Jump to content

Malwarebytes

Windows 7x64 Redirect Hijack Chrome,FF,IE

- - - - -
Started by infectedturtle, May 08 2012 12:51 AM
hijack redirect google

36 replies to this topic

#1
infectedturtle
Posted 08 May 2012 - 12:51 AM

    New Member

  • Members
  • Pip
  • 21 posts
Hi,

I cannot for the life of me find the problem. I am having one of those re-direct things. I have scanned with MB and MSE and found nothing. The following are my logs, any help would be great.

Thanks.


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.0.0
Run by Lucas at 21:45:35 on 2012-05-07
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6092.3593 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k WbioSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\SysWOW64\astsrv.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\nlsInterface.exe
C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
C:\Program Files\Core Temp\Core Temp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Apps\envyTouchPad.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Users\Lucas\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Launchy\Launchy.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Users\Lucas\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lucas\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lucas\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lucas\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lucas\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lucas\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lucas\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Windows\system32\wbengine.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\System32\vds.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: TrueSuite Website Log On: {8590886e-ec8c-43c1-a32c-e4c2b0b6395b} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [envyTouchPad] C:\Apps\envyTouchPad.exe
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [FLxHCIm] "C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\i386_host\FLxHCIm.exe"
mRun: [<NO NAME>]
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\Lucas\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Lucas\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Lucas\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Launchy.lnk - C:\Program Files (x86)\Launchy\Launchy.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
Trusted Zone: box.net\www
Trusted Zone: intuit.com\ttlc
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: Interfaces\{4AC4F20E-8141-4819-BD8A-793CD83A10FA}\05447425F45505 : DhcpNameServer = 192.168.2.254
TCP: Interfaces\{4AC4F20E-8141-4819-BD8A-793CD83A10FA}\35550554250273431343 : DhcpNameServer = 10.10.1.1
TCP: Interfaces\{4AC4F20E-8141-4819-BD8A-793CD83A10FA}\86F6E6B66723 : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{4AC4F20E-8141-4819-BD8A-793CD83A10FA}\C696E6B6379737 : DhcpNameServer = 192.168.0.1 192.168.0.1
TCP: Interfaces\{AF6477D5-C2C1-4A4A-958E-A9DEC6AA64BC} : DhcpNameServer = 10.10.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
BHO-X64: TSBHO Class - No File
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun-x64: [FLxHCIm] "C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\i386_host\FLxHCIm.exe"
mRun-x64: [(Default)]
mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun-x64: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun-x64: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
Hosts: 10.10.1.50 echo
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\3s2yhtu7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Users\Lucas\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Users\Lucas\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Lucas\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-7-18 146816]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-1-8 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-8-31 1166848]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-1-24 901184]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-1-24 991296]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-6-3 134928]
R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-7-20 260424]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-21 85560]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-9-1 227896]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-7-11 26680]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-8-9 13592]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-1-8 2413056]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-8-25 13672]
R2 nlscc;Nalpeiron X64 Service;C:\Windows\system32\nlsInterface.exe --> C:\Windows\system32\nlsInterface.exe [?]
R2 NovacomD;Palm Novacom;C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe [2011-3-15 71168]
R2 SplashtopRemoteService;Splashtop® Remote Service;C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2012-2-9 531328]
R2 SSUService;Splashtop Software Updater Service;C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2012-3-14 370504]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-8-9 2656280]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;C:\Windows\system32\DRIVERS\AMPPAL.sys --> C:\Windows\system32\DRIVERS\AMPPAL.sys [?]
R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-1-24 1298496]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
R3 hpCMSrv;HP Connection Manager 4.0 Service;C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-2-15 1071160]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 intelkmd;intelkmd;C:\Windows\system32\DRIVERS\igdpmd64.sys --> C:\Windows\system32\DRIVERS\igdpmd64.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
R3 wdkmd;Intel WiDi KMD;C:\Windows\system32\DRIVERS\WDKMD.sys --> C:\Windows\system32\DRIVERS\WDKMD.sys [?]
S2 CLKMSVC10_38F51D56;CyberLink Product - 2012/01/08 22:36:48;C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2011-2-24 241648]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-3 257696]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;C:\Windows\system32\DRIVERS\amppal.sys --> C:\Windows\system32\DRIVERS\amppal.sys [?]
S3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\system32\DRIVERS\btmaux.sys --> C:\Windows\system32\DRIVERS\btmaux.sys [?]
S3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\system32\drivers\btwampfl.sys --> C:\Windows\system32\drivers\btwampfl.sys [?]
S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudbus.sys --> C:\Windows\system32\DRIVERS\ssudbus.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-3-17 129976]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-7-27 340240]
S3 Nbdrv;NetBalancer;C:\Windows\system32\DRIVERS\nbdrv.sys --> C:\Windows\system32\DRIVERS\nbdrv.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudmdm.sys --> C:\Windows\system32\DRIVERS\ssudmdm.sys [?]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
.
=============== Created Last 30 ================
.
2012-05-07 17:43:26 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AE2D88D5-D09F-42D6-8C84-D965EB4F2FC9}\offreg.dll
2012-05-07 14:57:14 8917360 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AE2D88D5-D09F-42D6-8C84-D965EB4F2FC9}\mpengine.dll
2012-05-06 22:19:50 8917360 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-05-01 10:00:50 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-04-17 06:40:47 -------- d-----w- C:\Program Files (x86)\OpenDNS Updater
2012-04-17 06:16:09 -------- d-----w- C:\Users\Lucas\AppData\Roaming\OpenDNS Updater
2012-04-17 05:39:39 99384 ----a-w- C:\Windows\System32\drivers\ssudbus.sys
2012-04-17 05:39:39 203320 ----a-w- C:\Windows\System32\drivers\ssudmdm.sys
2012-04-17 03:31:40 332288 ----a-w- C:\Windows\System32\uxtheme.dll.backup
2012-04-17 03:31:38 2851840 ----a-w- C:\Windows\System32\themeui.dll.backup
2012-04-17 03:31:35 44544 ----a-w- C:\Windows\System32\themeservice.dll.backup
2012-04-12 03:57:54 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-04-12 03:57:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-04-12 03:57:53 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-04-12 03:55:26 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-04-12 03:55:26 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-04-12 03:55:26 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-04-12 03:55:26 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-04-12 03:55:26 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-04-12 03:55:26 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-04-12 03:55:26 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-04-10 04:04:44 -------- d-----w- C:\Users\Lucas\AppData\Roaming\ASUS WebStorage
2012-04-10 04:04:41 -------- d-----w- C:\ProgramData\ASUS WebStorage
2012-04-10 04:04:23 -------- d-----w- C:\Users\Lucas\AppData\Roaming\ASUS
2012-04-10 04:04:15 -------- d-----w- C:\Program Files (x86)\ASUS
2012-04-10 04:03:49 -------- d-----w- C:\Program Files\ASUS
2012-04-10 04:03:16 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2012-04-10 04:01:47 -------- d-----w- C:\Users\Lucas\AppData\Roaming\eCareme
.
==================== Find3M ====================
.
2012-05-06 23:55:24 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-06 23:55:24 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-06 23:55:09 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-04-04 22:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-03-29 05:11:22 4659712 ----a-w- C:\Windows\SysWow64\Redemption.dll
2012-03-29 05:11:06 45320 ----a-w- C:\Windows\SysWow64\MAMACExtract.dll
2012-03-29 05:11:02 821824 ----a-w- C:\Windows\SysWow64\dgderapi.dll
2012-03-22 19:12:12 4435968 ----a-w- C:\Windows\SysWow64\GPhotos.scr
2012-03-21 03:44:12 98688 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2012-03-21 03:44:12 203888 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-02-17 04:58:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-02-17 04:57:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-02-15 18:01:50 52736 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
2012-02-15 18:01:50 4547944 ----a-w- C:\Windows\System32\usbaaplrc.dll
2012-02-14 19:09:44 1070352 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
.
============= FINISH: 21:45:51.26 ===============

Attached Files


#2
MrCharlie
Posted 08 May 2012 - 08:40 AM

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 17,465 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA
Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system (don't run any other options, they're not all bad!)
Post back the report.

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#3
infectedturtle
Posted 08 May 2012 - 11:05 AM

    New Member

  • Members
  • Pip
  • 21 posts
Thank you for the quick reply.

RogueKiller V7.4.4 [05/08/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Lucas [Admin rights]
Mode: Scan -- Date: 05/08/2012 08:41:41

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 6 ¤¤¤
[BLACKLIST DLL] HKUS\S-1-5-19[...]\Run : Update (rundll32.exe "C:\Users\Lucas\AppData\Roaming\.minecraft\.minecraft\ulbzyvwiq.dll",DllRegisterServer) -> FOUND
[BLACKLIST DLL] HKUS\S-1-5-20[...]\Run : Update (rundll32.exe "C:\Users\Lucas\AppData\Roaming\.minecraft\.minecraft\ulbzyvwiq.dll",DllRegisterServer) -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
10.10.1.50 echo


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK7575GSX +++++
--- User ---
[MBR] b27ea8f791f5b651de5b587eaa78abc7
[BSP] 6abcc5b31419a117d0832257e7d591e9 : Linux MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 190000 Mo
2 - [XXXXXX] EXTEN (0x05) [VISIBLE] Offset (sectors): 389531646 | Size: 525203 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt

#4
MrCharlie
Posted 08 May 2012 - 11:17 AM

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 17,465 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA
OK, run RogueKiller again and click Scan
When the scan completes > click on the Registry Entries: tab
Put a check next to all of these and uncheck the rest:

Quote

¤¤¤ Registry Entries: 6 ¤¤¤
[BLACKLIST DLL] HKUS\S-1-5-19[...]\Run : Update (rundll32.exe "C:\Users\Lucas\AppData\Roaming\.minecraft\.minecraft\ulbzyvwiq.dll",DllRegisterServer) -> FOUND
[BLACKLIST DLL] HKUS\S-1-5-20[...]\Run : Update (rundll32.exe "C:\Users\Lucas\AppData\Roaming\.minecraft\.minecraft\ulbzyvwiq.dll",DllRegisterServer) -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND


Now click Delete on the left hand column.


-------------------------

Next....

Please make sure system restore is running and create a new restore point before continuing.
XP <===> Vista & W7

XP users > please back up the registry using ERUNT.

-----------------------------------------

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Posted Image

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

Posted Image

------------------------

Click the Start Scan button.

Posted Image

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.

Posted Image

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


Posted Image


--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

-------------------

Here's a summary of what to do if you would like to print it out:


If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#5
infectedturtle
Posted 08 May 2012 - 01:49 PM

    New Member

  • Members
  • Pip
  • 21 posts
Hello,

No objects found via TDSS killer, only some unsigned drivers.

11:43:12.0277 3800 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
11:43:13.0971 3800 ============================================================
11:43:13.0971 3800 Current date / time: 2012/05/08 11:43:13.0971
11:43:13.0971 3800 SystemInfo:
11:43:13.0971 3800
11:43:13.0972 3800 OS Version: 6.1.7601 ServicePack: 1.0
11:43:13.0972 3800 Product type: Workstation
11:43:13.0972 3800 ComputerName: DEATHWING
11:43:13.0972 3800 UserName: Lucas
11:43:13.0972 3800 Windows directory: C:\Windows
11:43:13.0972 3800 System windows directory: C:\Windows
11:43:13.0972 3800 Running under WOW64
11:43:13.0972 3800 Processor architecture: Intel x64
11:43:13.0972 3800 Number of processors: 8
11:43:13.0972 3800 Page size: 0x1000
11:43:13.0972 3800 Boot type: Normal boot
11:43:13.0972 3800 ============================================================
11:43:14.0419 3800 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:43:14.0424 3800 ============================================================
11:43:14.0424 3800 \Device\Harddisk0\DR0:
11:43:14.0424 3800 MBR partitions:
11:43:14.0424 3800 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
11:43:14.0424 3800 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x17318000
11:43:14.0468 3800 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x273A1800, BlocksNum 0x301A4800
11:43:14.0468 3800 ============================================================
11:43:14.0497 3800 C: <-> \Device\Harddisk0\DR0\Partition1
11:43:14.0536 3800 D: <-> \Device\Harddisk0\DR0\Partition2
11:43:14.0536 3800 ============================================================
11:43:14.0536 3800 Initialize success
11:43:14.0536 3800 ============================================================
11:43:35.0546 4324 ============================================================
11:43:35.0546 4324 Scan started
11:43:35.0546 4324 Mode: Manual; SigCheck; TDLFS;
11:43:35.0546 4324 ============================================================
11:43:35.0840 4324 !SASCORE (6b9a496ed67631da8adb802461876c36) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
11:43:35.0874 4324 !SASCORE - ok
11:43:36.0148 4324 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
11:43:36.0179 4324 1394ohci - ok
11:43:36.0205 4324 Accelerometer (5c368f4b04ed2a923e6afca2d37baff5) C:\Windows\system32\DRIVERS\Accelerometer.sys
11:43:36.0277 4324 Accelerometer - ok
11:43:36.0304 4324 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
11:43:36.0319 4324 ACPI - ok
11:43:36.0355 4324 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
11:43:36.0382 4324 AcpiPmi - ok
11:43:36.0460 4324 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
11:43:36.0468 4324 AdobeARMservice - ok
11:43:36.0541 4324 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
11:43:36.0553 4324 AdobeFlashPlayerUpdateSvc - ok
11:43:36.0595 4324 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
11:43:36.0613 4324 adp94xx - ok
11:43:36.0664 4324 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
11:43:36.0679 4324 adpahci - ok
11:43:36.0688 4324 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
11:43:36.0701 4324 adpu320 - ok
11:43:36.0724 4324 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
11:43:36.0757 4324 AeLookupSvc - ok
11:43:36.0877 4324 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe
11:43:36.0899 4324 AESTFilters - ok
11:43:36.0941 4324 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
11:43:36.0971 4324 AFD - ok
11:43:37.0021 4324 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
11:43:37.0031 4324 agp440 - ok
11:43:37.0071 4324 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
11:43:37.0093 4324 ALG - ok
11:43:37.0119 4324 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
11:43:37.0128 4324 aliide - ok
11:43:37.0207 4324 ALSysIO - ok
11:43:37.0243 4324 AMD External Events Utility (46052887a640397a834cfa61d607bfc5) C:\Windows\system32\atiesrxx.exe
11:43:37.0270 4324 AMD External Events Utility - ok
11:43:37.0308 4324 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
11:43:37.0318 4324 amdide - ok
11:43:37.0345 4324 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
11:43:37.0373 4324 AmdK8 - ok
11:43:37.0689 4324 amdkmdag (f419e5cc07decdab85e4e6adab1dbb49) C:\Windows\system32\DRIVERS\atikmdag.sys
11:43:37.0912 4324 amdkmdag - ok
11:43:38.0030 4324 amdkmdap (a2f3f99349169d53e91a953a6f539635) C:\Windows\system32\DRIVERS\atikmpag.sys
11:43:38.0059 4324 amdkmdap - ok
11:43:38.0092 4324 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
11:43:38.0113 4324 AmdPPM - ok
11:43:38.0158 4324 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
11:43:38.0169 4324 amdsata - ok
11:43:38.0198 4324 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
11:43:38.0216 4324 amdsbs - ok
11:43:38.0233 4324 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
11:43:38.0242 4324 amdxata - ok
11:43:38.0288 4324 AMPPAL (7d9e301ab3247765702d0b65e2e47e50) C:\Windows\system32\DRIVERS\AMPPAL.sys
11:43:38.0315 4324 AMPPAL - ok
11:43:38.0331 4324 AMPPALP (7d9e301ab3247765702d0b65e2e47e50) C:\Windows\system32\DRIVERS\amppal.sys
11:43:38.0342 4324 AMPPALP - ok
11:43:38.0449 4324 AMPPALR3 (576134e43169810b560f0bb6fdee13f5) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
11:43:38.0478 4324 AMPPALR3 - ok
11:43:38.0597 4324 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
11:43:38.0630 4324 AppID - ok
11:43:38.0661 4324 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
11:43:38.0693 4324 AppIDSvc - ok
11:43:38.0729 4324 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
11:43:38.0767 4324 Appinfo - ok
11:43:38.0850 4324 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:43:38.0858 4324 Apple Mobile Device - ok
11:43:38.0890 4324 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
11:43:38.0901 4324 arc - ok
11:43:38.0917 4324 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
11:43:38.0927 4324 arcsas - ok
11:43:39.0021 4324 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
11:43:39.0031 4324 aspnet_state - ok
11:43:39.0039 4324 astcc - ok
11:43:39.0061 4324 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
11:43:39.0093 4324 AsyncMac - ok
11:43:39.0149 4324 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
11:43:39.0158 4324 atapi - ok
11:43:39.0224 4324 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
11:43:39.0266 4324 AudioEndpointBuilder - ok
11:43:39.0271 4324 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
11:43:39.0309 4324 AudioSrv - ok
11:43:39.0383 4324 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
11:43:39.0399 4324 AxInstSV - ok
11:43:39.0448 4324 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
11:43:39.0475 4324 b06bdrv - ok
11:43:39.0506 4324 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
11:43:39.0521 4324 b57nd60a - ok
11:43:39.0607 4324 BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys
11:43:39.0638 4324 BCM43XX - ok
11:43:39.0677 4324 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
11:43:39.0695 4324 BDESVC - ok
11:43:39.0763 4324 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
11:43:39.0807 4324 Beep - ok
11:43:39.0874 4324 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
11:43:39.0915 4324 BFE - ok
11:43:39.0962 4324 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
11:43:40.0012 4324 BITS - ok
11:43:40.0081 4324 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
11:43:40.0092 4324 blbdrive - ok
11:43:40.0209 4324 Bluetooth Device Monitor (c440483a5ce0e0ab03a79a33ace35d91) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
11:43:40.0223 4324 Bluetooth Device Monitor ( UnsignedFile.Multi.Generic ) - warning
11:43:40.0223 4324 Bluetooth Device Monitor - detected UnsignedFile.Multi.Generic (1)
11:43:40.0284 4324 Bluetooth Media Service (c8ab8ca3557cce041ac4c88e76afbad0) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
11:43:40.0316 4324 Bluetooth Media Service ( UnsignedFile.Multi.Generic ) - warning
11:43:40.0316 4324 Bluetooth Media Service - detected UnsignedFile.Multi.Generic (1)
11:43:40.0371 4324 Bluetooth OBEX Service (df83fb0eb35c91339f1c84c6cf426100) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
11:43:40.0391 4324 Bluetooth OBEX Service ( UnsignedFile.Multi.Generic ) - warning
11:43:40.0391 4324 Bluetooth OBEX Service - detected UnsignedFile.Multi.Generic (1)
11:43:40.0467 4324 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
11:43:40.0482 4324 Bonjour Service - ok
11:43:40.0599 4324 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
11:43:40.0622 4324 bowser - ok
11:43:40.0660 4324 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
11:43:40.0673 4324 BrFiltLo - ok
11:43:40.0675 4324 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
11:43:40.0688 4324 BrFiltUp - ok
11:43:40.0722 4324 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
11:43:40.0763 4324 Browser - ok
11:43:40.0785 4324 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
11:43:40.0816 4324 Brserid - ok
11:43:40.0820 4324 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
11:43:40.0842 4324 BrSerWdm - ok
11:43:40.0870 4324 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
11:43:40.0892 4324 BrUsbMdm - ok
11:43:40.0915 4324 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
11:43:40.0937 4324 BrUsbSer - ok
11:43:40.0981 4324 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
11:43:41.0005 4324 BthEnum - ok
11:43:41.0055 4324 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
11:43:41.0079 4324 BTHMODEM - ok
11:43:41.0122 4324 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
11:43:41.0149 4324 BthPan - ok
11:43:41.0189 4324 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys
11:43:41.0218 4324 BTHPORT - ok
11:43:41.0261 4324 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
11:43:41.0310 4324 bthserv - ok
11:43:41.0399 4324 BTHSSecurityMgr (9e2af97302b9f4bf97e952a865eb31ae) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
11:43:41.0408 4324 BTHSSecurityMgr - ok
11:43:41.0418 4324 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys
11:43:41.0429 4324 BTHUSB - ok
11:43:41.0474 4324 btmaux (ba554bfcbf21201d310738a42c9c19e1) C:\Windows\system32\DRIVERS\btmaux.sys
11:43:41.0482 4324 btmaux - ok
11:43:41.0533 4324 btwampfl (7a2ce8c1bf4daa1f2766e21e9ca11078) C:\Windows\system32\drivers\btwampfl.sys
11:43:41.0548 4324 btwampfl - ok
11:43:41.0550 4324 btwaudio - ok
11:43:41.0554 4324 btwavdt - ok
11:43:41.0557 4324 btwl2cap - ok
11:43:41.0560 4324 btwrchid - ok
11:43:41.0587 4324 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
11:43:41.0630 4324 cdfs - ok
11:43:41.0661 4324 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
11:43:41.0673 4324 cdrom - ok
11:43:41.0721 4324 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
11:43:41.0763 4324 CertPropSvc - ok
11:43:41.0810 4324 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
11:43:41.0832 4324 circlass - ok
11:43:41.0885 4324 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
11:43:41.0901 4324 CLFS - ok
11:43:42.0031 4324 CLKMSVC10_38F51D56 (524dc3807cb1746225f9d26add19c319) C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe
11:43:42.0043 4324 CLKMSVC10_38F51D56 - ok
11:43:42.0102 4324 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:43:42.0111 4324 clr_optimization_v2.0.50727_32 - ok
11:43:42.0175 4324 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:43:42.0184 4324 clr_optimization_v2.0.50727_64 - ok
11:43:42.0265 4324 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:43:42.0275 4324 clr_optimization_v4.0.30319_32 - ok
11:43:42.0303 4324 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:43:42.0313 4324 clr_optimization_v4.0.30319_64 - ok
11:43:42.0391 4324 clwvd (50f92c943f18b070f166d019dfab3d9a) C:\Windows\system32\DRIVERS\clwvd.sys
11:43:42.0399 4324 clwvd - ok
11:43:42.0426 4324 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
11:43:42.0438 4324 CmBatt - ok
11:43:42.0446 4324 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
11:43:42.0455 4324 cmdide - ok
11:43:42.0505 4324 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
11:43:42.0537 4324 CNG - ok
11:43:42.0576 4324 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
11:43:42.0585 4324 Compbatt - ok
11:43:42.0612 4324 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
11:43:42.0642 4324 CompositeBus - ok
11:43:42.0655 4324 COMSysApp - ok
11:43:42.0725 4324 cpudrv64 (3ca734ce373e5675fbc15ca2c45228e5) C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys
11:43:42.0733 4324 cpudrv64 - ok
11:43:42.0767 4324 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
11:43:42.0777 4324 crcdisk - ok
11:43:42.0819 4324 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
11:43:42.0862 4324 CryptSvc - ok
11:43:42.0903 4324 CVirtA (44bddeb03c84a1c993c992ffb5700357) C:\Windows\system32\DRIVERS\CVirtA64.sys
11:43:42.0912 4324 CVirtA - ok
11:43:42.0993 4324 CVPND (66257cb4e4fb69887cddc71663741435) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
11:43:43.0022 4324 CVPND - ok
11:43:43.0145 4324 CVPNDRVA (cc8e52daa9826064ba464dbe531f2bb5) C:\Windows\system32\Drivers\CVPNDRVA.sys
11:43:43.0156 4324 CVPNDRVA - ok
11:43:43.0212 4324 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
11:43:43.0270 4324 DcomLaunch - ok
11:43:43.0303 4324 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
11:43:43.0351 4324 defragsvc - ok
11:43:43.0390 4324 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
11:43:43.0432 4324 DfsC - ok
11:43:43.0467 4324 dg_ssudbus (113212d25d0c9bb8901a9833774da97f) C:\Windows\system32\DRIVERS\ssudbus.sys
11:43:43.0478 4324 dg_ssudbus - ok
11:43:43.0517 4324 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
11:43:43.0560 4324 Dhcp - ok
11:43:43.0593 4324 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
11:43:43.0626 4324 discache - ok
11:43:43.0666 4324 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
11:43:43.0676 4324 Disk - ok
11:43:43.0725 4324 DNE (05cb5910b3ca6019fc3cca815ee06ffb) C:\Windows\system32\DRIVERS\dne64x.sys
11:43:43.0734 4324 DNE - ok
11:43:43.0777 4324 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
11:43:43.0798 4324 Dnscache - ok
11:43:43.0835 4324 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
11:43:43.0878 4324 dot3svc - ok
11:43:43.0902 4324 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
11:43:43.0950 4324 DPS - ok
11:43:43.0996 4324 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
11:43:44.0026 4324 drmkaud - ok
11:43:44.0069 4324 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
11:43:44.0091 4324 DXGKrnl - ok
11:43:44.0122 4324 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
11:43:44.0171 4324 EapHost - ok
11:43:44.0285 4324 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
11:43:44.0342 4324 ebdrv - ok
11:43:44.0435 4324 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
11:43:44.0458 4324 EFS - ok
11:43:44.0522 4324 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
11:43:44.0552 4324 ehRecvr - ok
11:43:44.0573 4324 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
11:43:44.0585 4324 ehSched - ok
11:43:44.0667 4324 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
11:43:44.0686 4324 elxstor - ok
11:43:44.0689 4324 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
11:43:44.0701 4324 ErrDev - ok
11:43:44.0775 4324 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
11:43:44.0828 4324 EventSystem - ok
11:43:44.0982 4324 EvtEng (e3a96d5ae6e5c7b5472011ba77353368) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
11:43:45.0016 4324 EvtEng - ok
11:43:45.0127 4324 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
11:43:45.0162 4324 exfat - ok
11:43:45.0185 4324 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
11:43:45.0227 4324 fastfat - ok
11:43:45.0287 4324 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
11:43:45.0322 4324 Fax - ok
11:43:45.0360 4324 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
11:43:45.0386 4324 fdc - ok
11:43:45.0421 4324 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
11:43:45.0455 4324 fdPHost - ok
11:43:45.0470 4324 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
11:43:45.0503 4324 FDResPub - ok
11:43:45.0514 4324 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
11:43:45.0524 4324 FileInfo - ok
11:43:45.0545 4324 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
11:43:45.0578 4324 Filetrace - ok
11:43:45.0595 4324 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
11:43:45.0617 4324 flpydisk - ok
11:43:45.0640 4324 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
11:43:45.0654 4324 FltMgr - ok
11:43:45.0715 4324 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
11:43:45.0754 4324 FontCache - ok
11:43:45.0823 4324 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:43:45.0832 4324 FontCache3.0.0.0 - ok
11:43:45.0916 4324 FPLService (0798b9b20cb43057aa8d122090fc9d8c) C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
11:43:45.0927 4324 FPLService - ok
11:43:46.0003 4324 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
11:43:46.0013 4324 FsDepends - ok
11:43:46.0044 4324 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
11:43:46.0054 4324 Fs_Rec - ok
11:43:46.0093 4324 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
11:43:46.0108 4324 fvevol - ok
11:43:46.0138 4324 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
11:43:46.0148 4324 gagp30kx - ok
11:43:46.0171 4324 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:43:46.0179 4324 GEARAspiWDM - ok
11:43:46.0222 4324 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
11:43:46.0268 4324 gpsvc - ok
11:43:46.0328 4324 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
11:43:46.0339 4324 gusvc - ok
11:43:46.0382 4324 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
11:43:46.0403 4324 hcw85cir - ok
11:43:46.0441 4324 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
11:43:46.0460 4324 HdAudAddService - ok
11:43:46.0508 4324 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
11:43:46.0537 4324 HDAudBus - ok
11:43:46.0555 4324 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
11:43:46.0566 4324 HidBatt - ok
11:43:46.0599 4324 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
11:43:46.0614 4324 HidBth - ok
11:43:46.0617 4324 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
11:43:46.0631 4324 HidIr - ok
11:43:46.0656 4324 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
11:43:46.0703 4324 hidserv - ok
11:43:46.0750 4324 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
11:43:46.0761 4324 HidUsb - ok
11:43:46.0779 4324 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
11:43:46.0812 4324 hkmsvc - ok
11:43:46.0841 4324 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
11:43:46.0869 4324 HomeGroupListener - ok
11:43:46.0896 4324 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
11:43:46.0924 4324 HomeGroupProvider - ok
11:43:47.0032 4324 HP Support Assistant Service (170233b8d743efe35f462a5d516b93e3) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
11:43:47.0039 4324 HP Support Assistant Service - ok
11:43:47.0135 4324 hpCMSrv (e040f0064d39f73bb4995d494f3dcbb8) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
11:43:47.0161 4324 hpCMSrv - ok
11:43:47.0243 4324 HPDrvMntSvc.exe (b19ff523b533a3f198b9239e1749c940) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
11:43:47.0254 4324 HPDrvMntSvc.exe - ok
11:43:47.0349 4324 hpdskflt (4e0bec0f78096ffd6d3314b497fc49d3) C:\Windows\system32\DRIVERS\hpdskflt.sys
11:43:47.0357 4324 hpdskflt - ok
11:43:47.0414 4324 hpqwmiex (01091b900e15878b4434f9c726c4541d) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
11:43:47.0437 4324 hpqwmiex - ok
11:43:47.0467 4324 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
11:43:47.0478 4324 HpSAMD - ok
11:43:47.0494 4324 hpsrv (fc7c13b5a9e9be23b7ae72bbc7fdb278) C:\Windows\system32\Hpservice.exe
11:43:47.0502 4324 hpsrv - ok
11:43:47.0573 4324 HPWMISVC (491ce9b6321fb74e4b37af2c47f98434) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
11:43:47.0580 4324 HPWMISVC - ok
11:43:47.0612 4324 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
11:43:47.0670 4324 HTTP - ok
11:43:47.0693 4324 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
11:43:47.0702 4324 hwpolicy - ok
11:43:47.0734 4324 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
11:43:47.0746 4324 i8042prt - ok
11:43:47.0786 4324 iaStor (2fdaec4b02729c48c0fd1b0b4695995b) C:\Windows\system32\DRIVERS\iaStor.sys
11:43:47.0802 4324 iaStor - ok
11:43:47.0900 4324 IAStorDataMgrSvc (d41861e56e7552c13674d7f147a02464) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
11:43:47.0908 4324 IAStorDataMgrSvc - ok
11:43:47.0956 4324 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
11:43:47.0973 4324 iaStorV - ok
11:43:48.0114 4324 IconMan_R (d72bf0ae484f88399e8343e821c10d6a) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
11:43:48.0152 4324 IconMan_R ( UnsignedFile.Multi.Generic ) - warning
11:43:48.0152 4324 IconMan_R - detected UnsignedFile.Multi.Generic (1)
11:43:48.0262 4324 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:43:48.0285 4324 idsvc - ok
11:43:48.0374 4324 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
11:43:48.0383 4324 iirsp - ok
11:43:48.0438 4324 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
11:43:48.0492 4324 IKEEXT - ok
11:43:48.0541 4324 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
11:43:48.0555 4324 IntcDAud - ok
11:43:48.0576 4324 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
11:43:48.0586 4324 intelide - ok
11:43:48.0979 4324 intelkmd (6383899c5f964d71b0f96b81fbe59bb8) C:\Windows\system32\DRIVERS\igdpmd64.sys
11:43:49.0261 4324 intelkmd - ok
11:43:49.0376 4324 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
11:43:49.0399 4324 intelppm - ok
11:43:49.0483 4324 IntuitUpdateServiceV4 (1663a135865f0ba6e853353e98e67f2a) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
11:43:49.0490 4324 IntuitUpdateServiceV4 - ok
11:43:49.0516 4324 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
11:43:49.0566 4324 IPBusEnum - ok
11:43:49.0588 4324 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:43:49.0621 4324 IpFilterDriver - ok
11:43:49.0647 4324 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
11:43:49.0686 4324 iphlpsvc - ok
11:43:49.0712 4324 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
11:43:49.0731 4324 IPMIDRV - ok
11:43:49.0752 4324 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
11:43:49.0785 4324 IPNAT - ok
11:43:49.0893 4324 iPod Service (755e4ba6dce627a2683bb7640553c8d6) C:\Program Files\iPod\bin\iPodService.exe
11:43:49.0916 4324 iPod Service - ok
11:43:49.0952 4324 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
11:43:49.0967 4324 IRENUM - ok
11:43:49.0984 4324 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
11:43:49.0995 4324 isapnp - ok
11:43:50.0021 4324 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
11:43:50.0035 4324 iScsiPrt - ok
11:43:50.0065 4324 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
11:43:50.0074 4324 kbdclass - ok
11:43:50.0106 4324 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
11:43:50.0118 4324 kbdhid - ok
11:43:50.0147 4324 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:43:50.0158 4324 KeyIso - ok
11:43:50.0178 4324 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
11:43:50.0189 4324 KSecDD - ok
11:43:50.0205 4324 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
11:43:50.0216 4324 KSecPkg - ok
11:43:50.0233 4324 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
11:43:50.0275 4324 ksthunk - ok
11:43:50.0304 4324 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
11:43:50.0343 4324 KtmRm - ok
11:43:50.0394 4324 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
11:43:50.0441 4324 LanmanServer - ok
11:43:50.0460 4324 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
11:43:50.0494 4324 LanmanWorkstation - ok
11:43:50.0524 4324 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
11:43:50.0557 4324 lltdio - ok
11:43:50.0589 4324 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
11:43:50.0635 4324 lltdsvc - ok
11:43:50.0652 4324 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
11:43:50.0685 4324 lmhosts - ok
11:43:50.0784 4324 LMS (d7e0bed3ea21d7bddd410ade51708d90) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
11:43:50.0796 4324 LMS - ok
11:43:50.0830 4324 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
11:43:50.0841 4324 LSI_FC - ok
11:43:50.0848 4324 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
11:43:50.0859 4324 LSI_SAS - ok
11:43:50.0877 4324 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
11:43:50.0887 4324 LSI_SAS2 - ok
11:43:50.0893 4324 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
11:43:50.0904 4324 LSI_SCSI - ok
11:43:50.0923 4324 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
11:43:50.0968 4324 luafv - ok
11:43:50.0998 4324 massfilter_hs - ok
11:43:51.0023 4324 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
11:43:51.0044 4324 Mcx2Svc - ok
11:43:51.0070 4324 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
11:43:51.0080 4324 megasas - ok
11:43:51.0121 4324 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
11:43:51.0141 4324 MegaSR - ok
11:43:51.0186 4324 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
11:43:51.0195 4324 MEIx64 - ok
11:43:51.0219 4324 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
11:43:51.0268 4324 MMCSS - ok
11:43:51.0295 4324 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
11:43:51.0337 4324 Modem - ok
11:43:51.0354 4324 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
11:43:51.0376 4324 monitor - ok
11:43:51.0416 4324 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
11:43:51.0425 4324 mouclass - ok
11:43:51.0452 4324 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
11:43:51.0474 4324 mouhid - ok
11:43:51.0503 4324 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
11:43:51.0514 4324 mountmgr - ok
11:43:51.0612 4324 MozillaMaintenance (1144c543625a904f836605d0902f8255) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
11:43:51.0622 4324 MozillaMaintenance - ok
11:43:51.0682 4324 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
11:43:51.0695 4324 MpFilter - ok
11:43:51.0709 4324 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
11:43:51.0721 4324 mpio - ok
11:43:51.0754 4324 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
11:43:51.0789 4324 mpsdrv - ok
11:43:51.0843 4324 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
11:43:51.0902 4324 MpsSvc - ok
11:43:51.0924 4324 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
11:43:51.0946 4324 MRxDAV - ok
11:43:51.0974 4324 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:43:51.0999 4324 mrxsmb - ok
11:43:52.0019 4324 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:43:52.0033 4324 mrxsmb10 - ok
11:43:52.0047 4324 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:43:52.0058 4324 mrxsmb20 - ok
11:43:52.0084 4324 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
11:43:52.0093 4324 msahci - ok
11:43:52.0111 4324 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
11:43:52.0122 4324 msdsm - ok
11:43:52.0152 4324 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
11:43:52.0169 4324 MSDTC - ok
11:43:52.0190 4324 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
11:43:52.0222 4324 Msfs - ok
11:43:52.0259 4324 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
11:43:52.0301 4324 mshidkmdf - ok
11:43:52.0313 4324 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
11:43:52.0322 4324 msisadrv - ok
11:43:52.0345 4324 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
11:43:52.0389 4324 MSiSCSI - ok
11:43:52.0392 4324 msiserver - ok
11:43:52.0426 4324 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
11:43:52.0470 4324 MSKSSRV - ok
11:43:52.0538 4324 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) C:\Program Files\Microsoft Security Client\MsMpEng.exe
11:43:52.0547 4324 MsMpSvc - ok
11:43:52.0582 4324 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
11:43:52.0629 4324 MSPCLOCK - ok
11:43:52.0645 4324 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
11:43:52.0687 4324 MSPQM - ok
11:43:52.0709 4324 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
11:43:52.0724 4324 MsRPC - ok
11:43:52.0736 4324 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
11:43:52.0745 4324 mssmbios - ok
11:43:52.0766 4324 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
11:43:52.0807 4324 MSTEE - ok
11:43:52.0810 4324 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
11:43:52.0821 4324 MTConfig - ok
11:43:52.0837 4324 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
11:43:52.0846 4324 Mup - ok
11:43:52.0916 4324 MyWiFiDHCPDNS (8f57db74bf5407a4cda6c8b005dc8dd0) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
11:43:52.0929 4324 MyWiFiDHCPDNS - ok
11:43:52.0975 4324 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
11:43:53.0019 4324 napagent - ok
11:43:53.0083 4324 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
11:43:53.0114 4324 NativeWifiP - ok
11:43:53.0142 4324 Nbdrv (37bfe7ce56133f2e8e90ef68157d73c8) C:\Windows\system32\DRIVERS\nbdrv.sys
11:43:53.0159 4324 Nbdrv - ok
11:43:53.0221 4324 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
11:43:53.0246 4324 NDIS - ok
11:43:53.0278 4324 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
11:43:53.0325 4324 NdisCap - ok
11:43:53.0351 4324 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
11:43:53.0384 4324 NdisTapi - ok
11:43:53.0400 4324 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
11:43:53.0442 4324 Ndisuio - ok
11:43:53.0458 4324 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
11:43:53.0498 4324 NdisWan - ok
11:43:53.0518 4324 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
11:43:53.0551 4324 NDProxy - ok
11:43:53.0594 4324 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
11:43:53.0626 4324 NetBIOS - ok
11:43:53.0648 4324 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
11:43:53.0682 4324 NetBT - ok
11:43:53.0714 4324 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:43:53.0724 4324 Netlogon - ok
11:43:53.0763 4324 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
11:43:53.0808 4324 Netman - ok
11:43:53.0900 4324 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:43:53.0909 4324 NetMsmqActivator - ok
11:43:53.0921 4324 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:43:53.0929 4324 NetPipeActivator - ok
11:43:53.0967 4324 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
11:43:54.0022 4324 netprofm - ok
11:43:54.0025 4324 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:43:54.0034 4324 NetTcpActivator - ok
11:43:54.0036 4324 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:43:54.0045 4324 NetTcpPortSharing - ok
11:43:54.0357 4324 NETwNs64 (50ad7f7040c22bb7caa59a0880875a21) C:\Windows\system32\DRIVERS\NETwNs64.sys
11:43:54.0550 4324 NETwNs64 - ok
11:43:54.0666 4324 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
11:43:54.0676 4324 nfrd960 - ok
11:43:54.0708 4324 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
11:43:54.0718 4324 NisDrv - ok
11:43:54.0798 4324 NisSrv (10a43829a9e606af3eef25a1c1665923) C:\Program Files\Microsoft Security Client\NisSrv.exe
11:43:54.0812 4324 NisSrv - ok
11:43:54.0845 4324 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
11:43:54.0888 4324 NlaSvc - ok
11:43:54.0965 4324 nlscc (40777bd92d73a8ff3b252e4f4881e672) C:\Windows\system32\nlsInterface.exe
11:43:54.0986 4324 nlscc ( UnsignedFile.Multi.Generic ) - warning
11:43:54.0986 4324 nlscc - detected UnsignedFile.Multi.Generic (1)
11:43:55.0047 4324 NovacomD (1e8281a0bc4358cf816754e0a195d329) C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe
11:43:55.0059 4324 NovacomD ( UnsignedFile.Multi.Generic ) - warning
11:43:55.0059 4324 NovacomD - detected UnsignedFile.Multi.Generic (1)
11:43:55.0085 4324 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
11:43:55.0117 4324 Npfs - ok
11:43:55.0150 4324 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
11:43:55.0190 4324 nsi - ok
11:43:55.0200 4324 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
11:43:55.0241 4324 nsiproxy - ok
11:43:55.0308 4324 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
11:43:55.0347 4324 Ntfs - ok
11:43:55.0445 4324 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
11:43:55.0477 4324 Null - ok
11:43:55.0517 4324 nusb3hub (9a33100ac62a0463c49e47ee8e77083a) C:\Windows\system32\DRIVERS\nusb3hub.sys
11:43:55.0537 4324 nusb3hub - ok
11:43:55.0568 4324 nusb3xhc (87c321f7bee646b7ec6eedd6eb725741) C:\Windows\system32\DRIVERS\nusb3xhc.sys
11:43:55.0580 4324 nusb3xhc - ok
11:43:55.0626 4324 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
11:43:55.0643 4324 NVENETFD - ok
11:43:55.0670 4324 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
11:43:55.0682 4324 nvraid - ok
11:43:55.0704 4324 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
11:43:55.0716 4324 nvstor - ok
11:43:55.0741 4324 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
11:43:55.0752 4324 nv_agp - ok
11:43:55.0764 4324 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
11:43:55.0776 4324 ohci1394 - ok
11:43:55.0834 4324 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:43:55.0844 4324 ose - ok
11:43:56.0040 4324 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
11:43:56.0151 4324 osppsvc - ok
11:43:56.0267 4324 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
11:43:56.0288 4324 p2pimsvc - ok
11:43:56.0319 4324 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
11:43:56.0336 4324 p2psvc - ok
11:43:56.0394 4324 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
11:43:56.0406 4324 Parport - ok
11:43:56.0421 4324 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
11:43:56.0431 4324 partmgr - ok
11:43:56.0466 4324 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
11:43:56.0492 4324 PcaSvc - ok
11:43:56.0509 4324 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
11:43:56.0520 4324 pci - ok
11:43:56.0551 4324 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
11:43:56.0561 4324 pciide - ok
11:43:56.0571 4324 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
11:43:56.0584 4324 pcmcia - ok
11:43:56.0596 4324 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
11:43:56.0605 4324 pcw - ok
11:43:56.0633 4324 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
11:43:56.0686 4324 PEAUTH - ok
11:43:56.0742 4324 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
11:43:56.0769 4324 PerfHost - ok
11:43:56.0837 4324 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
11:43:56.0895 4324 pla - ok
11:43:56.0940 4324 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
11:43:56.0963 4324 PlugPlay - ok
11:43:56.0985 4324 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
11:43:56.0996 4324 PNRPAutoReg - ok
11:43:57.0022 4324 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
11:43:57.0036 4324 PNRPsvc - ok
11:43:57.0078 4324 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
11:43:57.0126 4324 PolicyAgent - ok
11:43:57.0158 4324 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
11:43:57.0206 4324 Power - ok
11:43:57.0281 4324 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
11:43:57.0323 4324 PptpMiniport - ok
11:43:57.0339 4324 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
11:43:57.0367 4324 Processor - ok
11:43:57.0394 4324 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
11:43:57.0430 4324 ProfSvc - ok
11:43:57.0448 4324 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:43:57.0459 4324 ProtectedStorage - ok
11:43:57.0504 4324 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
11:43:57.0544 4324 Psched - ok
11:43:57.0621 4324 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
11:43:57.0658 4324 ql2300 - ok
11:43:57.0761 4324 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
11:43:57.0773 4324 ql40xx - ok
11:43:57.0813 4324 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
11:43:57.0833 4324 QWAVE - ok
11:43:57.0845 4324 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
11:43:57.0876 4324 QWAVEdrv - ok
11:43:57.0879 4324 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
11:43:57.0915 4324 RasAcd - ok
11:43:57.0954 4324 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
11:43:57.0987 4324 RasAgileVpn - ok
11:43:58.0020 4324 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
11:43:58.0054 4324 RasAuto - ok
11:43:58.0068 4324 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:43:58.0101 4324 Rasl2tp - ok
11:43:58.0126 4324 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
11:43:58.0163 4324 RasMan - ok
11:43:58.0187 4324 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
11:43:58.0229 4324 RasPppoe - ok
11:43:58.0248 4324 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
11:43:58.0291 4324 RasSstp - ok
11:43:58.0322 4324 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
11:43:58.0358 4324 rdbss - ok
11:43:58.0373 4324 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
11:43:58.0386 4324 rdpbus - ok
11:43:58.0396 4324 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:43:58.0428 4324 RDPCDD - ok
11:43:58.0459 4324 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
11:43:58.0500 4324 RDPENCDD - ok
11:43:58.0530 4324 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
11:43:58.0563 4324 RDPREFMP - ok
11:43:58.0608 4324 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
11:43:58.0621 4324 RDPWD - ok
11:43:58.0655 4324 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
11:43:58.0667 4324 rdyboost - ok
11:43:58.0831 4324 RegSrvc (fd11c1287d38a46fb72353e14d50089c) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
11:43:58.0855 4324 RegSrvc - ok
11:43:58.0885 4324 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
11:43:58.0932 4324 RemoteAccess - ok
11:43:58.0958 4324 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
11:43:59.0002 4324 RemoteRegistry - ok
11:43:59.0065 4324 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
11:43:59.0093 4324 RFCOMM - ok
11:43:59.0096 4324 RimUsb - ok
11:43:59.0134 4324 RimVSerPort (4aafffa67ac4dfa3d9985d78573887e2) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
11:43:59.0143 4324 RimVSerPort - ok
11:43:59.0181 4324 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys
11:43:59.0214 4324 ROOTMODEM - ok
11:43:59.0234 4324 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
11:43:59.0284 4324 RpcEptMapper - ok
11:43:59.0306 4324 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
11:43:59.0317 4324 RpcLocator - ok
11:43:59.0345 4324 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
11:43:59.0382 4324 RpcSs - ok
11:43:59.0421 4324 RSPCIESTOR (1f5e7af59b390261a85f5bedb1bb88b3) C:\Windows\system32\DRIVERS\RtsPStor.sys
11:43:59.0433 4324 RSPCIESTOR - ok
11:43:59.0467 4324 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
11:43:59.0499 4324 rspndr - ok
11:43:59.0525 4324 RTL8167 (ed5873f7dfb2f96d37f13322211b6bdc) C:\Windows\system32\DRIVERS\Rt64win7.sys
11:43:59.0538 4324 RTL8167 - ok
11:43:59.0558 4324 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:43:59.0569 4324 SamSs - ok
11:43:59.0623 4324 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
11:43:59.0630 4324 SASDIFSV - ok
11:43:59.0637 4324 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
11:43:59.0643 4324 SASKUTIL - ok
11:43:59.0663 4324 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
11:43:59.0674 4324 sbp2port - ok
11:43:59.0708 4324 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
11:43:59.0743 4324 SCardSvr - ok
11:43:59.0765 4324 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
11:43:59.0806 4324 scfilter - ok
11:43:59.0850 4324 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
11:43:59.0898 4324 Schedule - ok
11:43:59.0932 4324 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
11:43:59.0963 4324 SCPolicySvc - ok
11:43:59.0992 4324 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys
11:44:00.0013 4324 sdbus - ok
11:44:00.0037 4324 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
11:44:00.0049 4324 SDRSVC - ok
11:44:00.0079 4324 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
11:44:00.0118 4324 secdrv - ok
11:44:00.0134 4324 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
11:44:00.0166 4324 seclogon - ok
11:44:00.0188 4324 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
11:44:00.0221 4324 SENS - ok
11:44:00.0264 4324 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
11:44:00.0287 4324 SensrSvc - ok
11:44:00.0314 4324 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
11:44:00.0332 4324 Serenum - ok
11:44:00.0352 4324 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
11:44:00.0378 4324 Serial - ok
11:44:00.0396 4324 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
11:44:00.0413 4324 sermouse - ok
11:44:00.0442 4324 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
11:44:00.0483 4324 SessionEnv - ok
11:44:00.0494 4324 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
11:44:00.0507 4324 sffdisk - ok
11:44:00.0518 4324 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
11:44:00.0531 4324 sffp_mmc - ok
11:44:00.0535 4324 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
11:44:00.0560 4324 sffp_sd - ok
11:44:00.0568 4324 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
11:44:00.0579 4324 sfloppy - ok
11:44:00.0622 4324 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
11:44:00.0659 4324 SharedAccess - ok
11:44:00.0685 4324 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
11:44:00.0730 4324 ShellHWDetection - ok
11:44:00.0752 4324 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
11:44:00.0761 4324 SiSRaid2 - ok
11:44:00.0775 4324 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
11:44:00.0786 4324 SiSRaid4 - ok
11:44:00.0805 4324 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
11:44:00.0846 4324 Smb - ok
11:44:00.0882 4324 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
11:44:00.0900 4324 SNMPTRAP - ok
11:44:00.0984 4324 SplashtopRemoteService (ccf611a259882d8cf4dbabae2341ee31) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
11:44:00.0998 4324 SplashtopRemoteService - ok
11:44:01.0014 4324 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
11:44:01.0023 4324 spldr - ok
11:44:01.0066 4324 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
11:44:01.0106 4324 Spooler - ok
11:44:01.0216 4324 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
11:44:01.0307 4324 sppsvc - ok
11:44:01.0388 4324 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
11:44:01.0421 4324 sppuinotify - ok
11:44:01.0474 4324 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
11:44:01.0490 4324 srv - ok
11:44:01.0519 4324 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
11:44:01.0548 4324 srv2 - ok
11:44:01.0592 4324 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
11:44:01.0607 4324 SrvHsfHDA - ok
11:44:01.0671 4324 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
11:44:01.0703 4324 SrvHsfV92 - ok
11:44:01.0829 4324 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
11:44:01.0850 4324 SrvHsfWinac - ok
11:44:01.0886 4324 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
11:44:01.0898 4324 srvnet - ok
11:44:01.0945 4324 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
11:44:01.0992 4324 SSDPSRV - ok
11:44:02.0015 4324 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
11:44:02.0050 4324 SstpSvc - ok
11:44:02.0085 4324 ssudmdm (78cd64791f8634cf7b582fd085e57c4b) C:\Windows\system32\DRIVERS\ssudmdm.sys
11:44:02.0097 4324 ssudmdm - ok
11:44:02.0166 4324 SSUService (1cfa4a1f3c7bb4c8f299e00428eb8677) C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
11:44:02.0178 4324 SSUService - ok
11:44:02.0279 4324 STacSV (20e27aa5bcc01c2149830c05fe22f675) C:\Program Files\IDT\WDM\STacSV64.exe
11:44:02.0295 4324 STacSV - ok
11:44:02.0329 4324 Steam Client Service - ok
11:44:02.0353 4324 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
11:44:02.0363 4324 stexstor - ok
11:44:02.0411 4324 STHDA (beb37ce4e7456f5efa52d783d1e06d8c) C:\Windows\system32\DRIVERS\stwrt64.sys
11:44:02.0431 4324 STHDA - ok
11:44:02.0491 4324 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
11:44:02.0515 4324 stisvc - ok
11:44:02.0536 4324 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
11:44:02.0545 4324 swenum - ok
11:44:02.0639 4324 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
11:44:02.0653 4324 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
11:44:02.0653 4324 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
11:44:02.0698 4324 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
11:44:02.0754 4324 swprv - ok
11:44:02.0814 4324 SynTP (ac3cc98b1bdb6540021d3ffb105ac2b9) C:\Windows\system32\DRIVERS\SynTP.sys
11:44:02.0827 4324 SynTP - ok
11:44:02.0902 4324 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
11:44:02.0943 4324 SysMain - ok
11:44:03.0023 4324 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
11:44:03.0046 4324 TabletInputService - ok
11:44:03.0077 4324 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
11:44:03.0121 4324 TapiSrv - ok
11:44:03.0137 4324 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
11:44:03.0170 4324 TBS - ok
11:44:03.0294 4324 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
11:44:03.0338 4324 Tcpip - ok
11:44:03.0493 4324 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
11:44:03.0529 4324 TCPIP6 - ok
11:44:03.0628 4324 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
11:44:03.0667 4324 tcpipreg - ok
11:44:03.0681 4324 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
11:44:03.0706 4324 TDPIPE - ok
11:44:03.0731 4324 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
11:44:03.0749 4324 TDTCP - ok
11:44:03.0766 4324 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
11:44:03.0806 4324 tdx - ok
11:44:03.0831 4324 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
11:44:03.0840 4324 TermDD - ok
11:44:03.0884 4324 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
11:44:03.0938 4324 TermService - ok
11:44:03.0954 4324 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
11:44:03.0971 4324 Themes - ok
11:44:03.0997 4324 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
11:44:04.0031 4324 THREADORDER - ok
11:44:04.0070 4324 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
11:44:04.0116 4324 TrkWks - ok
11:44:04.0157 4324 truecrypt (ea43de1743c1ba0d2d17b8db90c91d88) C:\Windows\system32\drivers\truecrypt.sys
11:44:04.0169 4324 truecrypt - ok
11:44:04.0220 4324 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
11:44:04.0261 4324 TrustedInstaller - ok
11:44:04.0283 4324 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:44:04.0332 4324 tssecsrv - ok
11:44:04.0358 4324 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
11:44:04.0368 4324 TsUsbFlt - ok
11:44:04.0372 4324 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
11:44:04.0396 4324 TsUsbGD - ok
11:44:04.0441 4324 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
11:44:04.0489 4324 tunnel - ok
11:44:04.0510 4324 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
11:44:04.0520 4324 uagp35 - ok
11:44:04.0544 4324 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
11:44:04.0590 4324 udfs - ok
11:44:04.0616 4324 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
11:44:04.0628 4324 UI0Detect - ok
11:44:04.0647 4324 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
11:44:04.0657 4324 uliagpkx - ok
11:44:04.0687 4324 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
11:44:04.0705 4324 umbus - ok
11:44:04.0730 4324 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
11:44:04.0741 4324 UmPass - ok
11:44:04.0894 4324 UNS (a678e5ddd974903dd71f503bdcaca218) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
11:44:04.0950 4324 UNS - ok
11:44:05.0045 4324 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
11:44:05.0092 4324 upnphost - ok
11:44:05.0146 4324 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
11:44:05.0155 4324 USBAAPL64 - ok
11:44:05.0193 4324 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
11:44:05.0204 4324 usbccgp - ok
11:44:05.0243 4324 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
11:44:05.0257 4324 usbcir - ok
11:44:05.0277 4324 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
11:44:05.0294 4324 usbehci - ok
11:44:05.0341 4324 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
11:44:05.0367 4324 usbhub - ok
11:44:05.0379 4324 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
11:44:05.0399 4324 usbohci - ok
11:44:05.0414 4324 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
11:44:05.0436 4324 usbprint - ok
11:44:05.0471 4324 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
11:44:05.0485 4324 usbscan - ok
11:44:05.0509 4324 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:44:05.0534 4324 USBSTOR - ok
11:44:05.0558 4324 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
11:44:05.0582 4324 usbuhci - ok
11:44:05.0610 4324 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
11:44:05.0625 4324 usbvideo - ok
11:44:05.0657 4324 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
11:44:05.0691 4324 UxSms - ok
11:44:05.0714 4324 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:44:05.0724 4324 VaultSvc - ok
11:44:05.0782 4324 VBoxDrv (c30f3d43ceb6f79ade9b805387e5f63c) C:\Windows\system32\DRIVERS\VBoxDrv.sys
11:44:05.0792 4324 VBoxDrv - ok
11:44:05.0825 4324 VBoxNetAdp (8acf22b86ce4e85c23e3e9513bf45c37) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
11:44:05.0835 4324 VBoxNetAdp - ok
11:44:05.0852 4324 VBoxNetFlt (7b657669c53a0e6583f07ebaa303d9ea) C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
11:44:05.0862 4324 VBoxNetFlt - ok
11:44:05.0912 4324 VBoxUSBMon (cf3ee68cd9723e9f21e3198a0f690400) C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
11:44:05.0921 4324 VBoxUSBMon - ok
11:44:05.0942 4324 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
11:44:05.0951 4324 vdrvroot - ok
11:44:05.0991 4324 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
11:44:06.0037 4324 vds - ok
11:44:06.0068 4324 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
11:44:06.0080 4324 vga - ok
11:44:06.0092 4324 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
11:44:06.0136 4324 VgaSave - ok
11:44:06.0145 4324 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
11:44:06.0158 4324 vhdmp - ok
11:44:06.0168 4324 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
11:44:06.0177 4324 viaide - ok
11:44:06.0207 4324 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
11:44:06.0216 4324 volmgr - ok
11:44:06.0240 4324 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
11:44:06.0254 4324 volmgrx - ok
11:44:06.0286 4324 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
11:44:06.0300 4324 volsnap - ok
11:44:06.0331 4324 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
11:44:06.0343 4324 vsmraid - ok
11:44:06.0413 4324 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
11:44:06.0482 4324 VSS - ok
11:44:06.0599 4324 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
11:44:06.0630 4324 vwifibus - ok
11:44:06.0720 4324 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
11:44:06.0736 4324 vwififlt - ok
11:44:06.0764 4324 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
11:44:06.0780 4324 vwifimp - ok
11:44:06.0840 4324 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
11:44:06.0879 4324 W32Time - ok
11:44:06.0914 4324 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
11:44:06.0940 4324 WacomPen - ok
11:44:06.0974 4324 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:44:07.0075 4324 WANARP - ok
11:44:07.0078 4324 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:44:07.0110 4324 Wanarpv6 - ok
11:44:07.0205 4324 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
11:44:07.0237 4324 WatAdminSvc - ok
11:44:07.0304 4324 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
11:44:07.0343 4324 wbengine - ok
11:44:07.0426 4324 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
11:44:07.0445 4324 WbioSrvc - ok
11:44:07.0467 4324 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
11:44:07.0504 4324 wcncsvc - ok
11:44:07.0522 4324 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
11:44:07.0533 4324 WcsPlugInService - ok
11:44:07.0583 4324 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
11:44:07.0592 4324 Wd - ok
11:44:07.0622 4324 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
11:44:07.0631 4324 WDC_SAM - ok
11:44:07.0660 4324 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
11:44:07.0681 4324 Wdf01000 - ok
11:44:07.0694 4324 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
11:44:07.0725 4324 WdiServiceHost - ok
11:44:07.0728 4324 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
11:44:07.0745 4324 WdiSystemHost - ok
11:44:07.0778 4324 wdkmd (5e1640435dd54d00451156ca5340b109) C:\Windows\system32\DRIVERS\WDKMD.sys
11:44:07.0786 4324 wdkmd - ok
11:44:07.0813 4324 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
11:44:07.0846 4324 WebClient - ok
11:44:07.0870 4324 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
11:44:07.0913 4324 Wecsvc - ok
11:44:07.0933 4324 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
11:44:07.0967 4324 wercplsupport - ok
11:44:07.0995 4324 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
11:44:08.0029 4324 WerSvc - ok
11:44:08.0064 4324 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
11:44:08.0096 4324 WfpLwf - ok
11:44:08.0113 4324 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
11:44:08.0123 4324 WIMMount - ok
11:44:08.0127 4324 WinHttpAutoProxySvc - ok
11:44:08.0184 4324 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
11:44:08.0220 4324 Winmgmt - ok
11:44:08.0307 4324 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
11:44:08.0369 4324 WinRM - ok
11:44:08.0498 4324 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys
11:44:08.0512 4324 WinUsb - ok
11:44:08.0573 4324 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
11:44:08.0616 4324 Wlansvc - ok
11:44:08.0650 4324 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
11:44:08.0672 4324 WmiAcpi - ok
11:44:08.0725 4324 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
11:44:08.0739 4324 wmiApSrv - ok
11:44:08.0795 4324 WMPNetworkSvc - ok
11:44:08.0827 4324 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
11:44:08.0839 4324 WPCSvc - ok
11:44:08.0856 4324 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
11:44:08.0870 4324 WPDBusEnum - ok
11:44:08.0895 4324 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
11:44:08.0927 4324 ws2ifsl - ok
11:44:09.0023 4324 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
11:44:09.0052 4324 wscsvc - ok
11:44:09.0054 4324 WSearch - ok
11:44:09.0134 4324 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
11:44:09.0200 4324 wuauserv - ok
11:44:09.0308 4324 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
11:44:09.0347 4324 WudfPf - ok
11:44:09.0373 4324 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:44:09.0418 4324 WUDFRd - ok
11:44:09.0448 4324 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
11:44:09.0483 4324 wudfsvc - ok
11:44:09.0505 4324 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
11:44:09.0532 4324 WwanSvc - ok
11:44:09.0560 4324 zgwhsdiag - ok
11:44:09.0577 4324 zgwhsmdm - ok
11:44:09.0593 4324 zgwhsnmea - ok
11:44:09.0635 4324 MBR (0x1B8) (8e734bd7aa1d4f7e9af58df495f6cf9e) \Device\Harddisk0\DR0
11:44:10.0460 4324 \Device\Harddisk0\DR0 - ok
11:44:10.0488 4324 Boot (0x1200) (f7892f1f5ae02a59377ba863a97ea31b) \Device\Harddisk0\DR0\Partition0
11:44:10.0489 4324 \Device\Harddisk0\DR0\Partition0 - ok
11:44:10.0503 4324 Boot (0x1200) (02fd3463f94d61e0293f2b1345fa46fd) \Device\Harddisk0\DR0\Partition1
11:44:10.0505 4324 \Device\Harddisk0\DR0\Partition1 - ok
11:44:10.0530 4324 Boot (0x1200) (b8cb82190b3c52f53d0bba8cdad91fde) \Device\Harddisk0\DR0\Partition2
11:44:10.0531 4324 \Device\Harddisk0\DR0\Partition2 - ok
11:44:10.0532 4324 ============================================================
11:44:10.0532 4324 Scan finished
11:44:10.0532 4324 ============================================================
11:44:10.0538 6900 Detected object count: 7
11:44:10.0538 6900 Actual detected object count: 7
11:45:16.0117 6900 Bluetooth Device Monitor ( UnsignedFile.Multi.Generic ) - skipped by user
11:45:16.0117 6900 Bluetooth Device Monitor ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:45:16.0118 6900 Bluetooth Media Service ( UnsignedFile.Multi.Generic ) - skipped by user
11:45:16.0118 6900 Bluetooth Media Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:45:16.0119 6900 Bluetooth OBEX Service ( UnsignedFile.Multi.Generic ) - skipped by user
11:45:16.0119 6900 Bluetooth OBEX Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:45:16.0120 6900 IconMan_R ( UnsignedFile.Multi.Generic ) - skipped by user
11:45:16.0120 6900 IconMan_R ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:45:16.0121 6900 nlscc ( UnsignedFile.Multi.Generic ) - skipped by user
11:45:16.0121 6900 nlscc ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:45:16.0122 6900 NovacomD ( UnsignedFile.Multi.Generic ) - skipped by user
11:45:16.0122 6900 NovacomD ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:45:16.0123 6900 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
11:45:16.0123 6900 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:45:43.0925 5072 Deinitialize success

#6
MrCharlie
Posted 08 May 2012 - 01:50 PM

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 17,465 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA
OK......

Please download and run ComboFix.
The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Please include the C:\ComboFix.txt in your next reply for further review.

Note:
If you get the message Illegal operation attempted on registry key that has been marked for deletion. after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.
MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#7
infectedturtle
Posted 08 May 2012 - 02:04 PM

    New Member

  • Members
  • Pip
  • 21 posts
Yikes, Combofix is usually an end of the line kind of thing in my experience, is there a reason this is seeming to be so difficult to get rid of? Is it that we don't know exactly what is wrong? I will run it and let you know but in my experience combofix has been for the severe infections.

#8
MrCharlie
Posted 08 May 2012 - 04:38 PM

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 17,465 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA
Please run ComboFix as outlined.....MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#9
infectedturtle
Posted 08 May 2012 - 09:34 PM

    New Member

  • Members
  • Pip
  • 21 posts
It run before when I wasn't home as it disconnected my Splashtop Remote, and did not save in C:\ as it said it did. Here is the re-run:


ComboFix 12-05-08.02 - Lucas 05/08/2012 19:27:15.2.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6092.3627 [GMT -7:00]
Running from: c:\users\Lucas\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-04-09 to 2012-05-09 )))))))))))))))))))))))))))))))
.
.
2012-05-09 02:32 . 2012-05-09 02:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-08 16:03 . 2012-05-08 16:03 -------- d-----w- c:\users\Lucas\AppData\Local\Splashtop
2012-05-07 17:43 . 2012-05-07 17:43 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AE2D88D5-D09F-42D6-8C84-D965EB4F2FC9}\offreg.dll
2012-05-07 14:57 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AE2D88D5-D09F-42D6-8C84-D965EB4F2FC9}\mpengine.dll
2012-05-06 22:19 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-05-04 07:41 . 2012-05-04 07:41 -------- d-----w- c:\users\Lucas\AppData\Roaming\dvdcss
2012-05-01 10:00 . 2012-05-01 10:00 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-04-17 06:40 . 2012-04-17 06:51 -------- d-----w- c:\program files (x86)\OpenDNS Updater
2012-04-17 06:16 . 2012-04-17 06:16 -------- d-----w- c:\users\Lucas\AppData\Roaming\OpenDNS Updater
2012-04-17 05:39 . 2012-02-24 09:14 99384 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2012-04-17 05:39 . 2012-02-24 09:14 203320 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2012-04-17 03:31 . 2009-07-14 01:41 332288 ----a-w- c:\windows\system32\uxtheme.dll.backup
2012-04-17 03:31 . 2010-11-21 03:23 2851840 ----a-w- c:\windows\system32\themeui.dll.backup
2012-04-17 03:31 . 2009-07-14 01:41 44544 ----a-w- c:\windows\system32\themeservice.dll.backup
2012-04-12 03:57 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-12 03:57 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-12 03:57 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-12 03:57 . 2012-04-12 03:57 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2012-04-12 03:55 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 03:55 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 03:55 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 03:55 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 03:55 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-12 03:55 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-12 03:55 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-10 04:04 . 2012-04-10 04:04 -------- d-----w- c:\users\Lucas\AppData\Roaming\ASUS WebStorage
2012-04-10 04:04 . 2012-04-10 04:04 -------- d-----w- c:\programdata\ASUS WebStorage
2012-04-10 04:04 . 2012-04-10 04:06 -------- d-----w- c:\users\Lucas\AppData\Roaming\ASUS
2012-04-10 04:04 . 2012-04-10 04:06 -------- d-----w- c:\program files (x86)\ASUS
2012-04-10 04:03 . 2012-04-10 04:03 -------- d-----w- c:\program files\ASUS
2012-04-10 04:03 . 2012-04-10 04:03 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-04-10 04:01 . 2012-04-10 04:01 -------- d-----w- c:\users\Lucas\AppData\Roaming\eCareme
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-06 23:55 . 2012-04-04 04:42 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-06 23:55 . 2011-08-14 19:59 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-06 23:55 . 2012-04-04 04:55 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-04 22:56 . 2011-12-24 07:03 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-29 05:11 . 2012-02-22 04:06 4659712 ----a-w- c:\windows\SysWow64\Redemption.dll
2012-03-29 05:11 . 2012-03-29 05:11 45320 ----a-w- c:\windows\SysWow64\MAMACExtract.dll
2012-03-29 05:11 . 2012-02-22 04:06 821824 ----a-w- c:\windows\SysWow64\dgderapi.dll
2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\SysWow64\GPhotos.scr
2012-03-21 03:44 . 2011-04-27 23:25 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-21 03:44 . 2011-04-18 21:18 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-03-11 22:54 . 2012-02-04 10:11 1626 ----a-w- c:\users\Lucas\AppData\Local\auto_install.bat
2012-03-11 22:54 . 2012-02-04 10:11 1481 ----a-w- c:\users\Lucas\AppData\Local\dc.bat
2012-03-11 22:54 . 2012-02-04 10:11 1288 ----a-w- c:\users\Lucas\AppData\Local\cc.bat
2012-02-17 06:38 . 2012-03-15 06:00 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-15 06:00 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-15 06:00 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-15 06:00 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-15 18:01 . 2012-02-15 18:01 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2012-02-15 18:01 . 2012-02-15 18:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-14 19:09 . 2012-02-14 19:09 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-02-10 14:39 . 2012-02-10 14:39 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{41EF12EC-2857-4EAC-8891-1C8836ABE417}\gapaengine.dll
2012-02-10 06:36 . 2012-03-15 06:00 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-15 06:00 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-09 04:26 . 2012-02-09 04:26 45056 ----a-r- c:\users\Lucas\AppData\Roaming\Microsoft\Installer\{90932C65-D68E-4257-AEE8-EBBFC36AC601}\NewShortcut9_2F6B7414C56A4A8F8A759ACC21BA185D.exe
2012-02-09 04:26 . 2012-02-09 04:26 45056 ----a-r- c:\users\Lucas\AppData\Roaming\Microsoft\Installer\{90932C65-D68E-4257-AEE8-EBBFC36AC601}\NewShortcut8_5DF58E2DB9BC441F8ACA06CDD068ADBD.exe
2012-02-09 04:26 . 2012-02-09 04:26 45056 ----a-r- c:\users\Lucas\AppData\Roaming\Microsoft\Installer\{90932C65-D68E-4257-AEE8-EBBFC36AC601}\NewShortcut7_5DF58E2DB9BC441F8ACA06CDD068ADBD.exe
2012-02-09 04:26 . 2012-02-09 04:26 90112 ----a-r- c:\users\Lucas\AppData\Roaming\Microsoft\Installer\{90932C65-D68E-4257-AEE8-EBBFC36AC601}\ARPPRODUCTICON.exe
2012-02-09 04:26 . 2012-02-09 04:26 45056 ----a-r- c:\users\Lucas\AppData\Roaming\Microsoft\Installer\{90932C65-D68E-4257-AEE8-EBBFC36AC601}\NewShortcut6_5DF58E2DB9BC441F8ACA06CDD068ADBD.exe
2012-02-09 04:26 . 2012-02-09 04:26 45056 ----a-r- c:\users\Lucas\AppData\Roaming\Microsoft\Installer\{90932C65-D68E-4257-AEE8-EBBFC36AC601}\NewShortcut5_5DF58E2DB9BC441F8ACA06CDD068ADBD.exe
2012-02-09 04:26 . 2012-02-09 04:26 45056 ----a-r- c:\users\Lucas\AppData\Roaming\Microsoft\Installer\{90932C65-D68E-4257-AEE8-EBBFC36AC601}\NewShortcut4_5DF58E2DB9BC441F8ACA06CDD068ADBD.exe
2012-02-09 04:26 . 2012-02-09 04:26 45056 ----a-r- c:\users\Lucas\AppData\Roaming\Microsoft\Installer\{90932C65-D68E-4257-AEE8-EBBFC36AC601}\NewShortcut3_5DF58E2DB9BC441F8ACA06CDD068ADBD.exe
2012-02-09 04:26 . 2012-02-09 04:26 45056 ----a-r- c:\users\Lucas\AppData\Roaming\Microsoft\Installer\{90932C65-D68E-4257-AEE8-EBBFC36AC601}\NewShortcut2_5DF58E2DB9BC441F8ACA06CDD068ADBD.exe
2012-02-09 04:26 . 2012-02-09 04:26 45056 ----a-r- c:\users\Lucas\AppData\Roaming\Microsoft\Installer\{90932C65-D68E-4257-AEE8-EBBFC36AC601}\NewShortcut1_5DF58E2DB9BC441F8ACA06CDD068ADBD.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"envyTouchPad"="c:\apps\envyTouchPad.exe" [2011-06-17 402944]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2012-01-09 113288]
"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-02-15 94264]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-29 336384]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"FLxHCIm"="c:\program files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\i386_host\FLxHCIm.exe" [2011-05-13 38912]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2011-07-11 574008]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2011-03-30 87336]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-07 421736]
.
c:\users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Lucas\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-4-26 27264496]
Launchy.lnk - c:\program files (x86)\Launchy\Launchy.exe [2012-2-25 405504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-01-24 901184]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-01-24 991296]
R2 CLKMSVC10_38F51D56;CyberLink Product - 2012/01/08 22:36;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2011-02-25 241648]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-06 257696]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [x]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-01-24 1298496]
R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [x]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
R3 massfilter_hs;ZTE HandSet Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-24 129976]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-07-28 340240]
R3 Nbdrv;NetBalancer;c:\windows\system32\DRIVERS\nbdrv.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-27 291696]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
R3 zgwhsdiag;ZTE WCDMA Handset Diagnostic Port;c:\windows\system32\DRIVERS\zgwhsdiag.sys [x]
R3 zgwhsmdm;ZTE WCDMA Handset USB Modem;c:\windows\system32\DRIVERS\zgwhsmdm.sys [x]
R3 zgwhsnmea;WCDMA Handset NMEA Port;c:\windows\system32\DRIVERS\zgwhsnmea.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-07-19 146816]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2012-01-09 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-09-01 1166848]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-06-03 134928]
S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-07-20 260424]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-09-02 227896]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-07-11 26680]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-01-09 2413056]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-26 13672]
S2 nlscc;Nalpeiron X64 Service;c:\windows\system32\nlsInterface.exe [x]
S2 NovacomD;Palm Novacom;c:\program files\Palm, Inc\novacomd\amd64\novacomd.exe [2011-03-15 71168]
S2 SplashtopRemoteService;Splashtop® Remote Service;c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2012-02-09 531328]
S2 SSUService;Splashtop Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2012-03-15 370504]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-24 2656280]
S3 ALSysIO;ALSysIO;c:\users\Lucas\AppData\Local\Temp\ALSysIO64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 hpCMSrv;HP Connection Manager 4.0 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-02-15 1071160]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 45281131
*Deregistered* - 45281131
*Deregistered* - CLKMDRV10_38F51D56
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 23:55]
.
2012-05-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1039735209-2586580631-372817727-1001Core.job
- c:\users\Lucas\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-10 06:15]
.
2012-05-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1039735209-2586580631-372817727-1001UA.job
- c:\users\Lucas\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-10 06:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-01-24 10355200]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-16 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-16 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-16 416024]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-07-28 1935120]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-01-09 1128448]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 1271168]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
Trusted Zone: box.net\www
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 10.10.1.1
FF - ProfilePath - c:\users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\3s2yhtu7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90,
43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{8590886E-EC8C-43C1-A32C-E4C2B0B6395B}"=hex:51,66,7a,6c,4c,1d,38,12,00,8b,83,
81,be,a2,af,06,dc,3a,a7,82,b5,e8,7d,4f
"{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f,
aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,38,12,89,1d,84,
f0,92,94,3d,05,e6,72,25,1d,8b,b8,e4,63
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:8f,f1,96,74,17,cd,cc,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,99,3f,18,39,7c,e9,4e,44,98,02,77,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,99,3f,18,39,7c,e9,4e,44,98,02,77,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:4c,78,f1,91,2b,8c,74,9a,be,26,86,c9,8f,aa,fc,08,68,77,a3,e5,67,
64,1f,06,f8,ab,66,35,71,0f,8b,8f,51,7d,40,ce,99,7c,60,35,5b,2b,5b,ce,8c,33,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-05-08 19:33:39
ComboFix-quarantined-files.txt 2012-05-09 02:33
ComboFix2.txt 2012-05-08 19:19
.
Pre-Run: 81,303,101,440 bytes free
Post-Run: 81,232,728,064 bytes free
.
- - End Of File - - 775983A175C6601C43E401CA1D52E4A7

#10
infectedturtle
Posted 08 May 2012 - 09:35 PM

    New Member

  • Members
  • Pip
  • 21 posts
Found the file for the first run:


ComboFix 12-05-08.02 - Lucas 05/08/2012 12:10:36.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6092.3709 [GMT -7:00]
Running from: c:\users\Lucas\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\458ffeq4p6hr700641u
c:\programdata\Roaming
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\SysWow64\muzapp.exe
c:\windows\SysWow64\system32
c:\windows\SysWow64\system32\3DAudio.ax
c:\windows\SysWow64\system32\avrt.dll
c:\windows\SysWow64\system32\cis-2.4.dll
c:\windows\SysWow64\system32\issacapi_bs-2.3.dll
c:\windows\SysWow64\system32\issacapi_pe-2.3.dll
c:\windows\SysWow64\system32\issacapi_se-2.3.dll
c:\windows\SysWow64\system32\MACXMLProto.dll
c:\windows\SysWow64\system32\MaDRM.dll
c:\windows\SysWow64\system32\MaJGUILib.dll
c:\windows\SysWow64\system32\MAMACExtract.dll
c:\windows\SysWow64\system32\MASetupCleaner.exe
c:\windows\SysWow64\system32\MaXMLProto.dll
c:\windows\SysWow64\system32\mfplat.dll
c:\windows\SysWow64\system32\MK_Lyric.dll
c:\windows\SysWow64\system32\MSCLib.dll
c:\windows\SysWow64\system32\MSFLib.dll
c:\windows\SysWow64\system32\MSLUR71.dll
c:\windows\SysWow64\system32\msvcp60.dll
c:\windows\SysWow64\system32\MTTELECHIP.dll
c:\windows\SysWow64\system32\MTXSYNCICON.dll
c:\windows\SysWow64\system32\muzaf1.dll
c:\windows\SysWow64\system32\muzapp.dll
c:\windows\SysWow64\system32\muzapp.exe
c:\windows\SysWow64\system32\muzdecode.ax
c:\windows\SysWow64\system32\muzeffect.ax
c:\windows\SysWow64\system32\muzmp4sp.ax
c:\windows\SysWow64\system32\muzmpgsp.ax
c:\windows\SysWow64\system32\muzoggsp.ax
c:\windows\SysWow64\system32\muzwmts.dll
c:\windows\SysWow64\system32\psapi.dll
.
----- File Replicators -----
.
c:\program files (x86)\Git\libexec\git-core\git-add.exe
c:\program files (x86)\Git\libexec\git-core\git-annotate.exe
c:\program files (x86)\Git\libexec\git-core\git-apply.exe
c:\program files (x86)\Git\libexec\git-core\git-archive.exe
c:\program files (x86)\Git\libexec\git-core\git-bisect--helper.exe
c:\program files (x86)\Git\libexec\git-core\git-blame.exe
c:\program files (x86)\Git\libexec\git-core\git-branch.exe
c:\program files (x86)\Git\libexec\git-core\git-bundle.exe
c:\program files (x86)\Git\libexec\git-core\git-cat-file.exe
c:\program files (x86)\Git\libexec\git-core\git-check-attr.exe
c:\program files (x86)\Git\libexec\git-core\git-check-ref-format.exe
c:\program files (x86)\Git\libexec\git-core\git-checkout-index.exe
c:\program files (x86)\Git\libexec\git-core\git-checkout.exe
c:\program files (x86)\Git\libexec\git-core\git-cherry-pick.exe
c:\program files (x86)\Git\libexec\git-core\git-cherry.exe
c:\program files (x86)\Git\libexec\git-core\git-clean.exe
c:\program files (x86)\Git\libexec\git-core\git-clone.exe
c:\program files (x86)\Git\libexec\git-core\git-commit-tree.exe
c:\program files (x86)\Git\libexec\git-core\git-commit.exe
c:\program files (x86)\Git\libexec\git-core\git-config.exe
c:\program files (x86)\Git\libexec\git-core\git-count-objects.exe
c:\program files (x86)\Git\libexec\git-core\git-describe.exe
c:\program files (x86)\Git\libexec\git-core\git-diff-files.exe
c:\program files (x86)\Git\libexec\git-core\git-diff-index.exe
c:\program files (x86)\Git\libexec\git-core\git-diff-tree.exe
c:\program files (x86)\Git\libexec\git-core\git-diff.exe
c:\program files (x86)\Git\libexec\git-core\git-fast-export.exe
c:\program files (x86)\Git\libexec\git-core\git-fetch-pack.exe
c:\program files (x86)\Git\libexec\git-core\git-fetch.exe
c:\program files (x86)\Git\libexec\git-core\git-fmt-merge-msg.exe
c:\program files (x86)\Git\libexec\git-core\git-for-each-ref.exe
c:\program files (x86)\Git\libexec\git-core\git-format-patch.exe
c:\program files (x86)\Git\libexec\git-core\git-fsck-objects.exe
c:\program files (x86)\Git\libexec\git-core\git-fsck.exe
c:\program files (x86)\Git\libexec\git-core\git-gc.exe
c:\program files (x86)\Git\libexec\git-core\git-get-tar-commit-id.exe
c:\program files (x86)\Git\libexec\git-core\git-grep.exe
c:\program files (x86)\Git\libexec\git-core\git-hash-object.exe
c:\program files (x86)\Git\libexec\git-core\git-help.exe
c:\program files (x86)\Git\libexec\git-core\git-index-pack.exe
c:\program files (x86)\Git\libexec\git-core\git-init-db.exe
c:\program files (x86)\Git\libexec\git-core\git-init.exe
c:\program files (x86)\Git\libexec\git-core\git-log.exe
c:\program files (x86)\Git\libexec\git-core\git-ls-files.exe
c:\program files (x86)\Git\libexec\git-core\git-ls-remote.exe
c:\program files (x86)\Git\libexec\git-core\git-ls-tree.exe
c:\program files (x86)\Git\libexec\git-core\git-mailinfo.exe
c:\program files (x86)\Git\libexec\git-core\git-mailsplit.exe
c:\program files (x86)\Git\libexec\git-core\git-merge-base.exe
c:\program files (x86)\Git\libexec\git-core\git-merge-file.exe
c:\program files (x86)\Git\libexec\git-core\git-merge-index.exe
c:\program files (x86)\Git\libexec\git-core\git-merge-ours.exe
c:\program files (x86)\Git\libexec\git-core\git-merge-recursive.exe
c:\program files (x86)\Git\libexec\git-core\git-merge-subtree.exe
c:\program files (x86)\Git\libexec\git-core\git-merge-tree.exe
c:\program files (x86)\Git\libexec\git-core\git-merge.exe
c:\program files (x86)\Git\libexec\git-core\git-mktag.exe
c:\program files (x86)\Git\libexec\git-core\git-mktree.exe
c:\program files (x86)\Git\libexec\git-core\git-mv.exe
c:\program files (x86)\Git\libexec\git-core\git-name-rev.exe
c:\program files (x86)\Git\libexec\git-core\git-notes.exe
c:\program files (x86)\Git\libexec\git-core\git-pack-objects.exe
c:\program files (x86)\Git\libexec\git-core\git-pack-redundant.exe
c:\program files (x86)\Git\libexec\git-core\git-pack-refs.exe
c:\program files (x86)\Git\libexec\git-core\git-patch-id.exe
c:\program files (x86)\Git\libexec\git-core\git-peek-remote.exe
c:\program files (x86)\Git\libexec\git-core\git-prune-packed.exe
c:\program files (x86)\Git\libexec\git-core\git-prune.exe
c:\program files (x86)\Git\libexec\git-core\git-push.exe
c:\program files (x86)\Git\libexec\git-core\git-read-tree.exe
c:\program files (x86)\Git\libexec\git-core\git-receive-pack.exe
c:\program files (x86)\Git\libexec\git-core\git-reflog.exe
c:\program files (x86)\Git\libexec\git-core\git-remote-ext.exe
c:\program files (x86)\Git\libexec\git-core\git-remote-fd.exe
c:\program files (x86)\Git\libexec\git-core\git-remote.exe
c:\program files (x86)\Git\libexec\git-core\git-replace.exe
c:\program files (x86)\Git\libexec\git-core\git-repo-config.exe
c:\program files (x86)\Git\libexec\git-core\git-rerere.exe
c:\program files (x86)\Git\libexec\git-core\git-reset.exe
c:\program files (x86)\Git\libexec\git-core\git-rev-list.exe
c:\program files (x86)\Git\libexec\git-core\git-rev-parse.exe
c:\program files (x86)\Git\libexec\git-core\git-revert.exe
c:\program files (x86)\Git\libexec\git-core\git-rm.exe
c:\program files (x86)\Git\libexec\git-core\git-send-pack.exe
c:\program files (x86)\Git\libexec\git-core\git-shortlog.exe
c:\program files (x86)\Git\libexec\git-core\git-show-branch.exe
c:\program files (x86)\Git\libexec\git-core\git-show-ref.exe
c:\program files (x86)\Git\libexec\git-core\git-show.exe
c:\program files (x86)\Git\libexec\git-core\git-stage.exe
c:\program files (x86)\Git\libexec\git-core\git-status.exe
c:\program files (x86)\Git\libexec\git-core\git-stripspace.exe
c:\program files (x86)\Git\libexec\git-core\git-symbolic-ref.exe
c:\program files (x86)\Git\libexec\git-core\git-tag.exe
c:\program files (x86)\Git\libexec\git-core\git-tar-tree.exe
c:\program files (x86)\Git\libexec\git-core\git-unpack-file.exe
c:\program files (x86)\Git\libexec\git-core\git-unpack-objects.exe
c:\program files (x86)\Git\libexec\git-core\git-update-index.exe
c:\program files (x86)\Git\libexec\git-core\git-update-ref.exe
c:\program files (x86)\Git\libexec\git-core\git-update-server-info.exe
c:\program files (x86)\Git\libexec\git-core\git-upload-archive.exe
c:\program files (x86)\Git\libexec\git-core\git-var.exe
c:\program files (x86)\Git\libexec\git-core\git-verify-pack.exe
c:\program files (x86)\Git\libexec\git-core\git-verify-tag.exe
c:\program files (x86)\Git\libexec\git-core\git-whatchanged.exe
c:\program files (x86)\Git\libexec\git-core\git-write-tree.exe
c:\program files (x86)\Git\libexec\git-core\git.exe
c:\windows\Installer\{00A53800-BA75-3E9E-BD52-10171E5640B6}\ARPPRODUCTICON.exe
c:\windows\Installer\{04098274-E98C-86E3-1B2C-50E32E561DF5}\ARPPRODUCTICON.exe
c:\windows\Installer\{0502C9CA-D1A3-B741-2F0B-A4E6CDDFEF0E}\ARPPRODUCTICON.exe
c:\windows\Installer\{28B14C2C-B62F-E50C-EECD-97FF3C1ED3CE}\ARPPRODUCTICON.exe
c:\windows\Installer\{2D049D1D-CA58-9652-B7C6-19CB98649923}\ARPPRODUCTICON.exe
c:\windows\Installer\{33DFAA69-9EF2-F12B-C6F5-4AF9FD445CF6}\ARPPRODUCTICON.exe
c:\windows\Installer\{44E3AB6B-453B-8DAE-9777-1C48F5AB8965}\NewShortcut2_3B1A0823966A48909E77539C330FBF6E.exe
c:\windows\Installer\{44E3AB6B-453B-8DAE-9777-1C48F5AB8965}\NewShortcut3_3B1A0823966A48909E77539C330FBF6E.exe
c:\windows\Installer\{44E3AB6B-453B-8DAE-9777-1C48F5AB8965}\NewShortcut4_3B1A0823966A48909E77539C330FBF6E.exe
c:\windows\Installer\{44E3AB6B-453B-8DAE-9777-1C48F5AB8965}\NewShortcut5_3B1A0823966A48909E77539C330FBF6E.exe
c:\windows\Installer\{480DCAD1-8670-66EA-8EBA-178047059A13}\ARPPRODUCTICON.exe
c:\windows\Installer\{49033FF4-8C1C-0EB9-C0A6-4691CB18D0A4}\ARPPRODUCTICON.exe
c:\windows\Installer\{4EA540A5-03BD-9B22-A3DD-E7BDCD879D70}\ARPPRODUCTICON.exe
c:\windows\Installer\{5E58CCDF-4A36-453F-A091-DA8F8D1643B5}\ARPPRODUCTICON.exe
c:\windows\Installer\{60070423-DE0B-59FF-D4B7-16BDB8957864}\ARPPRODUCTICON.exe
c:\windows\Installer\{74FBB537-8915-329D-393E-FDB7DC69A339}\ARPPRODUCTICON.exe
c:\windows\Installer\{755F4903-030D-B017-30F2-4D5BE92C8D38}\ARPPRODUCTICON.exe
c:\windows\Installer\{896C4E12-4857-9715-9F9D-249561D2D7EE}\ARPPRODUCTICON.exe
c:\windows\Installer\{8D0A0350-B509-B362-4827-63E4C6520E7B}\NewShortcut2_3B1A0823966A48909E77539C330FBF6E.exe
c:\windows\Installer\{8D0A0350-B509-B362-4827-63E4C6520E7B}\NewShortcut3_3B1A0823966A48909E77539C330FBF6E.exe
c:\windows\Installer\{8D0A0350-B509-B362-4827-63E4C6520E7B}\NewShortcut4_3B1A0823966A48909E77539C330FBF6E.exe
c:\windows\Installer\{8D0A0350-B509-B362-4827-63E4C6520E7B}\NewShortcut5_3B1A0823966A48909E77539C330FBF6E.exe
c:\windows\Installer\{968298EC-86D4-8F84-5ABC-E976C5CDA417}\ARPPRODUCTICON.exe
c:\windows\Installer\{A79024ED-1969-334A-1ED6-16753F9DE377}\ARPPRODUCTICON.exe
c:\windows\Installer\{BBDD3C95-E069-E346-6D1B-CC76AE448550}\ARPPRODUCTICON.exe
c:\windows\Installer\{C27D5B91-DA53-3AEB-5CD5-5F6E0C87459A}\ARPPRODUCTICON.exe
c:\windows\Installer\{C27D5B91-DA53-3AEB-5CD5-5F6E0C87459A}\NewShortcut2_3B1A0823966A48909E77539C330FBF6E.exe
c:\windows\Installer\{C27D5B91-DA53-3AEB-5CD5-5F6E0C87459A}\NewShortcut3_3B1A0823966A48909E77539C330FBF6E.exe
c:\windows\Installer\{C27D5B91-DA53-3AEB-5CD5-5F6E0C87459A}\NewShortcut4_3B1A0823966A48909E77539C330FBF6E.exe
c:\windows\Installer\{C27D5B91-DA53-3AEB-5CD5-5F6E0C87459A}\NewShortcut5_3B1A0823966A48909E77539C330FBF6E.exe
c:\windows\Installer\{C57C21C0-CE1B-26D5-1215-B26862051F6F}\ARPPRODUCTICON.exe
c:\windows\Installer\{C86CB1B1-4BD0-7BFB-88CF-76762C8CE1D3}\ARPPRODUCTICON.exe
c:\windows\Installer\{CD05F1BC-FC63-1E93-4094-82BC33662E76}\ARPPRODUCTICON.exe
c:\windows\Installer\{D61F78AF-A111-9DAE-8368-E3230B168F03}\ARPPRODUCTICON.exe
c:\windows\Installer\{D629D8F0-CA96-11ED-FEAC-38C95F24F4E3}\ARPPRODUCTICON.exe
c:\windows\Installer\{D8CABEA0-CAFB-9320-5F46-EAF31535203F}\ARPPRODUCTICON.exe
c:\windows\Installer\{F9941E63-AB58-1382-BC5D-545C4A2AA9B1}\ARPPRODUCTICON.exe
c:\windows\Installer\{FC3FEC23-8BBB-CA39-DD99-C981F25A5D39}\ARPPRODUCTICON.exe
c:\windows\Installer\{FC8292ED-7E61-4370-15D1-60171263AA1D}\ARPPRODUCTICON.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-04-08 to 2012-05-08 )))))))))))))))))))))))))))))))
.
.
2012-05-08 19:17 . 2012-05-08 19:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-08 16:03 . 2012-05-08 16:03 -------- d-----w- c:\users\Lucas\AppData\Local\Splashtop
2012-05-07 17:43 . 2012-05-07 17:43 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AE2D88D5-D09F-42D6-8C84-D965EB4F2FC9}\offreg.dll
2012-05-07 14:57 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AE2D88D5-D09F-42D6-8C84-D965EB4F2FC9}\mpengine.dll
2012-05-06 22:19 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-05-04 07:41 . 2012-05-04 07:41 -------- d-----w- c:\users\Lucas\AppData\Roaming\dvdcss
2012-05-01 10:00 . 2012-05-01 10:00 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-04-17 06:40 . 2012-04-17 06:51 -------- d-----w- c:\program files (x86)\OpenDNS Updater
2012-04-17 06:16 . 2012-04-17 06:16 -------- d-----w- c:\users\Lucas\AppData\Roaming\OpenDNS Updater
2012-04-17 05:39 . 2012-02-24 09:14 99384 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2012-04-17 05:39 . 2012-02-24 09:14 203320 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2012-04-17 03:31 . 2009-07-14 01:41 332288 ----a-w- c:\windows\system32\uxtheme.dll.backup
2012-04-17 03:31 . 2010-11-21 03:23 2851840 ----a-w- c:\windows\system32\themeui.dll.backup
2012-04-17 03:31 . 2009-07-14 01:41 44544 ----a-w- c:\windows\system32\themeservice.dll.backup
2012-04-12 03:57 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-12 03:57 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-12 03:57 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-12 03:57 . 2012-04-12 03:57 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2012-04-12 03:55 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 03:55 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 03:55 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 03:55 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 03:55 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-12 03:55 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-12 03:55 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-10 04:04 . 2012-04-10 04:04 -------- d-----w- c:\users\Lucas\AppData\Roaming\ASUS WebStorage
2012-04-10 04:04 . 2012-04-10 04:04 -------- d-----w- c:\programdata\ASUS WebStorage
2012-04-10 04:04 . 2012-04-10 04:06 -------- d-----w- c:\users\Lucas\AppData\Roaming\ASUS
2012-04-10 04:04 . 2012-04-10 04:06 -------- d-----w- c:\program files (x86)\ASUS
2012-04-10 04:03 . 2012-04-10 04:03 -------- d-----w- c:\program files\ASUS
2012-04-10 04:03 . 2012-04-10 04:03 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-04-10 04:01 . 2012-04-10 04:01 -------- d-----w- c:\users\Lucas\AppData\Roaming\eCareme
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-06 23:55 . 2012-04-04 04:42 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-06 23:55 . 2011-08-14 19:59 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-06 23:55 . 2012-04-04 04:55 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-04 22:56 . 2011-12-24 07:03 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-29 05:11 . 2012-02-22 04:06 4659712 ----a-w- c:\windows\SysWow64\Redemption.dll
2012-03-29 05:11 . 2012-03-29 05:11 45320 ----a-w- c:\windows\SysWow64\MAMACExtract.dll
2012-03-29 05:11 . 2012-02-22 04:06 821824 ----a-w- c:\windows\SysWow64\dgderapi.dll
2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\SysWow64\GPhotos.scr
2012-03-21 03:44 . 2011-04-27 23:25 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-21 03:44 . 2011-04-18 21:18 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-03-11 22:54 . 2012-02-04 10:11 1626 ----a-w- c:\users\Lucas\AppData\Local\auto_install.bat
2012-03-11 22:54 . 2012-02-04 10:11 1481 ----a-w- c:\users\Lucas\AppData\Local\dc.bat
2012-03-11 22:54 . 2012-02-04 10:11 1288 ----a-w- c:\users\Lucas\AppData\Local\cc.bat
2012-02-17 06:38 . 2012-03-15 06:00 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-15 06:00 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-15 06:00 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-15 06:00 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-15 18:01 . 2012-02-15 18:01 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2012-02-15 18:01 . 2012-02-15 18:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-14 19:09 . 2012-02-14 19:09 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-02-10 14:39 . 2012-02-10 14:39 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{41EF12EC-2857-4EAC-8891-1C8836ABE417}\gapaengine.dll
2012-02-10 06:36 . 2012-03-15 06:00 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-15 06:00 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-09 04:26 . 2012-02-09 04:26 45056 ----a-r- c:\users\Lucas\AppData\Roaming\Microsoft\Installer\{90932C65-D68E-4257-AEE8-EBBFC36AC601}\NewShortcut9_2F6B7414C56A4A8F8A759ACC21BA185D.exe
2012-02-09 04:26 . 2012-02-09 04:26 45056 ----a-r- c:\users\Lucas\AppData\Roaming\Microsoft\Installer\{90932C65-D68E-4257-AEE8-EBBFC36AC601}\NewShortcut8_5DF58E2DB9BC441F8ACA06CDD068ADBD.exe
2012-02-09 04:26 . 2012-02-09 04:26 45056 ----a-r- c:\users\Lucas\AppData\Roaming\Microsoft\Installer\{90932C65-D68E-4257-AEE8-EBBFC36AC601}\NewShortcut7_5DF58E2DB9BC441F8ACA06CDD068ADBD.exe
2012-02-09 04:26 . 2012-02-09 04:26 90112 ----a-r- c:\users\Lucas\AppData\Roaming\Microsoft\Installer\{90932C65-D68E-4257-AEE8-EBBFC36AC601}\ARPPRODUCTICON.exe
2012-02-09 04:26 . 2012-02-09 04:26 45056 ----a-r- c:\users\Lucas\AppData\Roaming\Microsoft\Installer\{90932C65-D68E-4257-AEE8-EBBFC36AC601}\NewShortcut6_5DF58E2DB9BC441F8ACA06CDD068ADBD.exe
2012-02-09 04:26 . 2012-02-09 04:26 45056 ----a-r- c:\users\Lucas\AppData\Roaming\Microsoft\Installer\{90932C65-D68E-4257-AEE8-EBBFC36AC601}\NewShortcut5_5DF58E2DB9BC441F8ACA06CDD068ADBD.exe
2012-02-09 04:26 . 2012-02-09 04:26 45056 ----a-r- c:\users\Lucas\AppData\Roaming\Microsoft\Installer\{90932C65-D68E-4257-AEE8-EBBFC36AC601}\NewShortcut4_5DF58E2DB9BC441F8ACA06CDD068ADBD.exe
2012-02-09 04:26 . 2012-02-09 04:26 45056 ----a-r- c:\users\Lucas\AppData\Roaming\Microsoft\Installer\{90932C65-D68E-4257-AEE8-EBBFC36AC601}\NewShortcut3_5DF58E2DB9BC441F8ACA06CDD068ADBD.exe
2012-02-09 04:26 . 2012-02-09 04:26 45056 ----a-r- c:\users\Lucas\AppData\Roaming\Microsoft\Installer\{90932C65-D68E-4257-AEE8-EBBFC36AC601}\NewShortcut2_5DF58E2DB9BC441F8ACA06CDD068ADBD.exe
2012-02-09 04:26 . 2012-02-09 04:26 45056 ----a-r- c:\users\Lucas\AppData\Roaming\Microsoft\Installer\{90932C65-D68E-4257-AEE8-EBBFC36AC601}\NewShortcut1_5DF58E2DB9BC441F8ACA06CDD068ADBD.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"envyTouchPad"="c:\apps\envyTouchPad.exe" [2011-06-17 402944]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2012-01-09 113288]
"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-02-15 94264]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-29 336384]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"FLxHCIm"="c:\program files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\i386_host\FLxHCIm.exe" [2011-05-13 38912]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2011-07-11 574008]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2011-03-30 87336]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-07 421736]
.
c:\users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Lucas\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-4-26 27264496]
Launchy.lnk - c:\program files (x86)\Launchy\Launchy.exe [2012-2-25 405504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-01-24 901184]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-01-24 991296]
R2 CLKMSVC10_38F51D56;CyberLink Product - 2012/01/08 22:36;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2011-02-25 241648]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-06 257696]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [x]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-01-24 1298496]
R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [x]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
R3 massfilter_hs;ZTE HandSet Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-24 129976]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-07-28 340240]
R3 Nbdrv;NetBalancer;c:\windows\system32\DRIVERS\nbdrv.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-27 291696]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
R3 zgwhsdiag;ZTE WCDMA Handset Diagnostic Port;c:\windows\system32\DRIVERS\zgwhsdiag.sys [x]
R3 zgwhsmdm;ZTE WCDMA Handset USB Modem;c:\windows\system32\DRIVERS\zgwhsmdm.sys [x]
R3 zgwhsnmea;WCDMA Handset NMEA Port;c:\windows\system32\DRIVERS\zgwhsnmea.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-07-19 146816]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2012-01-09 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-09-01 1166848]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-06-03 134928]
S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-07-20 260424]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-09-02 227896]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-07-11 26680]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-01-09 2413056]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-26 13672]
S2 nlscc;Nalpeiron X64 Service;c:\windows\system32\nlsInterface.exe [x]
S2 NovacomD;Palm Novacom;c:\program files\Palm, Inc\novacomd\amd64\novacomd.exe [2011-03-15 71168]
S2 SplashtopRemoteService;Splashtop® Remote Service;c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2012-02-09 531328]
S2 SSUService;Splashtop Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2012-03-15 370504]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-24 2656280]
S3 ALSysIO;ALSysIO;c:\users\Lucas\AppData\Local\Temp\ALSysIO64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 hpCMSrv;HP Connection Manager 4.0 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-02-15 1071160]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 45281131
*Deregistered* - 45281131
*Deregistered* - CLKMDRV10_38F51D56
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 23:55]
.
2012-05-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1039735209-2586580631-372817727-1001Core.job
- c:\users\Lucas\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-10 06:15]
.
2012-05-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1039735209-2586580631-372817727-1001UA.job
- c:\users\Lucas\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-10 06:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-01-24 10355200]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-16 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-16 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-16 416024]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-07-28 1935120]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-01-09 1128448]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
Trusted Zone: box.net\www
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 10.10.1.1
FF - ProfilePath - c:\users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\3s2yhtu7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-dBpoweramp DSP Effects - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp m4a Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Midi Decoder - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Music Converter - c:\windows\system32\SpoonUninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90,
43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{8590886E-EC8C-43C1-A32C-E4C2B0B6395B}"=hex:51,66,7a,6c,4c,1d,38,12,00,8b,83,
81,be,a2,af,06,dc,3a,a7,82,b5,e8,7d,4f
"{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f,
aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,38,12,89,1d,84,
f0,92,94,3d,05,e6,72,25,1d,8b,b8,e4,63
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:8f,f1,96,74,17,cd,cc,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,99,3f,18,39,7c,e9,4e,44,98,02,77,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,99,3f,18,39,7c,e9,4e,44,98,02,77,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:4c,78,f1,91,2b,8c,74,9a,be,26,86,c9,8f,aa,fc,08,68,77,a3,e5,67,
64,1f,06,f8,ab,66,35,71,0f,8b,8f,51,7d,40,ce,99,7c,60,35,5b,2b,5b,ce,8c,33,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-05-08 12:19:19
ComboFix-quarantined-files.txt 2012-05-08 19:19
.
Pre-Run: 81,889,263,616 bytes free
Post-Run: 81,236,934,656 bytes free
.
- - End Of File - - 4BC7FE9EDE7CB692B5116452E675A398

#11
MrCharlie
Posted 08 May 2012 - 10:08 PM

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 17,465 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA
Please Update and run a Quick Scan with MBAM, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how it is, MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#12
infectedturtle
Posted 08 May 2012 - 10:18 PM

    New Member

  • Members
  • Pip
  • 21 posts
Found this and removing now. Log will be posted below. It's odd that MBAM didn't detect this before right? Or was the system so heavily messed up it prevented MBAM from detecting it? I want to try to figure out how we knew the steps to take so that in future I can be better informed. Also, do you think my passwords have been risked?


Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.08.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Lucas :: DEATHWING [administrator]

5/8/2012 8:14:04 PM
mbam-log-2012-05-08 (20-14-04).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 201952
Time elapsed: 2 minute(s), 51 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Lucas\AppData\Roaming\.minecraft\.minecraft\sqduxv.dll (Trojan.Happili.XGen) -> Quarantined and deleted successfully.

(end)

#13
infectedturtle
Posted 08 May 2012 - 10:23 PM

    New Member

  • Members
  • Pip
  • 21 posts
Mr. Charlie, it appears that we are still infected.

#14
MrCharlie
Posted 09 May 2012 - 03:46 AM

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 17,465 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA
RogueKiller found similar malware before:

Quote

[BLACKLIST DLL] HKUS\S-1-5-19[...]\Run : Update (rundll32.exe "C:\Users\Lucas\AppData\Roaming\.minecraft\.minecraft\ulbzyvwiq.dll",DllRegisterServer) -> FOUND
[BLACKLIST DLL] HKUS\S-1-5-20[...]\Run : Update (rundll32.exe "C:\Users\Lucas\AppData\Roaming\.minecraft\.minecraft\ulbzyvwiq.dll",DllRegisterServer) -> FOUND

Please run another scan with RogueKiller and post the log, MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#15
infectedturtle
Posted 09 May 2012 - 09:27 AM

    New Member

  • Members
  • Pip
  • 21 posts
RogueKiller V7.4.4 [05/08/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Lucas [Admin rights]
Mode: Scan -- Date: 05/09/2012 07:26:55

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 2 ¤¤¤
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK7575GSX +++++
--- User ---
[MBR] b27ea8f791f5b651de5b587eaa78abc7
[BSP] 6abcc5b31419a117d0832257e7d591e9 : Linux MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 190000 Mo
2 - [XXXXXX] EXTEN (0x05) [VISIBLE] Offset (sectors): 389531646 | Size: 525203 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt

#16
MrCharlie
Posted 09 May 2012 - 11:27 AM

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 17,465 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA
OK...that looks fine.
-------------------------
Please download Listparts64

Run the tool, click Scan and post the log (Result.txt) it makes

-----------------------

Download aswMBR to your desktop.
http://public.avast....erek/aswMBR.exe
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
Please zip it up and attach it to your next post. (MBR.dat)

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#17
infectedturtle
Posted 09 May 2012 - 01:10 PM

    New Member

  • Members
  • Pip
  • 21 posts
ListParts by Farbar Version: 12-03-2012 03
Ran by Lucas (administrator) on 09-05-2012 at 09:39:38
Windows 7 (X64)
Running From: D:\Dropbox
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 36%
Total physical RAM: 6091.86 MB
Available physical RAM: 3850.05 MB
Total Pagefile: 12181.91 MB
Available Pagefile: 9340.02 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:185.55 GB) (Free:73.96 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive d: () (Fixed) (Total:384.82 GB) (Free:336.3 GB) NTFS
4 Drive v: (Videos) (Network) (Total:465.76 GB) (Free:81.54 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 698 GB 2048 KB

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 199 MB 1024 KB
Partition 2 Primary 185 GB 200 MB
Partition 0 Extended 512 GB 185 GB
Partition 3 Logical 122 GB 185 GB
Partition 4 Logical 6144 MB 307 GB
Partition 5 Logical 384 GB 313 GB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 SYSTEM NTFS Partition 199 MB Healthy System (partition with boot components)

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 185 GB Healthy Boot

======================================================================================================

Disk: 0
Partition 3
Type : 83
Hidden: Yes
Active: No

There is no volume associated with this partition.

======================================================================================================

Disk: 0
Partition 4
Type : 82
Hidden: Yes
Active: No

There is no volume associated with this partition.

======================================================================================================

Disk: 0
Partition 5
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D NTFS Partition 384 GB Healthy

======================================================================================================

****** End Of Log ******

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-09 09:40:51
-----------------------------
09:40:51.036 OS Version: Windows x64 6.1.7601 Service Pack 1
09:40:51.037 Number of processors: 8 586 0x2A07
09:40:51.037 ComputerName: DEATHWING UserName: Lucas
09:40:51.686 Initialize success
10:00:45.624 AVAST engine defs: 12050900
10:05:17.355 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
10:05:17.357 Disk 0 Vendor: TOSHIBA_ GT00 Size: 715404MB BusType: 3
10:05:17.363 Disk 0 MBR read successfully
10:05:17.365 Disk 0 MBR scan
10:05:17.369 Disk 0 unknown MBR code
10:05:17.382 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
10:05:17.397 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 190000 MB offset 409600
10:05:17.402 Disk 0 Partition - 00 05 Extended 525203 MB offset 389531646
10:05:17.416 Disk 0 Partition 3 00 83 Linux 125000 MB offset 389531648
10:05:17.421 Disk 0 Partition - 00 05 Extended 6145 MB offset 645531648
10:05:17.453 Disk 0 scanning C:\Windows\system32\drivers
10:05:24.895 Service scanning
10:05:57.217 Modules scanning
10:05:57.225 Disk 0 trace - called modules:
10:05:57.266 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys iaStor.sys hal.dll
10:05:57.271 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006b65790]
10:05:57.276 3 CLASSPNP.SYS[fffff88001d5343f] -> nt!IofCallDriver -> [0xfffffa8006a7ab10]
10:05:57.285 5 hpdskflt.sys[fffff88001cfa189] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800692e050]
10:05:57.944 AVAST engine scan C:\Windows
10:05:59.777 AVAST engine scan C:\Windows\system32
10:08:18.624 AVAST engine scan C:\Windows\system32\drivers
10:08:27.503 AVAST engine scan C:\Users\Lucas
10:14:44.918 AVAST engine scan C:\ProgramData
10:17:23.418 Scan finished successfully
10:44:10.001 Disk 0 MBR has been saved successfully to "C:\Users\Lucas\Desktop\MBR.dat"
10:44:10.006 The log file has been saved successfully to "C:\Users\Lucas\Desktop\aswMBR.txt"

Attached Files

  • Attached File  MBR.zip   631bytes   9 downloads

#18
infectedturtle
Posted 09 May 2012 - 01:13 PM

    New Member

  • Members
  • Pip
  • 21 posts
I am dual booting Ubuntu Natively fyi, so the extended partition contains a 122 GB ext4, 6GB Swap and, the rest as NTFS Media storage.

#19
MrCharlie
Posted 09 May 2012 - 01:36 PM

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 17,465 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA
I was just checking for any active hidden partitions > There's none
The aswMBR scan is clean as well as the MBR.

Please do this......


Please Update and run a Quick Scan with MBAM, post the report.

Make sure that everything is checked, and click Remove Selected.

-----------------------

Then...

Please download OTL from one of the links below:
http://oldtimer.geekstogo.com/OTL.exe
http://oldtimer.geekstogo.com/OTL.com (<---renamed version)

Save it to your desktop.
Double click on the icon on your desktop.
Click the Scan All Users checkbox.
Push the Quick Scan button.

The scan will take about 10 minutes...depends on your hard drive size.

Two reports will open, copy and paste them in a reply here: (or attach them as .txt files)
OTL.txt <-- Will be opened
Extra.txt <-- Will be minimized

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#20
infectedturtle
Posted 09 May 2012 - 10:46 PM

    New Member

  • Members
  • Pip
  • 21 posts
OTL logfile created on: 5/9/2012 8:36:01 PM - Run 1
OTL by OldTimer - Version 3.2.42.3 Folder = C:\Users\Lucas\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.95 Gb Total Physical Memory | 3.04 Gb Available Physical Memory | 51.15% Memory free
11.90 Gb Paging File | 8.50 Gb Available in Paging File | 71.43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 185.55 Gb Total Space | 73.48 Gb Free Space | 39.60% Space Free | Partition Type: NTFS
Drive D: | 384.82 Gb Total Space | 336.30 Gb Free Space | 87.39% Space Free | Partition Type: NTFS
Drive V: | 465.76 Gb Total Space | 81.28 Gb Free Space | 17.45% Space Free | Partition Type: NTFS

Computer Name: DEATHWING | User Name: Lucas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/09 20:35:04 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Lucas\Desktop\OTL.exe
PRC - [2012/05/09 09:38:23 | 004,731,392 | ---- | M] (AVAST Software) -- D:\Dropbox\aswMBR.exe
PRC - [2012/05/04 11:41:36 | 027,087,944 | ---- | M] (Dropbox, Inc.) -- C:\Users\Lucas\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/03/14 22:20:30 | 000,370,504 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
PRC - [2012/02/15 10:32:12 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
PRC - [2012/02/09 13:44:10 | 000,531,328 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
PRC - [2012/02/09 13:44:06 | 002,509,184 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
PRC - [2012/02/09 13:43:46 | 002,029,952 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\DataProxy.exe
PRC - [2012/01/08 23:08:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/09/01 18:06:50 | 000,227,896 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/08/25 18:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2011/08/19 15:48:44 | 000,379,960 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
PRC - [2011/07/20 05:07:50 | 000,260,424 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
PRC - [2011/07/20 05:07:32 | 000,653,128 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
PRC - [2011/07/20 05:07:06 | 000,142,664 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
PRC - [2011/07/11 15:04:44 | 000,574,008 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2011/07/11 15:04:44 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2011/06/16 20:49:40 | 000,402,944 | ---- | M] () -- C:\Apps\envyTouchPad.exe
PRC - [2011/05/20 11:10:26 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/05/20 11:10:12 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2011/03/30 15:01:10 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
PRC - [2011/03/08 12:21:10 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2011/02/15 15:48:52 | 001,071,160 | ---- | M] (Hewlett-Packard Development Company L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
PRC - [2011/01/24 15:34:06 | 000,991,296 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
PRC - [2011/01/24 15:34:04 | 001,298,496 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
PRC - [2011/01/24 15:33:30 | 000,901,184 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
PRC - [2011/01/24 15:33:24 | 000,979,008 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
PRC - [2010/12/23 18:25:02 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/12/23 18:24:58 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/11/10 20:28:40 | 000,405,504 | ---- | M] () -- C:\Program Files (x86)\Launchy\Launchy.exe
PRC - [2010/11/01 18:35:30 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\ASTSRV.EXE
PRC - [2010/03/23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe


========== Modules (No Company Name) ==========

MOD - [2012/04/27 19:07:01 | 000,444,400 | ---- | M] () -- C:\Users\Lucas\AppData\Local\Google\Chrome\Application\18.0.1025.168\ppgooglenaclpluginchrome.dll
MOD - [2012/04/27 19:06:59 | 003,915,248 | ---- | M] () -- C:\Users\Lucas\AppData\Local\Google\Chrome\Application\18.0.1025.168\pdf.dll
MOD - [2012/04/27 19:05:45 | 000,544,240 | ---- | M] () -- C:\Users\Lucas\AppData\Local\Google\Chrome\Application\18.0.1025.168\libglesv2.dll
MOD - [2012/04/27 19:05:44 | 000,117,744 | ---- | M] () -- C:\Users\Lucas\AppData\Local\Google\Chrome\Application\18.0.1025.168\libegl.dll
MOD - [2012/04/27 19:05:34 | 000,122,880 | ---- | M] () -- C:\Users\Lucas\AppData\Local\Google\Chrome\Application\18.0.1025.168\avutil-51.dll
MOD - [2012/04/27 19:05:33 | 000,220,672 | ---- | M] () -- C:\Users\Lucas\AppData\Local\Google\Chrome\Application\18.0.1025.168\avformat-53.dll
MOD - [2012/04/27 19:05:32 | 001,747,456 | ---- | M] () -- C:\Users\Lucas\AppData\Local\Google\Chrome\Application\18.0.1025.168\avcodec-53.dll
MOD - [2012/04/27 18:09:18 | 008,743,584 | ---- | M] () -- C:\Users\Lucas\AppData\Local\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
MOD - [2012/04/12 19:48:35 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\0642b0c04fa10e6986baf58cf1580879\IAStorUtil.ni.dll
MOD - [2012/04/12 06:41:40 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\507b4ca18da9d2fde2e51a1f04593443\System.Web.ni.dll
MOD - [2012/04/12 06:41:04 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\262285b3d0afafc5059f3fe9be69bff5\System.Windows.Forms.ni.dll
MOD - [2012/04/12 06:40:56 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8177623eac8f15cf95b587625439eac7\System.Drawing.ni.dll
MOD - [2012/04/11 21:02:15 | 013,197,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\bf4d4ad3e86281bc3924d74f4e716322\System.Windows.Forms.ni.dll
MOD - [2012/04/11 21:02:06 | 001,665,536 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\ab9feeb2817859457fc06c4c06f32fe1\System.Drawing.ni.dll
MOD - [2012/03/11 15:40:54 | 007,070,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\9bf91363906fc418ea34b30d7bf825b9\System.Core.ni.dll
MOD - [2012/03/11 15:40:45 | 009,092,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\26430b84dfd15f788b0e39dce71ef5d1\System.ni.dll
MOD - [2012/03/11 15:40:39 | 014,414,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\fe6b346d83857a3f02bda63332e66642\mscorlib.ni.dll
MOD - [2012/02/15 08:09:11 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll
MOD - [2012/02/15 08:08:27 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll
MOD - [2012/02/15 08:08:21 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012/02/15 08:08:18 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
MOD - [2012/02/15 08:08:17 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2012/02/09 10:25:14 | 000,071,352 | ---- | M] () -- C:\Program Files\TortoiseGit\bin\zlib132.dll
MOD - [2012/02/09 10:25:08 | 000,227,512 | ---- | M] () -- C:\Program Files\TortoiseGit\bin\libgit232.dll
MOD - [2012/01/08 23:14:35 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\91fa5cc7230b88e3e42b3bccd198f681\IAStorCommon.ni.dll
MOD - [2011/10/15 18:33:43 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/06/16 20:49:40 | 000,402,944 | ---- | M] () -- C:\Apps\envyTouchPad.exe
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/11/10 20:28:40 | 000,405,504 | ---- | M] () -- C:\Program Files (x86)\Launchy\Launchy.exe
MOD - [2010/11/05 16:08:00 | 000,118,784 | ---- | M] () -- C:\Program Files (x86)\Launchy\plugins\calcy.dll
MOD - [2010/11/05 16:03:42 | 000,122,880 | ---- | M] () -- C:\Program Files (x86)\Launchy\plugins\weby.dll
MOD - [2010/08/24 19:40:48 | 000,106,496 | ---- | M] () -- C:\Program Files (x86)\Launchy\plugins\runner.dll
MOD - [2010/08/24 19:40:48 | 000,030,208 | ---- | M] () -- C:\Program Files (x86)\Launchy\plugins\gcalc.dll
MOD - [2010/08/24 19:40:22 | 000,043,520 | ---- | M] () -- C:\Program Files (x86)\Launchy\plugins\verby.dll
MOD - [2010/08/24 19:40:08 | 000,110,592 | ---- | M] () -- C:\Program Files (x86)\Launchy\plugins\controly.dll
MOD - [2009/12/17 01:18:48 | 000,233,472 | ---- | M] () -- C:\Program Files (x86)\Launchy\imageformats\qmng4.dll
MOD - [2009/12/16 23:13:02 | 008,314,880 | ---- | M] () -- C:\Program Files (x86)\Launchy\QtGui4.dll
MOD - [2009/12/16 22:56:22 | 000,712,704 | ---- | M] () -- C:\Program Files (x86)\Launchy\QtNetwork4.dll
MOD - [2009/12/16 22:54:46 | 002,236,416 | ---- | M] () -- C:\Program Files (x86)\Launchy\QtCore4.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2012/01/08 23:14:50 | 000,301,568 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2012/01/08 23:14:48 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2011/08/31 19:08:08 | 001,166,848 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:64bit: - [2011/07/27 22:04:48 | 001,517,328 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel®
SRV:64bit: - [2011/07/27 21:48:34 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2011/07/27 21:44:18 | 000,844,560 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel®
SRV:64bit: - [2011/07/18 17:01:47 | 000,146,816 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2011/06/03 13:51:38 | 000,134,928 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr) Intel® Centrino® Wireless Bluetooth®
SRV:64bit: - [2011/05/13 18:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2011/05/08 17:25:40 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/03/15 16:35:18 | 000,071,168 | ---- | M] (Palm) [Auto | Running] -- C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe -- (NovacomD)
SRV:64bit: - [2010/11/01 18:35:30 | 000,072,192 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysNative\nlsInterface.EXE -- (nlscc)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/05/06 16:55:24 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/23 19:57:16 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/03/14 22:20:30 | 000,370,504 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe -- (SSUService)
SRV - [2012/02/09 13:44:10 | 000,531,328 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe -- (SplashtopRemoteService)
SRV - [2012/01/08 23:13:14 | 002,413,056 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/09/01 18:06:50 | 000,227,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011/08/25 18:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2011/08/14 15:39:51 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/07/20 05:07:50 | 000,260,424 | ---- | M] (HP) [Auto | Running] -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe -- (FPLService)
SRV - [2011/07/11 15:04:44 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2011/06/21 15:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/05/20 11:10:26 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2011/02/24 22:34:42 | 000,241,648 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe -- (CLKMSVC10_38F51D56)
SRV - [2011/02/15 15:48:52 | 001,071,160 | ---- | M] (Hewlett-Packard Development Company L.P.) [On_Demand | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe -- (hpCMSrv)
SRV - [2011/01/24 15:34:06 | 000,991,296 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2011/01/24 15:34:04 | 001,298,496 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
SRV - [2011/01/24 15:33:30 | 000,901,184 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2010/12/23 18:25:02 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2010/12/23 18:24:58 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2010/11/01 18:35:30 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\ASTSRV.EXE -- (astcc)
SRV - [2010/03/23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/24 02:14:42 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.)
DRV:64bit: - [2012/02/24 02:14:42 | 000,099,384 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/01/08 23:14:50 | 000,528,384 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2012/01/08 23:13:14 | 000,338,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2012/01/08 23:09:02 | 008,604,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel®
DRV:64bit: - [2012/01/08 23:08:17 | 000,208,896 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2012/01/08 23:08:17 | 000,091,648 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011/12/19 13:45:22 | 000,146,736 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2011/10/14 04:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/08/09 23:28:26 | 000,230,352 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2011/08/08 08:32:08 | 000,299,008 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2011/08/08 08:32:08 | 000,299,008 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2011/07/22 09:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/20 15:58:22 | 000,044,032 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2011/07/12 14:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/05/20 10:53:44 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/05/18 17:57:32 | 000,041,256 | ---- | M] (SeriousBit) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nbdrv.sys -- (Nbdrv)
DRV:64bit: - [2011/05/13 18:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011/05/13 18:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2011/05/08 17:58:06 | 009,259,520 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/05/08 16:50:14 | 000,301,568 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/04/16 02:08:26 | 012,228,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/16 18:11:08 | 000,428,136 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/02/16 17:46:36 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)
DRV:64bit: - [2011/01/24 02:24:52 | 000,058,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)
DRV:64bit: - [2010/11/20 20:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 20:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 20:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/19 17:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®
DRV:64bit: - [2010/10/15 02:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2010/07/28 09:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/07/14 07:25:38 | 000,344,616 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2010/03/23 13:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2010/02/08 08:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/06/10 14:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 14:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 14:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 13:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 13:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/11/16 18:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2009/12/18 11:58:52 | 000,017,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys -- (cpudrv64)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1039735209-2586580631-372817727-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1039735209-2586580631-372817727-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-1039735209-2586580631-372817727-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 78 67 C5 4F 21 57 CC 01 [binary data]
IE - HKU\S-1-5-21-1039735209-2586580631-372817727-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1039735209-2586580631-372817727-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1039735209-2586580631-372817727-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.2.1: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.2.0: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Lucas\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Lucas\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Lucas\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Lucas\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/04/13 19:32:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/04/23 19:57:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/02/25 21:02:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2011/08/09 23:39:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lucas\AppData\Roaming\Mozilla\Extensions
[2012/05/01 23:28:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\3s2yhtu7.default\extensions
[2012/04/28 13:20:02 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\3s2yhtu7.default\extensions\https-everywhere@eff.org
[2012/02/25 21:03:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/08/10 00:00:18 | 000,000,000 | ---D | M] (TrueSuite Website Logon) -- C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com
[2012/04/23 19:57:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions
[2012/03/10 18:27:42 | 001,331,409 | ---- | M] () (No name found) -- C:\USERS\LUCAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3S2YHTU7.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI
[2012/03/10 18:27:42 | 000,195,719 | ---- | M] () (No name found) -- C:\USERS\LUCAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3S2YHTU7.DEFAULT\EXTENSIONS\ISREADITLATER@IDEASHOWER.COM.XPI
[2012/03/10 18:27:42 | 000,113,603 | ---- | M] () (No name found) -- C:\USERS\LUCAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3S2YHTU7.DEFAULT\EXTENSIONS\NOSQUINT@URANDOM.CA.XPI
[2012/04/23 19:57:16 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/03/10 18:23:43 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/03/10 18:23:43 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Lucas\AppData\Local\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Lucas\AppData\Local\Google\Chrome\Application\18.0.1025.168\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Lucas\AppData\Local\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Lucas\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Lucas\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Java™ Platform SE 7 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Lucas\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: Google Docs = C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\5.3.2_0\
CHR - Extension: YouTube = C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Adblock Plus (Beta) = C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
CHR - Extension: Google Search = C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Calendar = C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0\
CHR - Extension: Aside = C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkhbmdeeajbgkdpaiencghlmbgbkpdaa\1.1_0\
CHR - Extension: Google Chrome to Phone Extension = C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco\2.3.1_0\
CHR - Extension: SABconnect++ = C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\okphadhbbjadcifjplhifajfacbkkbod\0.5.8_0\
CHR - Extension: Weather Underground = C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjejbgheonogbpfkkjigbmahaljipoej\1.6_0\
CHR - Extension: Gmail = C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/05/08 12:17:11 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [FLxHCIm] C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\i386_host\FLxHCIm.exe (Windows ® Win 7 DDK provider)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-1039735209-2586580631-372817727-1001..\Run: [envyTouchPad] C:\Apps\envyTouchPad.exe ()
O4 - Startup: C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Lucas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Launchy.lnk = C:\Program Files (x86)\Launchy\Launchy.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1039735209-2586580631-372817727-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1039735209-2586580631-372817727-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1039735209-2586580631-372817727-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-1039735209-2586580631-372817727-1001\..Trusted Domains: box.net ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-1039735209-2586580631-372817727-1001\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.2.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_02)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.0.0)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.10.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AF6477D5-C2C1-4A4A-958E-A9DEC6AA64BC}: DhcpNameServer = 10.10.1.1
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/09 20:35:47 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Lucas\Desktop\OTL.exe
[2012/05/08 21:06:45 | 000,000,000 | ---D | C] -- C:\Users\Lucas\AppData\Local\Microsoft Games
[2012/05/08 20:13:02 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/05/08 19:33:40 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/05/08 12:09:45 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/05/08 12:09:45 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/05/08 12:09:45 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/05/08 12:09:42 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/05/08 12:09:39 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/05/08 12:08:58 | 004,487,872 | R--- | C] (Swearware) -- C:\Users\Lucas\Desktop\ComboFix.exe
[2012/05/08 09:03:30 | 000,000,000 | ---D | C] -- C:\Users\Lucas\AppData\Local\Splashtop
[2012/05/08 08:41:07 | 000,000,000 | ---D | C] -- C:\Users\Lucas\Desktop\RK_Quarantine
[2012/05/04 00:41:48 | 000,000,000 | ---D | C] -- C:\Users\Lucas\AppData\Roaming\dvdcss
[2012/05/01 03:00:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/04/16 23:40:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenDNS Updater
[2012/04/16 23:16:09 | 000,000,000 | ---D | C] -- C:\Users\Lucas\AppData\Roaming\OpenDNS Updater
[2012/04/16 22:39:39 | 000,203,320 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudmdm.sys
[2012/04/16 22:39:39 | 000,099,384 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudbus.sys
[2012/04/16 20:15:43 | 000,000,000 | ---D | C] -- C:\Users\Lucas\Desktop\Bilbo
[2012/04/09 21:04:48 | 000,000,000 | ---D | C] -- C:\Users\Lucas\Documents\Asus WebStorage
[2012/04/09 21:04:44 | 000,000,000 | ---D | C] -- C:\Users\Lucas\AppData\Roaming\ASUS WebStorage
[2012/04/09 21:04:41 | 000,000,000 | ---D | C] -- C:\ProgramData\ASUS WebStorage
[2012/04/09 21:04:23 | 000,000,000 | ---D | C] -- C:\Users\Lucas\AppData\Roaming\ASUS
[2012/04/09 21:04:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASUS
[2012/04/09 21:03:49 | 000,000,000 | ---D | C] -- C:\Program Files\ASUS
[2012/04/09 21:03:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2012/04/09 21:01:47 | 000,000,000 | ---D | C] -- C:\Users\Lucas\AppData\Roaming\eCareme
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/09 20:35:04 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Lucas\Desktop\OTL.exe
[2012/05/09 20:10:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1039735209-2586580631-372817727-1001UA.job
[2012/05/09 20:10:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1039735209-2586580631-372817727-1001Core.job
[2012/05/09 19:55:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/09 10:44:10 | 000,000,512 | ---- | M] () -- C:\Users\Lucas\Desktop\MBR.dat
[2012/05/09 08:32:11 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/09 08:32:11 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/09 06:34:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/08 21:42:37 | 000,000,600 | ---- | M] () -- C:\Users\Lucas\AppData\Local\PUTTY.RND
[2012/05/08 20:23:59 | 003,055,138 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/05/08 20:23:59 | 000,956,682 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/05/08 20:23:59 | 000,006,618 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/05/08 20:20:08 | 495,865,855 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/08 20:14:50 | 000,001,050 | ---- | M] () -- C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/05/08 12:17:11 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/05/08 12:08:38 | 004,487,872 | R--- | M] (Swearware) -- C:\Users\Lucas\Desktop\ComboFix.exe
[2012/05/01 03:00:57 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/05/01 03:00:51 | 000,006,584 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/04/17 19:32:49 | 000,001,456 | ---- | M] () -- C:\Users\Lucas\AppData\Local\Adobe Save for Web 12.0 Prefs
[2012/04/16 22:38:54 | 000,001,977 | ---- | M] () -- C:\Users\Lucas\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/09 10:44:10 | 000,000,512 | ---- | C] () -- C:\Users\Lucas\Desktop\MBR.dat
[2012/05/08 12:09:45 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/05/08 12:09:45 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/05/08 12:09:45 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/05/08 12:09:45 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/05/08 12:09:45 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/02/21 07:48:57 | 000,000,600 | ---- | C] () -- C:\Users\Lucas\AppData\Roaming\winscp.rnd
[2012/02/18 18:00:01 | 000,000,614 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2012/02/04 03:11:04 | 000,001,626 | ---- | C] () -- C:\Users\Lucas\AppData\Local\auto_install.bat
[2012/02/04 03:11:04 | 000,001,481 | ---- | C] () -- C:\Users\Lucas\AppData\Local\dc.bat
[2012/02/04 03:11:04 | 000,001,288 | ---- | C] () -- C:\Users\Lucas\AppData\Local\cc.bat
[2012/01/17 22:00:26 | 000,000,079 | ---- | C] () -- C:\Users\Lucas\AppData\Local\CrystalDiskMark30.ini
[2011/12/23 23:56:46 | 000,008,846 | -HS- | C] () -- C:\Users\Lucas\AppData\Local\458ffeq4p6hr700641u
[2011/12/16 00:33:54 | 000,153,076 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/12/09 21:24:34 | 000,002,655 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Midi Decoder.dat
[2011/12/09 21:16:16 | 000,013,082 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp DSP Effects.dat
[2011/12/09 21:16:08 | 000,017,950 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.dat
[2011/11/29 17:38:18 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011/11/29 17:38:12 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011/11/29 17:38:12 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011/11/29 17:38:12 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011/11/29 17:38:12 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011/11/17 00:24:08 | 000,005,632 | ---- | C] () -- C:\Users\Lucas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/29 22:48:26 | 000,003,232 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp m4a Codec.dat
[2011/10/29 22:48:08 | 000,225,656 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe
[2011/10/16 14:01:55 | 000,000,166 | ---- | C] () -- C:\Users\Lucas\AppData\Roaming\Battery Meter_Settings.ini
[2011/09/24 21:20:22 | 000,001,456 | ---- | C] () -- C:\Users\Lucas\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/09/14 11:47:40 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/09/10 20:02:31 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI
[2011/09/09 16:59:16 | 000,000,600 | ---- | C] () -- C:\Users\Lucas\AppData\Local\PUTTY.RND
[2011/09/05 00:19:56 | 000,000,176 | ---- | C] () -- C:\Windows\explorer.exe.config
[2011/08/14 15:34:02 | 000,000,412 | ---- | C] () -- C:\Users\Lucas\AppData\Roaming\All CPU Meter_Settings.ini
[2011/08/12 23:47:26 | 000,003,155 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2011/08/09 23:39:06 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/08/09 23:07:41 | 000,006,584 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/08/09 04:53:48 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/08/09 04:43:10 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/08/09 04:43:08 | 000,003,155 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/04/16 02:05:50 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/04/16 01:59:48 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011/04/16 01:33:40 | 013,359,616 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011/03/25 18:16:08 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/02/09 21:03:48 | 000,000,326 | ---- | C] () -- C:\Windows\primopdf.ini

========== LOP Check ==========

[2011/10/16 13:47:56 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\onOne Software
[2011/10/16 13:47:56 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\onOne Software
[2012/04/17 23:42:58 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\.minecraft
[2012/04/09 21:06:22 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\ASUS
[2012/04/09 21:04:44 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\ASUS WebStorage
[2011/12/09 21:15:22 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Audacity
[2011/09/10 21:55:22 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\calibre
[2011/10/18 20:59:10 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\CanuckSoftware
[2011/09/24 21:54:34 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/09/10 19:30:40 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\com.adobe.dmp.contentviewer
[2011/09/09 12:56:00 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/02/22 07:38:24 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\DiskAid
[2012/03/19 20:39:14 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Downloaded Installations
[2012/05/09 14:15:46 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Dropbox
[2012/04/09 21:01:47 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\eCareme
[2011/09/24 21:20:44 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\EPSON
[2012/03/11 18:39:05 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\FileZilla
[2011/11/14 22:27:48 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\FlixsterCollections
[2011/12/09 00:32:08 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\FreeCommander
[2011/08/09 23:39:40 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\GlarySoft
[2011/09/04 22:17:31 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\gtk-2.0
[2011/10/05 22:16:34 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\HandBrake
[2011/08/14 15:48:38 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\IDT
[2011/12/04 20:38:37 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\ImgBurn
[2011/08/27 17:17:27 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Jason Robitaille
[2011/12/16 00:53:37 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\JasonRobitaille
[2012/02/25 21:19:34 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Launchy
[2011/10/13 11:39:04 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\LockHunter
[2012/03/21 07:16:26 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Mp3tag
[2011/10/13 11:55:32 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\MusicBrainz
[2011/08/14 15:43:43 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Notepad++
[2011/10/16 13:48:05 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\onOne Software
[2012/04/16 23:16:09 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\OpenDNS Updater
[2011/09/10 20:02:31 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\PACE Anti-Piracy
[2012/04/09 21:05:37 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\PrimoPDF
[2012/02/18 19:42:55 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\pymclevel
[2012/01/25 21:09:01 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\redsn0w
[2012/04/16 22:37:23 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Samsung
[2011/08/12 21:20:11 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\SeriousBit
[2011/09/28 20:56:23 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/08/09 22:22:19 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Synaptics
[2011/08/12 23:21:14 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\SystemRequirementsLab
[2012/04/29 20:08:37 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\TeraCopy
[2011/12/04 19:11:55 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Thunderbird
[2011/08/14 14:41:27 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\TightVNC
[2011/09/09 18:08:37 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\TrueCrypt
[2012/05/07 21:32:36 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\uTorrent
[2011/12/09 21:17:38 | 000,032,634 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 1211 bytes -> C:\ProgramData\Microsoft:ao1VlNx8YbGrn9Wv1Onms6MKZd
@Alternate Data Stream - 1062 bytes -> C:\ProgramData\Microsoft:wXz4oHAJVT4QGLZeJNjw8iHdTa

< End of report >
Back to Resolved HijackThis Logs · Next Unread Topic →


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Malwarebytes Forum
  2. Computer Help
  3. Malware Removal - HijackThis Logs
  4. Resolved HijackThis Logs

Products

About

Partners

Follow Us