM Modified: 7/14/2009 6:16 AM Company: Microsoft Corporation -------------------Key: p2pimsvc Path: %SystemRoot%\system32\pnrpsvc.dll C:\Windows\system32\pnrpsvc.dll 269824 bytes Created: 7/14/2009 4:56 AM Modified: 7/14/2009 6:16 AM Company: Microsoft Corporation -------------------Key: PeerDistSvc Path: %SystemRoot%\system32\peerdistsvc.dll C:\Windows\system32\peerdistsvc.dll 1004544 bytes Created: 7/14/2009 4:56 AM Modified: 7/14/2009 6:16 AM Company: Microsoft Corporation -------------------Key: PNRPAutoReg Path: %SystemRoot%\system32\pnrpauto.dll C:\Windows\system32\pnrpauto.dll 20480 bytes Created: 7/14/2009 4:56 AM Modified: 7/14/2009 6:16 AM Company: Microsoft Corporation -------------------Key: PNRPsvc Path: %SystemRoot%\system32\pnrpsvc.dll C:\Windows\system32\pnrpsvc.dll 269824 bytes Created: 7/14/2009 4:56 AM Modified: 7/14/2009 6:16 AM Company: Microsoft Corporation -------------------Key: Power

Path: %SystemRoot%\system32\umpo.dll C:\Windows\system32\umpo.dll 119808 bytes Created: 7/14/2009 4:16 AM Modified: 7/14/2009 6:16 AM Company: Microsoft Corporation -------------------Key: RpcEptMapper Path: %SystemRoot%\System32\RpcEpMap.dll C:\Windows\System32\RpcEpMap.dll 43520 bytes Created: 7/14/2009 4:12 AM Modified: 7/14/2009 6:16 AM Company: Microsoft Corporation -------------------Key: SensrSvc Path: %SystemRoot%\system32\sensrsvc.dll C:\Windows\system32\sensrsvc.dll 25088 bytes Created: 7/14/2009 4:45 AM Modified: 7/14/2009 6:16 AM Company: Microsoft Corporation -------------------Key: sppuinotify Path: %SystemRoot%\system32\sppuinotify.dll C:\Windows\system32\sppuinotify.dll 53760 bytes Created: 7/14/2009 4:36 AM Modified: 7/14/2009 6:16 AM Company: Microsoft Corporation -------------------Key: Themes Path: %SystemRoot%\system32\themeservice.dll C:\Windows\system32\themeservice.dll 37376 bytes Created: 7/14/2009 4:39 AM Modified: 7/14/2009 6:16 AM Company: Microsoft Corporation -------------------Key: WbioSrvc Path: %SystemRoot%\System32\wbiosrvc.dll C:\Windows\System32\wbiosrvc.dll 151552 bytes Created: 7/14/2009 4:37 AM Modified: 7/14/2009 6:16 AM Company: Microsoft Corporation -------------------Key: WwanSvc Path: %SystemRoot%\System32\wwansvc.dll C:\Windows\System32\wwansvc.dll 185856 bytes Created: 7/14/2009 4:56 AM Modified: 7/14/2009 6:16 AM Company: Microsoft Corporation -------------------************************************************************ 11:08:10 PM: Scanning ----- SERVICES REGISTRY KEYS ----Key: 1394ohci ImagePath: \SystemRoot\system32\DRIVERS\1394ohci.sys

C:\Windows\system32\DRIVERS\1394ohci.sys 163328 bytes Created: 7/14/2009 4:52 AM Modified: 7/14/2009 4:52 AM Company: Microsoft Corporation ---------Key: AcpiPmi ImagePath: \SystemRoot\system32\DRIVERS\acpipmi.sys C:\Windows\system32\DRIVERS\acpipmi.sys 9728 bytes Created: 7/14/2009 4:16 AM Modified: 7/14/2009 4:16 AM Company: Microsoft Corporation ---------Key: ALCXWDM ImagePath: system32\drivers\RTKVAC.SYS C:\Windows\system32\drivers\RTKVAC.SYS 4172832 bytes Created: 6/18/2009 7:45 PM Modified: 6/18/2009 7:45 PM Company: Realtek Semiconductor Corp. ---------Key: AmdPPM ImagePath: \SystemRoot\system32\DRIVERS\amdppm.sys C:\Windows\system32\DRIVERS\amdppm.sys 52736 bytes Created: 7/14/2009 4:11 AM Modified: 7/14/2009 4:11 AM Company: Microsoft Corporation ---------Key: amdsata ImagePath: \SystemRoot\system32\DRIVERS\amdsata.sys C:\Windows\system32\DRIVERS\amdsata.sys 79952 bytes Created: 6/11/2009 2:19 AM Modified: 7/14/2009 6:26 AM Company: Advanced Micro Devices ---------Key: amdsbs ImagePath: \SystemRoot\system32\DRIVERS\amdsbs.sys C:\Windows\system32\DRIVERS\amdsbs.sys 159312 bytes Created: 6/11/2009 2:20 AM Modified: 7/14/2009 6:26 AM Company: AMD Technologies Inc. ---------Key: amdxata ImagePath: system32\DRIVERS\amdxata.sys C:\Windows\system32\DRIVERS\amdxata.sys 23616 bytes Created: 7/14/2009 3:09 AM Modified: 7/14/2009 6:26 AM Company: Advanced Micro Devices ---------Key: AntiVirMailService ImagePath: "C:\Program Files\Avira\AntiVir Desktop\avmailc.exe" C:\Program Files\Avira\AntiVir Desktop\avmailc.exe 342480 bytes Created: 11/1/2011 10:59 AM Modified: 10/19/2011 5:03 PM

Company: Avira Operations GmbH & Co. KG ---------Key: AntiVirSchedulerService ImagePath: "C:\Program Files\Avira\AntiVir Desktop\sched.exe" C:\Program Files\Avira\AntiVir Desktop\sched.exe 86224 bytes Created: 11/1/2011 10:59 AM Modified: 10/19/2011 5:03 PM Company: Avira Operations GmbH & Co. KG ---------Key: AntiVirService ImagePath: "C:\Program Files\Avira\AntiVir Desktop\avguard.exe" C:\Program Files\Avira\AntiVir Desktop\avguard.exe 110032 bytes Created: 11/1/2011 10:59 AM Modified: 10/19/2011 5:03 PM Company: Avira Operations GmbH & Co. KG ---------Key: AntiVirWebService ImagePath: "C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE" C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE 463824 bytes Created: 11/1/2011 10:59 AM Modified: 10/19/2011 5:03 PM Company: Avira Operations GmbH & Co. KG ---------Key: AppID ImagePath: \SystemRoot\system32\drivers\appid.sys C:\Windows\system32\drivers\appid.sys 50176 bytes Created: 7/14/2009 4:36 AM Modified: 7/14/2009 4:36 AM Company: Microsoft Corporation ---------Key: aswFsBlk ImagePath: system32\DRIVERS\aswFsBlk.sys C:\Windows\system32\DRIVERS\aswFsBlk.sys 20560 bytes Created: 11/15/2011 9:36 AM Modified: 11/25/2009 4:50 AM Company: ALWIL Software ---------Key: aswMonFlt ImagePath: system32\DRIVERS\aswMonFlt.sys C:\Windows\system32\DRIVERS\aswMonFlt.sys 53328 bytes Created: 11/15/2011 9:36 AM Modified: 11/25/2009 4:49 AM Company: ALWIL Software ---------Key: aswUpdSv ImagePath: "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe" C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe 18752 bytes Created: 11/15/2011 9:36 AM Modified: 11/25/2009 4:43 AM Company: ALWIL Software ---------Key: avast! Antivirus ImagePath: "C:\Program Files\Alwil Software\Avast4\ashServ.exe"

C:\Program Files\Alwil Software\Avast4\ashServ.exe 138680 bytes Created: 11/15/2011 9:36 AM Modified: 11/25/2009 4:51 AM Company: ALWIL Software ---------Key: avast! Mail Scanner ImagePath: "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe 254040 bytes Created: 11/15/2011 9:36 AM Modified: 11/25/2009 4:51 AM Company: ALWIL Software ---------Key: avast! Web Scanner ImagePath: "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service C:\Program Files\Alwil Software\Avast4\ashWebSv.exe 352920 bytes Created: 11/15/2011 9:36 AM Modified: 11/25/2009 4:48 AM Company: ALWIL Software ---------Key: avgntflt ImagePath: system32\DRIVERS\avgntflt.sys C:\Windows\system32\DRIVERS\avgntflt.sys 74640 bytes Created: 11/1/2011 10:59 AM Modified: 10/19/2011 5:03 PM Company: Avira GmbH ---------Key: avipbb ImagePath: system32\DRIVERS\avipbb.sys C:\Windows\system32\DRIVERS\avipbb.sys 134344 bytes Created: 11/1/2011 10:59 AM Modified: 10/19/2011 5:03 PM Company: Avira GmbH ---------Key: avkmgr ImagePath: system32\DRIVERS\avkmgr.sys C:\Windows\system32\DRIVERS\avkmgr.sys 36000 bytes Created: 11/1/2011 10:59 AM Modified: 10/19/2011 5:03 PM Company: Avira GmbH ---------Key: b06bdrv ImagePath: \SystemRoot\system32\DRIVERS\bxvbdx.sys C:\Windows\system32\DRIVERS\bxvbdx.sys 430080 bytes Created: 6/11/2009 2:17 AM Modified: 7/14/2009 3:02 AM Company: Broadcom Corporation ---------Key: b57nd60x ImagePath: system32\DRIVERS\b57nd60x.sys C:\Windows\system32\DRIVERS\b57nd60x.sys 229888 bytes Created: 7/14/2009 3:02 AM Modified: 7/14/2009 3:02 AM

Company: Broadcom Corporation ---------Key: blbdrive ImagePath: system32\DRIVERS\blbdrive.sys C:\Windows\system32\DRIVERS\blbdrive.sys 35328 bytes Created: 7/14/2009 4:23 AM Modified: 7/14/2009 4:23 AM Company: Microsoft Corporation ---------Key: CmBatt ImagePath: \SystemRoot\system32\DRIVERS\CmBatt.sys C:\Windows\system32\DRIVERS\CmBatt.sys 14080 bytes Created: 7/14/2009 4:19 AM Modified: 7/14/2009 4:19 AM Company: Microsoft Corporation ---------Key: CNG ImagePath: System32\Drivers\cng.sys C:\Windows\System32\Drivers\cng.sys 369568 bytes Created: 7/14/2009 4:32 AM Modified: 7/14/2009 6:17 AM Company: Microsoft Corporation ---------Key: CompositeBus ImagePath: system32\DRIVERS\CompositeBus.sys C:\Windows\system32\DRIVERS\CompositeBus.sys 31232 bytes Created: 7/14/2009 4:45 AM Modified: 7/14/2009 4:45 AM Company: Microsoft Corporation ---------Key: crcdisk ImagePath: \SystemRoot\system32\DRIVERS\crcdisk.sys C:\Windows\system32\DRIVERS\crcdisk.sys 22096 bytes Created: 7/14/2009 4:46 AM Modified: 7/14/2009 6:20 AM Company: Microsoft Corporation ---------Key: discache ImagePath: System32\drivers\discache.sys C:\Windows\System32\drivers\discache.sys 32256 bytes Created: 7/14/2009 4:24 AM Modified: 7/14/2009 4:24 AM Company: Microsoft Corporation ---------Key: ebdrv ImagePath: \SystemRoot\system32\DRIVERS\evbdx.sys C:\Windows\system32\DRIVERS\evbdx.sys 3100160 bytes Created: 6/11/2009 2:17 AM Modified: 7/14/2009 3:02 AM Company: Broadcom Corporation ---------Key: flpydisk ImagePath: \SystemRoot\system32\DRIVERS\flpydisk.sys

C:\Windows\system32\DRIVERS\flpydisk.sys 19968 bytes Created: 7/14/2009 4:45 AM Modified: 7/14/2009 4:45 AM Company: Microsoft Corporation ---------Key: FsDepends ImagePath: System32\drivers\FsDepends.sys C:\Windows\System32\drivers\FsDepends.sys 46160 bytes Created: 7/14/2009 4:15 AM Modified: 7/14/2009 6:20 AM Company: Microsoft Corporation ---------Key: gupdate ImagePath: C:\Program Files\Google\Update\GoogleUpdate.exe /svc C:\Program Files\Google\Update\GoogleUpdate.exe 136176 bytes Created: 11/8/2011 11:43 AM Modified: 11/8/2011 11:43 AM Company: Google Inc. ---------Key: gupdatem ImagePath: C:\Program Files\Google\Update\GoogleUpdate.exe /medsvc C:\Program Files\Google\Update\GoogleUpdate.exe 136176 bytes Created: 11/8/2011 11:43 AM Modified: 11/8/2011 11:43 AM Company: Google Inc. ---------Key: hcw85cir ImagePath: \SystemRoot\system32\drivers\hcw85cir.sys C:\Windows\system32\drivers\hcw85cir.sys 26624 bytes Created: 7/14/2009 3:54 AM Modified: 7/14/2009 3:54 AM Company: Hauppauge Computer Works, Inc. ---------Key: HidBatt ImagePath: \SystemRoot\system32\DRIVERS\HidBatt.sys C:\Windows\system32\DRIVERS\HidBatt.sys 21504 bytes Created: 7/14/2009 4:19 AM Modified: 7/14/2009 4:19 AM Company: Microsoft Corporation ---------Key: HpSAMD ImagePath: \SystemRoot\system32\DRIVERS\HpSAMD.sys C:\Windows\system32\DRIVERS\HpSAMD.sys 67152 bytes Created: 7/14/2009 3:09 AM Modified: 7/14/2009 6:20 AM Company: Hewlett-Packard Company ---------Key: hwdatacard ImagePath: system32\DRIVERS\ewusbmdm.sys C:\Windows\system32\DRIVERS\ewusbmdm.sys 102912 bytes Created: 12/23/2011 6:21 AM Modified: 9/10/2009 3:31 PM

Company: Huawei Technologies Co., Ltd. ---------Key: hwpolicy ImagePath: System32\drivers\hwpolicy.sys C:\Windows\System32\drivers\hwpolicy.sys 13904 bytes Created: 7/14/2009 4:11 AM Modified: 7/14/2009 6:20 AM Company: Microsoft Corporation ---------Key: hwusbdev ImagePath: system32\DRIVERS\ewusbdev.sys C:\Windows\system32\DRIVERS\ewusbdev.sys 101120 bytes Created: 12/23/2011 6:21 AM Modified: 10/12/2009 3:22 PM Company: Huawei Technologies Co., Ltd. ---------Key: IDMWFP ImagePath: system32\DRIVERS\idmwfp.sys C:\Windows\system32\DRIVERS\idmwfp.sys 89376 bytes Created: 11/14/2011 6:39 PM Modified: 7/6/2011 6:14 PM Company: Tonec Inc. ---------Key: intelppm ImagePath: \SystemRoot\system32\DRIVERS\intelppm.sys C:\Windows\system32\DRIVERS\intelppm.sys 53760 bytes Created: 7/14/2009 4:11 AM Modified: 7/14/2009 4:11 AM Company: Microsoft Corporation ---------Key: iScsiPrt ImagePath: \SystemRoot\system32\DRIVERS\msiscsi.sys C:\Windows\system32\DRIVERS\msiscsi.sys 186960 bytes Created: 7/14/2009 4:46 AM Modified: 7/14/2009 6:20 AM Company: Microsoft Corporation ---------Key: kbdhid ImagePath: \SystemRoot\system32\DRIVERS\kbdhid.sys C:\Windows\system32\DRIVERS\kbdhid.sys 28160 bytes Created: 7/14/2009 4:45 AM Modified: 7/14/2009 4:45 AM Company: Microsoft Corporation ---------Key: KSecPkg ImagePath: System32\Drivers\ksecpkg.sys C:\Windows\System32\Drivers\ksecpkg.sys 133200 bytes Created: 7/14/2009 4:34 AM Modified: 7/14/2009 6:20 AM Company: Microsoft Corporation ---------Key: LSI_FC ImagePath: \SystemRoot\system32\DRIVERS\lsi_fc.sys

C:\Windows\system32\DRIVERS\lsi_fc.sys 95824 bytes Created: 7/14/2009 3:09 AM Modified: 7/14/2009 6:20 AM Company: LSI Corporation ---------Key: LSI_SAS ImagePath: \SystemRoot\system32\DRIVERS\lsi_sas.sys C:\Windows\system32\DRIVERS\lsi_sas.sys 89168 bytes Created: 7/14/2009 3:09 AM Modified: 7/14/2009 6:20 AM Company: LSI Corporation ---------Key: LSI_SAS2 ImagePath: \SystemRoot\system32\DRIVERS\lsi_sas2.sys C:\Windows\system32\DRIVERS\lsi_sas2.sys 54864 bytes Created: 7/14/2009 3:09 AM Modified: 7/14/2009 6:20 AM Company: LSI Corporation ---------Key: LSI_SCSI ImagePath: \SystemRoot\system32\DRIVERS\lsi_scsi.sys C:\Windows\system32\DRIVERS\lsi_scsi.sys 96848 bytes Created: 7/14/2009 3:09 AM Modified: 7/14/2009 6:20 AM Company: LSI Corporation ---------Key: MpFilter ImagePath: system32\DRIVERS\MpFilter.sys C:\Windows\system32\DRIVERS\MpFilter.sys 165648 bytes Created: 4/18/2011 1:18 PM Modified: 4/18/2011 1:18 PM Company: Microsoft Corporation ---------Key: MpKsl0219da24 ImagePath: \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates \{4E6B76EC-3692-4C80-A00B-FB2A4A817156}\MpKsl0219da24.sys c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4E6B76EC-3692 -4C80-A00B-FB2A4A817156}\MpKsl0219da24.sys 29904 bytes Created: 11/15/2011 5:36 PM Modified: 11/15/2011 5:36 PM Company: Microsoft Corporation ---------Key: MpKsl19b7cb5c ImagePath: \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates \{63FC53AE-0C80-4781-A0F2-D285951B5C1C}\MpKsl19b7cb5c.sys c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{63FC53AE-0C80 -4781-A0F2-D285951B5C1C}\MpKsl19b7cb5c.sys [file not found to scan] ---------Key: MpKsl292c9fc4 ImagePath: \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates \{C2E8B41D-8A3B-440A-94E5-ADC0E3405A30}\MpKsl292c9fc4.sys c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C2E8B41D-8A3B -440A-94E5-ADC0E3405A30}\MpKsl292c9fc4.sys [file not found to scan] ----------

Key: MpKsl2ed2d473 ImagePath: \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates \{FEDAB18A-7B52-47C7-8216-D8E2B3F38CB6}\MpKsl2ed2d473.sys c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FEDAB18A-7B52 -47C7-8216-D8E2B3F38CB6}\MpKsl2ed2d473.sys [file not found to scan] ---------Key: MpKsl43dec7fa ImagePath: \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates \{0BA28B78-A5AB-4621-AB03-331336B8C789}\MpKsl43dec7fa.sys c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0BA28B78-A5AB -4621-AB03-331336B8C789}\MpKsl43dec7fa.sys [file not found to scan] ---------Key: MpKsl4827cce2 ImagePath: \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates \{FA200FC3-0ACF-4696-B54F-C617A393F3F2}\MpKsl4827cce2.sys c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FA200FC3-0ACF -4696-B54F-C617A393F3F2}\MpKsl4827cce2.sys [file not found to scan] ---------Key: MpKsl4af71ab5 ImagePath: \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates \{125D1778-DD71-426D-9BB3-F65A9923CA17}\MpKsl4af71ab5.sys c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{125D1778-DD71 -426D-9BB3-F65A9923CA17}\MpKsl4af71ab5.sys [file not found to scan] ---------Key: MpKsl526b47b7 ImagePath: \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates \{4E6B76EC-3692-4C80-A00B-FB2A4A817156}\MpKsl526b47b7.sys c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4E6B76EC-3692 -4C80-A00B-FB2A4A817156}\MpKsl526b47b7.sys 29904 bytes Created: 11/15/2011 11:00 PM Modified: 11/15/2011 11:00 PM Company: Microsoft Corporation ---------Key: MpKsl5ac8e01c ImagePath: \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates \{EC9E497F-B5E8-44D0-B086-3AF9A4221A07}\MpKsl5ac8e01c.sys c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EC9E497F-B5E8 -44D0-B086-3AF9A4221A07}\MpKsl5ac8e01c.sys [file not found to scan] ---------Key: MpKsl611ac31f ImagePath: \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates \{E4A015ED-FE16-4385-96B4-862985D2FFFC}\MpKsl611ac31f.sys c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E4A015ED-FE16 -4385-96B4-862985D2FFFC}\MpKsl611ac31f.sys [file not found to scan] ---------Key: MpKsl65972984 ImagePath: \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates \{89274BDA-1166-4961-AA83-49BE6A9B35DC}\MpKsl65972984.sys c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{89274BDA-1166 -4961-AA83-49BE6A9B35DC}\MpKsl65972984.sys [file not found to scan] ---------Key: MpKsl6780b090 ImagePath: \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates \{E7D97244-3332-48C5-AEEF-555B63449487}\MpKsl6780b090.sys c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E7D97244-3332 -48C5-AEEF-555B63449487}\MpKsl6780b090.sys [file not found to scan] ---------Key: MpKsl6ce2c32c ImagePath: \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates

\{F04B1274-39FA-497F-96A1-1113653CD37C}\MpKsl6ce2c32c.sys c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F04B1274-39FA -497F-96A1-1113653CD37C}\MpKsl6ce2c32c.sys [file not found to scan] ---------Key: MpKsl6d167de1 ImagePath: \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates \{FA6905F5-3F3B-402C-9EA0-26F7537EB4E3}\MpKsl6d167de1.sys c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FA6905F5-3F3B -402C-9EA0-26F7537EB4E3}\MpKsl6d167de1.sys [file not found to scan] ---------Key: MpKsl6ddfbb59 ImagePath: \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates \{FB066597-4A54-40D8-8EFE-5AC154F5D4A7}\MpKsl6ddfbb59.sys c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FB066597-4A54 -40D8-8EFE-5AC154F5D4A7}\MpKsl6ddfbb59.sys [file not found to scan] ---------Key: MpKsl77164ad8 ImagePath: \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates \{AE29A31E-1183-4CB2-9700-B161DDDB0700}\MpKsl77164ad8.sys c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AE29A31E-1183 -4CB2-9700-B161DDDB0700}\MpKsl77164ad8.sys [file not found to scan] ---------Key: MpKsl7a7ef606 ImagePath: \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates \{F9F948D5-68FF-4642-8AE8-44F93EDF9F61}\MpKsl7a7ef606.sys c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F9F948D5-68FF -4642-8AE8-44F93EDF9F61}\MpKsl7a7ef606.sys [file not found to scan] ---------Key: MpKsl7e18e2f1 ImagePath: \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates \{FEDAB18A-7B52-47C7-8216-D8E2B3F38CB6}\MpKsl7e18e2f1.sys c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FEDAB18A-7B52 -47C7-8216-D8E2B3F38CB6}\MpKsl7e18e2f1.sys [file not found to scan] ---------Key: MpKsl7ef1c63a ImagePath: \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates \{4E6B76EC-3692-4C80-A00B-FB2A4A817156}\MpKsl7ef1c63a.sys c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4E6B76EC-3692 -4C80-A00B-FB2A4A817156}\MpKsl7ef1c63a.sys 29904 bytes Created: 12/21/2011 5:49 AM Modified: 12/21/2011 5:49 AM Company: Microsoft Corporation ---------Key: MpKsl86faea71 ImagePath: \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates \{1801E2FC-6C49-4AB0-B29A-D5513E9AB219}\MpKsl86faea71.sys c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1801E2FC-6C49 -4AB0-B29A-D5513E9AB219}\MpKsl86faea71.sys [file not found to scan] ---------Key: MpKsl96f50f1a ImagePath: \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates \{FA200FC3-0ACF-4696-B54F-C617A393F3F2}\MpKsl96f50f1a.sys c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FA200FC3-0ACF -4696-B54F-C617A393F3F2}\MpKsl96f50f1a.sys [file not found to scan] ---------Key: MpKsl9834e373 ImagePath: \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates \{0BA28B78-A5AB-4621-AB03-331336B8C789}\MpKsl9834e373.sys c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0BA28B78-A5AB

-4621-AB03-331336B8C789}\MpKsl9834e373.sys [file not found to scan] ---------Key: MpKsl9b9925f7 ImagePath: \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates \{87A2B06F-AEDB-4DC3-9E40-01F765CF0574}\MpKsl9b9925f7.sys c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{87A2B06F-AEDB -4DC3-9E40-01F765CF0574}\MpKsl9b9925f7.sys [file not found to scan] ---------Key: MpKsla40f86f2 ImagePath: \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates \{D93F9AEA-0FB3-43DE-BC08-4D52ADDC31C3}\MpKsla40f86f2.sys c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D93F9AEA-0FB3 -43DE-BC08-4D52ADDC31C3}\MpKsla40f86f2.sys [file not found to scan] ---------Key: MpKsla4270d7e ImagePath: \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates