infectedturtle

Windows 7x64 Redirect Hijack Chrome,FF,IE

37 posts in this topic

Hi,

I cannot for the life of me find the problem. I am having one of those re-direct things. I have scanned with MB and MSE and found nothing. The following are my logs, any help would be great.

Thanks.

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.0.0

Run by Lucas at 21:45:35 on 2012-05-07

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6092.3593 [GMT -7:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files\IDT\WDM\STacSV64.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\Hpservice.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k WbioSvcGroup

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\IDT\WDM\AESTSr64.exe

C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Windows\SysWOW64\astsrv.exe

C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe

C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

C:\Windows\system32\msiexec.exe

C:\Windows\system32\nlsInterface.exe

C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe

C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe

C:\Program Files\Core Temp\Core Temp.exe

C:\Windows\System32\rundll32.exe

C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe

C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Apps\envyTouchPad.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Windows\system32\SearchIndexer.exe

C:\Users\Lucas\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files (x86)\Launchy\Launchy.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe

C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe

C:\Users\Lucas\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Lucas\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Lucas\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Lucas\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Lucas\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Lucas\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Lucas\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Windows\system32\sppsvc.exe

C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe

C:\Windows\system32\wbengine.exe

C:\Windows\system32\vssvc.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\System32\vds.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\SysWOW64\NOTEPAD.EXE

C:\Windows\system32\DllHost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = *.local

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: TrueSuite Website Log On: {8590886e-ec8c-43c1-a32c-e4c2b0b6395b} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

uRun: [envyTouchPad] C:\Apps\envyTouchPad.exe

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin

mRun: [FLxHCIm] "C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\i386_host\FLxHCIm.exe"

mRun: [<NO NAME>]

mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

StartupFolder: C:\Users\Lucas\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Lucas\AppData\Roaming\Dropbox\bin\Dropbox.exe

StartupFolder: C:\Users\Lucas\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Launchy.lnk - C:\Program Files (x86)\Launchy\Launchy.exe

uPolicies-explorer: HideSCAHealth = 1 (0x1)

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

Trusted Zone: box.net\www

Trusted Zone: intuit.com\ttlc

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

TCP: Interfaces\{4AC4F20E-8141-4819-BD8A-793CD83A10FA}\05447425F45505 : DhcpNameServer = 192.168.2.254

TCP: Interfaces\{4AC4F20E-8141-4819-BD8A-793CD83A10FA}\35550554250273431343 : DhcpNameServer = 10.10.1.1

TCP: Interfaces\{4AC4F20E-8141-4819-BD8A-793CD83A10FA}\86F6E6B66723 : DhcpNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{4AC4F20E-8141-4819-BD8A-793CD83A10FA}\C696E6B6379737 : DhcpNameServer = 192.168.0.1 192.168.0.1

TCP: Interfaces\{AF6477D5-C2C1-4A4A-958E-A9DEC6AA64BC} : DhcpNameServer = 10.10.1.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll

BHO-X64: TSBHO Class - No File

BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO-X64: SmartSelect - No File

TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun-x64: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin

mRun-x64: [FLxHCIm] "C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\i386_host\FLxHCIm.exe"

mRun-x64: [(Default)]

mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

mRun-x64: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

mRun-x64: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

Hosts: 10.10.1.50 echo

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\3s2yhtu7.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll

FF - plugin: C:\Users\Lucas\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: C:\Users\Lucas\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

FF - plugin: C:\Users\Lucas\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]

R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]

R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-7-18 146816]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]

R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-1-8 89600]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-8-31 1166848]

R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-1-24 901184]

R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-1-24 991296]

R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-6-3 134928]

R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-7-20 260424]

R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-21 85560]

R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-9-1 227896]

R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]

R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-7-11 26680]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-8-9 13592]

R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-1-8 2413056]

R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-8-25 13672]

R2 nlscc;Nalpeiron X64 Service;C:\Windows\system32\nlsInterface.exe --> C:\Windows\system32\nlsInterface.exe [?]

R2 NovacomD;Palm Novacom;C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe [2011-3-15 71168]

R2 SplashtopRemoteService;Splashtop® Remote Service;C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2012-2-9 531328]

R2 SSUService;Splashtop Software Updater Service;C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2012-3-14 370504]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-8-9 2656280]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;C:\Windows\system32\DRIVERS\AMPPAL.sys --> C:\Windows\system32\DRIVERS\AMPPAL.sys [?]

R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-1-24 1298496]

R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]

R3 hpCMSrv;HP Connection Manager 4.0 Service;C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-2-15 1071160]

R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]

R3 intelkmd;intelkmd;C:\Windows\system32\DRIVERS\igdpmd64.sys --> C:\Windows\system32\DRIVERS\igdpmd64.sys [?]

R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]

R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

R3 wdkmd;Intel WiDi KMD;C:\Windows\system32\DRIVERS\WDKMD.sys --> C:\Windows\system32\DRIVERS\WDKMD.sys [?]

S2 CLKMSVC10_38F51D56;CyberLink Product - 2012/01/08 22:36:48;C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2011-2-24 241648]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-3 257696]

S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;C:\Windows\system32\DRIVERS\amppal.sys --> C:\Windows\system32\DRIVERS\amppal.sys [?]

S3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\system32\DRIVERS\btmaux.sys --> C:\Windows\system32\DRIVERS\btmaux.sys [?]

S3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\system32\drivers\btwampfl.sys --> C:\Windows\system32\drivers\btwampfl.sys [?]

S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864]

S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudbus.sys --> C:\Windows\system32\DRIVERS\ssudbus.sys [?]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-3-17 129976]

S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-7-27 340240]

S3 Nbdrv;NetBalancer;C:\Windows\system32\DRIVERS\nbdrv.sys --> C:\Windows\system32\DRIVERS\nbdrv.sys [?]

S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]

S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]

S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]

S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]

S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudmdm.sys --> C:\Windows\system32\DRIVERS\ssudmdm.sys [?]

S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]

.

=============== Created Last 30 ================

.

2012-05-07 17:43:26 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AE2D88D5-D09F-42D6-8C84-D965EB4F2FC9}\offreg.dll

2012-05-07 14:57:14 8917360 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AE2D88D5-D09F-42D6-8C84-D965EB4F2FC9}\mpengine.dll

2012-05-06 22:19:50 8917360 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-05-01 10:00:50 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client

2012-04-17 06:40:47 -------- d-----w- C:\Program Files (x86)\OpenDNS Updater

2012-04-17 06:16:09 -------- d-----w- C:\Users\Lucas\AppData\Roaming\OpenDNS Updater

2012-04-17 05:39:39 99384 ----a-w- C:\Windows\System32\drivers\ssudbus.sys

2012-04-17 05:39:39 203320 ----a-w- C:\Windows\System32\drivers\ssudmdm.sys

2012-04-17 03:31:40 332288 ----a-w- C:\Windows\System32\uxtheme.dll.backup

2012-04-17 03:31:38 2851840 ----a-w- C:\Windows\System32\themeui.dll.backup

2012-04-17 03:31:35 44544 ----a-w- C:\Windows\System32\themeservice.dll.backup

2012-04-12 03:57:54 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-04-12 03:57:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-04-12 03:57:53 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-04-12 03:55:26 81408 ----a-w- C:\Windows\System32\imagehlp.dll

2012-04-12 03:55:26 5120 ----a-w- C:\Windows\SysWow64\wmi.dll

2012-04-12 03:55:26 5120 ----a-w- C:\Windows\System32\wmi.dll

2012-04-12 03:55:26 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys

2012-04-12 03:55:26 220672 ----a-w- C:\Windows\System32\wintrust.dll

2012-04-12 03:55:26 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll

2012-04-12 03:55:26 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll

2012-04-10 04:04:44 -------- d-----w- C:\Users\Lucas\AppData\Roaming\ASUS WebStorage

2012-04-10 04:04:41 -------- d-----w- C:\ProgramData\ASUS WebStorage

2012-04-10 04:04:23 -------- d-----w- C:\Users\Lucas\AppData\Roaming\ASUS

2012-04-10 04:04:15 -------- d-----w- C:\Program Files (x86)\ASUS

2012-04-10 04:03:49 -------- d-----w- C:\Program Files\ASUS

2012-04-10 04:03:16 -------- d-----w- C:\Program Files (x86)\MSXML 4.0

2012-04-10 04:01:47 -------- d-----w- C:\Users\Lucas\AppData\Roaming\eCareme

.

==================== Find3M ====================

.

2012-05-06 23:55:24 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-05-06 23:55:24 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-05-06 23:55:09 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe

2012-04-04 22:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-03-29 05:11:22 4659712 ----a-w- C:\Windows\SysWow64\Redemption.dll

2012-03-29 05:11:06 45320 ----a-w- C:\Windows\SysWow64\MAMACExtract.dll

2012-03-29 05:11:02 821824 ----a-w- C:\Windows\SysWow64\dgderapi.dll

2012-03-22 19:12:12 4435968 ----a-w- C:\Windows\SysWow64\GPhotos.scr

2012-03-21 03:44:12 98688 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys

2012-03-21 03:44:12 203888 ----a-w- C:\Windows\System32\drivers\MpFilter.sys

2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll

2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll

2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll

2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll

2012-02-17 04:58:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-02-17 04:57:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys

2012-02-15 18:01:50 52736 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys

2012-02-15 18:01:50 4547944 ----a-w- C:\Windows\System32\usbaaplrc.dll

2012-02-14 19:09:44 1070352 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX

2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll

2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll

.

============= FINISH: 21:45:51.26 ===============

Attach.zip

Share this post


Link to post
Share on other sites

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system (don't run any other options, they're not all bad!)

Post back the report.

MrC

Share this post


Link to post
Share on other sites

Thank you for the quick reply.

RogueKiller V7.4.4 [05/08/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: Lucas [Admin rights]

Mode: Scan -- Date: 05/08/2012 08:41:41

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 6 ¤¤¤

[bLACKLIST DLL] HKUS\S-1-5-19[...]\Run : Update (rundll32.exe "C:\Users\Lucas\AppData\Roaming\.minecraft\.minecraft\ulbzyvwiq.dll",DllRegisterServer) -> FOUND

[bLACKLIST DLL] HKUS\S-1-5-20[...]\Run : Update (rundll32.exe "C:\Users\Lucas\AppData\Roaming\.minecraft\.minecraft\ulbzyvwiq.dll",DllRegisterServer) -> FOUND

[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

10.10.1.50 echo

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK7575GSX +++++

--- User ---

[MBR] b27ea8f791f5b651de5b587eaa78abc7

[bSP] 6abcc5b31419a117d0832257e7d591e9 : Linux MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 190000 Mo

2 - [XXXXXX] EXTEN (0x05) [VISIBLE] Offset (sectors): 389531646 | Size: 525203 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

Share this post


Link to post
Share on other sites

OK, run RogueKiller again and click Scan

When the scan completes > click on the Registry Entries: tab

Put a check next to all of these and uncheck the rest:

¤¤¤ Registry Entries: 6 ¤¤¤

[bLACKLIST DLL] HKUS\S-1-5-19[...]\Run : Update (rundll32.exe "C:\Users\Lucas\AppData\Roaming\.minecraft\.minecraft\ulbzyvwiq.dll",DllRegisterServer) -> FOUND

[bLACKLIST DLL] HKUS\S-1-5-20[...]\Run : Update (rundll32.exe "C:\Users\Lucas\AppData\Roaming\.minecraft\.minecraft\ulbzyvwiq.dll",DllRegisterServer) -> FOUND

[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

Now click Delete on the left hand column.

-------------------------

Next....

Please make sure system restore is running and create a new restore point before continuing.

XP <===> Vista & W7

XP users > please back up the registry using ERUNT.

-----------------------------------------

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

tdss_1.jpg

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

tdss_2.jpg

------------------------

Click the Start Scan button.

tdss_3.jpg

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.

tdss_4.jpg

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

tdss_5.jpg

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

Share this post


Link to post
Share on other sites

Hello,

No objects found via TDSS killer, only some unsigned drivers.

11:43:12.0277 3800 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18

11:43:13.0971 3800 ============================================================

11:43:13.0971 3800 Current date / time: 2012/05/08 11:43:13.0971

11:43:13.0971 3800 SystemInfo:

11:43:13.0971 3800

11:43:13.0972 3800 OS Version: 6.1.7601 ServicePack: 1.0

11:43:13.0972 3800 Product type: Workstation

11:43:13.0972 3800 ComputerName: DEATHWING

11:43:13.0972 3800 UserName: Lucas

11:43:13.0972 3800 Windows directory: C:\Windows

11:43:13.0972 3800 System windows directory: C:\Windows

11:43:13.0972 3800 Running under WOW64

11:43:13.0972 3800 Processor architecture: Intel x64

11:43:13.0972 3800 Number of processors: 8

11:43:13.0972 3800 Page size: 0x1000

11:43:13.0972 3800 Boot type: Normal boot

11:43:13.0972 3800 ============================================================

11:43:14.0419 3800 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

11:43:14.0424 3800 ============================================================

11:43:14.0424 3800 \Device\Harddisk0\DR0:

11:43:14.0424 3800 MBR partitions:

11:43:14.0424 3800 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800

11:43:14.0424 3800 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x17318000

11:43:14.0468 3800 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x273A1800, BlocksNum 0x301A4800

11:43:14.0468 3800 ============================================================

11:43:14.0497 3800 C: <-> \Device\Harddisk0\DR0\Partition1

11:43:14.0536 3800 D: <-> \Device\Harddisk0\DR0\Partition2

11:43:14.0536 3800 ============================================================

11:43:14.0536 3800 Initialize success

11:43:14.0536 3800 ============================================================

11:43:35.0546 4324 ============================================================

11:43:35.0546 4324 Scan started

11:43:35.0546 4324 Mode: Manual; SigCheck; TDLFS;

11:43:35.0546 4324 ============================================================

11:43:35.0840 4324 !SASCORE (6b9a496ed67631da8adb802461876c36) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

11:43:35.0874 4324 !SASCORE - ok

11:43:36.0148 4324 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

11:43:36.0179 4324 1394ohci - ok

11:43:36.0205 4324 Accelerometer (5c368f4b04ed2a923e6afca2d37baff5) C:\Windows\system32\DRIVERS\Accelerometer.sys

11:43:36.0277 4324 Accelerometer - ok

11:43:36.0304 4324 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

11:43:36.0319 4324 ACPI - ok

11:43:36.0355 4324 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

11:43:36.0382 4324 AcpiPmi - ok

11:43:36.0460 4324 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

11:43:36.0468 4324 AdobeARMservice - ok

11:43:36.0541 4324 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

11:43:36.0553 4324 AdobeFlashPlayerUpdateSvc - ok

11:43:36.0595 4324 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys

11:43:36.0613 4324 adp94xx - ok

11:43:36.0664 4324 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys

11:43:36.0679 4324 adpahci - ok

11:43:36.0688 4324 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys

11:43:36.0701 4324 adpu320 - ok

11:43:36.0724 4324 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

11:43:36.0757 4324 AeLookupSvc - ok

11:43:36.0877 4324 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe

11:43:36.0899 4324 AESTFilters - ok

11:43:36.0941 4324 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

11:43:36.0971 4324 AFD - ok

11:43:37.0021 4324 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

11:43:37.0031 4324 agp440 - ok

11:43:37.0071 4324 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

11:43:37.0093 4324 ALG - ok

11:43:37.0119 4324 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

11:43:37.0128 4324 aliide - ok

11:43:37.0207 4324 ALSysIO - ok

11:43:37.0243 4324 AMD External Events Utility (46052887a640397a834cfa61d607bfc5) C:\Windows\system32\atiesrxx.exe

11:43:37.0270 4324 AMD External Events Utility - ok

11:43:37.0308 4324 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

11:43:37.0318 4324 amdide - ok

11:43:37.0345 4324 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys

11:43:37.0373 4324 AmdK8 - ok

11:43:37.0689 4324 amdkmdag (f419e5cc07decdab85e4e6adab1dbb49) C:\Windows\system32\DRIVERS\atikmdag.sys

11:43:37.0912 4324 amdkmdag - ok

11:43:38.0030 4324 amdkmdap (a2f3f99349169d53e91a953a6f539635) C:\Windows\system32\DRIVERS\atikmpag.sys

11:43:38.0059 4324 amdkmdap - ok

11:43:38.0092 4324 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys

11:43:38.0113 4324 AmdPPM - ok

11:43:38.0158 4324 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

11:43:38.0169 4324 amdsata - ok

11:43:38.0198 4324 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys

11:43:38.0216 4324 amdsbs - ok

11:43:38.0233 4324 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

11:43:38.0242 4324 amdxata - ok

11:43:38.0288 4324 AMPPAL (7d9e301ab3247765702d0b65e2e47e50) C:\Windows\system32\DRIVERS\AMPPAL.sys

11:43:38.0315 4324 AMPPAL - ok

11:43:38.0331 4324 AMPPALP (7d9e301ab3247765702d0b65e2e47e50) C:\Windows\system32\DRIVERS\amppal.sys

11:43:38.0342 4324 AMPPALP - ok

11:43:38.0449 4324 AMPPALR3 (576134e43169810b560f0bb6fdee13f5) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe

11:43:38.0478 4324 AMPPALR3 - ok

11:43:38.0597 4324 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

11:43:38.0630 4324 AppID - ok

11:43:38.0661 4324 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

11:43:38.0693 4324 AppIDSvc - ok

11:43:38.0729 4324 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

11:43:38.0767 4324 Appinfo - ok

11:43:38.0850 4324 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

11:43:38.0858 4324 Apple Mobile Device - ok

11:43:38.0890 4324 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys

11:43:38.0901 4324 arc - ok

11:43:38.0917 4324 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys

11:43:38.0927 4324 arcsas - ok

11:43:39.0021 4324 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

11:43:39.0031 4324 aspnet_state - ok

11:43:39.0039 4324 astcc - ok

11:43:39.0061 4324 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

11:43:39.0093 4324 AsyncMac - ok

11:43:39.0149 4324 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

11:43:39.0158 4324 atapi - ok

11:43:39.0224 4324 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

11:43:39.0266 4324 AudioEndpointBuilder - ok

11:43:39.0271 4324 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

11:43:39.0309 4324 AudioSrv - ok

11:43:39.0383 4324 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

11:43:39.0399 4324 AxInstSV - ok

11:43:39.0448 4324 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys

11:43:39.0475 4324 b06bdrv - ok

11:43:39.0506 4324 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

11:43:39.0521 4324 b57nd60a - ok

11:43:39.0607 4324 BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys

11:43:39.0638 4324 BCM43XX - ok

11:43:39.0677 4324 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

11:43:39.0695 4324 BDESVC - ok

11:43:39.0763 4324 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

11:43:39.0807 4324 Beep - ok

11:43:39.0874 4324 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll

11:43:39.0915 4324 BFE - ok

11:43:39.0962 4324 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll

11:43:40.0012 4324 BITS - ok

11:43:40.0081 4324 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

11:43:40.0092 4324 blbdrive - ok

11:43:40.0209 4324 Bluetooth Device Monitor (c440483a5ce0e0ab03a79a33ace35d91) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe

11:43:40.0223 4324 Bluetooth Device Monitor ( UnsignedFile.Multi.Generic ) - warning

11:43:40.0223 4324 Bluetooth Device Monitor - detected UnsignedFile.Multi.Generic (1)

11:43:40.0284 4324 Bluetooth Media Service (c8ab8ca3557cce041ac4c88e76afbad0) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe

11:43:40.0316 4324 Bluetooth Media Service ( UnsignedFile.Multi.Generic ) - warning

11:43:40.0316 4324 Bluetooth Media Service - detected UnsignedFile.Multi.Generic (1)

11:43:40.0371 4324 Bluetooth OBEX Service (df83fb0eb35c91339f1c84c6cf426100) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe

11:43:40.0391 4324 Bluetooth OBEX Service ( UnsignedFile.Multi.Generic ) - warning

11:43:40.0391 4324 Bluetooth OBEX Service - detected UnsignedFile.Multi.Generic (1)

11:43:40.0467 4324 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe

11:43:40.0482 4324 Bonjour Service - ok

11:43:40.0599 4324 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

11:43:40.0622 4324 bowser - ok

11:43:40.0660 4324 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys

11:43:40.0673 4324 BrFiltLo - ok

11:43:40.0675 4324 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys

11:43:40.0688 4324 BrFiltUp - ok

11:43:40.0722 4324 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

11:43:40.0763 4324 Browser - ok

11:43:40.0785 4324 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

11:43:40.0816 4324 Brserid - ok

11:43:40.0820 4324 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

11:43:40.0842 4324 BrSerWdm - ok

11:43:40.0870 4324 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

11:43:40.0892 4324 BrUsbMdm - ok

11:43:40.0915 4324 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

11:43:40.0937 4324 BrUsbSer - ok

11:43:40.0981 4324 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys

11:43:41.0005 4324 BthEnum - ok

11:43:41.0055 4324 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

11:43:41.0079 4324 BTHMODEM - ok

11:43:41.0122 4324 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys

11:43:41.0149 4324 BthPan - ok

11:43:41.0189 4324 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys

11:43:41.0218 4324 BTHPORT - ok

11:43:41.0261 4324 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

11:43:41.0310 4324 bthserv - ok

11:43:41.0399 4324 BTHSSecurityMgr (9e2af97302b9f4bf97e952a865eb31ae) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe

11:43:41.0408 4324 BTHSSecurityMgr - ok

11:43:41.0418 4324 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys

11:43:41.0429 4324 BTHUSB - ok

11:43:41.0474 4324 btmaux (ba554bfcbf21201d310738a42c9c19e1) C:\Windows\system32\DRIVERS\btmaux.sys

11:43:41.0482 4324 btmaux - ok

11:43:41.0533 4324 btwampfl (7a2ce8c1bf4daa1f2766e21e9ca11078) C:\Windows\system32\drivers\btwampfl.sys

11:43:41.0548 4324 btwampfl - ok

11:43:41.0550 4324 btwaudio - ok

11:43:41.0554 4324 btwavdt - ok

11:43:41.0557 4324 btwl2cap - ok

11:43:41.0560 4324 btwrchid - ok

11:43:41.0587 4324 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

11:43:41.0630 4324 cdfs - ok

11:43:41.0661 4324 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

11:43:41.0673 4324 cdrom - ok

11:43:41.0721 4324 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

11:43:41.0763 4324 CertPropSvc - ok

11:43:41.0810 4324 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys

11:43:41.0832 4324 circlass - ok

11:43:41.0885 4324 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

11:43:41.0901 4324 CLFS - ok

11:43:42.0031 4324 CLKMSVC10_38F51D56 (524dc3807cb1746225f9d26add19c319) C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe

11:43:42.0043 4324 CLKMSVC10_38F51D56 - ok

11:43:42.0102 4324 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

11:43:42.0111 4324 clr_optimization_v2.0.50727_32 - ok

11:43:42.0175 4324 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

11:43:42.0184 4324 clr_optimization_v2.0.50727_64 - ok

11:43:42.0265 4324 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

11:43:42.0275 4324 clr_optimization_v4.0.30319_32 - ok

11:43:42.0303 4324 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

11:43:42.0313 4324 clr_optimization_v4.0.30319_64 - ok

11:43:42.0391 4324 clwvd (50f92c943f18b070f166d019dfab3d9a) C:\Windows\system32\DRIVERS\clwvd.sys

11:43:42.0399 4324 clwvd - ok

11:43:42.0426 4324 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

11:43:42.0438 4324 CmBatt - ok

11:43:42.0446 4324 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

11:43:42.0455 4324 cmdide - ok

11:43:42.0505 4324 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

11:43:42.0537 4324 CNG - ok

11:43:42.0576 4324 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys

11:43:42.0585 4324 Compbatt - ok

11:43:42.0612 4324 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys

11:43:42.0642 4324 CompositeBus - ok

11:43:42.0655 4324 COMSysApp - ok

11:43:42.0725 4324 cpudrv64 (3ca734ce373e5675fbc15ca2c45228e5) C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys

11:43:42.0733 4324 cpudrv64 - ok

11:43:42.0767 4324 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys

11:43:42.0777 4324 crcdisk - ok

11:43:42.0819 4324 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll

11:43:42.0862 4324 CryptSvc - ok

11:43:42.0903 4324 CVirtA (44bddeb03c84a1c993c992ffb5700357) C:\Windows\system32\DRIVERS\CVirtA64.sys

11:43:42.0912 4324 CVirtA - ok

11:43:42.0993 4324 CVPND (66257cb4e4fb69887cddc71663741435) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe

11:43:43.0022 4324 CVPND - ok

11:43:43.0145 4324 CVPNDRVA (cc8e52daa9826064ba464dbe531f2bb5) C:\Windows\system32\Drivers\CVPNDRVA.sys

11:43:43.0156 4324 CVPNDRVA - ok

11:43:43.0212 4324 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

11:43:43.0270 4324 DcomLaunch - ok

11:43:43.0303 4324 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

11:43:43.0351 4324 defragsvc - ok

11:43:43.0390 4324 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

11:43:43.0432 4324 DfsC - ok

11:43:43.0467 4324 dg_ssudbus (113212d25d0c9bb8901a9833774da97f) C:\Windows\system32\DRIVERS\ssudbus.sys

11:43:43.0478 4324 dg_ssudbus - ok

11:43:43.0517 4324 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

11:43:43.0560 4324 Dhcp - ok

11:43:43.0593 4324 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

11:43:43.0626 4324 discache - ok

11:43:43.0666 4324 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys

11:43:43.0676 4324 Disk - ok

11:43:43.0725 4324 DNE (05cb5910b3ca6019fc3cca815ee06ffb) C:\Windows\system32\DRIVERS\dne64x.sys

11:43:43.0734 4324 DNE - ok

11:43:43.0777 4324 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

11:43:43.0798 4324 Dnscache - ok

11:43:43.0835 4324 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

11:43:43.0878 4324 dot3svc - ok

11:43:43.0902 4324 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

11:43:43.0950 4324 DPS - ok

11:43:43.0996 4324 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

11:43:44.0026 4324 drmkaud - ok

11:43:44.0069 4324 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

11:43:44.0091 4324 DXGKrnl - ok

11:43:44.0122 4324 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

11:43:44.0171 4324 EapHost - ok

11:43:44.0285 4324 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys

11:43:44.0342 4324 ebdrv - ok

11:43:44.0435 4324 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

11:43:44.0458 4324 EFS - ok

11:43:44.0522 4324 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

11:43:44.0552 4324 ehRecvr - ok

11:43:44.0573 4324 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

11:43:44.0585 4324 ehSched - ok

11:43:44.0667 4324 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys

11:43:44.0686 4324 elxstor - ok

11:43:44.0689 4324 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

11:43:44.0701 4324 ErrDev - ok

11:43:44.0775 4324 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

11:43:44.0828 4324 EventSystem - ok

11:43:44.0982 4324 EvtEng (e3a96d5ae6e5c7b5472011ba77353368) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

11:43:45.0016 4324 EvtEng - ok

11:43:45.0127 4324 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

11:43:45.0162 4324 exfat - ok

11:43:45.0185 4324 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

11:43:45.0227 4324 fastfat - ok

11:43:45.0287 4324 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

11:43:45.0322 4324 Fax - ok

11:43:45.0360 4324 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys

11:43:45.0386 4324 fdc - ok

11:43:45.0421 4324 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

11:43:45.0455 4324 fdPHost - ok

11:43:45.0470 4324 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

11:43:45.0503 4324 FDResPub - ok

11:43:45.0514 4324 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

11:43:45.0524 4324 FileInfo - ok

11:43:45.0545 4324 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

11:43:45.0578 4324 Filetrace - ok

11:43:45.0595 4324 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys

11:43:45.0617 4324 flpydisk - ok

11:43:45.0640 4324 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

11:43:45.0654 4324 FltMgr - ok

11:43:45.0715 4324 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

11:43:45.0754 4324 FontCache - ok

11:43:45.0823 4324 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

11:43:45.0832 4324 FontCache3.0.0.0 - ok

11:43:45.0916 4324 FPLService (0798b9b20cb43057aa8d122090fc9d8c) C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe

11:43:45.0927 4324 FPLService - ok

11:43:46.0003 4324 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

11:43:46.0013 4324 FsDepends - ok

11:43:46.0044 4324 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys

11:43:46.0054 4324 Fs_Rec - ok

11:43:46.0093 4324 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

11:43:46.0108 4324 fvevol - ok

11:43:46.0138 4324 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys

11:43:46.0148 4324 gagp30kx - ok

11:43:46.0171 4324 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

11:43:46.0179 4324 GEARAspiWDM - ok

11:43:46.0222 4324 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

11:43:46.0268 4324 gpsvc - ok

11:43:46.0328 4324 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

11:43:46.0339 4324 gusvc - ok

11:43:46.0382 4324 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

11:43:46.0403 4324 hcw85cir - ok

11:43:46.0441 4324 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

11:43:46.0460 4324 HdAudAddService - ok

11:43:46.0508 4324 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys

11:43:46.0537 4324 HDAudBus - ok

11:43:46.0555 4324 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys

11:43:46.0566 4324 HidBatt - ok

11:43:46.0599 4324 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

11:43:46.0614 4324 HidBth - ok

11:43:46.0617 4324 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys

11:43:46.0631 4324 HidIr - ok

11:43:46.0656 4324 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll

11:43:46.0703 4324 hidserv - ok

11:43:46.0750 4324 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

11:43:46.0761 4324 HidUsb - ok

11:43:46.0779 4324 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

11:43:46.0812 4324 hkmsvc - ok

11:43:46.0841 4324 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

11:43:46.0869 4324 HomeGroupListener - ok

11:43:46.0896 4324 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

11:43:46.0924 4324 HomeGroupProvider - ok

11:43:47.0032 4324 HP Support Assistant Service (170233b8d743efe35f462a5d516b93e3) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

11:43:47.0039 4324 HP Support Assistant Service - ok

11:43:47.0135 4324 hpCMSrv (e040f0064d39f73bb4995d494f3dcbb8) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe

11:43:47.0161 4324 hpCMSrv - ok

11:43:47.0243 4324 HPDrvMntSvc.exe (b19ff523b533a3f198b9239e1749c940) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

11:43:47.0254 4324 HPDrvMntSvc.exe - ok

11:43:47.0349 4324 hpdskflt (4e0bec0f78096ffd6d3314b497fc49d3) C:\Windows\system32\DRIVERS\hpdskflt.sys

11:43:47.0357 4324 hpdskflt - ok

11:43:47.0414 4324 hpqwmiex (01091b900e15878b4434f9c726c4541d) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

11:43:47.0437 4324 hpqwmiex - ok

11:43:47.0467 4324 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

11:43:47.0478 4324 HpSAMD - ok

11:43:47.0494 4324 hpsrv (fc7c13b5a9e9be23b7ae72bbc7fdb278) C:\Windows\system32\Hpservice.exe

11:43:47.0502 4324 hpsrv - ok

11:43:47.0573 4324 HPWMISVC (491ce9b6321fb74e4b37af2c47f98434) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

11:43:47.0580 4324 HPWMISVC - ok

11:43:47.0612 4324 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

11:43:47.0670 4324 HTTP - ok

11:43:47.0693 4324 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

11:43:47.0702 4324 hwpolicy - ok

11:43:47.0734 4324 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

11:43:47.0746 4324 i8042prt - ok

11:43:47.0786 4324 iaStor (2fdaec4b02729c48c0fd1b0b4695995b) C:\Windows\system32\DRIVERS\iaStor.sys

11:43:47.0802 4324 iaStor - ok

11:43:47.0900 4324 IAStorDataMgrSvc (d41861e56e7552c13674d7f147a02464) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

11:43:47.0908 4324 IAStorDataMgrSvc - ok

11:43:47.0956 4324 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

11:43:47.0973 4324 iaStorV - ok

11:43:48.0114 4324 IconMan_R (d72bf0ae484f88399e8343e821c10d6a) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

11:43:48.0152 4324 IconMan_R ( UnsignedFile.Multi.Generic ) - warning

11:43:48.0152 4324 IconMan_R - detected UnsignedFile.Multi.Generic (1)

11:43:48.0262 4324 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

11:43:48.0285 4324 idsvc - ok

11:43:48.0374 4324 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys

11:43:48.0383 4324 iirsp - ok

11:43:48.0438 4324 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

11:43:48.0492 4324 IKEEXT - ok

11:43:48.0541 4324 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys

11:43:48.0555 4324 IntcDAud - ok

11:43:48.0576 4324 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

11:43:48.0586 4324 intelide - ok

11:43:48.0979 4324 intelkmd (6383899c5f964d71b0f96b81fbe59bb8) C:\Windows\system32\DRIVERS\igdpmd64.sys

11:43:49.0261 4324 intelkmd - ok

11:43:49.0376 4324 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

11:43:49.0399 4324 intelppm - ok

11:43:49.0483 4324 IntuitUpdateServiceV4 (1663a135865f0ba6e853353e98e67f2a) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

11:43:49.0490 4324 IntuitUpdateServiceV4 - ok

11:43:49.0516 4324 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

11:43:49.0566 4324 IPBusEnum - ok

11:43:49.0588 4324 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

11:43:49.0621 4324 IpFilterDriver - ok

11:43:49.0647 4324 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll

11:43:49.0686 4324 iphlpsvc - ok

11:43:49.0712 4324 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

11:43:49.0731 4324 IPMIDRV - ok

11:43:49.0752 4324 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

11:43:49.0785 4324 IPNAT - ok

11:43:49.0893 4324 iPod Service (755e4ba6dce627a2683bb7640553c8d6) C:\Program Files\iPod\bin\iPodService.exe

11:43:49.0916 4324 iPod Service - ok

11:43:49.0952 4324 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

11:43:49.0967 4324 IRENUM - ok

11:43:49.0984 4324 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

11:43:49.0995 4324 isapnp - ok

11:43:50.0021 4324 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

11:43:50.0035 4324 iScsiPrt - ok

11:43:50.0065 4324 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

11:43:50.0074 4324 kbdclass - ok

11:43:50.0106 4324 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys

11:43:50.0118 4324 kbdhid - ok

11:43:50.0147 4324 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

11:43:50.0158 4324 KeyIso - ok

11:43:50.0178 4324 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

11:43:50.0189 4324 KSecDD - ok

11:43:50.0205 4324 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

11:43:50.0216 4324 KSecPkg - ok

11:43:50.0233 4324 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

11:43:50.0275 4324 ksthunk - ok

11:43:50.0304 4324 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

11:43:50.0343 4324 KtmRm - ok

11:43:50.0394 4324 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll

11:43:50.0441 4324 LanmanServer - ok

11:43:50.0460 4324 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

11:43:50.0494 4324 LanmanWorkstation - ok

11:43:50.0524 4324 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

11:43:50.0557 4324 lltdio - ok

11:43:50.0589 4324 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

11:43:50.0635 4324 lltdsvc - ok

11:43:50.0652 4324 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

11:43:50.0685 4324 lmhosts - ok

11:43:50.0784 4324 LMS (d7e0bed3ea21d7bddd410ade51708d90) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

11:43:50.0796 4324 LMS - ok

11:43:50.0830 4324 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys

11:43:50.0841 4324 LSI_FC - ok

11:43:50.0848 4324 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys

11:43:50.0859 4324 LSI_SAS - ok

11:43:50.0877 4324 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys

11:43:50.0887 4324 LSI_SAS2 - ok

11:43:50.0893 4324 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys

11:43:50.0904 4324 LSI_SCSI - ok

11:43:50.0923 4324 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

11:43:50.0968 4324 luafv - ok

11:43:50.0998 4324 massfilter_hs - ok

11:43:51.0023 4324 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

11:43:51.0044 4324 Mcx2Svc - ok

11:43:51.0070 4324 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys

11:43:51.0080 4324 megasas - ok

11:43:51.0121 4324 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys

11:43:51.0141 4324 MegaSR - ok

11:43:51.0186 4324 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys

11:43:51.0195 4324 MEIx64 - ok

11:43:51.0219 4324 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

11:43:51.0268 4324 MMCSS - ok

11:43:51.0295 4324 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

11:43:51.0337 4324 Modem - ok

11:43:51.0354 4324 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

11:43:51.0376 4324 monitor - ok

11:43:51.0416 4324 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

11:43:51.0425 4324 mouclass - ok

11:43:51.0452 4324 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

11:43:51.0474 4324 mouhid - ok

11:43:51.0503 4324 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

11:43:51.0514 4324 mountmgr - ok

11:43:51.0612 4324 MozillaMaintenance (1144c543625a904f836605d0902f8255) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

11:43:51.0622 4324 MozillaMaintenance - ok

11:43:51.0682 4324 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys

11:43:51.0695 4324 MpFilter - ok

11:43:51.0709 4324 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

11:43:51.0721 4324 mpio - ok

11:43:51.0754 4324 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

11:43:51.0789 4324 mpsdrv - ok

11:43:51.0843 4324 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll

11:43:51.0902 4324 MpsSvc - ok

11:43:51.0924 4324 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

11:43:51.0946 4324 MRxDAV - ok

11:43:51.0974 4324 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

11:43:51.0999 4324 mrxsmb - ok

11:43:52.0019 4324 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

11:43:52.0033 4324 mrxsmb10 - ok

11:43:52.0047 4324 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

11:43:52.0058 4324 mrxsmb20 - ok

11:43:52.0084 4324 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

11:43:52.0093 4324 msahci - ok

11:43:52.0111 4324 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

11:43:52.0122 4324 msdsm - ok

11:43:52.0152 4324 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

11:43:52.0169 4324 MSDTC - ok

11:43:52.0190 4324 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

11:43:52.0222 4324 Msfs - ok

11:43:52.0259 4324 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

11:43:52.0301 4324 mshidkmdf - ok

11:43:52.0313 4324 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

11:43:52.0322 4324 msisadrv - ok

11:43:52.0345 4324 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

11:43:52.0389 4324 MSiSCSI - ok

11:43:52.0392 4324 msiserver - ok

11:43:52.0426 4324 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

11:43:52.0470 4324 MSKSSRV - ok

11:43:52.0538 4324 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) C:\Program Files\Microsoft Security Client\MsMpEng.exe

11:43:52.0547 4324 MsMpSvc - ok

11:43:52.0582 4324 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

11:43:52.0629 4324 MSPCLOCK - ok

11:43:52.0645 4324 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

11:43:52.0687 4324 MSPQM - ok

11:43:52.0709 4324 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

11:43:52.0724 4324 MsRPC - ok

11:43:52.0736 4324 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys

11:43:52.0745 4324 mssmbios - ok

11:43:52.0766 4324 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

11:43:52.0807 4324 MSTEE - ok

11:43:52.0810 4324 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys

11:43:52.0821 4324 MTConfig - ok

11:43:52.0837 4324 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

11:43:52.0846 4324 Mup - ok

11:43:52.0916 4324 MyWiFiDHCPDNS (8f57db74bf5407a4cda6c8b005dc8dd0) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe

11:43:52.0929 4324 MyWiFiDHCPDNS - ok

11:43:52.0975 4324 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

11:43:53.0019 4324 napagent - ok

11:43:53.0083 4324 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

11:43:53.0114 4324 NativeWifiP - ok

11:43:53.0142 4324 Nbdrv (37bfe7ce56133f2e8e90ef68157d73c8) C:\Windows\system32\DRIVERS\nbdrv.sys

11:43:53.0159 4324 Nbdrv - ok

11:43:53.0221 4324 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys

11:43:53.0246 4324 NDIS - ok

11:43:53.0278 4324 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

11:43:53.0325 4324 NdisCap - ok

11:43:53.0351 4324 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

11:43:53.0384 4324 NdisTapi - ok

11:43:53.0400 4324 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

11:43:53.0442 4324 Ndisuio - ok

11:43:53.0458 4324 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

11:43:53.0498 4324 NdisWan - ok

11:43:53.0518 4324 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

11:43:53.0551 4324 NDProxy - ok

11:43:53.0594 4324 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

11:43:53.0626 4324 NetBIOS - ok

11:43:53.0648 4324 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

11:43:53.0682 4324 NetBT - ok

11:43:53.0714 4324 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

11:43:53.0724 4324 Netlogon - ok

11:43:53.0763 4324 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

11:43:53.0808 4324 Netman - ok

11:43:53.0900 4324 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

11:43:53.0909 4324 NetMsmqActivator - ok

11:43:53.0921 4324 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

11:43:53.0929 4324 NetPipeActivator - ok

11:43:53.0967 4324 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

11:43:54.0022 4324 netprofm - ok

11:43:54.0025 4324 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

11:43:54.0034 4324 NetTcpActivator - ok

11:43:54.0036 4324 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

11:43:54.0045 4324 NetTcpPortSharing - ok

11:43:54.0357 4324 NETwNs64 (50ad7f7040c22bb7caa59a0880875a21) C:\Windows\system32\DRIVERS\NETwNs64.sys

11:43:54.0550 4324 NETwNs64 - ok

11:43:54.0666 4324 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys

11:43:54.0676 4324 nfrd960 - ok

11:43:54.0708 4324 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys

11:43:54.0718 4324 NisDrv - ok

11:43:54.0798 4324 NisSrv (10a43829a9e606af3eef25a1c1665923) C:\Program Files\Microsoft Security Client\NisSrv.exe

11:43:54.0812 4324 NisSrv - ok

11:43:54.0845 4324 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

11:43:54.0888 4324 NlaSvc - ok

11:43:54.0965 4324 nlscc (40777bd92d73a8ff3b252e4f4881e672) C:\Windows\system32\nlsInterface.exe

11:43:54.0986 4324 nlscc ( UnsignedFile.Multi.Generic ) - warning

11:43:54.0986 4324 nlscc - detected UnsignedFile.Multi.Generic (1)

11:43:55.0047 4324 NovacomD (1e8281a0bc4358cf816754e0a195d329) C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe

11:43:55.0059 4324 NovacomD ( UnsignedFile.Multi.Generic ) - warning

11:43:55.0059 4324 NovacomD - detected UnsignedFile.Multi.Generic (1)

11:43:55.0085 4324 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

11:43:55.0117 4324 Npfs - ok

11:43:55.0150 4324 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

11:43:55.0190 4324 nsi - ok

11:43:55.0200 4324 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

11:43:55.0241 4324 nsiproxy - ok

11:43:55.0308 4324 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

11:43:55.0347 4324 Ntfs - ok

11:43:55.0445 4324 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

11:43:55.0477 4324 Null - ok

11:43:55.0517 4324 nusb3hub (9a33100ac62a0463c49e47ee8e77083a) C:\Windows\system32\DRIVERS\nusb3hub.sys

11:43:55.0537 4324 nusb3hub - ok

11:43:55.0568 4324 nusb3xhc (87c321f7bee646b7ec6eedd6eb725741) C:\Windows\system32\DRIVERS\nusb3xhc.sys

11:43:55.0580 4324 nusb3xhc - ok

11:43:55.0626 4324 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys

11:43:55.0643 4324 NVENETFD - ok

11:43:55.0670 4324 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

11:43:55.0682 4324 nvraid - ok

11:43:55.0704 4324 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

11:43:55.0716 4324 nvstor - ok

11:43:55.0741 4324 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

11:43:55.0752 4324 nv_agp - ok

11:43:55.0764 4324 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

11:43:55.0776 4324 ohci1394 - ok

11:43:55.0834 4324 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

11:43:55.0844 4324 ose - ok

11:43:56.0040 4324 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

11:43:56.0151 4324 osppsvc - ok

11:43:56.0267 4324 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

11:43:56.0288 4324 p2pimsvc - ok

11:43:56.0319 4324 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

11:43:56.0336 4324 p2psvc - ok

11:43:56.0394 4324 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys

11:43:56.0406 4324 Parport - ok

11:43:56.0421 4324 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

11:43:56.0431 4324 partmgr - ok

11:43:56.0466 4324 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

11:43:56.0492 4324 PcaSvc - ok

11:43:56.0509 4324 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

11:43:56.0520 4324 pci - ok

11:43:56.0551 4324 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

11:43:56.0561 4324 pciide - ok

11:43:56.0571 4324 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys

11:43:56.0584 4324 pcmcia - ok

11:43:56.0596 4324 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

11:43:56.0605 4324 pcw - ok

11:43:56.0633 4324 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

11:43:56.0686 4324 PEAUTH - ok

11:43:56.0742 4324 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

11:43:56.0769 4324 PerfHost - ok

11:43:56.0837 4324 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

11:43:56.0895 4324 pla - ok

11:43:56.0940 4324 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

11:43:56.0963 4324 PlugPlay - ok

11:43:56.0985 4324 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

11:43:56.0996 4324 PNRPAutoReg - ok

11:43:57.0022 4324 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

11:43:57.0036 4324 PNRPsvc - ok

11:43:57.0078 4324 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

11:43:57.0126 4324 PolicyAgent - ok

11:43:57.0158 4324 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

11:43:57.0206 4324 Power - ok

11:43:57.0281 4324 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

11:43:57.0323 4324 PptpMiniport - ok

11:43:57.0339 4324 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys

11:43:57.0367 4324 Processor - ok

11:43:57.0394 4324 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll

11:43:57.0430 4324 ProfSvc - ok

11:43:57.0448 4324 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

11:43:57.0459 4324 ProtectedStorage - ok

11:43:57.0504 4324 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

11:43:57.0544 4324 Psched - ok

11:43:57.0621 4324 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys

11:43:57.0658 4324 ql2300 - ok

11:43:57.0761 4324 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys

11:43:57.0773 4324 ql40xx - ok

11:43:57.0813 4324 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

11:43:57.0833 4324 QWAVE - ok

11:43:57.0845 4324 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

11:43:57.0876 4324 QWAVEdrv - ok

11:43:57.0879 4324 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

11:43:57.0915 4324 RasAcd - ok

11:43:57.0954 4324 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

11:43:57.0987 4324 RasAgileVpn - ok

11:43:58.0020 4324 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

11:43:58.0054 4324 RasAuto - ok

11:43:58.0068 4324 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

11:43:58.0101 4324 Rasl2tp - ok

11:43:58.0126 4324 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

11:43:58.0163 4324 RasMan - ok

11:43:58.0187 4324 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

11:43:58.0229 4324 RasPppoe - ok

11:43:58.0248 4324 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

11:43:58.0291 4324 RasSstp - ok

11:43:58.0322 4324 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

11:43:58.0358 4324 rdbss - ok

11:43:58.0373 4324 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys

11:43:58.0386 4324 rdpbus - ok

11:43:58.0396 4324 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

11:43:58.0428 4324 RDPCDD - ok

11:43:58.0459 4324 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

11:43:58.0500 4324 RDPENCDD - ok

11:43:58.0530 4324 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

11:43:58.0563 4324 RDPREFMP - ok

11:43:58.0608 4324 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys

11:43:58.0621 4324 RDPWD - ok

11:43:58.0655 4324 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

11:43:58.0667 4324 rdyboost - ok

11:43:58.0831 4324 RegSrvc (fd11c1287d38a46fb72353e14d50089c) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

11:43:58.0855 4324 RegSrvc - ok

11:43:58.0885 4324 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

11:43:58.0932 4324 RemoteAccess - ok

11:43:58.0958 4324 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

11:43:59.0002 4324 RemoteRegistry - ok

11:43:59.0065 4324 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys

11:43:59.0093 4324 RFCOMM - ok

11:43:59.0096 4324 RimUsb - ok

11:43:59.0134 4324 RimVSerPort (4aafffa67ac4dfa3d9985d78573887e2) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys

11:43:59.0143 4324 RimVSerPort - ok

11:43:59.0181 4324 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys

11:43:59.0214 4324 ROOTMODEM - ok

11:43:59.0234 4324 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

11:43:59.0284 4324 RpcEptMapper - ok

11:43:59.0306 4324 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

11:43:59.0317 4324 RpcLocator - ok

11:43:59.0345 4324 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

11:43:59.0382 4324 RpcSs - ok

11:43:59.0421 4324 RSPCIESTOR (1f5e7af59b390261a85f5bedb1bb88b3) C:\Windows\system32\DRIVERS\RtsPStor.sys

11:43:59.0433 4324 RSPCIESTOR - ok

11:43:59.0467 4324 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

11:43:59.0499 4324 rspndr - ok

11:43:59.0525 4324 RTL8167 (ed5873f7dfb2f96d37f13322211b6bdc) C:\Windows\system32\DRIVERS\Rt64win7.sys

11:43:59.0538 4324 RTL8167 - ok

11:43:59.0558 4324 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

11:43:59.0569 4324 SamSs - ok

11:43:59.0623 4324 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS

11:43:59.0630 4324 SASDIFSV - ok

11:43:59.0637 4324 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS

11:43:59.0643 4324 SASKUTIL - ok

11:43:59.0663 4324 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

11:43:59.0674 4324 sbp2port - ok

11:43:59.0708 4324 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

11:43:59.0743 4324 SCardSvr - ok

11:43:59.0765 4324 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

11:43:59.0806 4324 scfilter - ok

11:43:59.0850 4324 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

11:43:59.0898 4324 Schedule - ok

11:43:59.0932 4324 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

11:43:59.0963 4324 SCPolicySvc - ok

11:43:59.0992 4324 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys

11:44:00.0013 4324 sdbus - ok

11:44:00.0037 4324 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

11:44:00.0049 4324 SDRSVC - ok

11:44:00.0079 4324 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

11:44:00.0118 4324 secdrv - ok

11:44:00.0134 4324 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

11:44:00.0166 4324 seclogon - ok

11:44:00.0188 4324 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll

11:44:00.0221 4324 SENS - ok

11:44:00.0264 4324 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

11:44:00.0287 4324 SensrSvc - ok

11:44:00.0314 4324 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys

11:44:00.0332 4324 Serenum - ok

11:44:00.0352 4324 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys

11:44:00.0378 4324 Serial - ok

11:44:00.0396 4324 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys

11:44:00.0413 4324 sermouse - ok

11:44:00.0442 4324 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

11:44:00.0483 4324 SessionEnv - ok

11:44:00.0494 4324 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

11:44:00.0507 4324 sffdisk - ok

11:44:00.0518 4324 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

11:44:00.0531 4324 sffp_mmc - ok

11:44:00.0535 4324 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

11:44:00.0560 4324 sffp_sd - ok

11:44:00.0568 4324 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys

11:44:00.0579 4324 sfloppy - ok

11:44:00.0622 4324 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

11:44:00.0659 4324 SharedAccess - ok

11:44:00.0685 4324 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

11:44:00.0730 4324 ShellHWDetection - ok

11:44:00.0752 4324 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys

11:44:00.0761 4324 SiSRaid2 - ok

11:44:00.0775 4324 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys

11:44:00.0786 4324 SiSRaid4 - ok

11:44:00.0805 4324 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

11:44:00.0846 4324 Smb - ok

11:44:00.0882 4324 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

11:44:00.0900 4324 SNMPTRAP - ok

11:44:00.0984 4324 SplashtopRemoteService (ccf611a259882d8cf4dbabae2341ee31) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe

11:44:00.0998 4324 SplashtopRemoteService - ok

11:44:01.0014 4324 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

11:44:01.0023 4324 spldr - ok

11:44:01.0066 4324 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

11:44:01.0106 4324 Spooler - ok

11:44:01.0216 4324 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

11:44:01.0307 4324 sppsvc - ok

11:44:01.0388 4324 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

11:44:01.0421 4324 sppuinotify - ok

11:44:01.0474 4324 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

11:44:01.0490 4324 srv - ok

11:44:01.0519 4324 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

11:44:01.0548 4324 srv2 - ok

11:44:01.0592 4324 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS

11:44:01.0607 4324 SrvHsfHDA - ok

11:44:01.0671 4324 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS

11:44:01.0703 4324 SrvHsfV92 - ok

11:44:01.0829 4324 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS

11:44:01.0850 4324 SrvHsfWinac - ok

11:44:01.0886 4324 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

11:44:01.0898 4324 srvnet - ok

11:44:01.0945 4324 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

11:44:01.0992 4324 SSDPSRV - ok

11:44:02.0015 4324 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

11:44:02.0050 4324 SstpSvc - ok

11:44:02.0085 4324 ssudmdm (78cd64791f8634cf7b582fd085e57c4b) C:\Windows\system32\DRIVERS\ssudmdm.sys

11:44:02.0097 4324 ssudmdm - ok

11:44:02.0166 4324 SSUService (1cfa4a1f3c7bb4c8f299e00428eb8677) C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe

11:44:02.0178 4324 SSUService - ok

11:44:02.0279 4324 STacSV (20e27aa5bcc01c2149830c05fe22f675) C:\Program Files\IDT\WDM\STacSV64.exe

11:44:02.0295 4324 STacSV - ok

11:44:02.0329 4324 Steam Client Service - ok

11:44:02.0353 4324 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys

11:44:02.0363 4324 stexstor - ok

11:44:02.0411 4324 STHDA (beb37ce4e7456f5efa52d783d1e06d8c) C:\Windows\system32\DRIVERS\stwrt64.sys

11:44:02.0431 4324 STHDA - ok

11:44:02.0491 4324 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

11:44:02.0515 4324 stisvc - ok

11:44:02.0536 4324 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys

11:44:02.0545 4324 swenum - ok

11:44:02.0639 4324 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

11:44:02.0653 4324 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning

11:44:02.0653 4324 SwitchBoard - detected UnsignedFile.Multi.Generic (1)

11:44:02.0698 4324 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

11:44:02.0754 4324 swprv - ok

11:44:02.0814 4324 SynTP (ac3cc98b1bdb6540021d3ffb105ac2b9) C:\Windows\system32\DRIVERS\SynTP.sys

11:44:02.0827 4324 SynTP - ok

11:44:02.0902 4324 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

11:44:02.0943 4324 SysMain - ok

11:44:03.0023 4324 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

11:44:03.0046 4324 TabletInputService - ok

11:44:03.0077 4324 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

11:44:03.0121 4324 TapiSrv - ok

11:44:03.0137 4324 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

11:44:03.0170 4324 TBS - ok

11:44:03.0294 4324 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys

11:44:03.0338 4324 Tcpip - ok

11:44:03.0493 4324 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys

11:44:03.0529 4324 TCPIP6 - ok

11:44:03.0628 4324 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

11:44:03.0667 4324 tcpipreg - ok

11:44:03.0681 4324 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

11:44:03.0706 4324 TDPIPE - ok

11:44:03.0731 4324 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys

11:44:03.0749 4324 TDTCP - ok

11:44:03.0766 4324 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

11:44:03.0806 4324 tdx - ok

11:44:03.0831 4324 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys

11:44:03.0840 4324 TermDD - ok

11:44:03.0884 4324 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

11:44:03.0938 4324 TermService - ok

11:44:03.0954 4324 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

11:44:03.0971 4324 Themes - ok

11:44:03.0997 4324 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

11:44:04.0031 4324 THREADORDER - ok

11:44:04.0070 4324 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

11:44:04.0116 4324 TrkWks - ok

11:44:04.0157 4324 truecrypt (ea43de1743c1ba0d2d17b8db90c91d88) C:\Windows\system32\drivers\truecrypt.sys

11:44:04.0169 4324 truecrypt - ok

11:44:04.0220 4324 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

11:44:04.0261 4324 TrustedInstaller - ok

11:44:04.0283 4324 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

11:44:04.0332 4324 tssecsrv - ok

11:44:04.0358 4324 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

11:44:04.0368 4324 TsUsbFlt - ok

11:44:04.0372 4324 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys

11:44:04.0396 4324 TsUsbGD - ok

11:44:04.0441 4324 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

11:44:04.0489 4324 tunnel - ok

11:44:04.0510 4324 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys

11:44:04.0520 4324 uagp35 - ok

11:44:04.0544 4324 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

11:44:04.0590 4324 udfs - ok

11:44:04.0616 4324 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

11:44:04.0628 4324 UI0Detect - ok

11:44:04.0647 4324 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

11:44:04.0657 4324 uliagpkx - ok

11:44:04.0687 4324 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys

11:44:04.0705 4324 umbus - ok

11:44:04.0730 4324 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys

11:44:04.0741 4324 UmPass - ok

11:44:04.0894 4324 UNS (a678e5ddd974903dd71f503bdcaca218) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

11:44:04.0950 4324 UNS - ok

11:44:05.0045 4324 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

11:44:05.0092 4324 upnphost - ok

11:44:05.0146 4324 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys

11:44:05.0155 4324 USBAAPL64 - ok

11:44:05.0193 4324 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

11:44:05.0204 4324 usbccgp - ok

11:44:05.0243 4324 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

11:44:05.0257 4324 usbcir - ok

11:44:05.0277 4324 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys

11:44:05.0294 4324 usbehci - ok

11:44:05.0341 4324 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

11:44:05.0367 4324 usbhub - ok

11:44:05.0379 4324 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

11:44:05.0399 4324 usbohci - ok

11:44:05.0414 4324 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys

11:44:05.0436 4324 usbprint - ok

11:44:05.0471 4324 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

11:44:05.0485 4324 usbscan - ok

11:44:05.0509 4324 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

11:44:05.0534 4324 USBSTOR - ok

11:44:05.0558 4324 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

11:44:05.0582 4324 usbuhci - ok

11:44:05.0610 4324 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys

11:44:05.0625 4324 usbvideo - ok

11:44:05.0657 4324 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

11:44:05.0691 4324 UxSms - ok

11:44:05.0714 4324 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

11:44:05.0724 4324 VaultSvc - ok

11:44:05.0782 4324 VBoxDrv (c30f3d43ceb6f79ade9b805387e5f63c) C:\Windows\system32\DRIVERS\VBoxDrv.sys

11:44:05.0792 4324 VBoxDrv - ok

11:44:05.0825 4324 VBoxNetAdp (8acf22b86ce4e85c23e3e9513bf45c37) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys

11:44:05.0835 4324 VBoxNetAdp - ok

11:44:05.0852 4324 VBoxNetFlt (7b657669c53a0e6583f07ebaa303d9ea) C:\Windows\system32\DRIVERS\VBoxNetFlt.sys

11:44:05.0862 4324 VBoxNetFlt - ok

11:44:05.0912 4324 VBoxUSBMon (cf3ee68cd9723e9f21e3198a0f690400) C:\Windows\system32\DRIVERS\VBoxUSBMon.sys

11:44:05.0921 4324 VBoxUSBMon - ok

11:44:05.0942 4324 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

11:44:05.0951 4324 vdrvroot - ok

11:44:05.0991 4324 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

11:44:06.0037 4324 vds - ok

11:44:06.0068 4324 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

11:44:06.0080 4324 vga - ok

11:44:06.0092 4324 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

11:44:06.0136 4324 VgaSave - ok

11:44:06.0145 4324 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

11:44:06.0158 4324 vhdmp - ok

11:44:06.0168 4324 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

11:44:06.0177 4324 viaide - ok

11:44:06.0207 4324 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

11:44:06.0216 4324 volmgr - ok

11:44:06.0240 4324 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

11:44:06.0254 4324 volmgrx - ok

11:44:06.0286 4324 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

11:44:06.0300 4324 volsnap - ok

11:44:06.0331 4324 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys

11:44:06.0343 4324 vsmraid - ok

11:44:06.0413 4324 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

11:44:06.0482 4324 VSS - ok

11:44:06.0599 4324 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

11:44:06.0630 4324 vwifibus - ok

11:44:06.0720 4324 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

11:44:06.0736 4324 vwififlt - ok

11:44:06.0764 4324 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys

11:44:06.0780 4324 vwifimp - ok

11:44:06.0840 4324 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

11:44:06.0879 4324 W32Time - ok

11:44:06.0914 4324 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys

11:44:06.0940 4324 WacomPen - ok

11:44:06.0974 4324 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

11:44:07.0075 4324 WANARP - ok

11:44:07.0078 4324 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

11:44:07.0110 4324 Wanarpv6 - ok

11:44:07.0205 4324 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

11:44:07.0237 4324 WatAdminSvc - ok

11:44:07.0304 4324 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

11:44:07.0343 4324 wbengine - ok

11:44:07.0426 4324 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

11:44:07.0445 4324 WbioSrvc - ok

11:44:07.0467 4324 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

11:44:07.0504 4324 wcncsvc - ok

11:44:07.0522 4324 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

11:44:07.0533 4324 WcsPlugInService - ok

11:44:07.0583 4324 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys

11:44:07.0592 4324 Wd - ok

11:44:07.0622 4324 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys

11:44:07.0631 4324 WDC_SAM - ok

11:44:07.0660 4324 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

11:44:07.0681 4324 Wdf01000 - ok

11:44:07.0694 4324 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

11:44:07.0725 4324 WdiServiceHost - ok

11:44:07.0728 4324 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

11:44:07.0745 4324 WdiSystemHost - ok

11:44:07.0778 4324 wdkmd (5e1640435dd54d00451156ca5340b109) C:\Windows\system32\DRIVERS\WDKMD.sys

11:44:07.0786 4324 wdkmd - ok

11:44:07.0813 4324 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

11:44:07.0846 4324 WebClient - ok

11:44:07.0870 4324 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

11:44:07.0913 4324 Wecsvc - ok

11:44:07.0933 4324 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

11:44:07.0967 4324 wercplsupport - ok

11:44:07.0995 4324 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

11:44:08.0029 4324 WerSvc - ok

11:44:08.0064 4324 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

11:44:08.0096 4324 WfpLwf - ok

11:44:08.0113 4324 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

11:44:08.0123 4324 WIMMount - ok

11:44:08.0127 4324 WinHttpAutoProxySvc - ok

11:44:08.0184 4324 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

11:44:08.0220 4324 Winmgmt - ok

11:44:08.0307 4324 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

11:44:08.0369 4324 WinRM - ok

11:44:08.0498 4324 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys

11:44:08.0512 4324 WinUsb - ok

11:44:08.0573 4324 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

11:44:08.0616 4324 Wlansvc - ok

11:44:08.0650 4324 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys

11:44:08.0672 4324 WmiAcpi - ok

11:44:08.0725 4324 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

11:44:08.0739 4324 wmiApSrv - ok

11:44:08.0795 4324 WMPNetworkSvc - ok

11:44:08.0827 4324 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

11:44:08.0839 4324 WPCSvc - ok

11:44:08.0856 4324 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

11:44:08.0870 4324 WPDBusEnum - ok

11:44:08.0895 4324 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

11:44:08.0927 4324 ws2ifsl - ok

11:44:09.0023 4324 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll

11:44:09.0052 4324 wscsvc - ok

11:44:09.0054 4324 WSearch - ok

11:44:09.0134 4324 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll

11:44:09.0200 4324 wuauserv - ok

11:44:09.0308 4324 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

11:44:09.0347 4324 WudfPf - ok

11:44:09.0373 4324 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

11:44:09.0418 4324 WUDFRd - ok

11:44:09.0448 4324 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

11:44:09.0483 4324 wudfsvc - ok

11:44:09.0505 4324 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

11:44:09.0532 4324 WwanSvc - ok

11:44:09.0560 4324 zgwhsdiag - ok

11:44:09.0577 4324 zgwhsmdm - ok

11:44:09.0593 4324 zgwhsnmea - ok

11:44:09.0635 4324 MBR (0x1B8) (8e734bd7aa1d4f7e9af58df495f6cf9e) \Device\Harddisk0\DR0

11:44:10.0460 4324 \Device\Harddisk0\DR0 - ok

11:44:10.0488 4324 Boot (0x1200) (f7892f1f5ae02a59377ba863a97ea31b) \Device\Harddisk0\DR0\Partition0

11:44:10.0489 4324 \Device\Harddisk0\DR0\Partition0 - ok

11:44:10.0503 4324 Boot (0x1200) (02fd3463f94d61e0293f2b1345fa46fd) \Device\Harddisk0\DR0\Partition1

11:44:10.0505 4324 \Device\Harddisk0\DR0\Partition1 - ok

11:44:10.0530 4324 Boot (0x1200) (b8cb82190b3c52f53d0bba8cdad91fde) \Device\Harddisk0\DR0\Partition2

11:44:10.0531 4324 \Device\Harddisk0\DR0\Partition2 - ok

11:44:10.0532 4324 ============================================================

11:44:10.0532 4324 Scan finished

11:44:10.0532 4324 ============================================================

11:44:10.0538 6900 Detected object count: 7

11:44:10.0538 6900 Actual detected object count: 7

11:45:16.0117 6900 Bluetooth Device Monitor ( UnsignedFile.Multi.Generic ) - skipped by user

11:45:16.0117 6900 Bluetooth Device Monitor ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:45:16.0118 6900 Bluetooth Media Service ( UnsignedFile.Multi.Generic ) - skipped by user

11:45:16.0118 6900 Bluetooth Media Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:45:16.0119 6900 Bluetooth OBEX Service ( UnsignedFile.Multi.Generic ) - skipped by user

11:45:16.0119 6900 Bluetooth OBEX Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:45:16.0120 6900 IconMan_R ( UnsignedFile.Multi.Generic ) - skipped by user

11:45:16.0120 6900 IconMan_R ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:45:16.0121 6900 nlscc ( UnsignedFile.Multi.Generic ) - skipped by user

11:45:16.0121 6900 nlscc ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:45:16.0122 6900 NovacomD ( UnsignedFile.Multi.Generic ) - skipped by user

11:45:16.0122 6900 NovacomD ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:45:16.0123 6900 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user

11:45:16.0123 6900 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:45:43.0925 5072 Deinitialize success

Share this post


Link to post
Share on other sites

OK......

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Please include the C:\ComboFix.txt in your next reply for further review.

Note:

If you get the message Illegal operation attempted on registry key that has been marked for deletion. after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Share this post


Link to post
Share on other sites

Yikes, Combofix is usually an end of the line kind of thing in my experience, is there a reason this is seeming to be so difficult to get rid of? Is it that we don't know exactly what is wrong? I will run it and let you know but in my experience combofix has been for the severe infections.

Share this post


Link to post
Share on other sites

Please run ComboFix as outlined.....MrC

Share this post


Link to post
Share on other sites

It run before when I wasn't home as it disconnected my Splashtop Remote, and did not save in C:\ as it said it did. Here is the re-run:

ComboFix 12-05-08.02 - Lucas 05/08/2012 19:27:15.2.8 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6092.3627 [GMT -7:00]

Running from: c:\users\Lucas\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2012-04-09 to 2012-05-09 )))))))))))))))))))))))))))))))

.

.

2012-05-09 02:32 . 2012-05-09 02:32 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-05-08 16:03 . 2012-05-08 16:03 -------- d-----w- c:\users\Lucas\AppData\Local\Splashtop

2012-05-07 17:43 . 2012-05-07 17:43 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AE2D88D5-D09F-42D6-8C84-D965EB4F2FC9}\offreg.dll

2012-05-07 14:57 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AE2D88D5-D09F-42D6-8C84-D965EB4F2FC9}\mpengine.dll

2012-05-06 22:19 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-05-04 07:41 . 2012-05-04 07:41 -------- d-----w- c:\users\Lucas\AppData\Roaming\dvdcss

2012-05-01 10:00 . 2012-05-01 10:00 -------- d-----w- c:\program files (x86)\Microsoft Security Client

2012-04-17 06:40 . 2012-04-17 06:51 -------- d-----w- c:\program files (x86)\OpenDNS Updater

2012-04-17 06:16 . 2012-04-17 06:16 -------- d-----w- c:\users\Lucas\AppData\Roaming\OpenDNS Updater

2012-04-17 05:39 . 2012-02-24 09:14 99384 ----a-w- c:\windows\system32\drivers\ssudbus.sys

2012-04-17 05:39 . 2012-02-24 09:14 203320 ----a-w- c:\windows\system32\drivers\ssudmdm.sys

2012-04-17 03:31 . 2009-07-14 01:41 332288 ----a-w- c:\windows\system32\uxtheme.dll.backup

2012-04-17 03:31 . 2010-11-21 03:23 2851840 ----a-w- c:\windows\system32\themeui.dll.backup

2012-04-17 03:31 . 2009-07-14 01:41 44544 ----a-w- c:\windows\system32\themeservice.dll.backup

2012-04-12 03:57 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-04-12 03:57 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-04-12 03:57 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-04-12 03:57 . 2012-04-12 03:57 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help

2012-04-12 03:55 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-04-12 03:55 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll

2012-04-12 03:55 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll

2012-04-12 03:55 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll

2012-04-12 03:55 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-04-12 03:55 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll

2012-04-12 03:55 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll

2012-04-10 04:04 . 2012-04-10 04:04 -------- d-----w- c:\users\Lucas\AppData\Roaming\ASUS WebStorage

2012-04-10 04:04 . 2012-04-10 04:04 -------- d-----w- c:\programdata\ASUS WebStorage

2012-04-10 04:04 . 2012-04-10 04:06 -------- d-----w- c:\users\Lucas\AppData\Roaming\ASUS

2012-04-10 04:04 . 2012-04-10 04:06 -------- d-----w- c:\program files (x86)\ASUS

2012-04-10 04:03 . 2012-04-10 04:03 -------- d-----w- c:\program files\ASUS

2012-04-10 04:03 . 2012-04-10 04:03 -------- d-----w- c:\program files (x86)\MSXML 4.0

2012-04-10 04:01 . 2012-04-10 04:01 -------- d-----w- c:\users\Lucas\AppData\Roaming\eCareme

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-06 23:55 . 2012-04-04 04:42 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-05-06 23:55 . 2011-08-14 19:59 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-05-06 23:55 . 2012-04-04 04:55 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2012-04-04 22:56 . 2011-12-24 07:03 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-29 05:11 . 2012-02-22 04:06 4659712 ----a-w- c:\windows\SysWow64\Redemption.dll

2012-03-29 05:11 . 2012-03-29 05:11 45320 ----a-w- c:\windows\SysWow64\MAMACExtract.dll

2012-03-29 05:11 . 2012-02-22 04:06 821824 ----a-w- c:\windows\SysWow64\dgderapi.dll

2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\SysWow64\GPhotos.scr

2012-03-21 03:44 . 2011-04-27 23:25 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys

2012-03-21 03:44 . 2011-04-18 21:18 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys

2012-03-11 22:54 . 2012-02-04 10:11 1626 ----a-w- c:\users\Lucas\AppData\Local\auto_install.bat

2012-03-11 22:54 . 2012-02-04 10:11 1481 ----a-w- c:\users\Lucas\AppData\Local\dc.bat

2012-03-11 22:54 . 2012-02-04 10:11 1288 ----a-w- c:\users\Lucas\AppData\Local\cc.bat

2012-02-17 06:38 . 2012-03-15 06:00 1031680 ----a-w- c:\windows\system32\rdpcore.dll

2012-02-17 05:34 . 2012-03-15 06:00 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll

2012-02-17 04:58 . 2012-03-15 06:00 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-02-17 04:57 . 2012-03-15 06:00 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-02-15 18:01 . 2012-02-15 18:01 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys

2012-02-15 18:01 . 2012-02-15 18:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll

2012-02-14 19:09 . 2012-02-14 19:09 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX

2012-02-10 14:39 . 2012-02-10 14:39 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{41EF12EC-2857-4EAC-8891-1C8836ABE417}\gapaengine.dll

2012-02-10 06:36 . 2012-03-15 06:00 1544192 ----a-w- c:\windows\system32\DWrite.dll

2012-02-10 05:38 . 2012-03-15 06:00 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll

2012-02-09 04:26 . 2012-02-09 04:26 45056 ----a-r- c:\users\Lucas\AppData\Roaming\Microsoft\Installer\{90932C65-D68E-4257-AEE8-EBBFC36AC601}\NewShortcut9_2F6B7414C56A4A8F8A759ACC21BA185D.exe

2012-02-09 04:26 . 2012-02-09 04:26 45056 ----a-r- c:\users\Lucas\AppData\Roaming\Microsoft\Installer\{90932C65-D68E-4257-AEE8-EBBFC36AC601}\NewShortcut8_5DF58E2DB9BC441F8ACA06CDD068ADBD.exe

2012-02-09 04:26 . 2012-02-09 04:26 45056 ----a-r- c:\users\Lucas\AppData\Roaming\Microsoft\Installer\{90932C65-D68E-4257-AEE8-EBBFC36AC601}\NewShortcut7_5DF58E2DB9BC441F8ACA06CDD068ADBD.exe

2012-02-09 04:26 . 2012-02-09 04:26 90112 ----a-r- c:\users\Lucas\AppData\Roaming\Microsoft\Installer\{90932C65-D68E-4257-AEE8-EBBFC36AC601}\ARPPRODUCTICON.exe

2012-02-09 04:26 . 2012-02-09 04:26 45056 ----a-r- c:\users\Lucas\AppData\Roaming\Microsoft\Installer\{90932C65-D68E-4257-AEE8-EBBFC36AC601}\NewShortcut6_5DF58E2DB9BC441F8ACA06CDD068ADBD.exe

2012-02-09 04:26 . 2012-02-09 04:26 45056 ----a-r- c:\users\Lucas\AppData\Roaming\Microsoft\Installer\{90932C65-D68E-4257-AEE8-EBBFC36AC601}\NewShortcut5_5DF58E2DB9BC441F8ACA06CDD068ADBD.exe

2012-02-09 04:26 . 2012-02-09 04:26 45056 ----a-r- c:\users\Lucas\AppData\Roaming\Microsoft\Installer\{90932C65-D68E-4257-AEE8-EBBFC36AC601}\NewShortcut4_5DF58E2DB9BC441F8ACA06CDD068ADBD.exe

2012-02-09 04:26 . 2012-02-09 04:26 45056 ----a-r- c:\users\Lucas\AppData\Roaming\Microsoft\Installer\{90932C65-D68E-4257-AEE8-EBBFC36AC601}\NewShortcut3_5DF58E2DB9BC441F8ACA06CDD068ADBD.exe

2012-02-09 04:26 . 2012-02-09 04:26 45056 ----a-r- c:\users\Lucas\AppData\Roaming\Microsoft\Installer\{90932C65-D68E-4257-AEE8-EBBFC36AC601}\NewShortcut2_5DF58E2DB9BC441F8ACA06CDD068ADBD.exe

2012-02-09 04:26 . 2012-02-09 04:26 45056 ----a-r- c:\users\Lucas\AppData\Roaming\Microsoft\Installer\{90932C65-D68E-4257-AEE8-EBBFC36AC601}\NewShortcut1_5DF58E2DB9BC441F8ACA06CDD068ADBD.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]

@="{C5994560-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]

@="{C5994561-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]

@="{C5994562-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]

@="{C5994563-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]

@="{C5994564-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]

@="{C5994565-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]

@="{C5994566-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]

@="{C5994567-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]

@="{C5994568-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"envyTouchPad"="c:\apps\envyTouchPad.exe" [2011-06-17 402944]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]

"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2012-01-09 113288]

"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-02-15 94264]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-29 336384]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]

"FLxHCIm"="c:\program files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\i386_host\FLxHCIm.exe" [2011-05-13 38912]

"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2011-07-11 574008]

"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]

"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2011-03-30 87336]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-07 421736]

.

c:\users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Lucas\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-4-26 27264496]

Launchy.lnk - c:\program files (x86)\Launchy\Launchy.exe [2012-2-25 405504]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-01-24 901184]

R2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-01-24 991296]

R2 CLKMSVC10_38F51D56;CyberLink Product - 2012/01/08 22:36;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2011-02-25 241648]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-06 257696]

R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [x]

R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-01-24 1298496]

R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [x]

R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]

R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864]

R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]

R3 massfilter_hs;ZTE HandSet Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys [x]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-24 129976]

R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-07-28 340240]

R3 Nbdrv;NetBalancer;c:\windows\system32\DRIVERS\nbdrv.sys [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-27 291696]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]

R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]

R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]

R3 zgwhsdiag;ZTE WCDMA Handset Diagnostic Port;c:\windows\system32\DRIVERS\zgwhsdiag.sys [x]

R3 zgwhsmdm;ZTE WCDMA Handset USB Modem;c:\windows\system32\DRIVERS\zgwhsmdm.sys [x]

R3 zgwhsnmea;WCDMA Handset NMEA Port;c:\windows\system32\DRIVERS\zgwhsnmea.sys [x]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]

S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]

S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-07-19 146816]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2012-01-09 89600]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-09-01 1166848]

S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-06-03 134928]

S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-07-20 260424]

S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-09-02 227896]

S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]

S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-07-11 26680]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592]

S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-01-09 2413056]

S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-26 13672]

S2 nlscc;Nalpeiron X64 Service;c:\windows\system32\nlsInterface.exe [x]

S2 NovacomD;Palm Novacom;c:\program files\Palm, Inc\novacomd\amd64\novacomd.exe [2011-03-15 71168]

S2 SplashtopRemoteService;Splashtop® Remote Service;c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2012-02-09 531328]

S2 SSUService;Splashtop Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2012-03-15 370504]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-24 2656280]

S3 ALSysIO;ALSysIO;c:\users\Lucas\AppData\Local\Temp\ALSysIO64.sys [x]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [x]

S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]

S3 hpCMSrv;HP Connection Manager 4.0 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-02-15 1071160]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]

S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 45281131

*Deregistered* - 45281131

*Deregistered* - CLKMDRV10_38F51D56

.

Contents of the 'Scheduled Tasks' folder

.

2012-05-09 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 23:55]

.

2012-05-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1039735209-2586580631-372817727-1001Core.job

- c:\users\Lucas\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-10 06:15]

.

2012-05-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1039735209-2586580631-372817727-1001UA.job

- c:\users\Lucas\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-10 06:15]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]

@="{C5994560-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]

@="{C5994561-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]

@="{C5994562-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]

@="{C5994563-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]

@="{C5994564-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]

@="{C5994565-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]

@="{C5994566-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]

@="{C5994567-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]

@="{C5994568-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-01-24 10355200]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-16 168216]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-16 392472]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-16 416024]

"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-07-28 1935120]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-01-09 1128448]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 1271168]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105

Trusted Zone: box.net\www

Trusted Zone: intuit.com\ttlc

TCP: DhcpNameServer = 10.10.1.1

FF - ProfilePath - c:\users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\3s2yhtu7.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90,

43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87

"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,

1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7

"{8590886E-EC8C-43C1-A32C-E4C2B0B6395B}"=hex:51,66,7a,6c,4c,1d,38,12,00,8b,83,

81,be,a2,af,06,dc,3a,a7,82,b5,e8,7d,4f

"{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f,

aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04

"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,

b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb

"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,

df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd

"{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,38,12,89,1d,84,

f0,92,94,3d,05,e6,72,25,1d,8b,b8,e4,63

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:8f,f1,96,74,17,cd,cc,01

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,99,3f,18,39,7c,e9,4e,44,98,02,77,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,99,3f,18,39,7c,e9,4e,44,98,02,77,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]

"Version"=hex:4c,78,f1,91,2b,8c,74,9a,be,26,86,c9,8f,aa,fc,08,68,77,a3,e5,67,

64,1f,06,f8,ab,66,35,71,0f,8b,8f,51,7d,40,ce,99,7c,60,35,5b,2b,5b,ce,8c,33,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-05-08 19:33:39

ComboFix-quarantined-files.txt 2012-05-09 02:33

ComboFix2.txt 2012-05-08 19:19

.

Pre-Run: 81,303,101,440 bytes free

Post-Run: 81,232,728,064 bytes free

.

- - End Of File - - 775983A175C6601C43E401CA1D52E4A7

Share this post


Link to post
Share on other sites

Found the file for the first run:

ComboFix 12-05-08.02 - Lucas 05/08/2012 12:10:36.1.8 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6092.3709 [GMT -7:00]

Running from: c:\users\Lucas\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\458ffeq4p6hr700641u

c:\programdata\Roaming

c:\windows\system32\drivers\etc\hosts.ics

c:\windows\SysWow64\muzapp.exe

c:\windows\SysWow64\system32

c:\windows\SysWow64\system32\3DAudio.ax

c:\windows\SysWow64\system32\avrt.dll

c:\windows\SysWow64\system32\cis-2.4.dll

c:\windows\SysWow64\system32\issacapi_bs-2.3.dll

c:\windows\SysWow64\system32\issacapi_pe-2.3.dll

c:\windows\SysWow64\system32\issacapi_se-2.3.dll

c:\windows\SysWow64\system32\MACXMLProto.dll

c:\windows\SysWow64\system32\MaDRM.dll

c:\windows\SysWow64\system32\MaJGUILib.dll

c:\windows\SysWow64\system32\MAMACExtract.dll

c:\windows\SysWow64\system32\MASetupCleaner.exe

c:\windows\SysWow64\system32\MaXMLProto.dll

c:\windows\SysWow64\system32\mfplat.dll

c:\windows\SysWow64\system32\MK_Lyric.dll

c:\windows\SysWow64\system32\MSCLib.dll

c:\windows\SysWow64\system32\MSFLib.dll

c:\windows\SysWow64\system32\MSLUR71.dll

c:\windows\SysWow64\system32\msvcp60.dll

c:\windows\SysWow64\system32\MTTELECHIP.dll

c:\windows\SysWow64\system32\MTXSYNCICON.dll

c:\windows\SysWow64\system32\muzaf1.dll

c:\windows\SysWow64\system32\muzapp.dll

c:\windows\SysWow64\system32\muzapp.exe

c:\windows\SysWow64\system32\muzdecode.ax

c:\windows\SysWow64\system32\muzeffect.ax

c:\windows\SysWow64\system32\muzmp4sp.ax

c:\windows\SysWow64\system32\muzmpgsp.ax

c:\windows\SysWow64\system32\muzoggsp.ax

c:\windows\SysWow64\system32\muzwmts.dll

c:\windows\SysWow64\system32\psapi.dll

.

----- File Replicators -----

.

c:\program files (x86)\Git\libexec\git-core\git-add.exe

c:\program files (x86)\Git\libexec\git-core\git-annotate.exe

c:\program files (x86)\Git\libexec\git-core\git-apply.exe

c:\program files (x86)\Git\libexec\git-core\git-archive.exe

c:\program files (x86)\Git\libexec\git-core\git-bisect--helper.exe

c:\program files (x86)\Git\libexec\git-core\git-blame.exe

c:\program files (x86)\Git\libexec\git-core\git-branch.exe

c:\program files (x86)\Git\libexec\git-core\git-bundle.exe

c:\program files (x86)\Git\libexec\git-core\git-cat-file.exe

c:\program files (x86)\Git\libexec\git-core\git-check-attr.exe

c:\program files (x86)\Git\libexec\git-core\git-check-ref-format.exe

c:\program files (x86)\Git\libexec\git-core\git-checkout-index.exe

c:\program files (x86)\Git\libexec\git-core\git-checkout.exe

c:\program files (x86)\Git\libexec\git-core\git-cherry-pick.exe

c:\program files (x86)\Git\libexec\git-core\git-cherry.exe

c:\program files (x86)\Git\libexec\git-core\git-clean.exe

c:\program files (x86)\Git\libexec\git-core\git-clone.exe

c:\program files (x86)\Git\libexec\git-core\git-commit-tree.exe

c:\program files (x86)\Git\libexec\git-core\git-commit.exe

c:\program files (x86)\Git\libexec\git-core\git-config.exe

c:\program files (x86)\Git\libexec\git-core\git-count-objects.exe

c:\program files (x86)\Git\libexec\git-core\git-describe.exe

c:\program files (x86)\Git\libexec\git-core\git-diff-files.exe

c:\program files (x86)\Git\libexec\git-core\git-diff-index.exe

c:\program files (x86)\Git\libexec\git-core\git-diff-tree.exe

c:\program files (x86)\Git\libexec\git-core\git-diff.exe

c:\program files (x86)\Git\libexec\git-core\git-fast-export.exe

c:\program files (x86)\Git\libexec\git-core\git-fetch-pack.exe

c:\program files (x86)\Git\libexec\git-core\git-fetch.exe

c:\program files (x86)\Git\libexec\git-core\git-fmt-merge-msg.exe

c:\program files (x86)\Git\libexec\git-core\git-for-each-ref.exe

c:\program files (x86)\Git\libexec\git-core\git-format-patch.exe

c:\program files (x86)\Git\libexec\git-core\git-fsck-objects.exe

c:\program files (x86)\Git\libexec\git-core\git-fsck.exe

c:\program files (x86)\Git\libexec\git-core\git-gc.exe

c:\program files (x86)\Git\libexec\git-core\git-get-tar-commit-id.exe

c:\program files (x86)\Git\libexec\git-core\git-grep.exe

c:\program files (x86)\Git\libexec\git-core\git-hash-object.exe

c:\program files (x86)\Git\libexec\git-core\git-help.exe

c:\program files (x86)\Git\libexec\git-core\git-index-pack.exe

c:\program files (x86)\Git\libexec\git-core\git-init-db.exe

c:\program files (x86)\Git\libexec\git-core\git-init.exe

c:\program files (x86)\Git\libexec\git-core\git-log.exe

c:\program files (x86)\Git\libexec\git-core\git-ls-files.exe

c:\program files (x86)\Git\libexec\git-core\git-ls-remote.exe

c:\program files (x86)\Git\libexec\git-core\git-ls-tree.exe

c:\program files (x86)\Git\libexec\git-core\git-mailinfo.exe

c:\program files (x86)\Git\libexec\git-core\git-mailsplit.exe

c:\program files (x86)\Git\libexec\git-core\git-merge-base.exe

c:\program files (x86)\Git\libexec\git-core\git-merge-file.exe

c:\program files (x86)\Git\libexec\git-core\git-merge-index.exe

c:\program files (x86)\Git\libexec\git-core\git-merge-ours.exe

c:\program files (x86)\Git\libexec\git-core\git-merge-recursive.exe

c:\program files (x86)\Git\libexec\git-core\git-merge-subtree.exe

c:\program files (x86)\Git\libexec\git-core\git-merge-tree.exe

c:\program files (x86)\Git\libexec\git-core\git-merge.exe

c:\program files (x86)\Git\libexec\git-core\git-mktag.exe

c:\program files (x86)\Git\libexec\git-core\git-mktree.exe

c:\program files (x86)\Git\libexec\git-core\git-mv.exe

c:\program files (x86)\Git\libexec\git-core\git-name-rev.exe

c:\program files (x86)\Git\libexec\git-core\git-notes.exe

c:\program files (x86)\Git\libexec\git-core\git-pack-objects.exe

c:\program files (x86)\Git\libexec\git-core\git-pack-redundant.exe

c:\program files (x86)\Git\libexec\git-core\git-pack-refs.exe

c:\program files (x86)\Git\libexec\git-core\git-patch-id.exe

c:\program files (x86)\Git\libexec\git-core\git-peek-remote.exe

c:\program files (x86)\Git\libexec\git-core\git-prune-packed.exe

c:\program files (x86)\Git\libexec\git-core\git-prune.exe

c:\program files (x86)\Git\libexec\git-core\git-push.exe

c:\program files (x86)\Git\libexec\git-core\git-read-tree.exe

c:\program files (x86)\Git\libexec\git-core\git-receive-pack.exe

c:\program files (x86)\Git\libexec\git-core\git-reflog.exe

c:\program files (x86)\Git\libexec\git-core\git-remote-ext.exe

c:\program files (x86)\Git\libexec\git-core\git-remote-fd.exe

c:\program files (x86)\Git\libexec\git-core\git-remote.exe

c:\program files (x86)\Git\libexec\git-core\git-replace.exe

c:\program files (x86)\Git\libexec\git-core\git-repo-config.exe

c:\program files (x86)\Git\libexec\git-core\git-rerere.exe

c:\program files (x86)\Git\libexec\git-core\git-reset.exe

c:\program files (x86)\Git\libexec\git-core\git-rev-list.exe

c:\program files (x86)\Git\libexec\git-core\git-rev-parse.exe

c:\program files (x86)\Git\libexec\git-core\git-revert.exe

c:\program files (x86)\Git\libexec\git-core\git-rm.exe

c:\program files (x86)\Git\libexec\git-core\git-send-pack.exe

c:\program files (x86)\Git\libexec\git-core\git-shortlog.exe

c:\program files (x86)\Git\libexec\git-core\git-show-branch.exe

c:\program files (x86)\Git\libexec\git-core\git-show-ref.exe

c:\program files (x86)\Git\libexec\git-core\git-show.exe

c:\program files (x86)\Git\libexec\git-core\git-stage.exe

c:\program files (x86)\Git\libexec\git-core\git-status.exe

c:\program files (x86)\Git\libexec\git-core\git-stripspace.exe

c:\program files (x86)\Git\libexec\git-core\git-symbolic-ref.exe

c:\program files (x86)\Git\libexec\git-core\git-tag.exe

c:\program files (x86)\Git\libexec\git-core\git-tar-tree.exe

c:\program files (x86)\Git\libexec\git-core\git-unpack-file.exe

c:\program files (x86)\Git\libexec\git-core\git-unpack-objects.exe

c:\program files (x86)\Git\libexec\git-core\git-update-index.exe

c:\program files (x86)\Git\libexec\git-core\git-update-ref.exe

c:\program files (x86)\Git\libexec\git-core\git-update-server-info.exe

c:\program files (x86)\Git\libexec\git-core\git-upload-archive.exe

c:\program files (x86)\Git\libexec\git-core\git-var.exe

c:\program files (x86)\Git\libexec\git-core\git-verify-pack.exe

c:\program files (x86)\Git\libexec\git-core\git-verify-tag.exe

c:\program files (x86)\Git\libexec\git-core\git-whatchanged.exe

c:\program files (x86)\Git\libexec\git-core\git-write-tree.exe

c:\program files (x86)\Git\libexec\git-core\git.exe

c:\windows\Installer\{00A53800-BA75-3E9E-BD52-10171E5640B6}\ARPPRODUCTICON.exe

c:\windows\Installer\{04098274-E98C-86E3-1B2C-50E32E561DF5}\ARPPRODUCTICON.exe

c:\windows\Installer\{0502C9CA-D1A3-B741-2F0B-A4E6CDDFEF0E}\ARPPRODUCTICON.exe

c:\windows\Installer\{28B14C2C-B62F-E50C-EECD-97FF3C1ED3CE}\ARPPRODUCTICON.exe

c:\windows\Installer\{2D049D1D-CA58-9652-B7C6-19CB98649923}\ARPPRODUCTICON.exe

c:\windows\Installer\{33DFAA69-9EF2-F12B-C6F5-4AF9FD445CF6}\ARPPRODUCTICON.exe

c:\windows\Installer\{44E3AB6B-453B-8DAE-9777-1C48F5AB8965}\NewShortcut2_3B1A0823966A48909E77539C330FBF6E.exe

c:\windows\Installer\{44E3AB6B-453B-8DAE-9777-1C48F5AB8965}\NewShortcut3_3B1A0823966A48909E77539C330FBF6E.exe

c:\windows\Installer\{44E3AB6B-453B-8DAE-9777-1C48F5AB8965}\NewShortcut4_3B1A0823966A48909E77539C330FBF6E.exe

c:\windows\Installer\{44E3AB6B-453B-8DAE-9777-1C48F5AB8965}\NewShortcut5_3B1A0823966A48909E77539C330FBF6E.exe

c:\windows\Installer\{480DCAD1-8670-66EA-8EBA-178047059A13}\ARPPRODUCTICON.exe

c:\windows\Installer\{49033FF4-8C1C-0EB9-C0A6-4691CB18D0A4}\ARPPRODUCTICON.exe

c:\windows\Installer\{4EA540A5-03BD-9B22-A3DD-E7BDCD879D70}\ARPPRODUCTICON.exe

c:\windows\Installer\{5E58CCDF-4A36-453F-A091-DA8F8D1643B5}\ARPPRODUCTICON.exe

c:\windows\Installer\{60070423-DE0B-59FF-D4B7-16BDB8957864}\ARPPRODUCTICON.exe

c:\windows\Installer\{74FBB537-8915-329D-393E-FDB7DC69A339}\ARPPRODUCTICON.exe

c:\windows\Installer\{755F4903-030D-B017-30F2-4D5BE92C8D38}\ARPPRODUCTICON.exe

c:\windows\Installer\{896C4E12-4857-9715-9F9D-249561D2D7EE}\ARPPRODUCTICON.exe

c:\windows\Installer\{8D0A0350-B509-B362-4827-63E4C6520E7B}\NewShortcut2_3B1A0823966A48909E77539C330FBF6E.exe

c:\windows\Installer\{8D0A0350-B509-B362-4827-63E4C6520E7B}\NewShortcut3_3B1A0823966A48909E77539C330FBF6E.exe

c:\windows\Installer\{8D0A0350-B509-B362-4827-63E4C6520E7B}\NewShortcut4_3B1A0823966A48909E77539C330FBF6E.exe

c:\windows\Installer\{8D0A0350-B509-B362-4827-63E4C6520E7B}\NewShortcut5_3B1A0823966A48909E77539C330FBF6E.exe

c:\windows\Installer\{968298EC-86D4-8F84-5ABC-E976C5CDA417}\ARPPRODUCTICON.exe

c:\windows\Installer\{A79024ED-1969-334A-1ED6-16753F9DE377}\ARPPRODUCTICON.exe

c:\windows\Installer\{BBDD3C95-E069-E346-6D1B-CC76AE448550}\ARPPRODUCTICON.exe

c:\windows\Installer\{C27D5B91-DA53-3AEB-5CD5-5F6E0C87459A}\ARPPRODUCTICON.exe

c:\windows\Installer\{C27D5B91-DA53-3AEB-5CD5-5F6E0C87459A}\NewShortcut2_3B1A0823966A48909E77539C330FBF6E.exe

c:\windows\Installer\{C27D5B91-DA53-3AEB-5CD5-5F6E0C87459A}\NewShortcut3_3B1A0823966A48909E77539C330FBF6E.exe

c:\windows\Installer\{C27D5B91-DA53-3AEB-5CD5-5F6E0C87459A}\NewShortcut4_3B1A0823966A48909E77539C330FBF6E.exe

c:\windows\Installer\{C27D5B91-DA53-3AEB-5CD5-5F6E0C87459A}\NewShortcut5_3B1A0823966A48909E77539C330FBF6E.exe

c:\windows\Installer\{C57C21C0-CE1B-26D5-1215-B26862051F6F}\ARPPRODUCTICON.exe

c:\windows\Installer\{C86CB1B1-4BD0-7BFB-88CF-76762C8CE1D3}\ARPPRODUCTICON.exe

c:\windows\Installer\{CD05F1BC-FC63-1E93-4094-82BC33662E76}\ARPPRODUCTICON.exe

c:\windows\Installer\{D61F78AF-A111-9DAE-8368-E3230B168F03}\ARPPRODUCTICON.exe

c:\windows\Installer\{D629D8F0-CA96-11ED-FEAC-38C95F24F4E3}\ARPPRODUCTICON.exe

c:\windows\Installer\{D8CABEA0-CAFB-9320-5F46-EAF31535203F}\ARPPRODUCTICON.exe

c:\windows\Installer\{F9941E63-AB58-1382-BC5D-545C4A2AA9B1}\ARPPRODUCTICON.exe

c:\windows\Installer\{FC3FEC23-8BBB-CA39-DD99-C981F25A5D39}\ARPPRODUCTICON.exe

c:\windows\Installer\{FC8292ED-7E61-4370-15D1-60171263AA1D}\ARPPRODUCTICON.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-04-08 to 2012-05-08 )))))))))))))))))))))))))))))))

.

.

2012-05-08 19:17 . 2012-05-08 19:17 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-05-08 16:03 . 2012-05-08 16:03 -------- d-----w- c:\users\Lucas\AppData\Local\Splashtop

2012-05-07 17:43 . 2012-05-07 17:43 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AE2D88D5-D09F-42D6-8C84-D965EB4F2FC9}\offreg.dll

2012-05-07 14:57 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AE2D88D5-D09F-42D6-8C84-D965EB4F2FC9}\mpengine.dll

2012-05-06 22:19 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-05-04 07:41 . 2012-05-04 07:41 -------- d-----w- c:\users\Lucas\AppData\Roaming\dvdcss

2012-05-01 10:00 . 2012-05-01 10:00 -------- d-----w- c:\program files (x86)\Microsoft Security Client

2012-04-17 06:40 . 2012-04-17 06:51 -------- d-----w- c:\program files (x86)\OpenDNS Updater

2012-04-17 06:16 . 2012-04-17 06:16 -------- d-----w- c:\users\Lucas\AppData\Roaming\OpenDNS Updater

2012-04-17 05:39 . 2012-02-24 09:14 99384 ----a-w- c:\windows\system32\drivers\ssudbus.sys

2012-04-17 05:39 . 2012-02-24 09:14 203320 ----a-w- c:\windows\system32\drivers\ssudmdm.sys

2012-04-17 03:31 . 2009-07-14 01:41 332288 ----a-w- c:\windows\system32\uxtheme.dll.backup

2012-04-17 03:31 . 2010-11-21 03:23 2851840 ----a-w- c:\windows\system32\themeui.dll.backup

2012-04-17 03:31 . 2009-07-14 01:41 44544 ----a-w- c:\windows\system32\themeservice.dll.backup

2012-04-12 03:57 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-04-12 03:57 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-04-12 03:57 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-04-12 03:57 . 2012-04-12 03:57 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help

2012-04-12 03:55 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-04-12 03:55 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll

2012-04-12 03:55 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll

2012-04-12 03:55 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll

2012-04-12 03:55 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-04-12 03:55 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll

2012-04-12 03:55 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll

2012-04-10 04:04 . 2012-04-10 04:04 -------- d-----w- c:\users\Lucas\AppData\Roaming\ASUS WebStorage

2012-04-10 04:04 . 2012-04-10 04:04 -------- d-----w- c:\programdata\ASUS WebStorage

2012-04-10 04:04 . 2012-04-10 04:06 -------- d-----w- c:\users\Lucas\AppData\Roaming\ASUS

2012-04-10 04:04 . 2012-04-10 04:06 -------- d-----w- c:\program files (x86)\ASUS

2012-04-10 04:03 . 2012-04-10 04:03 -------- d-----w- c:\program files\ASUS

2012-04-10 04:03 . 2012-04-10 04:03 -------- d-----w- c:\program files (x86)\MSXML 4.0

2012-04-10 04:01 . 2012-04-10 04:01 -------- d-----w- c:\users\Lucas\AppData\Roaming\eCareme

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-06 23:55 . 2012-04-04 04:42 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-05-06 23:55 . 2011-08-14 19:59 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-05-06 23:55 . 2012-04-04 04:55 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2012-04-04 22:56 . 2011-12-24 07:03 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-29 05:11 . 2012-02-22 04:06 4659712 ----a-w- c:\windows\SysWow64\Redemption.dll

2012-03-29 05:11 . 2012-03-29 05:11 45320 ----a-w- c:\windows\SysWow64\MAMACExtract.dll

2012-03-29 05:11 . 2012-02-22 04:06 821824 ----a-w- c:\windows\SysWow64\dgderapi.dll

2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\SysWow64\GPhotos.scr

2012-03-21 03:44 . 2011-04-27 23:25 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys

2012-03-21 03:44 . 2011-04-18 21:18 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys

2012-03-11 22:54 . 2012-02-04 10:11 1626 ----a-w- c:\users\Lucas\AppData\Local\auto_install.bat

2012-03-11 22:54 . 2012-02-04 10:11 1481 ----a-w- c:\users\Lucas\AppData\Local\dc.bat

2012-03-11 22:54 . 2012-02-04 10:11 1288 ----a-w- c:\users\Lucas\AppData\Local\cc.bat

2012-02-17 06:38 . 2012-03-15 06:00 1031680 ----a-w- c:\windows\system32\rdpcore.dll

2012-02-17 05:34 . 2012-03-15 06:00 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll

2012-02-17 04:58 . 2012-03-15 06:00 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-02-17 04:57 . 2012-03-15 06:00 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-02-15 18:01 . 2012-02-15 18:01 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys

2012-02-15 18:01 . 2012-02-15 18:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll

2012-02-14 19:09 . 2012-02-14 19:09 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX

2012-02-10 14:39 . 2012-02-10 14:39 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{41EF12EC-2857-4EAC-8891-1C8836ABE417}\gapaengine.dll

2012-02-10 06:36 . 2012-03-15 06:00 1544192 ----a-w- c:\windows\system32\DWrite.dll

2012-02-10 05:38 . 2012-03-15 06:00 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll

2012-02-09 04:26 . 2012-02-09 04:26 45056 ----a-r- c:\users\Lucas\AppData\Roaming\Microsoft\Installer\{90932C65-D68E-4257-AEE8-EBBFC36AC601}\NewShortcut9_2F6B7414C56A4A8F8A759ACC21BA185D.exe

2012-02-09 04:26 . 2012-02-09 04:26 45056 ----a-r- c:\users\Lucas\AppData\Roaming\Microsoft\Installer\{90932C65-D68E-4257-AEE8-EBBFC36AC601}\NewShortcut8_5DF58E2DB9BC441F8ACA06CDD068ADBD.exe

2012-02-09 04:26 . 2012-02-09 04:26 45056 ----a-r- c:\users\Lucas\AppData\Roaming\Microsoft\Installer\{90932C65-D68E-4257-AEE8-EBBFC36AC601}\NewShortcut7_5DF58E2DB9BC441F8ACA06CDD068ADBD.exe

2012-02-09 04:26 . 2012-02-09 04:26 90112 ----a-r- c:\users\Lucas\AppData\Roaming\Microsoft\Installer\{90932C65-D68E-4257-AEE8-EBBFC36AC601}\ARPPRODUCTICON.exe

2012-02-09 04:26 . 2012-02-09 04:26 45056 ----a-r- c:\users\Lucas\AppData\Roaming\Microsoft\Installer\{90932C65-D68E-4257-AEE8-EBBFC36AC601}\NewShortcut6_5DF58E2DB9BC441F8ACA06CDD068ADBD.exe

2012-02-09 04:26 . 2012-02-09 04:26 45056 ----a-r- c:\users\Lucas\AppData\Roaming\Microsoft\Installer\{90932C65-D68E-4257-AEE8-EBBFC36AC601}\NewShortcut5_5DF58E2DB9BC441F8ACA06CDD068ADBD.exe

2012-02-09 04:26 . 2012-02-09 04:26 45056 ----a-r- c:\users\Lucas\AppData\Roaming\Microsoft\Installer\{90932C65-D68E-4257-AEE8-EBBFC36AC601}\NewShortcut4_5DF58E2DB9BC441F8ACA06CDD068ADBD.exe

2012-02-09 04:26 . 2012-02-09 04:26 45056 ----a-r- c:\users\Lucas\AppData\Roaming\Microsoft\Installer\{90932C65-D68E-4257-AEE8-EBBFC36AC601}\NewShortcut3_5DF58E2DB9BC441F8ACA06CDD068ADBD.exe

2012-02-09 04:26 . 2012-02-09 04:26 45056 ----a-r- c:\users\Lucas\AppData\Roaming\Microsoft\Installer\{90932C65-D68E-4257-AEE8-EBBFC36AC601}\NewShortcut2_5DF58E2DB9BC441F8ACA06CDD068ADBD.exe

2012-02-09 04:26 . 2012-02-09 04:26 45056 ----a-r- c:\users\Lucas\AppData\Roaming\Microsoft\Installer\{90932C65-D68E-4257-AEE8-EBBFC36AC601}\NewShortcut1_5DF58E2DB9BC441F8ACA06CDD068ADBD.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]

@="{C5994560-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]

@="{C5994561-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]

@="{C5994562-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]

@="{C5994563-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]

@="{C5994564-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]

@="{C5994565-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]

@="{C5994566-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]

@="{C5994567-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]

@="{C5994568-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"envyTouchPad"="c:\apps\envyTouchPad.exe" [2011-06-17 402944]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]

"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2012-01-09 113288]

"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-02-15 94264]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-29 336384]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]

"FLxHCIm"="c:\program files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\i386_host\FLxHCIm.exe" [2011-05-13 38912]

"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2011-07-11 574008]

"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]

"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2011-03-30 87336]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-07 421736]

.

c:\users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Lucas\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-4-26 27264496]

Launchy.lnk - c:\program files (x86)\Launchy\Launchy.exe [2012-2-25 405504]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-01-24 901184]

R2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-01-24 991296]

R2 CLKMSVC10_38F51D56;CyberLink Product - 2012/01/08 22:36;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2011-02-25 241648]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-06 257696]

R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [x]

R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-01-24 1298496]

R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [x]

R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]

R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864]

R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]

R3 massfilter_hs;ZTE HandSet Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys [x]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-24 129976]

R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-07-28 340240]

R3 Nbdrv;NetBalancer;c:\windows\system32\DRIVERS\nbdrv.sys [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-27 291696]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]

R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]

R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]

R3 zgwhsdiag;ZTE WCDMA Handset Diagnostic Port;c:\windows\system32\DRIVERS\zgwhsdiag.sys [x]

R3 zgwhsmdm;ZTE WCDMA Handset USB Modem;c:\windows\system32\DRIVERS\zgwhsmdm.sys [x]

R3 zgwhsnmea;WCDMA Handset NMEA Port;c:\windows\system32\DRIVERS\zgwhsnmea.sys [x]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]

S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]

S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-07-19 146816]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2012-01-09 89600]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-09-01 1166848]

S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-06-03 134928]

S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-07-20 260424]

S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-09-02 227896]

S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]

S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-07-11 26680]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592]

S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-01-09 2413056]

S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-26 13672]

S2 nlscc;Nalpeiron X64 Service;c:\windows\system32\nlsInterface.exe [x]

S2 NovacomD;Palm Novacom;c:\program files\Palm, Inc\novacomd\amd64\novacomd.exe [2011-03-15 71168]

S2 SplashtopRemoteService;Splashtop® Remote Service;c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2012-02-09 531328]

S2 SSUService;Splashtop Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2012-03-15 370504]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-24 2656280]

S3 ALSysIO;ALSysIO;c:\users\Lucas\AppData\Local\Temp\ALSysIO64.sys [x]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [x]

S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]

S3 hpCMSrv;HP Connection Manager 4.0 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-02-15 1071160]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]

S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 45281131

*Deregistered* - 45281131

*Deregistered* - CLKMDRV10_38F51D56

.

Contents of the 'Scheduled Tasks' folder

.

2012-05-08 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 23:55]

.

2012-05-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1039735209-2586580631-372817727-1001Core.job

- c:\users\Lucas\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-10 06:15]

.

2012-05-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1039735209-2586580631-372817727-1001UA.job

- c:\users\Lucas\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-10 06:15]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]

@="{C5994560-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]

@="{C5994561-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]

@="{C5994562-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]

@="{C5994563-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]

@="{C5994564-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]

@="{C5994565-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]

@="{C5994566-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]

@="{C5994567-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]

@="{C5994568-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-01-24 10355200]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-16 168216]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-16 392472]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-16 416024]

"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-07-28 1935120]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-01-09 1128448]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 1271168]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105

Trusted Zone: box.net\www

Trusted Zone: intuit.com\ttlc

TCP: DhcpNameServer = 10.10.1.1

FF - ProfilePath - c:\users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\3s2yhtu7.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

.

- - - - ORPHANS REMOVED - - - -

.

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

AddRemove-dBpoweramp DSP Effects - c:\windows\system32\SpoonUninstall.exe

AddRemove-dBpoweramp m4a Codec - c:\windows\system32\SpoonUninstall.exe

AddRemove-dBpoweramp Midi Decoder - c:\windows\system32\SpoonUninstall.exe

AddRemove-dBpoweramp Music Converter - c:\windows\system32\SpoonUninstall.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90,

43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87

"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,

1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7

"{8590886E-EC8C-43C1-A32C-E4C2B0B6395B}"=hex:51,66,7a,6c,4c,1d,38,12,00,8b,83,

81,be,a2,af,06,dc,3a,a7,82,b5,e8,7d,4f

"{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f,

aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04

"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,

b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb

"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,

df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd

"{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,38,12,89,1d,84,

f0,92,94,3d,05,e6,72,25,1d,8b,b8,e4,63

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:8f,f1,96,74,17,cd,cc,01

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,99,3f,18,39,7c,e9,4e,44,98,02,77,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,99,3f,18,39,7c,e9,4e,44,98,02,77,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]

"Version"=hex:4c,78,f1,91,2b,8c,74,9a,be,26,86,c9,8f,aa,fc,08,68,77,a3,e5,67,

64,1f,06,f8,ab,66,35,71,0f,8b,8f,51,7d,40,ce,99,7c,60,35,5b,2b,5b,ce,8c,33,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-05-08 12:19:19

ComboFix-quarantined-files.txt 2012-05-08 19:19

.

Pre-Run: 81,889,263,616 bytes free

Post-Run: 81,236,934,656 bytes free

.

- - End Of File - - 4BC7FE9EDE7CB692B5116452E675A398

Share this post


Link to post
Share on other sites

Please Update and run a Quick Scan with MBAM, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how it is, MrC

Share this post


Link to post
Share on other sites

Found this and removing now. Log will be posted below. It's odd that MBAM didn't detect this before right? Or was the system so heavily messed up it prevented MBAM from detecting it? I want to try to figure out how we knew the steps to take so that in future I can be better informed. Also, do you think my passwords have been risked?

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.05.08.02

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Lucas :: DEATHWING [administrator]

5/8/2012 8:14:04 PM

mbam-log-2012-05-08 (20-14-04).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 201952

Time elapsed: 2 minute(s), 51 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Users\Lucas\AppData\Roaming\.minecraft\.minecraft\sqduxv.dll (Trojan.Happili.XGen) -> Quarantined and deleted successfully.

(end)

Share this post


Link to post
Share on other sites

RogueKiller found similar malware before:

[bLACKLIST DLL] HKUS\S-1-5-19[...]\Run : Update (rundll32.exe "C:\Users\Lucas\AppData\Roaming\.minecraft\.minecraft\ulbzyvwiq.dll",DllRegisterServer) -> FOUND

[bLACKLIST DLL] HKUS\S-1-5-20[...]\Run : Update (rundll32.exe "C:\Users\Lucas\AppData\Roaming\.minecraft\.minecraft\ulbzyvwiq.dll",DllRegisterServer) -> FOUND

Please run another scan with RogueKiller and post the log, MrC

Share this post


Link to post
Share on other sites

RogueKiller V7.4.4 [05/08/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: Lucas [Admin rights]

Mode: Scan -- Date: 05/09/2012 07:26:55

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 2 ¤¤¤

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK7575GSX +++++

--- User ---

[MBR] b27ea8f791f5b651de5b587eaa78abc7

[bSP] 6abcc5b31419a117d0832257e7d591e9 : Linux MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 190000 Mo

2 - [XXXXXX] EXTEN (0x05) [VISIBLE] Offset (sectors): 389531646 | Size: 525203 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

Share this post


Link to post
Share on other sites

OK...that looks fine.

-------------------------

Please download Listparts64

Run the tool, click Scan and post the log (Result.txt) it makes

-----------------------

Download aswMBR to your desktop.

http://public.avast.com/~gmerek/aswMBR.exe

Double click the aswMBR.exe to run it.

If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".

Click the "Scan" button to start scan.

On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

Please zip it up and attach it to your next post. (MBR.dat)

MrC

Share this post


Link to post
Share on other sites

ListParts by Farbar Version: 12-03-2012 03

Ran by Lucas (administrator) on 09-05-2012 at 09:39:38

Windows 7 (X64)

Running From: D:\Dropbox

Language: 0409

************************************************************

========================= Memory info ======================

Percentage of memory in use: 36%

Total physical RAM: 6091.86 MB

Available physical RAM: 3850.05 MB

Total Pagefile: 12181.91 MB

Available Pagefile: 9340.02 MB

Total Virtual: 8192 MB

Available Virtual: 8191.89 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:185.55 GB) (Free:73.96 GB) NTFS ==>[system with boot components (obtained from reading drive)]

2 Drive d: () (Fixed) (Total:384.82 GB) (Free:336.3 GB) NTFS

4 Drive v: (Videos) (Network) (Total:465.76 GB) (Free:81.54 GB) NTFS

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 698 GB 2048 KB

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 199 MB 1024 KB

Partition 2 Primary 185 GB 200 MB

Partition 0 Extended 512 GB 185 GB

Partition 3 Logical 122 GB 185 GB

Partition 4 Logical 6144 MB 307 GB

Partition 5 Logical 384 GB 313 GB

======================================================================================================

Disk: 0

Partition 1

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 SYSTEM NTFS Partition 199 MB Healthy System (partition with boot components)

======================================================================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 C NTFS Partition 185 GB Healthy Boot

======================================================================================================

Disk: 0

Partition 3

Type : 83

Hidden: Yes

Active: No

There is no volume associated with this partition.

======================================================================================================

Disk: 0

Partition 4

Type : 82

Hidden: Yes

Active: No

There is no volume associated with this partition.

======================================================================================================

Disk: 0

Partition 5

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 3 D NTFS Partition 384 GB Healthy

======================================================================================================

****** End Of Log ******

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-05-09 09:40:51

-----------------------------

09:40:51.036 OS Version: Windows x64 6.1.7601 Service Pack 1

09:40:51.037 Number of processors: 8 586 0x2A07

09:40:51.037 ComputerName: DEATHWING UserName: Lucas

09:40:51.686 Initialize success

10:00:45.624 AVAST engine defs: 12050900

10:05:17.355 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

10:05:17.357 Disk 0 Vendor: TOSHIBA_ GT00 Size: 715404MB BusType: 3

10:05:17.363 Disk 0 MBR read successfully

10:05:17.365 Disk 0 MBR scan

10:05:17.369 Disk 0 unknown MBR code

10:05:17.382 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048

10:05:17.397 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 190000 MB offset 409600

10:05:17.402 Disk 0 Partition - 00 05 Extended 525203 MB offset 389531646

10:05:17.416 Disk 0 Partition 3 00 83 Linux 125000 MB offset 389531648

10:05:17.421 Disk 0 Partition - 00 05 Extended 6145 MB offset 645531648

10:05:17.453 Disk 0 scanning C:\Windows\system32\drivers

10:05:24.895 Service scanning

10:05:57.217 Modules scanning

10:05:57.225 Disk 0 trace - called modules:

10:05:57.266 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys iaStor.sys hal.dll

10:05:57.271 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006b65790]

10:05:57.276 3 CLASSPNP.SYS[fffff88001d5343f] -> nt!IofCallDriver -> [0xfffffa8006a7ab10]

10:05:57.285 5 hpdskflt.sys[fffff88001cfa189] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800692e050]

10:05:57.944 AVAST engine scan C:\Windows

10:05:59.777 AVAST engine scan C:\Windows\system32

10:08:18.624 AVAST engine scan C:\Windows\system32\drivers

10:08:27.503 AVAST engine scan C:\Users\Lucas

10:14:44.918 AVAST engine scan C:\ProgramData

10:17:23.418 Scan finished successfully

10:44:10.001 Disk 0 MBR has been saved successfully to "C:\Users\Lucas\Desktop\MBR.dat"

10:44:10.006 The log file has been saved successfully to "C:\Users\Lucas\Desktop\aswMBR.txt"

MBR.zip

Share this post


Link to post
Share on other sites

I am dual booting Ubuntu Natively fyi, so the extended partition contains a 122 GB ext4, 6GB Swap and, the rest as NTFS Media storage.

Share this post


Link to post
Share on other sites

I was just checking for any active hidden partitions > There's none

The aswMBR scan is clean as well as the MBR.

Please do this......

Please Update and run a Quick Scan with MBAM, post the report.

Make sure that everything is checked, and click Remove Selected.

-----------------------

Then...

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com (<---renamed version)

Save it to your desktop.

Double click on the icon on your desktop.

Click the Scan All Users checkbox.

Push the Quick Scan button.

The scan will take about 10 minutes...depends on your hard drive size.

Two reports will open, copy and paste them in a reply here: (or attach them as .txt files)

OTL.txt <-- Will be opened

Extra.txt <-- Will be minimized

MrC

Share this post


Link to post
Share on other sites

OTL logfile created on: 5/9/2012 8:36:01 PM - Run 1

OTL by OldTimer - Version 3.2.42.3 Folder = C:\Users\Lucas\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.95 Gb Total Physical Memory | 3.04 Gb Available Physical Memory | 51.15% Memory free

11.90 Gb Paging File | 8.50 Gb Available in Paging File | 71.43% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 185.55 Gb Total Space | 73.48 Gb Free Space | 39.60% Space Free | Partition Type: NTFS

Drive D: | 384.82 Gb Total Space | 336.30 Gb Free Space | 87.39% Space Free | Partition Type: NTFS

Drive V: | 465.76 Gb Total Space | 81.28 Gb Free Space | 17.45% Space Free | Partition Type: NTFS

Computer Name: DEATHWING | User Name: Lucas | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/09 20:35:04 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Lucas\Desktop\OTL.exe

PRC - [2012/05/09 09:38:23 | 004,731,392 | ---- | M] (AVAST Software) -- D:\Dropbox\aswMBR.exe

PRC - [2012/05/04 11:41:36 | 027,087,944 | ---- | M] (Dropbox, Inc.) -- C:\Users\Lucas\AppData\Roaming\Dropbox\bin\Dropbox.exe

PRC - [2012/03/14 22:20:30 | 000,370,504 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe

PRC - [2012/02/15 10:32:12 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe

PRC - [2012/02/09 13:44:10 | 000,531,328 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe

PRC - [2012/02/09 13:44:06 | 002,509,184 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe

PRC - [2012/02/09 13:43:46 | 002,029,952 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\DataProxy.exe

PRC - [2012/01/08 23:08:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

PRC - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2011/09/01 18:06:50 | 000,227,896 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

PRC - [2011/08/25 18:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

PRC - [2011/08/19 15:48:44 | 000,379,960 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

PRC - [2011/07/20 05:07:50 | 000,260,424 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe

PRC - [2011/07/20 05:07:32 | 000,653,128 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe

PRC - [2011/07/20 05:07:06 | 000,142,664 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe

PRC - [2011/07/11 15:04:44 | 000,574,008 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

PRC - [2011/07/11 15:04:44 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

PRC - [2011/06/16 20:49:40 | 000,402,944 | ---- | M] () -- C:\Apps\envyTouchPad.exe

PRC - [2011/05/20 11:10:26 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

PRC - [2011/05/20 11:10:12 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

PRC - [2011/03/30 15:01:10 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe

PRC - [2011/03/08 12:21:10 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe

PRC - [2011/02/15 15:48:52 | 001,071,160 | ---- | M] (Hewlett-Packard Development Company L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe

PRC - [2011/01/24 15:34:06 | 000,991,296 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe

PRC - [2011/01/24 15:34:04 | 001,298,496 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe

PRC - [2011/01/24 15:33:30 | 000,901,184 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe

PRC - [2011/01/24 15:33:24 | 000,979,008 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe

PRC - [2010/12/23 18:25:02 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

PRC - [2010/12/23 18:24:58 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

PRC - [2010/11/10 20:28:40 | 000,405,504 | ---- | M] () -- C:\Program Files (x86)\Launchy\Launchy.exe

PRC - [2010/11/01 18:35:30 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\ASTSRV.EXE

PRC - [2010/03/23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe

========== Modules (No Company Name) ==========

MOD - [2012/04/27 19:07:01 | 000,444,400 | ---- | M] () -- C:\Users\Lucas\AppData\Local\Google\Chrome\Application\18.0.1025.168\ppgooglenaclpluginchrome.dll

MOD - [2012/04/27 19:06:59 | 003,915,248 | ---- | M] () -- C:\Users\Lucas\AppData\Local\Google\Chrome\Application\18.0.1025.168\pdf.dll

MOD - [2012/04/27 19:05:45 | 000,544,240 | ---- | M] () -- C:\Users\Lucas\AppData\Local\Google\Chrome\Application\18.0.1025.168\libglesv2.dll

MOD - [2012/04/27 19:05:44 | 000,117,744 | ---- | M] () -- C:\Users\Lucas\AppData\Local\Google\Chrome\Application\18.0.1025.168\libegl.dll

MOD - [2012/04/27 19:05:34 | 000,122,880 | ---- | M] () -- C:\Users\Lucas\AppData\Local\Google\Chrome\Application\18.0.1025.168\avutil-51.dll

MOD - [2012/04/27 19:05:33 | 000,220,672 | ---- | M] () -- C:\Users\Lucas\AppData\Local\Google\Chrome\Application\18.0.1025.168\avformat-53.dll

MOD - [2012/04/27 19:05:32 | 001,747,456 | ---- | M] () -- C:\Users\Lucas\AppData\Local\Google\Chrome\Application\18.0.1025.168\avcodec-53.dll

MOD - [2012/04/27 18:09:18 | 008,743,584 | ---- | M] () -- C:\Users\Lucas\AppData\Local\Google\Chrome\Application\18.0.1025.168\gcswf32.dll

MOD - [2012/04/12 19:48:35 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\0642b0c04fa10e6986baf58cf1580879\IAStorUtil.ni.dll

MOD - [2012/04/12 06:41:40 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\507b4ca18da9d2fde2e51a1f04593443\System.Web.ni.dll

MOD - [2012/04/12 06:41:04 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\262285b3d0afafc5059f3fe9be69bff5\System.Windows.Forms.ni.dll

MOD - [2012/04/12 06:40:56 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8177623eac8f15cf95b587625439eac7\System.Drawing.ni.dll

MOD - [2012/04/11 21:02:15 | 013,197,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\bf4d4ad3e86281bc3924d74f4e716322\System.Windows.Forms.ni.dll

MOD - [2012/04/11 21:02:06 | 001,665,536 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\ab9feeb2817859457fc06c4c06f32fe1\System.Drawing.ni.dll

MOD - [2012/03/11 15:40:54 | 007,070,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\9bf91363906fc418ea34b30d7bf825b9\System.Core.ni.dll

MOD - [2012/03/11 15:40:45 | 009,092,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\26430b84dfd15f788b0e39dce71ef5d1\System.ni.dll

MOD - [2012/03/11 15:40:39 | 014,414,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\fe6b346d83857a3f02bda63332e66642\mscorlib.ni.dll

MOD - [2012/02/15 08:09:11 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll

MOD - [2012/02/15 08:08:27 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll

MOD - [2012/02/15 08:08:21 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll

MOD - [2012/02/15 08:08:18 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll

MOD - [2012/02/15 08:08:17 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll

MOD - [2012/02/09 10:25:14 | 000,071,352 | ---- | M] () -- C:\Program Files\TortoiseGit\bin\zlib132.dll

MOD - [2012/02/09 10:25:08 | 000,227,512 | ---- | M] () -- C:\Program Files\TortoiseGit\bin\libgit232.dll

MOD - [2012/01/08 23:14:35 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\91fa5cc7230b88e3e42b3bccd198f681\IAStorCommon.ni.dll

MOD - [2011/10/15 18:33:43 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll

MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2011/06/16 20:49:40 | 000,402,944 | ---- | M] () -- C:\Apps\envyTouchPad.exe

MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

MOD - [2010/11/10 20:28:40 | 000,405,504 | ---- | M] () -- C:\Program Files (x86)\Launchy\Launchy.exe

MOD - [2010/11/05 16:08:00 | 000,118,784 | ---- | M] () -- C:\Program Files (x86)\Launchy\plugins\calcy.dll

MOD - [2010/11/05 16:03:42 | 000,122,880 | ---- | M] () -- C:\Program Files (x86)\Launchy\plugins\weby.dll

MOD - [2010/08/24 19:40:48 | 000,106,496 | ---- | M] () -- C:\Program Files (x86)\Launchy\plugins\runner.dll

MOD - [2010/08/24 19:40:48 | 000,030,208 | ---- | M] () -- C:\Program Files (x86)\Launchy\plugins\gcalc.dll

MOD - [2010/08/24 19:40:22 | 000,043,520 | ---- | M] () -- C:\Program Files (x86)\Launchy\plugins\verby.dll

MOD - [2010/08/24 19:40:08 | 000,110,592 | ---- | M] () -- C:\Program Files (x86)\Launchy\plugins\controly.dll

MOD - [2009/12/17 01:18:48 | 000,233,472 | ---- | M] () -- C:\Program Files (x86)\Launchy\imageformats\qmng4.dll

MOD - [2009/12/16 23:13:02 | 008,314,880 | ---- | M] () -- C:\Program Files (x86)\Launchy\QtGui4.dll

MOD - [2009/12/16 22:56:22 | 000,712,704 | ---- | M] () -- C:\Program Files (x86)\Launchy\QtNetwork4.dll

MOD - [2009/12/16 22:54:46 | 002,236,416 | ---- | M] () -- C:\Program Files (x86)\Launchy\QtCore4.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)

SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)

SRV:64bit: - [2012/01/08 23:14:50 | 000,301,568 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)

SRV:64bit: - [2012/01/08 23:14:48 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)

SRV:64bit: - [2011/08/31 19:08:08 | 001,166,848 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)

SRV:64bit: - [2011/07/27 22:04:48 | 001,517,328 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel®

SRV:64bit: - [2011/07/27 21:48:34 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)

SRV:64bit: - [2011/07/27 21:44:18 | 000,844,560 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel®

SRV:64bit: - [2011/07/18 17:01:47 | 000,146,816 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)

SRV:64bit: - [2011/06/03 13:51:38 | 000,134,928 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr) Intel® Centrino® Wireless Bluetooth®

SRV:64bit: - [2011/05/13 18:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)

SRV:64bit: - [2011/05/08 17:25:40 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2011/03/15 16:35:18 | 000,071,168 | ---- | M] (Palm) [Auto | Running] -- C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe -- (NovacomD)

SRV:64bit: - [2010/11/01 18:35:30 | 000,072,192 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysNative\nlsInterface.EXE -- (nlscc)

SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2012/05/06 16:55:24 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/04/23 19:57:16 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012/03/14 22:20:30 | 000,370,504 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe -- (SSUService)

SRV - [2012/02/09 13:44:10 | 000,531,328 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe -- (SplashtopRemoteService)

SRV - [2012/01/08 23:13:14 | 002,413,056 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)

SRV - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2011/09/01 18:06:50 | 000,227,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)

SRV - [2011/08/25 18:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)

SRV - [2011/08/14 15:39:51 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2011/07/20 05:07:50 | 000,260,424 | ---- | M] (HP) [Auto | Running] -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe -- (FPLService)

SRV - [2011/07/11 15:04:44 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)

SRV - [2011/06/21 15:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)

SRV - [2011/05/20 11:10:26 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®

SRV - [2011/02/24 22:34:42 | 000,241,648 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe -- (CLKMSVC10_38F51D56)

SRV - [2011/02/15 15:48:52 | 001,071,160 | ---- | M] (Hewlett-Packard Development Company L.P.) [On_Demand | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe -- (hpCMSrv)

SRV - [2011/01/24 15:34:06 | 000,991,296 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)

SRV - [2011/01/24 15:34:04 | 001,298,496 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)

SRV - [2011/01/24 15:33:30 | 000,901,184 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)

SRV - [2010/12/23 18:25:02 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®

SRV - [2010/12/23 18:24:58 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®

SRV - [2010/11/01 18:35:30 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\ASTSRV.EXE -- (astcc)

SRV - [2010/03/23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)

SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)

DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2012/02/24 02:14:42 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.)

DRV:64bit: - [2012/02/24 02:14:42 | 000,099,384 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)

DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2012/01/08 23:14:50 | 000,528,384 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)

DRV:64bit: - [2012/01/08 23:13:14 | 000,338,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)

DRV:64bit: - [2012/01/08 23:09:02 | 008,604,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel®

DRV:64bit: - [2012/01/08 23:08:17 | 000,208,896 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)

DRV:64bit: - [2012/01/08 23:08:17 | 000,091,648 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)

DRV:64bit: - [2011/12/19 13:45:22 | 000,146,736 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)

DRV:64bit: - [2011/10/14 04:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2011/08/09 23:28:26 | 000,230,352 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)

DRV:64bit: - [2011/08/08 08:32:08 | 000,299,008 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)

DRV:64bit: - [2011/08/08 08:32:08 | 000,299,008 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)

DRV:64bit: - [2011/07/22 09:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)

DRV:64bit: - [2011/07/20 15:58:22 | 000,044,032 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)

DRV:64bit: - [2011/07/12 14:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)

DRV:64bit: - [2011/05/20 10:53:44 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2011/05/18 17:57:32 | 000,041,256 | ---- | M] (SeriousBit) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nbdrv.sys -- (Nbdrv)

DRV:64bit: - [2011/05/13 18:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)

DRV:64bit: - [2011/05/13 18:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)

DRV:64bit: - [2011/05/08 17:58:06 | 009,259,520 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)

DRV:64bit: - [2011/05/08 16:50:14 | 000,301,568 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2011/04/16 02:08:26 | 012,228,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)

DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011/02/16 18:11:08 | 000,428,136 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2011/02/16 17:46:36 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)

DRV:64bit: - [2011/01/24 02:24:52 | 000,058,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)

DRV:64bit: - [2010/11/20 20:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/11/20 20:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)

DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 20:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2010/10/19 17:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®

DRV:64bit: - [2010/10/15 02:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®

DRV:64bit: - [2010/07/28 09:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)

DRV:64bit: - [2010/07/14 07:25:38 | 000,344,616 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)

DRV:64bit: - [2010/03/23 13:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)

DRV:64bit: - [2010/02/08 08:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)

DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/13 17:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)

DRV:64bit: - [2009/06/10 14:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)

DRV:64bit: - [2009/06/10 14:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)

DRV:64bit: - [2009/06/10 14:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)

DRV:64bit: - [2009/06/10 13:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)

DRV:64bit: - [2009/06/10 13:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)

DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2008/11/16 18:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)

DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)

DRV - [2009/12/18 11:58:52 | 000,017,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys -- (cpudrv64)

DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1039735209-2586580631-372817727-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKU\S-1-5-21-1039735209-2586580631-372817727-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US

IE - HKU\S-1-5-21-1039735209-2586580631-372817727-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 78 67 C5 4F 21 57 CC 01 [binary data]

IE - HKU\S-1-5-21-1039735209-2586580631-372817727-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-1039735209-2586580631-372817727-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1039735209-2586580631-372817727-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.2.1: C:\Windows\system32\npDeployJava1.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.2.0: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Lucas\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Lucas\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Lucas\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Lucas\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/04/13 19:32:12 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/04/23 19:57:17 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/02/25 21:02:02 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2011/08/09 23:39:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lucas\AppData\Roaming\Mozilla\Extensions

[2012/05/01 23:28:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\3s2yhtu7.default\extensions

[2012/04/28 13:20:02 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\3s2yhtu7.default\extensions\https-everywhere@eff.org

[2012/02/25 21:03:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2011/08/10 00:00:18 | 000,000,000 | ---D | M] (TrueSuite Website Logon) -- C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com

[2012/04/23 19:57:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions

[2012/03/10 18:27:42 | 001,331,409 | ---- | M] () (No name found) -- C:\USERS\LUCAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3S2YHTU7.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI

[2012/03/10 18:27:42 | 000,195,719 | ---- | M] () (No name found) -- C:\USERS\LUCAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3S2YHTU7.DEFAULT\EXTENSIONS\ISREADITLATER@IDEASHOWER.COM.XPI

[2012/03/10 18:27:42 | 000,113,603 | ---- | M] () (No name found) -- C:\USERS\LUCAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3S2YHTU7.DEFAULT\EXTENSIONS\NOSQUINT@URANDOM.CA.XPI

[2012/04/23 19:57:16 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012/03/10 18:23:43 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012/03/10 18:23:43 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\Lucas\AppData\Local\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Lucas\AppData\Local\Google\Chrome\Application\18.0.1025.168\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Lucas\AppData\Local\Google\Chrome\Application\18.0.1025.168\gcswf32.dll

CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Lucas\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Lucas\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL

CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll

CHR - plugin: Java Platform SE 7 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll

CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll

CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Google Update (Enabled) = C:\Users\Lucas\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - Extension: Google Docs = C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\5.3.2_0\

CHR - Extension: YouTube = C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Adblock Plus (Beta) = C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\

CHR - Extension: Google Search = C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: Google Calendar = C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0\

CHR - Extension: Aside = C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkhbmdeeajbgkdpaiencghlmbgbkpdaa\1.1_0\

CHR - Extension: Google Chrome to Phone Extension = C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco\2.3.1_0\

CHR - Extension: SABconnect++ = C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\okphadhbbjadcifjplhifajfacbkkbod\0.5.8_0\

CHR - Extension: Weather Underground = C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjejbgheonogbpfkkjigbmahaljipoej\1.6_0\

CHR - Extension: Gmail = C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/05/08 12:17:11 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)

O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)

O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)

O4:64bit: - HKLM..\Run: [bTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [intelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)

O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)

O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found

O4 - HKLM..\Run: [FLxHCIm] C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\i386_host\FLxHCIm.exe (Windows ® Win 7 DDK provider)

O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)

O4 - HKLM..\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company L.P.)

O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)

O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)

O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)

O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)

O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)

O4 - HKU\S-1-5-21-1039735209-2586580631-372817727-1001..\Run: [envyTouchPad] C:\Apps\envyTouchPad.exe ()

O4 - Startup: C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Lucas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O4 - Startup: C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Launchy.lnk = C:\Program Files (x86)\Launchy\Launchy.exe ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1039735209-2586580631-372817727-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1039735209-2586580631-372817727-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1039735209-2586580631-372817727-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKU\S-1-5-21-1039735209-2586580631-372817727-1001\..Trusted Domains: box.net ([www] https in Trusted sites)

O15 - HKU\S-1-5-21-1039735209-2586580631-372817727-1001\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)

O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 10.2.0)

O16:64bit: - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)

O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0)

O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.10.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AF6477D5-C2C1-4A4A-958E-A9DEC6AA64BC}: DhcpNameServer = 10.10.1.1

O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/09 20:35:47 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Lucas\Desktop\OTL.exe

[2012/05/08 21:06:45 | 000,000,000 | ---D | C] -- C:\Users\Lucas\AppData\Local\Microsoft Games

[2012/05/08 20:13:02 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2012/05/08 19:33:40 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2012/05/08 12:09:45 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2012/05/08 12:09:45 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2012/05/08 12:09:45 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2012/05/08 12:09:42 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2012/05/08 12:09:39 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012/05/08 12:08:58 | 004,487,872 | R--- | C] (Swearware) -- C:\Users\Lucas\Desktop\ComboFix.exe

[2012/05/08 09:03:30 | 000,000,000 | ---D | C] -- C:\Users\Lucas\AppData\Local\Splashtop

[2012/05/08 08:41:07 | 000,000,000 | ---D | C] -- C:\Users\Lucas\Desktop\RK_Quarantine

[2012/05/04 00:41:48 | 000,000,000 | ---D | C] -- C:\Users\Lucas\AppData\Roaming\dvdcss

[2012/05/01 03:00:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client

[2012/04/16 23:40:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenDNS Updater

[2012/04/16 23:16:09 | 000,000,000 | ---D | C] -- C:\Users\Lucas\AppData\Roaming\OpenDNS Updater

[2012/04/16 22:39:39 | 000,203,320 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudmdm.sys

[2012/04/16 22:39:39 | 000,099,384 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudbus.sys

[2012/04/16 20:15:43 | 000,000,000 | ---D | C] -- C:\Users\Lucas\Desktop\Bilbo

[2012/04/09 21:04:48 | 000,000,000 | ---D | C] -- C:\Users\Lucas\Documents\Asus WebStorage

[2012/04/09 21:04:44 | 000,000,000 | ---D | C] -- C:\Users\Lucas\AppData\Roaming\ASUS WebStorage

[2012/04/09 21:04:41 | 000,000,000 | ---D | C] -- C:\ProgramData\ASUS WebStorage

[2012/04/09 21:04:23 | 000,000,000 | ---D | C] -- C:\Users\Lucas\AppData\Roaming\ASUS

[2012/04/09 21:04:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASUS

[2012/04/09 21:03:49 | 000,000,000 | ---D | C] -- C:\Program Files\ASUS

[2012/04/09 21:03:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0

[2012/04/09 21:01:47 | 000,000,000 | ---D | C] -- C:\Users\Lucas\AppData\Roaming\eCareme

[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/09 20:35:04 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Lucas\Desktop\OTL.exe

[2012/05/09 20:10:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1039735209-2586580631-372817727-1001UA.job

[2012/05/09 20:10:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1039735209-2586580631-372817727-1001Core.job

[2012/05/09 19:55:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/05/09 10:44:10 | 000,000,512 | ---- | M] () -- C:\Users\Lucas\Desktop\MBR.dat

[2012/05/09 08:32:11 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/05/09 08:32:11 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/05/09 06:34:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/05/08 21:42:37 | 000,000,600 | ---- | M] () -- C:\Users\Lucas\AppData\Local\PUTTY.RND

[2012/05/08 20:23:59 | 003,055,138 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/05/08 20:23:59 | 000,956,682 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/05/08 20:23:59 | 000,006,618 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/05/08 20:20:08 | 495,865,855 | -HS- | M] () -- C:\hiberfil.sys

[2012/05/08 20:14:50 | 000,001,050 | ---- | M] () -- C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

[2012/05/08 12:17:11 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2012/05/08 12:08:38 | 004,487,872 | R--- | M] (Swearware) -- C:\Users\Lucas\Desktop\ComboFix.exe

[2012/05/01 03:00:57 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif

[2012/05/01 03:00:51 | 000,006,584 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2012/04/17 19:32:49 | 000,001,456 | ---- | M] () -- C:\Users\Lucas\AppData\Local\Adobe Save for Web 12.0 Prefs

[2012/04/16 22:38:54 | 000,001,977 | ---- | M] () -- C:\Users\Lucas\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk

[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/09 10:44:10 | 000,000,512 | ---- | C] () -- C:\Users\Lucas\Desktop\MBR.dat

[2012/05/08 12:09:45 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2012/05/08 12:09:45 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2012/05/08 12:09:45 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2012/05/08 12:09:45 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2012/05/08 12:09:45 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2012/02/21 07:48:57 | 000,000,600 | ---- | C] () -- C:\Users\Lucas\AppData\Roaming\winscp.rnd

[2012/02/18 18:00:01 | 000,000,614 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

[2012/02/04 03:11:04 | 000,001,626 | ---- | C] () -- C:\Users\Lucas\AppData\Local\auto_install.bat

[2012/02/04 03:11:04 | 000,001,481 | ---- | C] () -- C:\Users\Lucas\AppData\Local\dc.bat

[2012/02/04 03:11:04 | 000,001,288 | ---- | C] () -- C:\Users\Lucas\AppData\Local\cc.bat

[2012/01/17 22:00:26 | 000,000,079 | ---- | C] () -- C:\Users\Lucas\AppData\Local\CrystalDiskMark30.ini

[2011/12/23 23:56:46 | 000,008,846 | -HS- | C] () -- C:\Users\Lucas\AppData\Local\458ffeq4p6hr700641u

[2011/12/16 00:33:54 | 000,153,076 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat

[2011/12/09 21:24:34 | 000,002,655 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Midi Decoder.dat

[2011/12/09 21:16:16 | 000,013,082 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp DSP Effects.dat

[2011/12/09 21:16:08 | 000,017,950 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.dat

[2011/11/29 17:38:18 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe

[2011/11/29 17:38:12 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll

[2011/11/29 17:38:12 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll

[2011/11/29 17:38:12 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll

[2011/11/29 17:38:12 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll

[2011/11/17 00:24:08 | 000,005,632 | ---- | C] () -- C:\Users\Lucas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/10/29 22:48:26 | 000,003,232 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp m4a Codec.dat

[2011/10/29 22:48:08 | 000,225,656 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe

[2011/10/16 14:01:55 | 000,000,166 | ---- | C] () -- C:\Users\Lucas\AppData\Roaming\Battery Meter_Settings.ini

[2011/09/24 21:20:22 | 000,001,456 | ---- | C] () -- C:\Users\Lucas\AppData\Local\Adobe Save for Web 12.0 Prefs

[2011/09/14 11:47:40 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll

[2011/09/10 20:02:31 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI

[2011/09/09 16:59:16 | 000,000,600 | ---- | C] () -- C:\Users\Lucas\AppData\Local\PUTTY.RND

[2011/09/05 00:19:56 | 000,000,176 | ---- | C] () -- C:\Windows\explorer.exe.config

[2011/08/14 15:34:02 | 000,000,412 | ---- | C] () -- C:\Users\Lucas\AppData\Roaming\All CPU Meter_Settings.ini

[2011/08/12 23:47:26 | 000,003,155 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat

[2011/08/09 23:39:06 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

[2011/08/09 23:07:41 | 000,006,584 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2011/08/09 04:53:48 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2011/08/09 04:43:10 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin

[2011/08/09 04:43:08 | 000,003,155 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

[2011/04/16 02:05:50 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin

[2011/04/16 01:59:48 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll

[2011/04/16 01:33:40 | 013,359,616 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll

[2011/03/25 18:16:08 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin

[2011/02/09 21:03:48 | 000,000,326 | ---- | C] () -- C:\Windows\primopdf.ini

========== LOP Check ==========

[2011/10/16 13:47:56 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\onOne Software

[2011/10/16 13:47:56 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\onOne Software

[2012/04/17 23:42:58 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\.minecraft

[2012/04/09 21:06:22 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\ASUS

[2012/04/09 21:04:44 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\ASUS WebStorage

[2011/12/09 21:15:22 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Audacity

[2011/09/10 21:55:22 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\calibre

[2011/10/18 20:59:10 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\CanuckSoftware

[2011/09/24 21:54:34 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2011/09/10 19:30:40 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\com.adobe.dmp.contentviewer

[2011/09/09 12:56:00 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant

[2012/02/22 07:38:24 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\DiskAid

[2012/03/19 20:39:14 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Downloaded Installations

[2012/05/09 14:15:46 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Dropbox

[2012/04/09 21:01:47 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\eCareme

[2011/09/24 21:20:44 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\EPSON

[2012/03/11 18:39:05 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\FileZilla

[2011/11/14 22:27:48 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\FlixsterCollections

[2011/12/09 00:32:08 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\FreeCommander

[2011/08/09 23:39:40 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\GlarySoft

[2011/09/04 22:17:31 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\gtk-2.0

[2011/10/05 22:16:34 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\HandBrake

[2011/08/14 15:48:38 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\IDT

[2011/12/04 20:38:37 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\ImgBurn

[2011/08/27 17:17:27 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Jason Robitaille

[2011/12/16 00:53:37 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\JasonRobitaille

[2012/02/25 21:19:34 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Launchy

[2011/10/13 11:39:04 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\LockHunter

[2012/03/21 07:16:26 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Mp3tag

[2011/10/13 11:55:32 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\MusicBrainz

[2011/08/14 15:43:43 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Notepad++

[2011/10/16 13:48:05 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\onOne Software

[2012/04/16 23:16:09 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\OpenDNS Updater

[2011/09/10 20:02:31 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\PACE Anti-Piracy

[2012/04/09 21:05:37 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\PrimoPDF

[2012/02/18 19:42:55 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\pymclevel

[2012/01/25 21:09:01 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\redsn0w

[2012/04/16 22:37:23 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Samsung

[2011/08/12 21:20:11 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\SeriousBit

[2011/09/28 20:56:23 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1

[2011/08/09 22:22:19 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Synaptics

[2011/08/12 23:21:14 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\SystemRequirementsLab

[2012/04/29 20:08:37 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\TeraCopy

[2011/12/04 19:11:55 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Thunderbird

[2011/08/14 14:41:27 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\TightVNC

[2011/09/09 18:08:37 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\TrueCrypt

[2012/05/07 21:32:36 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\uTorrent

[2011/12/09 21:17:38 | 000,032,634 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 1211 bytes -> C:\ProgramData\Microsoft:ao1VlNx8YbGrn9Wv1Onms6MKZd

@Alternate Data Stream - 1062 bytes -> C:\ProgramData\Microsoft:wXz4oHAJVT4QGLZeJNjw8iHdTa

< End of report >

Share this post


Link to post
Share on other sites

OTL Extras logfile created on: 5/9/2012 8:36:01 PM - Run 1

OTL by OldTimer - Version 3.2.42.3 Folder = C:\Users\Lucas\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.95 Gb Total Physical Memory | 3.04 Gb Available Physical Memory | 51.15% Memory free

11.90 Gb Paging File | 8.50 Gb Available in Paging File | 71.43% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 185.55 Gb Total Space | 73.48 Gb Free Space | 39.60% Space Free | Partition Type: NTFS

Drive D: | 384.82 Gb Total Space | 336.30 Gb Free Space | 87.39% Space Free | Partition Type: NTFS

Drive V: | 465.76 Gb Total Space | 81.28 Gb Free Space | 17.45% Space Free | Partition Type: NTFS

Computer Name: DEATHWING | User Name: Lucas | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1039735209-2586580631-372817727-1001\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [git_shell] -- wscript "C:\Program Files (x86)\Git\Git Bash.vbs" "%1"

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [git_shell] -- wscript "C:\Program Files (x86)\Git\Git Bash.vbs" "%1"

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{07D49986-0F1A-45EC-A280-BA1E1BFCA5D5}" = rport=445 | protocol=6 | dir=out | app=system |

"{0E547AD4-6C7D-4922-B0A5-57AA32EF4210}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |

"{1F6D502C-2C4E-4458-B162-5F8517D27BBB}" = rport=137 | protocol=17 | dir=out | app=system |

"{41B34316-FA7D-432B-9A5E-73C2242E7EFF}" = lport=139 | protocol=6 | dir=in | app=system |

"{51BC914D-F727-4CC5-BF5D-E19340C09CB9}" = lport=10243 | protocol=6 | dir=in | app=system |

"{69047C5D-1F28-4D19-96F8-826821DBC526}" = lport=445 | protocol=6 | dir=in | app=system |

"{74E8E680-3E8B-433B-8861-9A3D3E80E179}" = lport=2869 | protocol=6 | dir=in | app=system |

"{7EC1554B-4196-45A1-8680-67748C427655}" = rport=10243 | protocol=6 | dir=out | app=system |

"{8AE60E59-2B45-47D7-ABB5-0356FB9EE0B3}" = lport=137 | protocol=17 | dir=in | app=system |

"{95A2FD3C-5F06-48C8-BF89-9D845DFA1A21}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{98A86C84-D4CD-4E09-9B69-6AE3A3B57E0A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{9952FB3F-F5BB-48F9-B8F7-44BE8C168CC7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{9DA80E49-0E77-437A-8EF9-78B7ED46A596}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{A69A412E-0C74-423D-9B94-8D75F294D6BF}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{A8DD4062-C724-46BE-A078-760C18609C13}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{AD3283D1-98F0-461B-816B-A7220ABDFFC7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{B011C823-BEF8-471A-9441-6FEE9D680D4F}" = rport=139 | protocol=6 | dir=out | app=system |

"{BD336E05-35AF-4E31-A90F-E7E6FC940E6B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{C1EA5AA9-D05F-4EC7-8F35-20BE2CB12619}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{CA101BE4-0B88-46A5-A1AB-F726B82D613D}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service v4\intuitupdater.exe |

"{CE90214D-703F-41F0-B80A-217E0D4885A3}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{D35FB18C-6703-4C3D-B692-2997BBC4F26D}" = lport=138 | protocol=17 | dir=in | app=system |

"{DC2D579D-3726-44FB-81CC-10625884C111}" = rport=138 | protocol=17 | dir=out | app=system |

"{DEF646C2-C0CF-4802-B1B2-600D3AB5B28F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{F1F20752-9FF5-4A46-A21C-9E8977C0EA7F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{FFBB33F3-CA20-4F89-B901-C0DB6BAF09A7}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service v4\intuitupdateservice.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{03D79D47-765C-4C44-8716-98EDA7F0B05F}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |

"{0755C145-E940-4A0F-81F3-AC938D5E838C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |

"{076D6C45-551D-4A5F-BB33-EE2C703E4768}" = protocol=17 | dir=in | app=c:\users\lucas\appdata\local\google\google talk plugin\googletalkplugin.exe |

"{0A5AD457-2F44-4605-96C7-7C37996E20FA}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{0D69519C-73E2-4B26-A72B-860A679824FC}" = protocol=6 | dir=in | app=c:\program files (x86)\tightvnc\vncviewer.exe |

"{0EC6CFBE-78EE-4085-8466-95C43BE081F3}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe |

"{16214C53-3B30-43B3-9C15-BABBF9FC6FEE}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{165EE9F6-7E9C-4596-9711-7C918ECA35DB}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |

"{19A3DDE1-B234-412B-AB80-E6D5D6C89789}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{1E79C1D1-AFD5-479B-8E26-0FA730F091AC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{1F312B0F-523F-4657-8908-B1F9B39B1BF3}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |

"{21E0959A-EEB6-4E22-AF03-F109DCED3CD0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{24C638BB-4651-42AA-A593-E7E01293DEC0}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{2B800D48-E6C2-4398-B637-AD00A2BB6E4D}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |

"{3C3B3988-5CEF-464B-A775-80E4EEAAA75B}" = protocol=17 | dir=in | app=c:\users\lucas\appdata\roaming\dropbox\bin\dropbox.exe |

"{3E2BF12D-4D24-4389-8407-2A4E0F62AEA9}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |

"{3E9B38BA-1BCE-4153-AFE0-1FFAFDBA117F}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |

"{4244EDDD-2E43-4893-A2B9-A08C1F50DAA0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{4280E864-B11B-4E01-88AD-CFC7288033D1}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe |

"{4BD35305-41A5-4013-985C-E4C19AFE795D}" = protocol=6 | dir=in | app=c:\users\lucas\appdata\roaming\dropbox\bin\dropbox.exe |

"{4D7DF199-37B3-488B-8793-29B57CC9C48D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |

"{52B082D7-88F9-4138-B651-B671088F3F6A}" = protocol=6 | dir=in | app=c:\users\lucas\appdata\local\google\google talk plugin\googletalkplugin.exe |

"{53F1D0AD-E211-48F4-9960-3AD539A18A98}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\snuggle truck\snuggle truck.exe |

"{555358B1-1C58-49EA-AFAE-D6F3DCA356F0}" = dir=in | app=c:\program files (x86)\splashtop\splashtop remote\server\dataproxy.exe |

"{5857BE5D-093C-41DC-A65C-9856DA064D8A}" = protocol=17 | dir=in | app=c:\users\lucas\appdata\local\google\google talk plugin\googletalkplugin.exe |

"{62BB5FC2-6854-4FB6-8785-3AC24715CAE7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{64BFF7EE-E9DF-4148-89EC-E691EFB09D99}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{6DFA3FB7-5DC4-49DC-B596-884D8A0AFF01}" = protocol=6 | dir=in | app=c:\users\lucas\appdata\local\google\google talk plugin\googletalkplugin.exe |

"{6E14714F-017B-4A6F-8C9F-282524C31493}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{74E41ADC-B2D3-4449-873B-E15D955A693F}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{7A92038B-D1B9-408F-9A1C-DD6B59D958B7}" = dir=in | app=c:\program files (x86)\intel corporation\intel wireless display\widiapp.exe |

"{7F27402E-9AD7-420A-8765-2EBA15B42C83}" = protocol=6 | dir=in | app=c:\windows\system32\java.exe |

"{8189EA91-D5A8-4784-B1E5-77BB4914B61C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |

"{83D90476-0F73-418D-B83E-9A40B42E14E7}" = dir=in | app=c:\program files (x86)\splashtop\splashtop remote\server\srfeature.exe |

"{860D8CF8-FFD2-40EA-9DD7-BB2E3616C472}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\snuggle truck\snuggle truck.exe |

"{878187EE-E950-4AA6-A4B8-5023B2E32A46}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{88959DEC-CBBF-4BC3-B9BE-D4C13EB11F49}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{8BF12400-7337-4C04-9433-775863E3A22C}" = protocol=17 | dir=in | app=c:\program files (x86)\tightvnc\vncviewer.exe |

"{8D1E7393-C817-4116-BE65-C8FB6304FAF0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{8DF5B141-B7C6-4F69-A4DB-9FD206752E0D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{906F72CD-2DEF-4897-B9C4-E9D8ED128840}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |

"{94A2A794-CCB3-4818-9F69-C4022B1D959D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{953F23BD-4876-4FFC-83ED-67903CDBE8FA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{954D4F35-40C2-484B-AF95-9FB034F6FB8D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{95A8ED67-1A2A-4DC3-BF54-372CCFBE7B0A}" = dir=in | app=c:\program files (x86)\splashtop\splashtop remote\server\inputserv.exe |

"{95B84ED9-4916-4B87-84FD-F80E391725C4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{9852AEDE-5D97-4E47-8C1C-C2E547422E1E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |

"{9F02C85D-441E-47C7-9C53-83C9A9B0FC94}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{9F9C8142-1340-4B00-B83E-DE76BD2E4571}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{A0AF4E54-C6D3-482F-9E1D-D15A8EEBA2A8}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |

"{B1D0C305-A779-4741-AA36-2037EEEC6A1F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |

"{B2EF2011-5C1E-4AC6-9258-D165A3548E24}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{B6042080-540C-4DC9-80B0-81A77B93C014}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{BA2CAB99-FEC0-48F2-AFE7-E42377A63E5A}" = dir=in | app=c:\program files (x86)\splashtop\splashtop remote\server\srlogin.exe |

"{CAAD8350-BF6B-4930-BFEB-E6ACA4A2B80B}" = protocol=6 | dir=out | app=system |

"{CDDF97B1-9C14-4D05-A30D-26485B383479}" = protocol=17 | dir=in | app=c:\windows\system32\java.exe |

"{CF22F183-A128-4612-9F8A-7DAFFE2CC8BD}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |

"{D2868EE2-D511-436A-B284-328F92ABE627}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |

"{D3FE344F-395F-4600-8ABA-4CAFB78895C2}" = dir=in | app=c:\program files (x86)\splashtop\splashtop remote\server\srserver.exe |

"{DCBB9DBD-1A05-431D-9F00-9D2B500D738C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\omghahalol\counter-strike source\hl2.exe |

"{DDB38C2E-D5EB-405F-B627-1DAE330B165D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{E7197AB7-6BAB-4F7A-8A50-ADB613FFA1A8}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{EF652DEE-35FA-4F77-BFC5-DEC6978F5713}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\omghahalol\counter-strike source\hl2.exe |

"{F6F3A91A-A946-4980-B80C-478B3E49419A}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |

"{FE4845ED-11BE-4716-8A38-521EB6DF6DFB}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |

"TCP Query User{2CB272B9-BD52-4273-9336-2E22F0589C06}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe |

"TCP Query User{91C08A13-C715-47BF-9320-D403AE710D75}C:\program files (x86)\calibre2\calibre.exe" = protocol=6 | dir=in | app=c:\program files (x86)\calibre2\calibre.exe |

"TCP Query User{A477644C-926E-4231-8251-A2D7B9C9A953}C:\program files (x86)\musicbrainz picard\picard.exe" = protocol=6 | dir=in | app=c:\program files (x86)\musicbrainz picard\picard.exe |

"TCP Query User{ECB7B1E9-D27A-44A2-B990-312A29AD0AC2}C:\program files (x86)\steam\steamapps\omghahalol\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\omghahalol\counter-strike source\hl2.exe |

"TCP Query User{F55B1B18-36AB-45C4-A306-76EEBB9B0033}C:\users\lucas\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\lucas\appdata\roaming\dropbox\bin\dropbox.exe |

"UDP Query User{25C05CE1-D6C2-4B8C-B9AC-25DAF847DE1A}C:\program files (x86)\steam\steamapps\omghahalol\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\omghahalol\counter-strike source\hl2.exe |

"UDP Query User{B4804827-2ACF-44A8-B98E-539D297590C5}C:\users\lucas\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\lucas\appdata\roaming\dropbox\bin\dropbox.exe |

"UDP Query User{C31320E2-4838-4F1F-BD2C-2CFD5056104A}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe |

"UDP Query User{EA63E4F3-A1AB-4607-870D-34645A20E634}C:\program files (x86)\musicbrainz picard\picard.exe" = protocol=17 | dir=in | app=c:\program files (x86)\musicbrainz picard\picard.exe |

"UDP Query User{F428297E-1B32-4804-B150-A16912D4F33F}C:\program files (x86)\calibre2\calibre.exe" = protocol=17 | dir=in | app=c:\program files (x86)\calibre2\calibre.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)

"{054EF02F-95D8-48F4-9EEB-2F9CE3072ED8}" = AuthenTec TrueAPI

"{07E570C2-CEFF-4AA4-BDA7-DA2B4CDD3E62}" = Fresco Logic USB3.0 Host Controller

"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp version 0.99.8

"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64

"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)

"{25FBDA9A-E868-4B3B-B9FF-D923818511A1}" = Intel® PROSet/Wireless WiFi Software

"{26A24AE4-039D-4CA4-87B4-2F86417002FF}" = Java 7 Update 2 (64-bit)

"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel® Wireless Display

"{3156336D-8E44-3671-A6FE-AE51D3D6564E}" = Microsoft Windows SDK for Windows 7 (7.1)

"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64

"{467D5E81-8349-4892-9E81-C3674ED8E451}" = Cisco Systems VPN Client 5.0.07.0290

"{49033FF4-8C1C-0EB9-C0A6-4691CB18D0A4}" = ccc-utility64

"{4BDE7544-0A08-4AD9-8A8F-4B7944471C36}" = iTunes

"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime

"{5601F151-A69F-4E30-8C60-37928124CD07}" = HP 3D DriveGuard

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{64A3A4F4-B792-11D6-A78A-00B0D0170020}" = Java SE Development Kit 7 Update 2 (64-bit)

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{79174AF2-6CB1-42F5-981E-66DCA49391D0}" = Validity WBF DDK

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64

"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended

"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010

"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010

"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64

"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64

"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64

"{9B2C4509-2B9F-4303-BA74-E2F9BB773F03}" = Oracle VM VirtualBox 4.1.8

"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client

"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64

"{B0F1D023-EF17-43DF-A702-25E0FFFE4129}" = TortoiseGit 1.7.7.0 (64 bit)

"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support

"{BA9A297F-0198-4EE8-90CB-F5036C180E1D}" = Novacomd

"{C27D5B91-DA53-3AEB-5CD5-5F6E0C87459A}" = AMD Catalyst Install Manager

"{C7B40C35-85AE-4303-9EEA-1A1EA779664D}" = Intel® PROSet/Wireless Software for Bluetooth® Technology

"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware

"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones

"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

"{DBFC6AAE-DCCB-4C23-B01C-3EDDDC03298B}" = Debugging Tools for Windows (x64)

"{EA01EDC3-CFB8-47DA-8C74-53069EB0BD00}" = ASUS Android USB Drivers

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"332CCC08910F1AE2E4D90D25DEDE87E3EF797832" = Windows Driver Package - Palm (WinUSB) Palm Devices (10/09/2009 1.0.1)

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit

"CCleaner" = CCleaner

"Defraggler" = Defraggler

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"Microsoft Security Client" = Microsoft Security Essentials

"ProInst" = Intel PROSet Wireless

"SDKSetup_7.1.7600.0.30514" = Microsoft Windows SDK for Windows 7 (7.1)

"SynTPDeinstKey" = Synaptics TouchPad Driver

"TeraCopy_is1" = TeraCopy 2.2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00A53800-BA75-3E9E-BD52-10171E5640B6}" = CCC Help Greek

"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam

"{0296D4D2-DA68-2DFD-5AC1-6FB04354A86E}" = PX Profile Update

"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86

"{04098274-E98C-86E3-1B2C-50E32E561DF5}" = CCC Help Korean

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{0502C9CA-D1A3-B741-2F0B-A4E6CDDFEF0E}" = CCC Help Norwegian

"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86

"{0E33EC53-22CE-426C-A88B-2AAC231BAC85}" = Catalyst Control Center - Branding

"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86

"{163A486D-BE65-487E-98D9-F5298F3D5E15}" = PhotoTools 2.5

"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser

"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

"{1C34B2AF-0D61-1784-8BC8-219F969BEFD6}" = PX Profile Update

"{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1" = Geeks3D.com FurMark 1.9.1

"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java 6 Update 29

"{26A24AE4-039D-4CA4-87B4-2F83217000FF}" = Java 7

"{285F722C-0E45-47DE-B38E-5B3B10FA4A7C}" = HP Quick Launch

"{28B14C2C-B62F-E50C-EECD-97FF3C1ED3CE}" = CCC Help French

"{28FE073B-1230-4BF6-830C-7434FD0C0069}" = HP Software Framework

"{2D049D1D-CA58-9652-B7C6-19CB98649923}" = CCC Help Dutch

"{2EFEAD58-3311-4B2B-9D8A-8D663581D109}" = Splashtop Streamer

"{32A3A4F4-B792-11D6-A78A-00B0D0160270}" = Java SE Development Kit 6 Update 27

"{33DFAA69-9EF2-F12B-C6F5-4AF9FD445CF6}" = CCC Help Swedish

"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help

"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7

"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology

"{4741965C-AFD0-4D00-81D1-1039F96D4DC3}" = HP SimplePass 2011

"{480DCAD1-8670-66EA-8EBA-178047059A13}" = CCC Help German

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4E33D05D-76CF-5D3C-4D5D-7727530FA161}" = Adobe Content Viewer

"{4EA540A5-03BD-9B22-A3DD-E7BDCD879D70}" = CCC Help Finnish

"{53CF3920-648B-4F99-8D05-6A6C5298F57B}" = Adobe Creative Suite 5.5 Design Standard

"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver

"{55B6344C-AE4F-4DA8-BF32-D7AE0CB4D2BE}_is1" = theRenamer 7.57

"{5B46CEC7-DAD0-46A2-BCD6-B46A3CFD9B61}" = Intel® Wireless Display

"{5E58CCDF-4A36-453F-A091-DA8F8D1643B5}" = CCC Help Danish

"{60070423-DE0B-59FF-D4B7-16BDB8957864}" = CCC Help Portuguese

"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86

"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components

"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.1.0

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{74FBB537-8915-329D-393E-FDB7DC69A339}" = CCC Help Japanese

"{755F4903-030D-B017-30F2-4D5BE92C8D38}" = CCC Help Italian

"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{795AADBF-58C2-42D0-B779-E730702A247E}" = HP Connection Manager

"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver

"{896C4E12-4857-9715-9F9D-249561D2D7EE}" = CCC Help Thai

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12

"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010

"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010

"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010

"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010

"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010

"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010

"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010

"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010

"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010

"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010

"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010

"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010

"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010

"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010

"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90932C65-D68E-4257-AEE8-EBBFC36AC601}" = KENWOOD Music Editor Light

"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010

"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86

"{968298EC-86D4-8F84-5ABC-E976C5CDA417}" = CCC Help Spanish

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5

"{A79024ED-1969-334A-1ED6-16753F9DE377}" = CCC Help English

"{A99BE117-F10C-470D-AE6D-DC2889F5F24E}" = Avadon

"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5

"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch

"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)

"{AEAB754A-426C-4738-89C1-52FCB389FCDF}" = calibre

"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86

"{BBDD3C95-E069-E346-6D1B-CC76AE448550}" = CCC Help Chinese Standard

"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader

"{C57C21C0-CE1B-26D5-1215-B26862051F6F}" = Catalyst Control Center

"{C86CB1B1-4BD0-7BFB-88CF-76762C8CE1D3}" = Catalyst Control Center Graphics Previews Common

"{C89269D9-DD02-45DD-99DD-6AE592F6C447}" = TurboTax 2011 wcaiper

"{CAF5B770-082F-40C4-853D-3973BB81BDAA}" = TurboTax 2011 WinPerTaxSupport

"{CD05F1BC-FC63-1E93-4094-82BC33662E76}" = Catalyst Control Center Localization All

"{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}" = System Requirements Lab for Intel

"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86

"{D61F78AF-A111-9DAE-8368-E3230B168F03}" = CCC Help Polish

"{D629D8F0-CA96-11ED-FEAC-38C95F24F4E3}" = CCC Help Russian

"{D8CABEA0-CAFB-9320-5F46-EAF31535203F}" = CCC Help Turkish

"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86

"{DBCD5E64-7379-4648-9444-8A6558DCB614}" = Recovery Manager

"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD

"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio

"{E463E171-4082-4744-A466-F7CBE8502789}" = TurboTax 2011 WinPerReleaseEngine

"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support

"{ED1BD69A-07E3-418C-91F1-D856582581BF}" = HP On Screen Display

"{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}" = TurboTax 2011 wrapper

"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Display Audio Driver

"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center

"{F9941E63-AB58-1382-BC5D-545C4A2AA9B1}" = CCC Help Hungarian

"{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}" = TurboTax 2011 WinPerFedFormset

"{FC3FEC23-8BBB-CA39-DD99-C981F25A5D39}" = CCC Help Chinese Traditional

"{FC8292ED-7E61-4370-15D1-60171263AA1D}" = CCC Help Czech

"{FD207C2C-A7FF-332A-AC85-5A5ACED6F31B}" = Google Talk Plugin

"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"Adobe AIR" = Adobe AIR

"Afterburner" = MSI Afterburner 2.1.0

"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)

"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help

"com.adobe.dmp.contentviewer" = Adobe Content Viewer

"dBpoweramp DSP Effects" = dBpoweramp DSP Effects

"dBpoweramp m4a Codec" = dBpoweramp m4a Codec

"dBpoweramp Midi Decoder" = dBpoweramp Midi Decoder

"dBpoweramp Music Converter" = dBpoweramp Music Converter

"EPSON Scanner" = EPSON Scan

"FileZilla Client" = FileZilla Client 3.5.3

"FreeCommander_is1" = FreeCommander 2009.02b

"Git_is1" = Git version 1.7.9-preview20120201

"HandBrake" = HandBrake 0.9.5

"ImgBurn" = ImgBurn

"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam

"InstallShield_{2EFEAD58-3311-4B2B-9D8A-8D663581D109}" = Splashtop Streamer

"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver

"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies

"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD

"Launchy_21344213_is1" = Launchy 2.6 Beta 2

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400

"Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)

"Mozilla Thunderbird 10.0.2 (x86 en-US)" = Mozilla Thunderbird 10.0.2 (x86 en-US)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"Mp3tag" = Mp3tag v2.49

"MusicBrainz Picard" = MusicBrainz Picard

"Notepad++" = Notepad++

"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010

"Picasa 3" = Picasa 3

"PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software

"ProInst" = Intel PROSet Wireless

"PuTTY_is1" = PuTTY version 0.61

"SABnzbd" = SABnzbd 0.6.12

"StarCraft II" = StarCraft II

"Steam App 111100" = Snuggle Truck

"Steam App 300" = Day of Defeat: Source

"Steam App 4000" = Garry's Mod

"Steam App 440" = Team Fortress 2

"Steam App 550" = Left 4 Dead 2

"TightVNC" = TightVNC 2.0.4

"TrueCrypt" = TrueCrypt

"TurboTax 2011" = TurboTax 2011

"VLC media player" = VLC media player 2.0.0

"WBFS Manager 3.0" = WBFS Manager 3.0

"WinMerge_is1" = WinMerge 2.12.4

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1039735209-2586580631-372817727-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Dropbox" = Dropbox

"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 4/18/2012 3:45:39 AM | Computer Name = Deathwing | Source = ATIeRecord | ID = 16398

Description = ATI EEU failed to post message to CCC

Error - 4/18/2012 3:45:39 AM | Computer Name = Deathwing | Source = ATIeRecord | ID = 16398

Description = ATI EEU failed to post message to CCC

Error - 4/18/2012 3:45:39 AM | Computer Name = Deathwing | Source = ATIeRecord | ID = 16398

Description = ATI EEU failed to post message to CCC

Error - 4/18/2012 3:45:39 AM | Computer Name = Deathwing | Source = ATIeRecord | ID = 16398

Description = ATI EEU failed to post message to CCC

Error - 4/18/2012 3:45:39 AM | Computer Name = Deathwing | Source = ATIeRecord | ID = 16398

Description = ATI EEU failed to post message to CCC

Error - 4/18/2012 3:45:39 AM | Computer Name = Deathwing | Source = ATIeRecord | ID = 16398

Description = ATI EEU failed to post message to CCC

Error - 4/18/2012 3:45:39 AM | Computer Name = Deathwing | Source = ATIeRecord | ID = 16398

Description = ATI EEU failed to post message to CCC

Error - 4/18/2012 3:45:39 AM | Computer Name = Deathwing | Source = ATIeRecord | ID = 16398

Description = ATI EEU failed to post message to CCC

Error - 4/18/2012 3:45:39 AM | Computer Name = Deathwing | Source = ATIeRecord | ID = 16398

Description = ATI EEU failed to post message to CCC

Error - 4/18/2012 10:31:54 AM | Computer Name = Deathwing | Source = WinMgmt | ID = 10

Description =

[ Hewlett-Packard Events ]

Error - 9/9/2011 5:08:19 PM | Computer Name = Deathwing | Source = Hewlett-Packard | ID = 0

Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\091109020801.xml

File not created by asset agent

Error - 9/9/2011 5:13:33 PM | Computer Name = Deathwing | Source = Hewlett-Packard | ID = 0

Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\091109021331.xml

File not created by asset agent

[ HP Connection Manager Events ]

Error - 4/11/2012 11:55:33 PM | Computer Name = Deathwing | Source = hpCMSrv | ID = 5

Description = 2012/04/11 20:55:33.171|00001AA0|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged

failed [hr:0x800706BA]

Error - 4/11/2012 11:56:33 PM | Computer Name = Deathwing | Source = hpCMSrv | ID = 5

Description = 2012/04/11 20:56:33.169|00001AA0|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged

failed [hr:0x800706BA]

Error - 4/11/2012 11:57:33 PM | Computer Name = Deathwing | Source = hpCMSrv | ID = 5

Description = 2012/04/11 20:57:33.167|00001AA0|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged

failed [hr:0x800706BA]

Error - 4/11/2012 11:58:33 PM | Computer Name = Deathwing | Source = hpCMSrv | ID = 5

Description = 2012/04/11 20:58:33.165|00001AA0|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged

failed [hr:0x800706BA]

Error - 4/11/2012 11:59:33 PM | Computer Name = Deathwing | Source = hpCMSrv | ID = 5

Description = 2012/04/11 20:59:33.162|00001AA0|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged

failed [hr:0x800706BA]

Error - 4/12/2012 12:00:33 AM | Computer Name = Deathwing | Source = hpCMSrv | ID = 5

Description = 2012/04/11 21:00:33.160|00001AA0|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged

failed [hr:0x800706BA]

Error - 4/12/2012 12:01:33 AM | Computer Name = Deathwing | Source = hpCMSrv | ID = 5

Description = 2012/04/11 21:01:33.173|00001AA0|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged

failed [hr:0x800706BA]

Error - 4/12/2012 12:02:33 AM | Computer Name = Deathwing | Source = hpCMSrv | ID = 5

Description = 2012/04/11 21:02:33.171|00001AA0|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged

failed [hr:0x800706BA]

Error - 4/16/2012 11:36:24 PM | Computer Name = Deathwing | Source = hpCMSrv | ID = 5

Description = 2012/04/16 20:36:24.007|00001814|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged

failed [hr:0x800706BA]

Error - 4/16/2012 11:36:28 PM | Computer Name = Deathwing | Source = hpCMSrv | ID = 5

Description = 2012/04/16 20:36:28.990|00001814|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged

failed [hr:0x800706BA]

[ HP Software Framework Events ]

Error - 4/30/2012 11:05:10 PM | Computer Name = Deathwing | Source = CaslSmBios | ID = 5

Description = 2012/04/30 20:05:10.602|00001174|Error |[CaslWmi]XmlTools::Validate{hpCasl.enReturnCode(string,string)}|The

'schemas-hp-com.casl:TechnologyType' element is invalid - The value '' is invalid

according to its datatype 'schemas-hp-com.casl:technologyTypeValue' - The Enumeration

constraint failed.

Error - 5/2/2012 12:37:50 PM | Computer Name = Deathwing | Source = CaslWmi | ID = 5

Description = 2012/05/02 09:37:50.076|00000F04|Error |[CaslWmi]CommandPanelBrightness::GetCurrentPanelBrightnessFromOS{hpCasl.enReturnCode(CaslWmi.enPanelBrightnessDataType,ushort&)}|Exception

occurred in querying WMI for WmiMonitorBrightness: 'Not supported '

Error - 5/2/2012 12:37:50 PM | Computer Name = Deathwing | Source = CaslWmi | ID = 5

Description = 2012/05/02 09:37:50.330|00000F04|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error

0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 5/8/2012 12:41:37 AM | Computer Name = Deathwing | Source = CaslWmi | ID = 5

Description = 2012/05/07 21:41:37.153|00001844|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error

0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 5/8/2012 9:35:36 AM | Computer Name = Deathwing | Source = CaslWmi | ID = 5

Description = 2012/05/08 06:35:36.442|00001784|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error

0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 5/8/2012 11:15:12 PM | Computer Name = Deathwing | Source = CaslWmi | ID = 5

Description = 2012/05/08 20:15:12.203|00000FC8|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error

0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 5/8/2012 11:23:25 PM | Computer Name = Deathwing | Source = CaslWmi | ID = 5

Description = 2012/05/08 20:23:25.940|000018E4|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error

0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 5/9/2012 12:21:42 PM | Computer Name = Deathwing | Source = CaslWmi | ID = 5

Description = 2012/05/09 09:21:42.638|0000140C|Error |[CaslWmi]CommandPanelBrightness::GetCurrentPanelBrightnessFromOS{hpCasl.enReturnCode(CaslWmi.enPanelBrightnessDataType,ushort&)}|Exception

occurred in querying WMI for WmiMonitorBrightness: 'Not supported '

Error - 5/9/2012 12:21:42 PM | Computer Name = Deathwing | Source = CaslWmi | ID = 5

Description = 2012/05/09 09:21:42.816|0000140C|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error

0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 5/9/2012 12:23:25 PM | Computer Name = Deathwing | Source = CaslWmi | ID = 5

Description = 2012/05/09 09:23:25.173|00001D84|Error |[CaslWmi]CommandPanelBrightness::GetCurrentPanelBrightnessFromOS{hpCasl.enReturnCode(CaslWmi.enPanelBrightnessDataType,ushort&)}|Exception

occurred in querying WMI for WmiMonitorBrightness: 'Not supported '

[ System Events ]

Error - 5/3/2012 9:31:54 AM | Computer Name = Deathwing | Source = Disk | ID = 262155

Description = The driver detected a controller error on \Device\Harddisk1\DR10.

Error - 5/3/2012 9:31:55 AM | Computer Name = Deathwing | Source = Disk | ID = 262155

Description = The driver detected a controller error on \Device\Harddisk1\DR10.

Error - 5/8/2012 3:09:37 PM | Computer Name = Deathwing | Source = Service Control Manager | ID = 7034

Description = The Bluetooth Device Monitor service terminated unexpectedly. It

has done this 1 time(s).

Error - 5/8/2012 3:09:37 PM | Computer Name = Deathwing | Source = Service Control Manager | ID = 7034

Description = The Bluetooth OBEX Service service terminated unexpectedly. It has

done this 1 time(s).

Error - 5/8/2012 3:09:37 PM | Computer Name = Deathwing | Source = Service Control Manager | ID = 7034

Description = The Bluetooth Media Service service terminated unexpectedly. It has

done this 1 time(s).

Error - 5/8/2012 3:13:44 PM | Computer Name = Deathwing | Source = Service Control Manager | ID = 7030

Description = The PEVSystemStart service is marked as an interactive service. However,

the system is configured to not allow interactive services. This service may not

function properly.

Error - 5/8/2012 3:16:44 PM | Computer Name = Deathwing | Source = Application Popup | ID = 1060

Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility

with this system. Please contact your software vendor for a compatible version

of the driver.

Error - 5/8/2012 3:17:12 PM | Computer Name = Deathwing | Source = Service Control Manager | ID = 7030

Description = The PEVSystemStart service is marked as an interactive service. However,

the system is configured to not allow interactive services. This service may not

function properly.

Error - 5/8/2012 10:29:31 PM | Computer Name = Deathwing | Source = Service Control Manager | ID = 7030

Description = The PEVSystemStart service is marked as an interactive service. However,

the system is configured to not allow interactive services. This service may not

function properly.

Error - 5/8/2012 10:32:03 PM | Computer Name = Deathwing | Source = Service Control Manager | ID = 7030

Description = The PEVSystemStart service is marked as an interactive service. However,

the system is configured to not allow interactive services. This service may not

function properly.

< End of report >

Share this post


Link to post
Share on other sites

OK, it's late here and I'll get back to you tomorrow am....MrC

Share this post


Link to post
Share on other sites

While I look over the logs, please confirm for me that you get redirects in all three browsers.

Also can you post the log from MB:

Please Update and run a Quick Scan with MBAM, post the report.

Make sure that everything is checked, and click Remove Selected.

Thanks....MrC

Share this post


Link to post
Share on other sites

Please do what I mention in the post above first....then:

Please do this:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    [2011/12/23 23:56:46 | 000,008,846 | -HS- | C] () -- C:\Users\Lucas\AppData\Local\458ffeq4p6hr700641u
    @Alternate Data Stream - 1211 bytes -> C:\ProgramData\Microsoft:ao1VlNx8YbGrn9Wv1Onms6MKZd
    @Alternate Data Stream - 1062 bytes -> C:\ProgramData\Microsoft:wXz4oHAJVT4QGLZeJNjw8iHdTa
    :Commands
    [EMPTYJAVA]
    [emptytemp]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

MrC

Share this post


Link to post
Share on other sites

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.05.08.02

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Lucas :: DEATHWING [administrator]

5/8/2012 8:14:04 PM

mbam-log-2012-05-08 (20-14-04).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 201952

Time elapsed: 2 minute(s), 51 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Users\Lucas\AppData\Roaming\.minecraft\.minecraft\sqduxv.dll (Trojan.Happili.XGen) -> Quarantined and deleted successfully.

(end)

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.