Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Bitcoin.Miner Trojan?


  • This topic is locked This topic is locked
18 replies to this topic

#1 TotalBalance

TotalBalance

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Denver, CO
  • Local time:04:59 PM

Posted 09 August 2013 - 01:21 AM

Hope you can help as you appear to have helped another. Here's the previous post describing issue, very similar to mine, that I found from a Google Search:
Bitcoin Miner, possible SVC infection, missing files, DDS won't run
 
Everytime I reboot, I get a Malwarebytes notification stating the above "vendor" trojan.bitcoinminer, "item" c:\\windows\syswow64\winvnc86.exe has been quarantined. 
 
Following your "Preparation Guide", below is a copy paste of the DDS.txt file.
I've also attached the the txt and zipped versions attach.txt file
 
Thanks in advance for instructions how to correct this issue if indeed it is one.
Lars
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16635  BrowserJavaVersion: 10.25.2
Run by Lars at 0:43:54 on 2013-08-04
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.5879.1813 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\CISVC.EXE
C:\Windows\System32\svchost.exe -k LPDService
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE
C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSvcm.exe
C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files\Prio\prio_svc.exe
C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kDell.exe
C:\Program Files (x86)\Edimax\11n USB Wireless LAN Utility\RtlService.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Soluto\SolutoLauncherService.exe
C:\Program Files\Soluto\SolutoService.exe
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
C:\Program Files\Intel\TurboBoost\TurboBoost.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\alg.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\Explorer.EXE
c:\program files\soluto\soluto.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\explorer.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files (x86)\Edimax\11n USB Wireless LAN Utility\RtWlan.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Users\Lars\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\Lars\AppData\Local\Facebook\Update\FacebookUpdate.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\mobsync.exe
C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\RescueTime\RescueTime.exe
C:\Program Files (x86)\Axonic\click.to\clicktoapp.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Lars\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\program files\crashplan\crashplantray.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\program files (x86)\launchy\launchy.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\CrashPlan\CrashPlanService.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
C:\program files (x86)\techsmith\snagit 11\snagit32.exe
C:\program files (x86)\techsmith\snagit 11\TSCHelp.exe
C:\program files (x86)\techsmith\snagit 11\SnagPriv.exe
C:\program files (x86)\techsmith\snagit 11\snagiteditor.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\program files (x86)\evernote\evernote\evernoteclipper.exe
C:\program files (x86)\evernote\evernote\evernotetray.exe
C:\program files (x86)\evernote\evernote\Evernote.exe
C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
C:\Program Files (x86)\ResophNotes\ResophNotes.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Lars\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Speccy\Speccy64.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\PrintIsolationHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://xfinity.comcast.net/?cid=insDate08012013
uSearch Bar = Preserve
uSearch Page = hxxp://search.searchcompletion.com/?si=10208&home=1
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
mWinlogon: Userinit = userinit.exe,
BHO: AutorunsDisabled - <orphaned>
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll
BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: CmjBrowserHelperObject Object: {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - LocalServer32 - <no file>
BHO: RoboForm BHO: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
BHO: iSkysoft Video Converter Ultimate: {C7C3BC26-4F2B-4997-A3CB-163337FE975B} - C:\Program Files (x86)\iSkysoft\Video Converter Ultimate\SVRIEPlugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: ChromeFrame BHO: {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\npchrome_frame.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: &RoboForm: {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [Google Update] "C:\Users\Lars\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Facebook Update] "C:\Users\Lars\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [Amazon Cloud Player] C:\Users\Lars\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
uRun: [GoogleChromeAutoLaunch_7DC7BBE999725974DBBB221652CA6934] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
uRun: [B97367E256382583BCD7B1B3AD1D89DA9721095E._service_run] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=service
uRun: [Plex Media Server] "C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe"
uRunOnce: [Application Restart #2] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe  --flag-switches-begin --conflicting-modules-check --enable-autologin --enable-accelerated-overflow-scroll --force-compositing-mode --save-page-as-mhtml --sync-keystore-encryption --enable-tab-groups-context-menu --enable-threaded-compositing --flag-switches-end --restore-last-session
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [CanonQuickMenu] C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
dRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
StartupFolder: C:\Users\Lars\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\CLICKT~1.LNK - C:\Program Files (x86)\Axonic\click.to\clicktoapp.exe
StartupFolder: C:\Users\Lars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\initsrv.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\RESCUE~1.LNK - C:\Program Files (x86)\RescueTime\RescueTime.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: HideClock = dword:0
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: xNoDriveTypeAutoRun = dword:221
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Clip Image - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4
IE: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
IE: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
IE: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
IE: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {2F72393D-2472-4F82-B600-ED77F354B7FF} - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - LocalServer32 - <no file>
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
IE: {602AB448-D389-4a54-B6A6-CE57AA0CCFC4} - {50C3F0BE-A832-45AB-BB6E-352D173AFD8C}
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{28C9292B-E63C-4F02-9913-0E5D412D033C} : NameServer = 8.8.8.8,8.8.4.4,192.168.1.1
TCP: Interfaces\{28C9292B-E63C-4F02-9913-0E5D412D033C} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{28C9292B-E63C-4F02-9913-0E5D412D033C}\45F6D637024496E65627 : NameServer = 8.8.8.8,8.8.4.4,192.168.1.1
TCP: Interfaces\{28C9292B-E63C-4F02-9913-0E5D412D033C}\45F6D637024496E65627 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{28C9292B-E63C-4F02-9913-0E5D412D033C}\F48784F6D656 : NameServer = 8.8.8.8,8.8.4.4,192.168.1.1
TCP: Interfaces\{28C9292B-E63C-4F02-9913-0E5D412D033C}\F48784F6D656 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{28C9292B-E63C-4F02-9913-0E5D412D033C}\F487F5548545 : NameServer = 8.8.8.8,8.8.4.4,192.168.1.1
TCP: Interfaces\{28C9292B-E63C-4F02-9913-0E5D412D033C}\F487F5548545 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{449C07CD-545D-46A8-8AC7-76C3E83FB7ED} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{449C07CD-545D-46A8-8AC7-76C3E83FB7ED}\F48784F6D656 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{621377E5-FC0D-4B4F-82EB-63DC7486D415} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{64725822-BB0C-4E1F-967E-FA140A2C8A81} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{75AC7DAC-AB05-4071-9914-F8123E487E06} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{8F7DF692-8C32-4A4C-AFAE-AFB78149374F} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{B0517C67-E1BA-4DED-AC6E-63A6A6487F6D} : NameServer = 0.0.0.0
TCP: Interfaces\{CF02D97C-F056-4762-BC76-E99812512FD9} : DHCPNameServer = 192.168.14.1 66.233.165.12 64.13.115.12
TCP: Interfaces\{D311B0E2-2289-47C1-860F-12D10C591DF5} : NameServer = 8.8.8.8,8.8.4.4
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\npchrome_frame.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
LSA: Notification Packages =  scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg pku2u msoidssp livessp
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {90EF4A5E-85DB-4825-96F5-1AB93C2A8EEB} - C:\Program Files (x86)\Mindjet\MindManager 10\sys\MmInternetExplorerActiveSetup.vbs
IFEO: notepad.exe - C:\Program Files (x86)\Notepad Replacer\NotepadReplacer.exe
x64-mWinlogon: Userinit = C:\Windows\System32\userinit.exe,c:\program files\soluto\soluto.exe /userinit,
x64-BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: LastPass Browser Helper Object: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar64.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll
x64-TB: StExBar: {6c7a85a7-27c6-49ce-98b2-a8479b0dd63d} - C:\Program Files\StExBar\StExBar.dll
x64-TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
x64-Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
x64-Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [Fences] "C:\Program Files (x86)\Stardock\Fences\Fences.exe" /startup
x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar64.dll
x64-IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
x64-DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
x64-Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - <orphaned>
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
x64-STS: FencesShlExt Class - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll
x64-IFEO: notepad.exe - C:\Program Files (x86)\Notepad Replacer\NotepadReplacer.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Lars\AppData\Roaming\Mozilla\Firefox\Profiles\utqe3ns1.default-1347352402648\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3279141&SearchSource=3&q={searchTerms}&sspv=SP_FFNSP06&CUI=UN33452274521810675
FF - prefs.js: browser.search.selectedEngine - XFINITY
FF - prefs.js: browser.startup.homepage - about:home
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMSS.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\Microsoft\Web Platform Installer\NPWPIDetector.dll
FF - plugin: C:\Users\Lars\AppData\Local\Citrix\Plugins\104\npappdetector.dll
FF - plugin: C:\Users\Lars\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll
FF - plugin: C:\Users\Lars\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Users\Lars\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll
FF - plugin: C:\Users\Lars\AppData\Local\SMPlugins\npsmlauncher.dll
FF - plugin: C:\Users\Lars\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Lars\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\Lars\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-07-02 19:45; [email protected]; C:\Users\Lars\AppData\Roaming\Mozilla\Firefox\Profiles\utqe3ns1.default-1347352402648\extensions\[email protected]
FF - ExtSQL: 2013-07-05 19:32; {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}; C:\Users\Lars\AppData\Roaming\Mozilla\Firefox\Profiles\utqe3ns1.default-1347352402648\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
FF - ExtSQL: 2013-07-19 21:20; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - ExtSQL: 2013-07-20 06:48; {845257EF-A892-484e-8EB0-47F563D75939}; C:\Program Files (x86)\iSkysoft\Video Converter Ultimate\SVRFirefoxExt
FF - ExtSQL: !HIDDEN! 2013-07-20 06:48; {845257EF-A892-484e-8EB0-47F563D75939}; C:\Program Files (x86)\iSkysoft\Video Converter Ultimate\SVRFirefoxExt
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-4-19 28480]
R0 BootDefragDriver;BootDefragDriver;C:\Windows\System32\drivers\BootDefragDriver.sys [2013-6-18 16640]
R0 hotcore3;hc3ServiceName;C:\Windows\System32\drivers\hotcore3.sys [2011-9-6 37456]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-6-18 247216]
R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2012-10-8 30056]
R0 Soluto;Soluto;C:\Windows\System32\drivers\Soluto.sys [2013-5-25 54728]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\System32\drivers\stdcfltn.sys [2011-7-1 21616]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-4-11 384800]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2012-5-15 98208]
R2 aksdf;aksdf;C:\Windows\System32\drivers\aksdf.sys [2012-9-23 78208]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-3-1 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-3-1 701512]
R2 msoidsvc;Microsoft Online Services Sign-in Assistant;C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2012-5-17 2079520]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 139616]
R2 NvtlService;NovaCore SDK Service;C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [2009-12-29 83456]
R2 PenCommService;Livescribe Pulse Smartpen Service;C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe [2011-10-27 470528]
R2 prio_svc;Prio Service;C:\Program Files\Prio\prio_svc.exe [2011-10-7 11184]
R2 QDLService2kDell;Qualcomm Gobi 2000 Download Service (Dell);C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kDell.exe [2010-1-14 330488]
R2 Realtek11nCU;Realtek11nCU;C:\Program Files (x86)\Edimax\11n USB Wireless LAN Utility\RtlService.exe [2013-8-1 36864]
R2 SolutoLauncherService;Soluto Launcher Service;C:\Program Files\Soluto\SolutoLauncherService.exe [2013-5-23 182848]
R2 SolutoService;Soluto PCGenome Core Service;C:\Program Files\Soluto\SolutoService.exe [2013-5-23 737856]
R2 sp_rsdrv2;Spyware Terminator Driver Filter;C:\Windows\System32\drivers\stflt.sys [2012-4-26 51496]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-2 382824]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-4-16 13832]
R2 TurboBoost;Intel® Turbo Boost Technology Monitor;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-4-16 134928]
R3 Acceler;Accelerometer Service;C:\Windows\System32\drivers\Accelern.sys [2011-3-24 27760]
R3 AVer7231_x64;AVerMedia 7231 capture service;C:\Windows\System32\drivers\AVer7231_x64.sys [2012-1-12 1800576]
R3 bpenum;bpenum;C:\Windows\System32\drivers\bpenum.sys [2010-5-16 71168]
R3 bpmp;Intel® Centrino® WiMAX 6050 Series;C:\Windows\System32\drivers\bpmp.sys [2010-5-16 175104]
R3 bpusb;bpusb;C:\Windows\System32\drivers\bpusb.sys [2010-5-16 81920]
R3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\System32\drivers\btwampfl.sys [2011-6-27 598808]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2013-5-2 39976]
R3 CrashPlanService;CrashPlan Backup Service;C:\Program Files\CrashPlan\CrashPlanService.exe [2012-11-12 222720]
R3 DragonSvc;Dragon Service;C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe [2010-7-23 296808]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-17 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-6-27 158976]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-10-15 317440]
R3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2013-2-27 175192]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-3-1 25928]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-6-20 366600]
R3 qicflt;upper Device Filter Driver;C:\Windows\System32\drivers\qicflt.sys [2011-6-27 29288]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-5-25 4153184]
R3 wdkmd;Intel WiDi KMD;C:\Windows\System32\drivers\WDKMD.sys [2010-6-18 39832]
R3 WsAudio_Device;WsAudio_Device;C:\Windows\System32\drivers\VirtualAudio.sys [2013-7-19 31080]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\System32\drivers\ssadadb.sys [2013-1-28 36328]
S3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [2012-3-10 29288]
S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-9-5 1431888]
S3 gbridge;Gbridge Virtual Miniport;C:\Windows\System32\drivers\gbridge64.sys [2009-10-12 48192]
S3 hasplms;Sentinel Local License Manager;C:\Windows\System32\hasplms.exe  -run --> C:\Windows\System32\hasplms.exe  -run [?]
S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\System32\drivers\ivusb.sys [2010-7-29 29720]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2013-1-3 79240]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2013-1-3 15752]
S3 libusb0;Jawbone LibUsb-Win32 - Kernel Driver 09/22/2011,1.2.5.0;C:\Windows\System32\drivers\libusb0.sys [2012-3-13 52320]
S3 mbamchameleon;mbamchameleon;C:\Windows\System32\drivers\mbamchameleon.sys [2013-8-1 36680]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-2-5 235216]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-7-19 340240]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2011-3-24 7675392]
S3 PulseUsb;Livescribe Smartpen USB Driver;C:\Windows\System32\drivers\PulseUsb.sys [2011-6-23 26112]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-2-27 19456]
S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2011-6-27 31800]
S3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\System32\drivers\RTL8192cu.sys [2010-8-12 748648]
S3 SIUSBXP;SIUSBXP;C:\Windows\System32\drivers\SiUSBXp.sys [2012-1-4 24608]
S3 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-21 162408]
S3 SolutoRemoteService;Soluto Remote Service;C:\Program Files\Soluto\SolutoRemoteService.exe [2013-5-23 1671168]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2013-1-28 157672]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2013-1-28 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2013-1-28 177640]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-2-27 57856]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 usbrndis6;USB RNDIS6 Adapter;C:\Windows\System32\drivers\usb80236.sys [2013-3-20 19968]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-6-28 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S3 WefiEngSvc;WeFi Engine Service;C:\Program Files (x86)\WeFi\WefiEngSvc.exe [2010-11-3 120152]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);C:\Windows\System32\drivers\WsAudio_DeviceS(1).sys [2013-2-13 29288]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);C:\Windows\System32\drivers\WsAudio_DeviceS(2).sys [2013-2-13 29288]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);C:\Windows\System32\drivers\WsAudio_DeviceS(3).sys [2013-2-13 29288]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);C:\Windows\System32\drivers\WsAudio_DeviceS(4).sys [2013-2-13 29288]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);C:\Windows\System32\drivers\WsAudio_DeviceS(5).sys [2013-2-13 29288]
S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088]
S4 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2010-6-7 408576]
S4 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-7-12 3289472]
S4 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2010-6-7 911872]
.
=============== File Associations ===============
.
FileExt: .scr: DWGTrueViewScriptFile=C:\Windows\System32\notepad.exe "%1"
FileExt: .txt: Notepad++_file="C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSOXMLED.EXE" /verb open "%1" [UserChoice]
FileExt: .chm: chm.file="C:\Windows\hh.exe" %1 [UserChoice]
FileExt: .ini: Notepad++_file="C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSOXMLED.EXE" /verb open "%1" [UserChoice]
FileExt: .js: Notepad++_file="C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSOXMLED.EXE" /verb open "%1"
ShellExec: Sidebar.exe: open=C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
.
=============== Created Last 30 ================
.
2013-08-03 23:01:01 174592 ----a-w- C:\Windows\SysWow64\minerd.exe
2013-08-03 01:59:21 -------- d-----w- C:\Program Files (x86)\Audible
2013-08-03 00:26:09 -------- d--h--w- C:\ProgramData\CanonIJMyPrinter
2013-08-03 00:02:09 -------- d-----w- C:\Program Files\Canon
2013-08-02 23:38:13 -------- d-----w- C:\Windows\SysWow64\STRING
2013-08-01 23:51:31 -------- d-----w- C:\Users\Lars\AppData\Local\Plex Media Server
2013-08-01 23:47:03 -------- d-----w- C:\Program Files (x86)\Plex
2013-08-01 23:15:00 -------- d-----w- C:\Users\Lars\AppData\Local\ElevatedDiagnostics
2013-08-01 19:40:05 614400 ------r- C:\Windows\System32\Rtlihvs.dll
2013-08-01 19:40:05 614400 ------r- C:\Windows\Rtlihvs.dll
2013-08-01 19:40:05 188416 ------r- C:\Windows\RTLExtUI.dll
2013-08-01 19:40:04 380928 ------r- C:\Windows\System32\RtlUI2.exe
2013-08-01 19:40:03 188416 ------r- C:\Windows\System32\RTLExtUI.dll
2013-08-01 19:39:48 614400 ----a-w- C:\Windows\SysWow64\Rtlihvs.dll
2013-08-01 19:39:48 380928 ------r- C:\Windows\RtlUI2.exe
2013-08-01 19:39:48 188416 ----a-w- C:\Windows\SysWow64\RTLExtUI.dll
2013-08-01 19:39:47 -------- d-----w- C:\Program Files (x86)\Edimax
2013-08-01 19:39:46 451072 ----a-w- C:\Windows\SysWow64\ISSRemoveSP.exe
2013-08-01 18:27:05 36680 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2013-08-01 17:12:16 -------- d-----w- C:\ProgramData\xfinity
2013-08-01 16:16:48 -------- d-----w- C:\ProgramData\comcastModemRelease
2013-08-01 16:16:39 -------- d-----w- C:\Users\Lars\AppData\Local\Xfinity.com
2013-07-31 22:34:39 9460976 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{184B86AC-88D6-40EA-95A7-D0EADCAA5483}\mpengine.dll
2013-07-31 14:34:59 -------- d-----w- C:\Users\Lars\AppData\Roaming\Wireshark
2013-07-31 14:31:12 -------- d-----w- C:\Program Files (x86)\WinPcap
2013-07-31 14:30:12 -------- d-----w- C:\Program Files\Wireshark
2013-07-30 13:59:51 9460976 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-07-26 01:43:50 -------- d-----w- C:\Users\Lars\AppData\Local\Amazon Cloud Player
2013-07-22 14:59:54 -------- d-----w- C:\Users\Lars\.startmeeting
2013-07-22 14:59:48 -------- d-----w- C:\Users\Lars\AppData\Local\StartMeeting
2013-07-22 14:59:48 -------- d-----w- C:\Users\Lars\AppData\Local\SMPlugins
2013-07-20 12:48:22 721917 ----a-w- C:\Windows\SysWow64\ISCM64.dll
2013-07-20 12:48:22 153088 ----a-w- C:\Windows\SysWow64\ISCM32.dll
2013-07-19 23:52:02 31080 ----a-w- C:\Windows\System32\drivers\VirtualAudio.sys
2013-07-18 21:53:41 -------- d-----w- C:\Users\Lars\AppData\Local\HuluDesktop
2013-07-17 19:22:39 -------- d-----w- C:\Users\Lars\AppData\Roaming\com.amazon.music.uploader
2013-07-17 19:22:19 -------- d-----w- C:\Program Files (x86)\Amazon
2013-07-17 18:25:57 -------- d-----we C:\Users\Lars\Dropbox
2013-07-17 14:46:40 941720 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{52875622-A3CF-4C52-95B1-76C030E5DDC2}\gapaengine.dll
2013-07-16 03:29:18 -------- d-----w- C:\Users\Lars\My Scans
2013-07-16 01:02:31 -------- d--h--w- C:\ProgramData\CanonIJScan
2013-07-13 04:15:27 -------- d--h--w- C:\ProgramData\CanonIJQuickMenu
2013-07-13 04:02:18 393728 ----a-w- C:\Windows\System32\CNMXLMBN.DLL
2013-07-13 03:57:15 -------- d-----w- C:\ProgramData\Canon IJ Network Tool
2013-07-13 03:57:06 15872 ----a-w- C:\Windows\SysWow64\CNHMCA.dll
2013-07-13 03:57:05 321024 ----a-w- C:\Windows\SysWow64\CNC_BNL.dll
2013-07-13 03:57:05 103936 ----a-w- C:\Windows\SysWow64\CNC_BNU.dll
2013-07-13 03:53:58 -------- d--h--w- C:\ProgramData\CanonIJFAX
2013-07-13 03:34:44 30208 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPDBN.DLL
2013-07-13 03:34:44 101888 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPPBN.DLL
2013-07-13 03:34:34 366080 ----a-w- C:\Windows\System32\CNC_BNL.dll
2013-07-13 03:34:34 282624 ----a-w- C:\Windows\System32\CNC_BNC.dll
2013-07-13 03:34:34 17920 ----a-w- C:\Windows\System32\CNHMCA6.dll
2013-07-13 03:34:34 106496 ----a-w- C:\Windows\System32\CNC_BNI.dll
2013-07-13 03:34:22 390656 ----a-w- C:\Windows\System32\CNMLMBN.DLL
2013-07-13 03:34:06 303104 ----a-w- C:\Windows\System32\CNCALBN.DLL
2013-07-13 02:19:05 -------- d-----w- C:\Program Files (x86)\iOpus
2013-07-13 02:18:48 94300 ----a-w- C:\Windows\SysWow64\pthreadGC2.dll
2013-07-13 02:18:47 302592 ----a-w- C:\Windows\SysWow64\libcurl-4.dll
2013-07-13 02:18:42 483425 ----a-w- C:\Users\Lars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\initsrv.exe
2013-07-12 06:02:50 -------- d-----w- C:\Windows\System32\MRT
2013-07-12 05:42:18 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-10 12:54:36 9216 ----a-w- C:\Program Files (x86)\Windows Defender\MpAsDesc.dll
2013-07-06 16:53:05 -------- d-----w- C:\ProgramData\Actual Tools
.
==================== Find3M  ====================
.
2013-07-23 18:42:13 61304 ----a-w- C:\Users\Lars\g2mdlhlpx.exe
2013-07-12 05:48:12 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-12 05:48:12 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-07-12 05:42:11 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-07-12 05:42:10 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-06-19 03:50:08 247216 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2013-06-19 03:50:08 139616 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2013-06-16 06:00:20 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2013-06-11 23:43:37 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-06-11 23:43:00 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-06-11 23:42:58 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-06-11 23:42:58 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-06-11 23:26:20 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-06-11 23:25:16 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-06-11 23:25:13 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-06-11 23:25:13 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-06-11 22:51:45 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-06-11 22:50:58 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-07 03:22:18 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-06-07 02:37:52 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-06-05 03:34:27 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-06-04 06:00:13 624128 ----a-w- C:\Windows\System32\qedit.dll
2013-06-04 04:53:07 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2013-05-23 22:05:02 54728 ----a-w- C:\Windows\System32\drivers\Soluto.sys
2013-05-18 04:48:30 117024 ----a-w- C:\Windows\SysWow64\BootDefrag.exe
2013-05-18 04:48:30 117024 ----a-w- C:\Windows\System32\BootDefrag.exe
2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll
2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe
2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
2013-05-10 07:57:38 27208 ----a-w- C:\Windows\System32\AdobePDFUI.dll
2013-05-10 07:57:34 55872 ----a-w- C:\Windows\System32\AdobePDF.dll
2013-05-10 05:49:27 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
2013-05-08 06:39:01 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-07-17 19:45:22 14690376 ----a-w- C:\Program Files (x86)\Common Files\lpuninstall.exe
2011-06-11 00:04:12 3223 ----a-w- C:\Program Files\Install_KN_Access.bat
2010-06-03 14:27:00 172 ----a-w- C:\Program Files\PleaseWait.cmd
2010-04-22 03:33:00 155 ----a-w- C:\Program Files\KNcheck.bat
2009-03-12 22:03:00 1024 ----a-w- C:\Program Files\showwin.exe
2005-07-04 07:11:00 57344 ----a-w- C:\Program Files\Shortcut.exe
.
============= FINISH:  0:50:18.02 ===============

 

 
Mod Edit:  Pasted DDS into post - Hamluis.

Attached Files


Edited by hamluis, 09 August 2013 - 07:23 AM.
Moved from Win 7 to Malware Removal Logs - Hamluis.


BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,152 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:59 PM

Posted 09 August 2013 - 05:15 PM

Hello and welcome to Bleeping Computer, please do the following:

Refer to the ComboFix User's Guide
  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------
NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif
Microsoft MVP - 2010, 2011, 2012, 2013

#3 TotalBalance

TotalBalance
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Denver, CO
  • Local time:04:59 PM

Posted 10 August 2013 - 12:15 AM

Hi bleepin' tiger

Ran Combofix as instructed. On reboot, still receiving same malware error msg. Here's the log file:

ComboFix 13-08-09.02 - Lars 08/09/2013  22:26:20.2.4 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.5879.3984 [GMT -6:00]
Running from: c:\users\Lars\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\boost_interprocess\20130809221438.109999
c:\programdata\boost_interprocess\20130809221438.109999\9334581e-7251-4ef7-a8ec-5bfe8e89ff68
c:\programdata\boost_interprocess\20130809221438.109999\plex_frame_mutex
.
.
(((((((((((((((((((((((((   Files Created from 2013-07-10 to 2013-08-10  )))))))))))))))))))))))))))))))
.
.
2013-08-10 04:41 . 2013-08-10 04:41 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-08-10 04:41 . 2013-08-10 04:41 -------- d-----w- c:\users\LRS - Normal User\AppData\Local\temp
2013-08-10 04:41 . 2013-08-10 04:41 -------- d-----w- c:\users\Lars-Design\AppData\Local\temp
2013-08-10 04:41 . 2013-08-10 04:41 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
2013-08-10 04:41 . 2013-08-10 04:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-08-10 04:41 . 2013-08-10 04:41 -------- d-----w- c:\users\Classic .NET AppPool\AppData\Local\temp
2013-08-06 21:01 . 2013-07-02 08:34 9460976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-08-03 01:59 . 2013-08-03 02:01 -------- d-----w- c:\program files (x86)\Audible
2013-08-03 00:26 . 2013-08-03 00:26 -------- d--h--w- c:\programdata\CanonIJMyPrinter
2013-08-03 00:02 . 2013-08-03 00:02 -------- d-----w- c:\program files\Canon
2013-08-02 23:38 . 2013-08-02 23:38 -------- d-----w- c:\windows\SysWow64\STRING
2013-08-01 23:51 . 2013-08-02 00:10 -------- d-----w- c:\users\Lars\AppData\Local\Plex Media Server
2013-08-01 23:47 . 2013-08-01 23:47 -------- d-----w- c:\program files (x86)\Plex
2013-08-01 23:15 . 2013-08-02 22:58 -------- d-----w- c:\users\Lars\AppData\Local\ElevatedDiagnostics
2013-08-01 19:40 . 2010-04-01 02:37 614400 ------r- c:\windows\system32\Rtlihvs.dll
2013-08-01 19:40 . 2010-04-01 02:37 380928 ------r- c:\windows\system32\RtlUI2.exe
2013-08-01 19:40 . 2010-04-01 02:37 188416 ------r- c:\windows\system32\RTLExtUI.dll
2013-08-01 19:39 . 2009-02-05 08:49 451072 ----a-w- c:\windows\SysWow64\ISSRemoveSP.exe
2013-08-01 18:27 . 2013-08-01 18:27 36680 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-08-01 17:12 . 2013-08-01 17:12 -------- d-----w- c:\programdata\xfinity
2013-08-01 16:16 . 2013-08-01 16:17 -------- d-----w- c:\programdata\comcastModemRelease
2013-08-01 16:16 . 2013-08-01 16:16 -------- d-----w- c:\users\Lars\AppData\Local\Xfinity.com
2013-08-01 01:42 . 2013-08-01 01:42 -------- d-----w- c:\program files (x86)\PuTTY
2013-07-31 14:34 . 2013-07-31 14:34 -------- d-----w- c:\users\Lars\AppData\Roaming\Wireshark
2013-07-31 14:31 . 2013-07-31 14:31 -------- d-----w- c:\program files (x86)\WinPcap
2013-07-31 14:30 . 2013-07-31 14:31 -------- d-----w- c:\program files\Wireshark
2013-07-28 02:18 . 2013-07-28 02:19 -------- d-----w- c:\users\Administrator
2013-07-26 01:43 . 2013-07-30 20:27 -------- d-----w- c:\users\Lars\AppData\Local\Amazon Cloud Player
2013-07-22 14:59 . 2013-08-06 15:58 -------- d-----w- c:\users\Lars\.startmeeting
2013-07-22 14:59 . 2013-07-22 14:59 -------- d-----w- c:\users\Lars\AppData\Local\StartMeeting
2013-07-22 14:59 . 2013-07-22 14:59 -------- d-----w- c:\users\Lars\AppData\Local\SMPlugins
2013-07-20 12:48 . 2013-03-25 16:57 721917 ----a-w- c:\windows\SysWow64\ISCM64.dll
2013-07-20 12:48 . 2013-03-25 16:57 153088 ----a-w- c:\windows\SysWow64\ISCM32.dll
2013-07-19 23:52 . 2013-03-25 16:46 31080 ----a-w- c:\windows\system32\drivers\VirtualAudio.sys
2013-07-18 21:53 . 2013-07-19 00:17 -------- d-----w- c:\users\Lars\AppData\Local\HuluDesktop
2013-07-17 19:22 . 2013-08-02 17:13 -------- d-----w- c:\users\Lars\AppData\Roaming\com.amazon.music.uploader
2013-07-17 19:22 . 2013-07-17 19:22 -------- d-----w- c:\program files (x86)\Amazon
2013-07-17 18:25 . 2013-07-17 18:25 -------- d-----we c:\users\Lars\Dropbox
2013-07-17 14:46 . 2013-07-17 14:45 941720 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{52875622-A3CF-4C52-95B1-76C030E5DDC2}\gapaengine.dll
2013-07-16 03:29 . 2013-08-05 17:22 -------- d-----w- c:\users\Lars\My Scans
2013-07-16 01:02 . 2013-07-16 01:02 -------- d--h--w- c:\programdata\CanonIJScan
2013-07-13 04:15 . 2013-07-13 04:15 -------- d--h--w- c:\programdata\CanonIJQuickMenu
2013-07-13 04:03 . 2013-08-02 22:45 -------- d-----w- c:\users\Lars\AppData\Roaming\canon
2013-07-13 04:02 . 2012-09-20 11:00 393728 ----a-w- c:\windows\system32\CNMXLMBN.DLL
2013-07-13 03:57 . 2013-07-13 03:57 -------- d-----w- c:\programdata\Canon IJ Network Tool
2013-07-13 03:57 . 2008-08-26 00:02 15872 ----a-w- c:\windows\SysWow64\CNHMCA.dll
2013-07-13 03:57 . 2012-09-21 15:33 321024 ----a-w- c:\windows\SysWow64\CNC_BNL.dll
2013-07-13 03:57 . 2012-05-25 15:21 103936 ----a-w- c:\windows\SysWow64\CNC_BNU.dll
2013-07-13 03:53 . 2013-07-13 03:53 -------- d--h--w- c:\programdata\CanonIJFAX
2013-07-13 03:34 . 2012-09-20 11:00 30208 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPDBN.DLL
2013-07-13 03:34 . 2012-09-20 11:00 101888 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPPBN.DLL
2013-07-13 03:34 . 2012-09-21 15:34 366080 ----a-w- c:\windows\system32\CNC_BNL.dll
2013-07-13 03:34 . 2012-05-25 15:21 282624 ----a-w- c:\windows\system32\CNC_BNC.dll
2013-07-13 03:34 . 2012-05-25 15:20 106496 ----a-w- c:\windows\system32\CNC_BNI.dll
2013-07-13 03:34 . 2008-08-26 00:02 17920 ----a-w- c:\windows\system32\CNHMCA6.dll
2013-07-13 03:34 . 2012-09-20 11:00 390656 ----a-w- c:\windows\system32\CNMLMBN.DLL
2013-07-13 03:34 . 2012-09-21 11:00 303104 ----a-w- c:\windows\system32\CNCALBN.DLL
2013-07-13 02:19 . 2013-07-13 02:19 -------- d-----w- c:\program files (x86)\iOpus
2013-07-13 02:18 . 2013-07-13 02:18 94300 ----a-w- c:\windows\SysWow64\pthreadGC2.dll
2013-07-13 02:18 . 2013-07-13 02:18 302592 ----a-w- c:\windows\SysWow64\libcurl-4.dll
2013-07-13 02:18 . 2013-07-13 02:18 483425 ----a-w- c:\users\Lars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\initsrv.exe
2013-07-12 06:02 . 2013-07-12 06:07 -------- d-----w- c:\windows\system32\MRT
2013-07-12 05:42 . 2013-07-12 05:42 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-12 05:48 . 2012-06-13 01:41 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-07-12 05:48 . 2011-07-28 22:30 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-12 05:42 . 2012-08-23 06:56 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-07-12 05:42 . 2011-06-27 23:22 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-06-24 06:57 . 2011-06-27 23:06 78277128 ----a-w- c:\windows\system32\MRT.exe
2013-06-21 19:44 . 2011-08-12 04:08 964552 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-06-19 03:50 . 2013-06-19 03:50 247216 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-06-19 03:50 . 2011-04-27 21:25 139616 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2013-06-16 06:00 . 2013-04-25 18:38 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2013-06-11 23:43 . 2013-07-11 00:04 1767936 ----a-w- c:\windows\SysWow64\wininet.dll
2013-06-11 23:43 . 2013-07-11 00:04 2877440 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-06-11 23:42 . 2013-07-11 00:04 61440 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-06-11 23:42 . 2013-07-11 00:04 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-06-11 23:26 . 2013-07-11 00:04 51712 ----a-w- c:\windows\system32\ie4uinit.exe
2013-06-11 23:26 . 2013-07-11 00:04 2241024 ----a-w- c:\windows\system32\wininet.dll
2013-06-11 23:26 . 2013-07-11 00:04 1365504 ----a-w- c:\windows\system32\urlmon.dll
2013-06-11 23:25 . 2013-07-11 00:04 19238912 ----a-w- c:\windows\system32\mshtml.dll
2013-06-11 23:25 . 2013-07-11 00:04 603136 ----a-w- c:\windows\system32\msfeeds.dll
2013-06-11 23:25 . 2013-07-11 00:04 855552 ----a-w- c:\windows\system32\jscript.dll
2013-06-11 23:25 . 2013-07-11 00:04 3958784 ----a-w- c:\windows\system32\jscript9.dll
2013-06-11 23:25 . 2013-07-11 00:04 53248 ----a-w- c:\windows\system32\jsproxy.dll
2013-06-11 23:25 . 2013-07-11 00:04 526336 ----a-w- c:\windows\system32\ieui.dll
2013-06-11 23:25 . 2013-07-11 00:04 67072 ----a-w- c:\windows\system32\iesetup.dll
2013-06-11 23:25 . 2013-07-11 00:04 39936 ----a-w- c:\windows\system32\iernonce.dll
2013-06-11 23:25 . 2013-07-11 00:04 2648576 ----a-w- c:\windows\system32\iertutil.dll
2013-06-11 23:25 . 2013-07-11 00:04 136704 ----a-w- c:\windows\system32\iesysprep.dll
2013-06-11 23:25 . 2013-07-11 00:04 15404032 ----a-w- c:\windows\system32\ieframe.dll
2013-06-11 22:51 . 2013-07-11 00:04 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-06-11 22:50 . 2013-07-11 00:04 89600 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-06-07 03:22 . 2013-07-11 00:04 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-06-07 02:37 . 2013-07-11 00:04 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-06-05 03:34 . 2013-07-10 12:54 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-06-04 06:00 . 2013-07-10 12:54 624128 ----a-w- c:\windows\system32\qedit.dll
2013-06-04 04:53 . 2013-07-10 12:54 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2013-05-26 16:23 . 2013-05-26 15:58 181064 ----a-w- c:\windows\PSEXESVC.EXE
2013-05-23 22:05 . 2013-05-26 00:04 54728 ----a-w- c:\windows\system32\drivers\Soluto.sys
2013-05-22 14:42 . 2013-04-21 19:03 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2013-05-22 14:42 . 2013-04-05 01:20 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2013-05-22 14:42 . 2013-04-05 01:20 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2013-05-22 14:42 . 2013-04-21 19:02 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2013-05-20 09:19 . 2013-04-05 01:20 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2013-05-20 09:18 . 2013-04-21 19:03 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2013-05-20 09:18 . 2013-04-21 19:02 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2013-05-20 09:18 . 2013-04-05 01:20 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-05-18 04:48 . 2013-06-18 08:08 117024 ----a-w- c:\windows\SysWow64\BootDefrag.exe
2013-05-18 04:48 . 2013-06-18 08:08 117024 ----a-w- c:\windows\system32\BootDefrag.exe
2013-05-16 19:26 . 2012-07-17 20:37 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-13 05:51 . 2013-06-12 13:08 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-05-13 05:51 . 2013-06-12 13:08 1464320 ----a-w- c:\windows\system32\crypt32.dll
2013-05-13 05:51 . 2013-06-12 13:08 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-05-13 05:50 . 2013-06-12 13:08 52224 ----a-w- c:\windows\system32\certenc.dll
2013-05-13 04:45 . 2013-06-12 13:08 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-05-13 04:45 . 2013-06-12 13:08 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-05-13 04:45 . 2013-06-12 13:08 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-05-13 03:43 . 2013-06-12 13:08 1192448 ----a-w- c:\windows\system32\certutil.exe
2013-05-13 03:08 . 2013-06-12 13:08 903168 ----a-w- c:\windows\SysWow64\certutil.exe
2013-05-13 03:08 . 2013-06-12 13:08 43008 ----a-w- c:\windows\SysWow64\certenc.dll
2012-07-17 19:45 . 2011-06-28 06:50 14690376 ----a-w- c:\program files (x86)\Common Files\lpuninstall.exe
2011-06-11 00:04 . 2012-08-11 23:44 3223 ----a-w- c:\program files\Install_KN_Access.bat
2010-06-03 14:27 . 2012-08-11 23:44 172 ----a-w- c:\program files\PleaseWait.cmd
2010-04-22 03:33 . 2012-08-11 23:44 155 ----a-w- c:\program files\KNcheck.bat
2009-03-12 22:03 . 2012-08-11 23:44 1024 ----a-w- c:\program files\showwin.exe
2005-07-04 07:11 . 2012-08-11 23:44 57344 ----a-w- c:\program files\Shortcut.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-06-04 13:04 222832 ----a-w- c:\users\Lars\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-06-04 13:04 222832 ----a-w- c:\users\Lars\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-06-04 13:04 222832 ----a-w- c:\users\Lars\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 130736 ----a-w- c:\users\Lars\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 130736 ----a-w- c:\users\Lars\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 130736 ----a-w- c:\users\Lars\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 130736 ----a-w- c:\users\Lars\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\Lars\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2013-05-10 138096]
"Amazon Cloud Player"="c:\users\Lars\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe" [2013-07-22 3109376]
"GoogleChromeAutoLaunch_7DC7BBE999725974DBBB221652CA6934"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2013-07-25 846288]
"B97367E256382583BCD7B1B3AD1D89DA9721095E._service_run"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2013-07-25 846288]
"Plex Media Server"="c:\program files (x86)\Plex\Plex Media Server\Plex Media Server.exe" [2013-06-03 3997832]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-11-20 2598520]
"CanonQuickMenu"="c:\program files (x86)\Canon\Quick Menu\CNQMMAIN.EXE" [2012-09-27 1279120]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2011-10-01 107000]
.
c:\users\Lars-Design\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Lars\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-8-2 28057256]
Install LastPass FF RunOnce.lnk - c:\program files (x86)\Common Files\lpuninstall.exe -q -name=LastPass -ffuuid [email protected] [2011-6-28 14690376]
Install LastPass IE RunOnce.lnk - c:\program files (x86)\Common Files\lpuninstall.exe -p -name=LastPass -ffuuid [email protected] [2011-6-28 14690376]
.
c:\users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Install LastPass FF RunOnce.lnk - c:\program files (x86)\Common Files\lpuninstall.exe -q -name=LastPass -ffuuid [email protected] [2011-6-28 14690376]
Install LastPass IE RunOnce.lnk - c:\program files (x86)\Common Files\lpuninstall.exe -p -name=LastPass -ffuuid [email protected] [2011-6-28 14690376]
.
c:\users\Lars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
click.to.lnk - c:\program files (x86)\Axonic\click.to\clicktoapp.exe [2011-7-28 3144192]
initsrv.exe [2013-7-12 483425]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
RescueTime.lnk - c:\program files (x86)\RescueTime\RescueTime.exe --account_key=fd6bdd7f602eff2d2fb68e1aa7240da2  [2012-2-6 2783744]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   autocheck autochk * \0BootDefrag.exe
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ   scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Security Packages REG_MULTI_SZ   kerberos msv1_0 schannel wdigest tspkg pku2u msoidssp livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys;c:\windows\SYSNATIVE\Drivers\ssadadb.sys [x]
R3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys;c:\windows\SYSNATIVE\drivers\Apowersoft_AudioDevice.sys [x]
R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [x]
R3 CrashPlanService;CrashPlan Backup Service;c:\program files\CrashPlan\CrashPlanService.exe;c:\program files\CrashPlan\CrashPlanService.exe [x]
R3 DragonSvc;Dragon Service;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 gbridge;Gbridge Virtual Miniport;c:\windows\system32\DRIVERS\gbridge64.sys;c:\windows\SYSNATIVE\DRIVERS\gbridge64.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R3 hasplms;Sentinel Local License Manager;c:\windows\system32\hasplms.exe  -run;c:\windows\SYSNATIVE\hasplms.exe  -run [x]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys;c:\windows\SYSNATIVE\DRIVERS\ivusb.sys [x]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys;c:\windows\SYSNATIVE\DRIVERS\LEqdUsb.Sys [x]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys;c:\windows\SYSNATIVE\DRIVERS\LHidEqd.Sys [x]
R3 libusb0;Jawbone LibUsb-Win32 - Kernel Driver 09/22/2011,1.2.5.0;c:\windows\system32\DRIVERS\libusb0.sys;c:\windows\SYSNATIVE\DRIVERS\libusb0.sys [x]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 PulseUsb;Livescribe Smartpen USB Driver;c:\windows\system32\DRIVERS\PulseUsb.sys;c:\windows\SYSNATIVE\DRIVERS\PulseUsb.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x]
R3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192cu.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192cu.sys [x]
R3 SIUSBXP;SIUSBXP;c:\windows\system32\drivers\SiUSBXp.sys;c:\windows\SYSNATIVE\drivers\SiUSBXp.sys [x]
R3 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 SolutoRemoteService;Soluto Remote Service;c:\program files\Soluto\SolutoRemoteService.exe;c:\program files\Soluto\SolutoRemoteService.exe [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 usbrndis6;USB RNDIS6 Adapter;c:\windows\system32\drivers\usb80236.sys;c:\windows\SYSNATIVE\drivers\usb80236.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R3 WefiEngSvc;WeFi Engine Service;c:\program files (x86)\WeFi\WefiEngSvc.exe;c:\program files (x86)\WeFi\WefiEngSvc.exe [x]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys;c:\windows\SYSNATIVE\drivers\WsAudio_DeviceS(1).sys [x]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys;c:\windows\SYSNATIVE\drivers\WsAudio_DeviceS(2).sys [x]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys;c:\windows\SYSNATIVE\drivers\WsAudio_DeviceS(3).sys [x]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys;c:\windows\SYSNATIVE\drivers\WsAudio_DeviceS(4).sys [x]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys;c:\windows\SYSNATIVE\drivers\WsAudio_DeviceS(5).sys [x]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
R4 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [x]
R4 keycrypt;keycrypt;c:\windows\system32\DRIVERS\KeyCrypt64.sys;c:\windows\SYSNATIVE\DRIVERS\KeyCrypt64.sys [x]
R4 MpKsl8b975037;MpKsl8b975037;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F67897CF-9E6D-4BFD-8DE8-F715BD9F8CC3}\MpKsl8b975037.sys;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F67897CF-9E6D-4BFD-8DE8-F715BD9F8CC3}\MpKsl8b975037.sys [x]
R4 Nbdrv;NetBalancer;c:\windows\system32\DRIVERS\nbdrv.sys;c:\windows\SYSNATIVE\DRIVERS\nbdrv.sys [x]
R4 ntcdrdrv;ntcdrdrv;c:\windows\system32\DRIVERS\ntcdrdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ntcdrdrv.sys [x]
R4 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R4 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R4 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R4 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R4 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 BootDefragDriver;BootDefragDriver;c:\windows\System32\drivers\BootDefragDriver.sys;c:\windows\SYSNATIVE\drivers\BootDefragDriver.sys [x]
S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys;c:\windows\SYSNATIVE\DRIVERS\hotcore3.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 Soluto;Soluto;c:\windows\system32\DRIVERS\Soluto.sys;c:\windows\SYSNATIVE\DRIVERS\Soluto.sys [x]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys;c:\windows\SYSNATIVE\DRIVERS\stdcfltn.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys;c:\windows\SYSNATIVE\drivers\aksdf.sys [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [x]
S2 msoidsvc;Microsoft Online Services Sign-in Assistant;c:\program files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE;c:\program files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
S2 NvtlService;NovaCore SDK Service;c:\program files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe;c:\program files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [x]
S2 PenCommService;Livescribe Pulse Smartpen Service;c:\program files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe;c:\program files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe [x]
S2 prio_svc;Prio Service;c:\program files\Prio\prio_svc.exe;c:\program files\Prio\prio_svc.exe [x]
S2 QDLService2kDell;Qualcomm Gobi 2000 Download Service (Dell);c:\program files (x86)\QUALCOMM\QDLService2k\QDLService2kDell.exe;c:\program files (x86)\QUALCOMM\QDLService2k\QDLService2kDell.exe [x]
S2 SolutoLauncherService;Soluto Launcher Service;c:\program files\Soluto\SolutoLauncherService.exe;c:\program files\Soluto\SolutoLauncherService.exe [x]
S2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe;c:\program files\Soluto\SolutoService.exe [x]
S2 sp_rsdrv2;Spyware Terminator Driver Filter;c:\windows\system32\DRIVERS\stflt.sys;c:\windows\SYSNATIVE\DRIVERS\stflt.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 TurboBoost;Intel® Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys;c:\windows\SYSNATIVE\DRIVERS\Accelern.sys [x]
S3 AVer7231_x64;AVerMedia 7231 capture service;c:\windows\system32\DRIVERS\AVer7231_x64.sys;c:\windows\SYSNATIVE\DRIVERS\AVer7231_x64.sys [x]
S3 bpenum;bpenum;c:\windows\system32\DRIVERS\bpenum.sys;c:\windows\SYSNATIVE\DRIVERS\bpenum.sys [x]
S3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys;c:\windows\SYSNATIVE\DRIVERS\bpmp.sys [x]
S3 bpusb;bpusb;c:\windows\system32\Drivers\bpusb.sys;c:\windows\SYSNATIVE\Drivers\bpusb.sys [x]
S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 cpuz136;cpuz136;c:\windows\TEMP\cpuz136\cpuz136_x64.sys;c:\windows\TEMP\cpuz136\cpuz136_x64.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
S3 qicflt;upper Device Filter Driver;c:\windows\system32\DRIVERS\qicflt.sys;c:\windows\SYSNATIVE\DRIVERS\qicflt.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys;c:\windows\SYSNATIVE\DRIVERS\WDKMD.sys [x]
S3 WsAudio_Device;WsAudio_Device;c:\windows\system32\drivers\VirtualAudio.sys;c:\windows\SYSNATIVE\drivers\VirtualAudio.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-08-01 00:18 1173456 ----a-w- c:\program files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{90EF4A5E-85DB-4825-96F5-1AB93C2A8EEB}]
2012-07-17 19:09 1409 ----a-r- c:\program files (x86)\Mindjet\MindManager 10\sys\MmInternetExplorerActiveSetup.vbs
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-13 05:48]
.
2013-02-05 c:\windows\Tasks\Defraggler Volume C Task.job
- c:\program files\Defraggler\df64.exe [2013-07-05 06:38]
.
2013-02-05 c:\windows\Tasks\Defraggler Volume G Task.job
- c:\program files\Defraggler\df64.exe [2013-07-05 06:38]
.
2013-08-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2288588268-3214160910-3219196699-1000Core.job
- c:\users\Lars\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-05-10 15:02]
.
2013-08-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2288588268-3214160910-3219196699-1000UA.job
- c:\users\Lars\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-05-10 15:02]
.
2013-06-25 c:\windows\Tasks\GlaryInitialize 3.job
- c:\program files (x86)\Glary Utilities 3\Initialize.exe [2013-05-18 04:47]
.
2013-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-07 17:27]
.
2013-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-07 17:27]
.
2013-08-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2288588268-3214160910-3219196699-1000Core.job
- c:\users\Lars\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-07 17:27]
.
2013-08-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2288588268-3214160910-3219196699-1000UA.job
- c:\users\Lars\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-07 17:27]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6c7a85a7-27c6-49ce-98b2-a8479b0dd63d}"= "c:\program files\StExBar\StExBar.dll" [2011-06-05 446232]
.
[HKEY_CLASSES_ROOT\CLSID\{6c7a85a7-27c6-49ce-98b2-a8479b0dd63d}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-06-04 13:04 261744 ----a-w- c:\users\Lars\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-06-04 13:04 261744 ----a-w- c:\users\Lars\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-06-04 13:04 261744 ----a-w- c:\users\Lars\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 164016 ----a-w- c:\users\Lars\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 164016 ----a-w- c:\users\Lars\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 164016 ----a-w- c:\users\Lars\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 164016 ----a-w- c:\users\Lars\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-06-27 22:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-27 22:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-27 22:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-06-27 22:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-06-27 22:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-06-27 22:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-11 417560]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-06-21 1356240]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-11 167704]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-07-20 1931024]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-12-24 2480936]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2013-02-21 2991856]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"Fences"="c:\program files (x86)\Stardock\Fences\Fences.exe" [2013-04-25 4013744]
"Soluto"="c:\program files\soluto\soluto.exe" [2013-05-23 1229888]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files (x86)\Stardock\Fences\FencesMenu64.dll" [2013-04-25 552112]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://xfinity.comcast.net/?cid=insDate08012013
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;127.0.0.1
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Clip Image - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4
IE: Clip selection - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
IE: Clip this page - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
IE: Clip URL - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
IE: New Note - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html
Trusted Zone: evernote.com\www
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{28C9292B-E63C-4F02-9913-0E5D412D033C}: NameServer = 8.8.8.8,8.8.4.4,192.168.1.1
TCP: Interfaces\{28C9292B-E63C-4F02-9913-0E5D412D033C}\45F6D637024496E65627: NameServer = 8.8.8.8,8.8.4.4,192.168.1.1
TCP: Interfaces\{28C9292B-E63C-4F02-9913-0E5D412D033C}\F48784F6D656F5548545: NameServer = 8.8.8.8,8.8.4.4,192.168.1.1
TCP: Interfaces\{28C9292B-E63C-4F02-9913-0E5D412D033C}\F487F5548545: NameServer = 8.8.8.8,8.8.4.4,192.168.1.1
TCP: Interfaces\{621377E5-FC0D-4B4F-82EB-63DC7486D415}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{64725822-BB0C-4E1F-967E-FA140A2C8A81}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{75AC7DAC-AB05-4071-9914-F8123E487E06}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{8F7DF692-8C32-4A4C-AFAE-AFB78149374F}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{B0517C67-E1BA-4DED-AC6E-63A6A6487F6D}: NameServer = 0.0.0.0
TCP: Interfaces\{D311B0E2-2289-47C1-860F-12D10C591DF5}: NameServer = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\users\Lars\AppData\Roaming\Mozilla\Firefox\Profiles\utqe3ns1.default-1347352402648\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3279141&SearchSource=3&q={searchTerms}&sspv=SP_FFNSP06&CUI=UN33452274521810675
FF - prefs.js: browser.search.selectedEngine - XFINITY
FF - prefs.js: browser.startup.homepage - about:home
FF - ExtSQL: 2013-07-02 19:45; [email protected]; c:\users\Lars\AppData\Roaming\Mozilla\Firefox\Profiles\utqe3ns1.default-1347352402648\extensions\[email protected]
FF - ExtSQL: 2013-07-05 19:32; {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}; c:\users\Lars\AppData\Roaming\Mozilla\Firefox\Profiles\utqe3ns1.default-1347352402648\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
FF - ExtSQL: 2013-07-12 20:21; {0113D088-8ED1-468C-B225-585A9C53B5E3}; c:\users\Lars\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}
FF - ExtSQL: 2013-07-19 21:20; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - ExtSQL: 2013-07-20 06:48; {845257EF-A892-484e-8EB0-47F563D75939}; c:\program files (x86)\iSkysoft\Video Converter Ultimate\SVRFirefoxExt
FF - ExtSQL: !HIDDEN! 2013-07-20 06:48; {845257EF-A892-484e-8EB0-47F563D75939}; c:\program files (x86)\iSkysoft\Video Converter Ultimate\SVRFirefoxExt
.
.
------- File Associations -------
.
.txt=Notepad++_file
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Toolbar-Locked - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
WebBrowser-{37483B40-C254-4A72-BDA4-22EE90182C1E} - (no file)
ShellIconOverlayIdentifiers-{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} - (no file)
ShellIconOverlayIdentifiers-{62CCD8E3-9C21-41E1-B55E-1E26DFC68511} - (no file)
ShellIconOverlayIdentifiers-{A759AFF6-5851-457D-A540-F4ECED148351} - (no file)
ShellIconOverlayIdentifiers-{1574C9EF-7D58-488F-B358-8B78C1538F51} - (no file)
AddRemove-LinuxLive USB Creator - g:\portableapps\LinuxLive USB Creator\Uninstall.exe
AddRemove-xampp - g:\xampp\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90,
   43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87
"{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3}"=hex:51,66,7a,6c,4c,1d,38,12,ed,e2,e6,
   8b,ec,e5,85,03,cf,88,91,ea,bc,02,ef,f7
"{9F6B5CC3-5C7B-4B5C-97AF-19DEC1E380E5}"=hex:51,66,7a,6c,4c,1d,38,12,ad,5f,78,
   9b,49,12,32,0e,e8,b9,5a,9e,c4,bd,c4,f1
"{724D43A0-0D85-11D4-9908-00400523E39A}"=hex:51,66,7a,6c,4c,1d,38,12,ce,40,5e,
   76,b7,43,ba,54,e6,1e,43,00,00,7d,a7,8e
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
   89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{00C6482D-C502-44C8-8409-FCE54AD9C208}"=hex:51,66,7a,6c,4c,1d,38,12,43,4b,d5,
   04,30,8b,a6,01,fb,1f,bf,a5,4f,87,86,1c
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
   38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
"{6EBF7485-159F-4BFF-A14F-B9E3AAC4465B}"=hex:51,66,7a,6c,4c,1d,38,12,eb,77,ac,
   6a,ad,5b,91,0e,de,59,fa,a3,af,9a,02,4f
"{724D43A9-0D85-11D4-9908-00400523E39A}"=hex:51,66,7a,6c,4c,1d,38,12,c7,40,5e,
   76,b7,43,ba,54,e6,1e,43,00,00,7d,a7,8e
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
   76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
   72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{95D9ECF5-2A4D-4550-BE49-70D42F71296E}"=hex:51,66,7a,6c,4c,1d,38,12,9b,ef,ca,
   91,7f,64,3e,00,c1,5f,33,94,2a,2f,6d,7a
"{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f,
   aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
   aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
   d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,38,12,89,1d,84,
   f0,92,94,3d,05,e6,72,25,1d,8b,b8,e4,63
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
   2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
   fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
   b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:de,f6,04,21,61,ea,cc,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d0,f7,4d,5e,54,b1,c9,43,9d,7f,40,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d0,f7,4d,5e,54,b1,c9,43,9d,7f,40,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-08-09  22:44:37
ComboFix-quarantined-files.txt  2013-08-10 04:44
ComboFix2.txt  2013-08-10 02:27
.
Pre-Run: 155,028,819,968 bytes free
Post-Run: 154,857,529,344 bytes free
.
- - End Of File - - 866C85BD35B4598348143502D1B0F022
A36C5E4F47E84449FF07ED3517B43A31
 

Thanks in advance for your help. Let me know what to do next.

 

Lars



#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,152 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:59 PM

Posted 10 August 2013 - 07:31 AM

Could you please grab a screen shot of that message if possible

NEXT

Please do the following:

Please download Junkware Removal Tool to your desktop.
  • Shutdown your antivirus to avoid any conflicts.
  • Right-mouse click JRT.exe and select Run as administrator
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

NEXT


Download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Delete
  • Once done it will ask to reboot, allow the reboot
  • On reboot a log will be produced, please attach the content of the log to your next reply
NEXT
  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif
Microsoft MVP - 2010, 2011, 2012, 2013

#5 TotalBalance

TotalBalance
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Denver, CO
  • Local time:04:59 PM

Posted 10 August 2013 - 03:11 PM

Could you please grab a screen shot of that message if possible

Attached as: malware tojan startup block.png

 

NEXT
Please do the following:

Please download Junkware Removal Tool to your desktop.

Done: However, I forgot to run as "Administrator" so I ran again as instructed yet the 1st jrt.txt file vanished so only the second is attached.
JRT.txt

Also on reboot recieved Chrome corrpuct profile error msg howe re-signing in resolved issue:
attached as: "malware tojan startup repair Chrome error msg.png"

 

NEXT

Download AdwCleaner from here and save it to your desktop.

Done: Attached "AdwCleaner[S1].txt"

 

NEXT

  • Please open your MalwareBytes AntiMalware Program
  • Copy&Paste the entire report in your next reply.

Done: Attached "mbam-log-2013-08-10 (08-29-25).txt"

I've also attached "protection-log-2013-08-10.txt"

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

 

I received no difficult to remove prompts yet error message still present

NEXT

Go here to run an online scanner from ESET.

Done: attached as: ESETSCAN.txt

 

Hope that's everything you need. Let me know what next steps are. Thanks for your assistance!
 

Attached Files



#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,152 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:59 PM

Posted 10 August 2013 - 06:04 PM

You may need to reinstall Chrome, it looks like the malware didn't like being ripped out and has corrupted the installation.

Please do the following:
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Press the WinKey + R to open a run box, type Notepad > click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

File::
C:\Users\Lars\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1EGHE99K\minerd[1].exe	
C:\Users\Lars\Desktop\Desktop I\Sex\How to Lay Girls Guide (2004).zip	
C:\Users\Lars\Documents\Dropbox\Apps\Easy App Toolbox\Where's My Droid-4.2.2.apk	
C:\Users\Lars\Documents\Dropbox\Apps\ManageWP\backups\gitd.co\gitd.co_manual_full_2012-04-09_83576f66f187e1646dff1dcc64a03421.zip	
C:\Users\Lars\Documents\Dropbox\Apps\ManageWP (1)\backups\barterwith.us\barterwith.us_weekly_full_2012-04-26_cea1c4c5c4b8210d139a3a2834c9196d.zip	
C:\Users\Lars\Documents\Dropbox\Apps\ManageWP (1)\backups\barterwith.us\barterwith.us_weekly_full_2012-05-06_ae63077691bdccc76ed2bc013a650aad.zip	
C:\Users\Lars\Documents\Dropbox\Apps\ManageWP (1)\backups\eitos.co\eitos.co_weekly_full_2012-07-19_705968c91ec02b8ee671234fa83f520a.zip	
C:\Users\Lars\Documents\Dropbox\Apps\ManageWP (1)\backups\eitos.co\eitos.co_weekly_full_2013-05-18_fce983fe224b80a7ad4c6b7a4530d5ee.zip	
C:\Users\Lars\Documents\Dropbox\Apps\ManageWP (1)\backups\eitos.org\eitos.org_weekly_full_2012-05-06_d29c2b0c9430d64533c2a60ec97dd865.zip
C:\Users\Lars\Documents\Dropbox\Apps\ManageWP (1)\backups\gitd.co\gitd.co_weekly_full_2012-07-15_231c9cf13a1e2351144f4c26fc1607e4.zip	
C:\Users\Lars\Documents\Dropbox\Apps\ManageWP (1)\backups\gitd.co\gitd.co_weekly_full_2012-07-22_a4171d8992ba579caa289c86b80f5ac3.zip	
C:\Users\Lars\Documents\Dropbox\Apps\ManageWP (1)\backups\gitd.co\gitd.co_weekly_full_2012-07-29_35d253e419ceaca2d6bfbd365983cfb9.zip	
C:\Users\Lars\Documents\Dropbox\Apps\ManageWP (1)\backups\totalbalance.us\totalbalance.us_weekly_full_2012-05-06_65f01f19837115916802f0e7015d4e68.zip	
C:\Users\Lars\Documents\Dropbox\Apps\ManageWP (1)\backups\winterfestgolf.org\winterfestgolf.org_daily_full_2012-04-25_9ef1275c0945d1f62127771c20f43e31.zip	
C:\Users\Lars\Documents\Dropbox\Apps\ManageWP (1)\backups\winterfestgolf.org\winterfestgolf.org_manual_full_2012-04-24_ac9aa84a77b3b5eebe8ada72657ee94a.zip	
C:\Users\Lars\Documents\Dropbox\Apps\ManageWP (1)\backups\winterfestgolf.org\winterfestgolf.org_weekly_full_2012-05-06_9545fbcb07303275d9354a8103aea3ca.zip	
C:\Users\Lars\Documents\Dropbox\Public\Utilities\7zip.exe	
C:\Users\Lars\Documents\Dropbox\TitaniumBackup\com.alienmanfc6.wheresmyandroid-58249dc1ee5430d2acb47370f83af786.apk.gz	
C:\Users\Lars\Documents\Dropbox\TitaniumBackup\com.android.vending.sectool.v1-b05aef827d47105e9f9e92e0e272954a.apk.gz	
C:\Users\Lars\Documents\Dropbox\TitaniumBackup\lammar.quotes-971a9cc93e1d3502160c55523f19fff8.apk.gz	
C:\Users\Lars\Google Drive\Backups\Public\Utilities\7zip.exe	
C:\Users\Lars\Google Drive\Backups\TitaniumBackup\com.alienmanfc6.wheresmyandroid-58249dc1ee5430d2acb47370f83af786.apk.gz	
C:\Users\Lars\Google Drive\Backups\TitaniumBackup\com.android.vending.sectool.v1-b05aef827d47105e9f9e92e0e272954a.apk.gz	
C:\Users\Lars\Google Drive\Backups\TitaniumBackup\com.p1.chompsms-d94c0ffbde0cbb35ae7239cea709dc9f.apk.gz	
C:\Users\Lars\Google Drive\Backups\TitaniumBackup\com.z4mod.z4root-46965bd41dac0e4988515aa2f9f95b19.apk.gz	
C:\Users\Lars\Google Drive\Backups\TitaniumBackup\lammar.quotes-875dd5a778a88635f90356152afcc43e.apk.gz	
C:\Windows\System32\minerd.exe	
C:\Windows\SysWOW64\minerd.exe	

ClearJavaCache::
Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

CFScriptB-4.gif
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.



NEXT


Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
    • If Malicious objects are found then ensure Cure is selected
    • If TDLFS File System/TDSS File system is found then ensure Cure is selected (if cure is not available, choose skip)
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif
Microsoft MVP - 2010, 2011, 2012, 2013

#7 TotalBalance

TotalBalance
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Denver, CO
  • Local time:04:59 PM

Posted 11 August 2013 - 12:58 AM

This took a while and still getting bitcoin error msg.

Had issues temporarily stopping AVG Link Checker Services, even after selecting temporary delay till reboot option.

Every time I tried to stop the services it just autorun'd itself again.  So tried to uninstall AVG but that failed because MS Windows Defender was installed. So, I uninstalled both.

With all all antivirus/malware apps removed except MalwareBytes and that  I disabled, completed above procedures yet still received bitcoin error after reboot.

Noticed I hadn't run everything from my Desktop and not as Administrator, when I had the option so I re-ran procedure 2 more times. Alas, my present status is I'm still receiving error msg. and the only virus/malware defense at the moment is MalwareBytes.

I wanted to send all the log files as attachments but most were too large so I'm pasting in this reply post the last back for your review

 

Let me know what you suggest next.

Lars

ComboFix 13-08-09.02 - Lars 08/10/2013  23:13:12.5.4 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.5879.3184 [GMT -6:00]
Running from: c:\users\Lars\Desktop\ComboFix.exe
Command switches used :: c:\users\Lars\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Lars\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1EGHE99K\minerd[1].exe"
"c:\users\Lars\Desktop\Desktop I\Sex\How to Lay Girls Guide (2004).zip"
"c:\users\Lars\Documents\Dropbox\Apps\Easy App Toolbox\Where's My Droid-4.2.2.apk"
"c:\users\Lars\Documents\Dropbox\Apps\ManageWP (1)\backups\barterwith.us\barterwith.us_weekly_full_2012-04-26_cea1c4c5c4b8210d139a3a2834c9196d.zip"
"c:\users\Lars\Documents\Dropbox\Apps\ManageWP (1)\backups\barterwith.us\barterwith.us_weekly_full_2012-05-06_ae63077691bdccc76ed2bc013a650aad.zip"
"c:\users\Lars\Documents\Dropbox\Apps\ManageWP (1)\backups\eitos.co\eitos.co_weekly_full_2012-07-19_705968c91ec02b8ee671234fa83f520a.zip"
"c:\users\Lars\Documents\Dropbox\Apps\ManageWP (1)\backups\eitos.co\eitos.co_weekly_full_2013-05-18_fce983fe224b80a7ad4c6b7a4530d5ee.zip"
"c:\users\Lars\Documents\Dropbox\Apps\ManageWP (1)\backups\eitos.org\eitos.org_weekly_full_2012-05-06_d29c2b0c9430d64533c2a60ec97dd865.zip"
"c:\users\Lars\Documents\Dropbox\Apps\ManageWP (1)\backups\gitd.co\gitd.co_weekly_full_2012-07-15_231c9cf13a1e2351144f4c26fc1607e4.zip"
"c:\users\Lars\Documents\Dropbox\Apps\ManageWP (1)\backups\gitd.co\gitd.co_weekly_full_2012-07-22_a4171d8992ba579caa289c86b80f5ac3.zip"
"c:\users\Lars\Documents\Dropbox\Apps\ManageWP (1)\backups\gitd.co\gitd.co_weekly_full_2012-07-29_35d253e419ceaca2d6bfbd365983cfb9.zip"
"c:\users\Lars\Documents\Dropbox\Apps\ManageWP (1)\backups\totalbalance.us\totalbalance.us_weekly_full_2012-05-06_65f01f19837115916802f0e7015d4e68.zip"
"c:\users\Lars\Documents\Dropbox\Apps\ManageWP (1)\backups\winterfestgolf.org\winterfestgolf.org_daily_full_2012-04-25_9ef1275c0945d1f62127771c20f43e31.zip"
"c:\users\Lars\Documents\Dropbox\Apps\ManageWP (1)\backups\winterfestgolf.org\winterfestgolf.org_manual_full_2012-04-24_ac9aa84a77b3b5eebe8ada72657ee94a.zip"
"c:\users\Lars\Documents\Dropbox\Apps\ManageWP (1)\backups\winterfestgolf.org\winterfestgolf.org_weekly_full_2012-05-06_9545fbcb07303275d9354a8103aea3ca.zip"
"c:\users\Lars\Documents\Dropbox\Apps\ManageWP\backups\gitd.co\gitd.co_manual_full_2012-04-09_83576f66f187e1646dff1dcc64a03421.zip"
"c:\users\Lars\Documents\Dropbox\Public\Utilities\7zip.exe"
"c:\users\Lars\Documents\Dropbox\TitaniumBackup\com.alienmanfc6.wheresmyandroid-58249dc1ee5430d2acb47370f83af786.apk.gz"
"c:\users\Lars\Documents\Dropbox\TitaniumBackup\com.android.vending.sectool.v1-b05aef827d47105e9f9e92e0e272954a.apk.gz"
"c:\users\Lars\Documents\Dropbox\TitaniumBackup\lammar.quotes-971a9cc93e1d3502160c55523f19fff8.apk.gz"
"c:\users\Lars\Google Drive\Backups\Public\Utilities\7zip.exe"
"c:\users\Lars\Google Drive\Backups\TitaniumBackup\com.alienmanfc6.wheresmyandroid-58249dc1ee5430d2acb47370f83af786.apk.gz"
"c:\users\Lars\Google Drive\Backups\TitaniumBackup\com.android.vending.sectool.v1-b05aef827d47105e9f9e92e0e272954a.apk.gz"
"c:\users\Lars\Google Drive\Backups\TitaniumBackup\com.p1.chompsms-d94c0ffbde0cbb35ae7239cea709dc9f.apk.gz"
"c:\users\Lars\Google Drive\Backups\TitaniumBackup\com.z4mod.z4root-46965bd41dac0e4988515aa2f9f95b19.apk.gz"
"c:\users\Lars\Google Drive\Backups\TitaniumBackup\lammar.quotes-875dd5a778a88635f90356152afcc43e.apk.gz"
"c:\windows\System32\minerd.exe"
"c:\windows\SysWOW64\minerd.exe"
.
.
(((((((((((((((((((((((((   Files Created from 2013-07-11 to 2013-08-11  )))))))))))))))))))))))))))))))
.
.
2013-08-11 05:19 . 2013-08-11 05:19 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-08-11 05:19 . 2013-08-11 05:19 -------- d-----w- c:\users\LRS - Normal User\AppData\Local\temp
2013-08-11 05:19 . 2013-08-11 05:19 -------- d-----w- c:\users\Lars-Design\AppData\Local\temp
2013-08-11 05:19 . 2013-08-11 05:19 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
2013-08-11 05:19 . 2013-08-11 05:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-08-11 05:19 . 2013-08-11 05:19 -------- d-----w- c:\users\Classic .NET AppPool\AppData\Local\temp
2013-08-10 14:42 . 2013-08-10 14:42 174592 ----a-w- c:\windows\SysWow64\minerd.exe
2013-08-10 14:21 . 2013-08-11 04:54 -------- d-----w- c:\programdata\boost_interprocess
2013-08-10 13:59 . 2013-08-10 13:59 -------- d-----w- c:\windows\ERUNT
2013-08-03 01:59 . 2013-08-03 02:01 -------- d-----w- c:\program files (x86)\Audible
2013-08-03 00:26 . 2013-08-03 00:26 -------- d--h--w- c:\programdata\CanonIJMyPrinter
2013-08-03 00:02 . 2013-08-03 00:02 -------- d-----w- c:\program files\Canon
2013-08-02 23:38 . 2013-08-02 23:38 -------- d-----w- c:\windows\SysWow64\STRING
2013-08-01 23:51 . 2013-08-02 00:10 -------- d-----w- c:\users\Lars\AppData\Local\Plex Media Server
2013-08-01 23:47 . 2013-08-01 23:47 -------- d-----w- c:\program files (x86)\Plex
2013-08-01 19:40 . 2010-04-01 02:37 614400 ------r- c:\windows\system32\Rtlihvs.dll
2013-08-01 19:40 . 2010-04-01 02:37 380928 ------r- c:\windows\system32\RtlUI2.exe
2013-08-01 19:40 . 2010-04-01 02:37 188416 ------r- c:\windows\system32\RTLExtUI.dll
2013-08-01 19:39 . 2009-02-05 08:49 451072 ----a-w- c:\windows\SysWow64\ISSRemoveSP.exe
2013-08-01 18:27 . 2013-08-01 18:27 36680 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-08-01 17:12 . 2013-08-01 17:12 -------- d-----w- c:\programdata\xfinity
2013-08-01 16:16 . 2013-08-01 16:17 -------- d-----w- c:\programdata\comcastModemRelease
2013-08-01 16:16 . 2013-08-01 16:16 -------- d-----w- c:\users\Lars\AppData\Local\Xfinity.com
2013-08-01 01:42 . 2013-08-01 01:42 -------- d-----w- c:\program files (x86)\PuTTY
2013-07-31 14:34 . 2013-07-31 14:34 -------- d-----w- c:\users\Lars\AppData\Roaming\Wireshark
2013-07-31 14:31 . 2013-07-31 14:31 -------- d-----w- c:\program files (x86)\WinPcap
2013-07-31 14:30 . 2013-07-31 14:31 -------- d-----w- c:\program files\Wireshark
2013-07-28 02:18 . 2013-07-28 02:19 -------- d-----w- c:\users\Administrator
2013-07-26 01:43 . 2013-07-30 20:27 -------- d-----w- c:\users\Lars\AppData\Local\Amazon Cloud Player
2013-07-22 14:59 . 2013-08-06 15:58 -------- d-----w- c:\users\Lars\.startmeeting
2013-07-22 14:59 . 2013-07-22 14:59 -------- d-----w- c:\users\Lars\AppData\Local\StartMeeting
2013-07-22 14:59 . 2013-07-22 14:59 -------- d-----w- c:\users\Lars\AppData\Local\SMPlugins
2013-07-20 12:48 . 2013-03-25 16:57 721917 ----a-w- c:\windows\SysWow64\ISCM64.dll
2013-07-20 12:48 . 2013-03-25 16:57 153088 ----a-w- c:\windows\SysWow64\ISCM32.dll
2013-07-19 23:52 . 2013-03-25 16:46 31080 ----a-w- c:\windows\system32\drivers\VirtualAudio.sys
2013-07-18 21:53 . 2013-07-19 00:17 -------- d-----w- c:\users\Lars\AppData\Local\HuluDesktop
2013-07-17 19:22 . 2013-08-02 17:13 -------- d-----w- c:\users\Lars\AppData\Roaming\com.amazon.music.uploader
2013-07-17 19:22 . 2013-07-17 19:22 -------- d-----w- c:\program files (x86)\Amazon
2013-07-17 18:25 . 2013-07-17 18:25 -------- d-----we c:\users\Lars\Dropbox
2013-07-16 03:29 . 2013-08-05 17:22 -------- d-----w- c:\users\Lars\My Scans
2013-07-16 01:02 . 2013-07-16 01:02 -------- d--h--w- c:\programdata\CanonIJScan
2013-07-13 04:15 . 2013-07-13 04:15 -------- d--h--w- c:\programdata\CanonIJQuickMenu
2013-07-13 04:03 . 2013-08-02 22:45 -------- d-----w- c:\users\Lars\AppData\Roaming\canon
2013-07-13 04:02 . 2012-09-20 11:00 393728 ----a-w- c:\windows\system32\CNMXLMBN.DLL
2013-07-13 03:57 . 2013-07-13 03:57 -------- d-----w- c:\programdata\Canon IJ Network Tool
2013-07-13 03:57 . 2008-08-26 00:02 15872 ----a-w- c:\windows\SysWow64\CNHMCA.dll
2013-07-13 03:57 . 2012-09-21 15:33 321024 ----a-w- c:\windows\SysWow64\CNC_BNL.dll
2013-07-13 03:57 . 2012-05-25 15:21 103936 ----a-w- c:\windows\SysWow64\CNC_BNU.dll
2013-07-13 03:53 . 2013-07-13 03:53 -------- d--h--w- c:\programdata\CanonIJFAX
2013-07-13 03:34 . 2012-09-20 11:00 30208 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPDBN.DLL
2013-07-13 03:34 . 2012-09-20 11:00 101888 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPPBN.DLL
2013-07-13 03:34 . 2012-09-21 15:34 366080 ----a-w- c:\windows\system32\CNC_BNL.dll
2013-07-13 03:34 . 2012-05-25 15:21 282624 ----a-w- c:\windows\system32\CNC_BNC.dll
2013-07-13 03:34 . 2012-05-25 15:20 106496 ----a-w- c:\windows\system32\CNC_BNI.dll
2013-07-13 03:34 . 2008-08-26 00:02 17920 ----a-w- c:\windows\system32\CNHMCA6.dll
2013-07-13 03:34 . 2012-09-20 11:00 390656 ----a-w- c:\windows\system32\CNMLMBN.DLL
2013-07-13 03:34 . 2012-09-21 11:00 303104 ----a-w- c:\windows\system32\CNCALBN.DLL
2013-07-13 02:19 . 2013-07-13 02:19 -------- d-----w- c:\program files (x86)\iOpus
2013-07-13 02:18 . 2013-07-13 02:18 94300 ----a-w- c:\windows\SysWow64\pthreadGC2.dll
2013-07-13 02:18 . 2013-07-13 02:18 302592 ----a-w- c:\windows\SysWow64\libcurl-4.dll
2013-07-13 02:18 . 2013-07-13 02:18 483425 ----a-w- c:\users\Lars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\initsrv.exe
2013-07-12 06:02 . 2013-07-12 06:07 -------- d-----w- c:\windows\system32\MRT
2013-07-12 05:42 . 2013-07-12 05:42 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-12 05:48 . 2012-06-13 01:41 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-07-12 05:48 . 2011-07-28 22:30 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-12 05:42 . 2012-08-23 06:56 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-07-12 05:42 . 2011-06-27 23:22 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-06-24 06:57 . 2011-06-27 23:06 78277128 ----a-w- c:\windows\system32\MRT.exe
2013-06-16 06:00 . 2013-04-25 18:38 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2013-06-11 23:43 . 2013-07-11 00:04 1767936 ----a-w- c:\windows\SysWow64\wininet.dll
2013-06-11 23:43 . 2013-07-11 00:04 2877440 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-06-11 23:42 . 2013-07-11 00:04 61440 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-06-11 23:42 . 2013-07-11 00:04 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-06-11 23:26 . 2013-07-11 00:04 51712 ----a-w- c:\windows\system32\ie4uinit.exe
2013-06-11 23:26 . 2013-07-11 00:04 2241024 ----a-w- c:\windows\system32\wininet.dll
2013-06-11 23:26 . 2013-07-11 00:04 1365504 ----a-w- c:\windows\system32\urlmon.dll
2013-06-11 23:25 . 2013-07-11 00:04 19238912 ----a-w- c:\windows\system32\mshtml.dll
2013-06-11 23:25 . 2013-07-11 00:04 603136 ----a-w- c:\windows\system32\msfeeds.dll
2013-06-11 23:25 . 2013-07-11 00:04 855552 ----a-w- c:\windows\system32\jscript.dll
2013-06-11 23:25 . 2013-07-11 00:04 3958784 ----a-w- c:\windows\system32\jscript9.dll
2013-06-11 23:25 . 2013-07-11 00:04 53248 ----a-w- c:\windows\system32\jsproxy.dll
2013-06-11 23:25 . 2013-07-11 00:04 526336 ----a-w- c:\windows\system32\ieui.dll
2013-06-11 23:25 . 2013-07-11 00:04 67072 ----a-w- c:\windows\system32\iesetup.dll
2013-06-11 23:25 . 2013-07-11 00:04 39936 ----a-w- c:\windows\system32\iernonce.dll
2013-06-11 23:25 . 2013-07-11 00:04 2648576 ----a-w- c:\windows\system32\iertutil.dll
2013-06-11 23:25 . 2013-07-11 00:04 136704 ----a-w- c:\windows\system32\iesysprep.dll
2013-06-11 23:25 . 2013-07-11 00:04 15404032 ----a-w- c:\windows\system32\ieframe.dll
2013-06-11 22:51 . 2013-07-11 00:04 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-06-11 22:50 . 2013-07-11 00:04 89600 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-06-07 03:22 . 2013-07-11 00:04 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-06-07 02:37 . 2013-07-11 00:04 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-06-05 03:34 . 2013-07-10 12:54 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-06-04 06:00 . 2013-07-10 12:54 624128 ----a-w- c:\windows\system32\qedit.dll
2013-06-04 04:53 . 2013-07-10 12:54 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2013-05-26 16:23 . 2013-05-26 15:58 181064 ----a-w- c:\windows\PSEXESVC.EXE
2013-05-23 22:05 . 2013-05-26 00:04 54728 ----a-w- c:\windows\system32\drivers\Soluto.sys
2013-05-22 14:42 . 2013-04-21 19:03 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2013-05-22 14:42 . 2013-04-05 01:20 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2013-05-22 14:42 . 2013-04-05 01:20 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2013-05-22 14:42 . 2013-04-21 19:02 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2013-05-20 09:19 . 2013-04-05 01:20 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2013-05-20 09:18 . 2013-04-21 19:03 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2013-05-20 09:18 . 2013-04-21 19:02 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2013-05-20 09:18 . 2013-04-05 01:20 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-05-18 04:48 . 2013-06-18 08:08 117024 ----a-w- c:\windows\SysWow64\BootDefrag.exe
2013-05-18 04:48 . 2013-06-18 08:08 117024 ----a-w- c:\windows\system32\BootDefrag.exe
2013-05-16 19:26 . 2012-07-17 20:37 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-13 05:51 . 2013-06-12 13:08 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-05-13 05:51 . 2013-06-12 13:08 1464320 ----a-w- c:\windows\system32\crypt32.dll
2013-05-13 05:51 . 2013-06-12 13:08 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-05-13 05:50 . 2013-06-12 13:08 52224 ----a-w- c:\windows\system32\certenc.dll
2012-07-17 19:45 . 2011-06-28 06:50 14690376 ----a-w- c:\program files (x86)\Common Files\lpuninstall.exe
2011-06-11 00:04 . 2012-08-11 23:44 3223 ----a-w- c:\program files\Install_KN_Access.bat
2010-06-03 14:27 . 2012-08-11 23:44 172 ----a-w- c:\program files\PleaseWait.cmd
2010-04-22 03:33 . 2012-08-11 23:44 155 ----a-w- c:\program files\KNcheck.bat
2009-03-12 22:03 . 2012-08-11 23:44 1024 ----a-w- c:\program files\showwin.exe
2005-07-04 07:11 . 2012-08-11 23:44 57344 ----a-w- c:\program files\Shortcut.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-06-04 13:04 222832 ----a-w- c:\users\Lars\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-06-04 13:04 222832 ----a-w- c:\users\Lars\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-06-04 13:04 222832 ----a-w- c:\users\Lars\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 130736 ----a-w- c:\users\Lars\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 130736 ----a-w- c:\users\Lars\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 130736 ----a-w- c:\users\Lars\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 130736 ----a-w- c:\users\Lars\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\Lars\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2013-05-10 138096]
"Amazon Cloud Player"="c:\users\Lars\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe" [2013-07-22 3109376]
"GoogleChromeAutoLaunch_7DC7BBE999725974DBBB221652CA6934"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2013-07-25 846288]
"B97367E256382583BCD7B1B3AD1D89DA9721095E._service_run"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2013-07-25 846288]
"Plex Media Server"="c:\program files (x86)\Plex\Plex Media Server\Plex Media Server.exe" [2013-06-03 3997832]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"CanonQuickMenu"="c:\program files (x86)\Canon\Quick Menu\CNQMMAIN.EXE" [2012-09-27 1279120]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2011-10-01 107000]
.
c:\users\Lars-Design\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Lars\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-8-2 28057256]
Install LastPass FF RunOnce.lnk - c:\program files (x86)\Common Files\lpuninstall.exe -q -name=LastPass -ffuuid [email protected] [2011-6-28 14690376]
Install LastPass IE RunOnce.lnk - c:\program files (x86)\Common Files\lpuninstall.exe -p -name=LastPass -ffuuid [email protected] [2011-6-28 14690376]
.
c:\users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Install LastPass FF RunOnce.lnk - c:\program files (x86)\Common Files\lpuninstall.exe -q -name=LastPass -ffuuid [email protected] [2011-6-28 14690376]
Install LastPass IE RunOnce.lnk - c:\program files (x86)\Common Files\lpuninstall.exe -p -name=LastPass -ffuuid [email protected] [2011-6-28 14690376]
.
c:\users\Lars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
click.to.lnk - c:\program files (x86)\Axonic\click.to\clicktoapp.exe [2011-7-28 3144192]
initsrv.exe [2013-7-12 483425]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
RescueTime.lnk - c:\program files (x86)\RescueTime\RescueTime.exe --account_key=fd6bdd7f602eff2d2fb68e1aa7240da2  [2012-2-6 2783744]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   autocheck autochk * \0BootDefrag.exe
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ   scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Security Packages REG_MULTI_SZ   kerberos msv1_0 schannel wdigest tspkg pku2u msoidssp livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys;c:\windows\SYSNATIVE\Drivers\ssadadb.sys [x]
R3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys;c:\windows\SYSNATIVE\drivers\Apowersoft_AudioDevice.sys [x]
R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [x]
R3 CrashPlanService;CrashPlan Backup Service;c:\program files\CrashPlan\CrashPlanService.exe;c:\program files\CrashPlan\CrashPlanService.exe [x]
R3 DragonSvc;Dragon Service;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 gbridge;Gbridge Virtual Miniport;c:\windows\system32\DRIVERS\gbridge64.sys;c:\windows\SYSNATIVE\DRIVERS\gbridge64.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R3 hasplms;Sentinel Local License Manager;c:\windows\system32\hasplms.exe  -run;c:\windows\SYSNATIVE\hasplms.exe  -run [x]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys;c:\windows\SYSNATIVE\DRIVERS\ivusb.sys [x]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys;c:\windows\SYSNATIVE\DRIVERS\LEqdUsb.Sys [x]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys;c:\windows\SYSNATIVE\DRIVERS\LHidEqd.Sys [x]
R3 libusb0;Jawbone LibUsb-Win32 - Kernel Driver 09/22/2011,1.2.5.0;c:\windows\system32\DRIVERS\libusb0.sys;c:\windows\SYSNATIVE\DRIVERS\libusb0.sys [x]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]
R3 PulseUsb;Livescribe Smartpen USB Driver;c:\windows\system32\DRIVERS\PulseUsb.sys;c:\windows\SYSNATIVE\DRIVERS\PulseUsb.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x]
R3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192cu.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192cu.sys [x]
R3 SIUSBXP;SIUSBXP;c:\windows\system32\drivers\SiUSBXp.sys;c:\windows\SYSNATIVE\drivers\SiUSBXp.sys [x]
R3 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 SolutoRemoteService;Soluto Remote Service;c:\program files\Soluto\SolutoRemoteService.exe;c:\program files\Soluto\SolutoRemoteService.exe [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 usbrndis6;USB RNDIS6 Adapter;c:\windows\system32\drivers\usb80236.sys;c:\windows\SYSNATIVE\drivers\usb80236.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R3 WefiEngSvc;WeFi Engine Service;c:\program files (x86)\WeFi\WefiEngSvc.exe;c:\program files (x86)\WeFi\WefiEngSvc.exe [x]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys;c:\windows\SYSNATIVE\drivers\WsAudio_DeviceS(1).sys [x]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys;c:\windows\SYSNATIVE\drivers\WsAudio_DeviceS(2).sys [x]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys;c:\windows\SYSNATIVE\drivers\WsAudio_DeviceS(3).sys [x]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys;c:\windows\SYSNATIVE\drivers\WsAudio_DeviceS(4).sys [x]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys;c:\windows\SYSNATIVE\drivers\WsAudio_DeviceS(5).sys [x]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
R4 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [x]
R4 keycrypt;keycrypt;c:\windows\system32\DRIVERS\KeyCrypt64.sys;c:\windows\SYSNATIVE\DRIVERS\KeyCrypt64.sys [x]
R4 MpKsl8b975037;MpKsl8b975037;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F67897CF-9E6D-4BFD-8DE8-F715BD9F8CC3}\MpKsl8b975037.sys;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F67897CF-9E6D-4BFD-8DE8-F715BD9F8CC3}\MpKsl8b975037.sys [x]
R4 Nbdrv;NetBalancer;c:\windows\system32\DRIVERS\nbdrv.sys;c:\windows\SYSNATIVE\DRIVERS\nbdrv.sys [x]
R4 ntcdrdrv;ntcdrdrv;c:\windows\system32\DRIVERS\ntcdrdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ntcdrdrv.sys [x]
R4 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R4 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R4 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R4 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R4 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [x]
S0 BootDefragDriver;BootDefragDriver;c:\windows\System32\drivers\BootDefragDriver.sys;c:\windows\SYSNATIVE\drivers\BootDefragDriver.sys [x]
S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys;c:\windows\SYSNATIVE\DRIVERS\hotcore3.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 Soluto;Soluto;c:\windows\system32\DRIVERS\Soluto.sys;c:\windows\SYSNATIVE\DRIVERS\Soluto.sys [x]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys;c:\windows\SYSNATIVE\DRIVERS\stdcfltn.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys;c:\windows\SYSNATIVE\drivers\aksdf.sys [x]
S2 msoidsvc;Microsoft Online Services Sign-in Assistant;c:\program files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE;c:\program files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
S2 NvtlService;NovaCore SDK Service;c:\program files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe;c:\program files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [x]
S2 PenCommService;Livescribe Pulse Smartpen Service;c:\program files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe;c:\program files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe [x]
S2 prio_svc;Prio Service;c:\program files\Prio\prio_svc.exe;c:\program files\Prio\prio_svc.exe [x]
S2 QDLService2kDell;Qualcomm Gobi 2000 Download Service (Dell);c:\program files (x86)\QUALCOMM\QDLService2k\QDLService2kDell.exe;c:\program files (x86)\QUALCOMM\QDLService2k\QDLService2kDell.exe [x]
S2 SolutoLauncherService;Soluto Launcher Service;c:\program files\Soluto\SolutoLauncherService.exe;c:\program files\Soluto\SolutoLauncherService.exe [x]
S2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe;c:\program files\Soluto\SolutoService.exe [x]
S2 sp_rsdrv2;Spyware Terminator Driver Filter;c:\windows\system32\DRIVERS\stflt.sys;c:\windows\SYSNATIVE\DRIVERS\stflt.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 TurboBoost;Intel® Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys;c:\windows\SYSNATIVE\DRIVERS\Accelern.sys [x]
S3 AVer7231_x64;AVerMedia 7231 capture service;c:\windows\system32\DRIVERS\AVer7231_x64.sys;c:\windows\SYSNATIVE\DRIVERS\AVer7231_x64.sys [x]
S3 bpenum;bpenum;c:\windows\system32\DRIVERS\bpenum.sys;c:\windows\SYSNATIVE\DRIVERS\bpenum.sys [x]
S3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys;c:\windows\SYSNATIVE\DRIVERS\bpmp.sys [x]
S3 bpusb;bpusb;c:\windows\system32\Drivers\bpusb.sys;c:\windows\SYSNATIVE\Drivers\bpusb.sys [x]
S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 cpuz136;cpuz136;c:\windows\TEMP\cpuz136\cpuz136_x64.sys;c:\windows\TEMP\cpuz136\cpuz136_x64.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
S3 qicflt;upper Device Filter Driver;c:\windows\system32\DRIVERS\qicflt.sys;c:\windows\SYSNATIVE\DRIVERS\qicflt.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys;c:\windows\SYSNATIVE\DRIVERS\WDKMD.sys [x]
S3 WsAudio_Device;WsAudio_Device;c:\windows\system32\drivers\VirtualAudio.sys;c:\windows\SYSNATIVE\drivers\VirtualAudio.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-08-01 00:18 1173456 ----a-w- c:\program files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{90EF4A5E-85DB-4825-96F5-1AB93C2A8EEB}]
2012-07-17 19:09 1409 ----a-r- c:\program files (x86)\Mindjet\MindManager 10\sys\MmInternetExplorerActiveSetup.vbs
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-13 05:48]
.
2013-02-05 c:\windows\Tasks\Defraggler Volume C Task.job
- c:\program files\Defraggler\df64.exe [2013-07-05 06:38]
.
2013-02-05 c:\windows\Tasks\Defraggler Volume G Task.job
- c:\program files\Defraggler\df64.exe [2013-07-05 06:38]
.
2013-08-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2288588268-3214160910-3219196699-1000Core.job
- c:\users\Lars\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-05-10 15:02]
.
2013-08-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2288588268-3214160910-3219196699-1000UA.job
- c:\users\Lars\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-05-10 15:02]
.
2013-06-25 c:\windows\Tasks\GlaryInitialize 3.job
- c:\program files (x86)\Glary Utilities 3\Initialize.exe [2013-05-18 04:47]
.
2013-08-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-07 17:27]
.
2013-08-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-07 17:27]
.
2013-08-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2288588268-3214160910-3219196699-1000Core.job
- c:\users\Lars\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-07 17:27]
.
2013-08-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2288588268-3214160910-3219196699-1000UA.job
- c:\users\Lars\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-07 17:27]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6c7a85a7-27c6-49ce-98b2-a8479b0dd63d}"= "c:\program files\StExBar\StExBar.dll" [2011-06-05 446232]
.
[HKEY_CLASSES_ROOT\CLSID\{6c7a85a7-27c6-49ce-98b2-a8479b0dd63d}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-06-04 13:04 261744 ----a-w- c:\users\Lars\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-06-04 13:04 261744 ----a-w- c:\users\Lars\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-06-04 13:04 261744 ----a-w- c:\users\Lars\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 164016 ----a-w- c:\users\Lars\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 164016 ----a-w- c:\users\Lars\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 164016 ----a-w- c:\users\Lars\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 164016 ----a-w- c:\users\Lars\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-06-27 22:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-27 22:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-27 22:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-06-27 22:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-06-27 22:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-06-27 22:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-11 417560]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-11 167704]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-07-20 1931024]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-12-24 2480936]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2013-02-21 2991856]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"Fences"="c:\program files (x86)\Stardock\Fences\Fences.exe" [2013-04-25 4013744]
"Soluto"="c:\program files\soluto\soluto.exe" [2013-05-23 1229888]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files (x86)\Stardock\Fences\FencesMenu64.dll" [2013-04-25 552112]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://xfinity.comcast.net/?cid=insDate08012013
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;127.0.0.1
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Clip Image - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4
IE: Clip selection - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
IE: Clip this page - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
IE: Clip URL - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
IE: New Note - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html
Trusted Zone: evernote.com\www
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{28C9292B-E63C-4F02-9913-0E5D412D033C}: NameServer = 8.8.8.8,8.8.4.4,192.168.1.1
TCP: Interfaces\{28C9292B-E63C-4F02-9913-0E5D412D033C}\45F6D637024496E65627: NameServer = 8.8.8.8,8.8.4.4,192.168.1.1
TCP: Interfaces\{28C9292B-E63C-4F02-9913-0E5D412D033C}\F48784F6D656: NameServer = 8.8.8.8,8.8.4.4,192.168.1.1
TCP: Interfaces\{28C9292B-E63C-4F02-9913-0E5D412D033C}\F487F5548545: NameServer = 8.8.8.8,8.8.4.4,192.168.1.1
TCP: Interfaces\{621377E5-FC0D-4B4F-82EB-63DC7486D415}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{64725822-BB0C-4E1F-967E-FA140A2C8A81}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{75AC7DAC-AB05-4071-9914-F8123E487E06}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{8F7DF692-8C32-4A4C-AFAE-AFB78149374F}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{B0517C67-E1BA-4DED-AC6E-63A6A6487F6D}: NameServer = 0.0.0.0
TCP: Interfaces\{D311B0E2-2289-47C1-860F-12D10C591DF5}: NameServer = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\users\Lars\AppData\Roaming\Mozilla\Firefox\Profiles\utqe3ns1.default-1347352402648\
FF - prefs.js: browser.search.selectedEngine - XFINITY
FF - prefs.js: browser.startup.homepage - about:home
FF - ExtSQL: 2013-07-02 19:45; [email protected]; c:\users\Lars\AppData\Roaming\Mozilla\Firefox\Profiles\utqe3ns1.default-1347352402648\extensions\[email protected]
FF - ExtSQL: 2013-07-05 19:32; {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}; c:\users\Lars\AppData\Roaming\Mozilla\Firefox\Profiles\utqe3ns1.default-1347352402648\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
FF - ExtSQL: 2013-07-12 20:21; {0113D088-8ED1-468C-B225-585A9C53B5E3}; c:\users\Lars\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}
FF - ExtSQL: 2013-07-19 21:20; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - ExtSQL: 2013-07-20 06:48; {845257EF-A892-484e-8EB0-47F563D75939}; c:\program files (x86)\iSkysoft\Video Converter Ultimate\SVRFirefoxExt
FF - ExtSQL: !HIDDEN! 2013-07-20 06:48; {845257EF-A892-484e-8EB0-47F563D75939}; c:\program files (x86)\iSkysoft\Video Converter Ultimate\SVRFirefoxExt
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Toolbar-Locked - (no file)
WebBrowser-{37483B40-C254-4A72-BDA4-22EE90182C1E} - (no file)
ShellIconOverlayIdentifiers-{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} - (no file)
ShellIconOverlayIdentifiers-{62CCD8E3-9C21-41E1-B55E-1E26DFC68511} - (no file)
ShellIconOverlayIdentifiers-{A759AFF6-5851-457D-A540-F4ECED148351} - (no file)
ShellIconOverlayIdentifiers-{1574C9EF-7D58-488F-B358-8B78C1538F51} - (no file)
AddRemove-LinuxLive USB Creator - g:\portableapps\LinuxLive USB Creator\Uninstall.exe
AddRemove-xampp - g:\xampp\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90,
   43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87
"{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3}"=hex:51,66,7a,6c,4c,1d,38,12,ed,e2,e6,
   8b,ec,e5,85,03,cf,88,91,ea,bc,02,ef,f7
"{9F6B5CC3-5C7B-4B5C-97AF-19DEC1E380E5}"=hex:51,66,7a,6c,4c,1d,38,12,ad,5f,78,
   9b,49,12,32,0e,e8,b9,5a,9e,c4,bd,c4,f1
"{724D43A0-0D85-11D4-9908-00400523E39A}"=hex:51,66,7a,6c,4c,1d,38,12,ce,40,5e,
   76,b7,43,ba,54,e6,1e,43,00,00,7d,a7,8e
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
   89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{00C6482D-C502-44C8-8409-FCE54AD9C208}"=hex:51,66,7a,6c,4c,1d,38,12,43,4b,d5,
   04,30,8b,a6,01,fb,1f,bf,a5,4f,87,86,1c
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
   38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
"{6EBF7485-159F-4BFF-A14F-B9E3AAC4465B}"=hex:51,66,7a,6c,4c,1d,38,12,eb,77,ac,
   6a,ad,5b,91,0e,de,59,fa,a3,af,9a,02,4f
"{724D43A9-0D85-11D4-9908-00400523E39A}"=hex:51,66,7a,6c,4c,1d,38,12,c7,40,5e,
   76,b7,43,ba,54,e6,1e,43,00,00,7d,a7,8e
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
   76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
   72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{95D9ECF5-2A4D-4550-BE49-70D42F71296E}"=hex:51,66,7a,6c,4c,1d,38,12,9b,ef,ca,
   91,7f,64,3e,00,c1,5f,33,94,2a,2f,6d,7a
"{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f,
   aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
   aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
   d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,38,12,89,1d,84,
   f0,92,94,3d,05,e6,72,25,1d,8b,b8,e4,63
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
   2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
   fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
   b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:de,f6,04,21,61,ea,cc,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d0,f7,4d,5e,54,b1,c9,43,9d,7f,40,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d0,f7,4d,5e,54,b1,c9,43,9d,7f,40,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-08-10  23:21:39
ComboFix-quarantined-files.txt  2013-08-11 05:21
ComboFix2.txt  2013-08-10 04:44
ComboFix3.txt  2013-08-10 02:27
.
Pre-Run: 155,978,678,272 bytes free
Post-Run: 155,814,526,976 bytes free
.
- - End Of File - - 2534E999D7FFDD5BD9DD2F5317A45A8F
A36C5E4F47E84449FF07ED3517B43A31
 
23:24:03.0634 1252  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
23:24:05.0635 1252  ============================================================
23:24:05.0635 1252  Current date / time: 2013/08/10 23:24:05.0635
23:24:05.0635 1252  SystemInfo:
23:24:05.0635 1252  
23:24:05.0635 1252  OS Version: 6.1.7601 ServicePack: 1.0
23:24:05.0635 1252  Product type: Workstation
23:24:05.0635 1252  ComputerName: LARS-PC
23:24:05.0636 1252  UserName: Lars
23:24:05.0636 1252  Windows directory: C:\Windows
23:24:05.0636 1252  System windows directory: C:\Windows
23:24:05.0636 1252  Running under WOW64
23:24:05.0636 1252  Processor architecture: Intel x64
23:24:05.0636 1252  Number of processors: 4
23:24:05.0636 1252  Page size: 0x1000
23:24:05.0636 1252  Boot type: Normal boot
23:24:05.0636 1252  ============================================================
23:24:07.0112 1252  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:24:07.0123 1252  Drive \Device\Harddisk1\DR1 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
23:24:07.0465 1252  Drive \Device\Harddisk2\DR2 - Size: 0xEE7AA0000 (59.62 Gb), SectorSize: 0x200, Cylinders: 0x1E66, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
23:24:07.0468 1252  ============================================================
23:24:07.0468 1252  \Device\Harddisk0\DR0:
23:24:07.0469 1252  MBR partitions:
23:24:07.0469 1252  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x38000, BlocksNum 0x13C2000
23:24:07.0469 1252  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x13FA000, BlocksNum 0x38F8A000
23:24:07.0469 1252  \Device\Harddisk1\DR1:
23:24:07.0469 1252  MBR partitions:
23:24:07.0469 1252  \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x1D1C4542
23:24:07.0469 1252  \Device\Harddisk2\DR2:
23:24:07.0470 1252  MBR partitions:
23:24:07.0470 1252  \Device\Harddisk2\DR2\Partition1: MBR, Type 0xC, StartLBA 0x20, BlocksNum 0x773D4E0
23:24:07.0470 1252  ============================================================
23:24:07.0517 1252  C: <-> \Device\Harddisk0\DR0\Partition2
23:24:07.0552 1252  F: <-> \Device\Harddisk0\DR0\Partition1
23:24:07.0564 1252  I: <-> \Device\Harddisk1\DR1\Partition1
23:24:07.0564 1252  ============================================================
23:24:07.0564 1252  Initialize success
23:24:07.0564 1252  ============================================================
23:24:50.0838 3852  ============================================================
23:24:50.0838 3852  Scan started
23:24:50.0838 3852  Mode: Manual; TDLFS; 
23:24:50.0838 3852  ============================================================
23:24:52.0108 3852  ================ Scan system memory ========================
23:24:52.0108 3852  System memory - ok
23:24:52.0108 3852  ================ Scan services =============================
23:24:52.0309 3852  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
23:24:52.0311 3852  1394ohci - ok
23:24:52.0361 3852  [ 7A505465BBB1EB8B5AD4D76E8749383B ] Acceler         C:\Windows\system32\DRIVERS\Accelern.sys
23:24:52.0362 3852  Acceler - ok
23:24:52.0399 3852  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
23:24:52.0402 3852  ACPI - ok
23:24:52.0420 3852  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
23:24:52.0421 3852  AcpiPmi - ok
23:24:52.0599 3852  [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
23:24:52.0600 3852  AdobeARMservice - ok
23:24:52.0738 3852  [ 476BB014F3F68C0C15EDDD5B444DA8FF ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
23:24:52.0740 3852  AdobeFlashPlayerUpdateSvc - ok
23:24:52.0815 3852  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
23:24:52.0820 3852  adp94xx - ok
23:24:52.0859 3852  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
23:24:52.0862 3852  adpahci - ok
23:24:52.0880 3852  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
23:24:52.0882 3852  adpu320 - ok
23:24:52.0925 3852  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
23:24:52.0926 3852  AeLookupSvc - ok
23:24:53.0016 3852  [ D1E343BC00136CE03C4D403194D06A80 ] AERTFilters     C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
23:24:53.0017 3852  AERTFilters - ok
23:24:53.0078 3852  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
23:24:53.0083 3852  AFD - ok
23:24:53.0144 3852  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
23:24:53.0145 3852  agp440 - ok
23:24:53.0207 3852  [ 44F360B65C37A42EB5B71C2E5179FDD5 ] aksdf           C:\Windows\system32\drivers\aksdf.sys
23:24:53.0208 3852  aksdf - ok
23:24:53.0260 3852  [ BC61697103C9EFC3DBA83777CEA8E76B ] aksfridge       C:\Windows\system32\drivers\aksfridge.sys
23:24:53.0262 3852  aksfridge - ok
23:24:53.0287 3852  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
23:24:53.0288 3852  ALG - ok
23:24:53.0320 3852  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
23:24:53.0321 3852  aliide - ok
23:24:53.0333 3852  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
23:24:53.0333 3852  amdide - ok
23:24:53.0393 3852  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
23:24:53.0394 3852  AmdK8 - ok
23:24:53.0409 3852  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
23:24:53.0411 3852  AmdPPM - ok
23:24:53.0464 3852  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
23:24:53.0466 3852  amdsata - ok
23:24:53.0484 3852  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
23:24:53.0486 3852  amdsbs - ok
23:24:53.0505 3852  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
23:24:53.0506 3852  amdxata - ok
23:24:53.0557 3852  [ 4DE0D5D747A73797C95A97DCCE5018B5 ] androidusb      C:\Windows\system32\Drivers\ssadadb.sys
23:24:53.0558 3852  androidusb - ok
23:24:53.0617 3852  [ AD12F5C7251BB8D575D560894E73CBBA ] Apowersoft_AudioDevice C:\Windows\system32\drivers\Apowersoft_AudioDevice.sys
23:24:53.0617 3852  Apowersoft_AudioDevice - ok
23:24:53.0678 3852  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
23:24:53.0679 3852  AppID - ok
23:24:53.0715 3852  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
23:24:53.0716 3852  AppIDSvc - ok
23:24:53.0752 3852  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo         C:\Windows\System32\appinfo.dll
23:24:53.0754 3852  Appinfo - ok
23:24:53.0881 3852  [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:24:53.0883 3852  Apple Mobile Device - ok
23:24:53.0930 3852  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt         C:\Windows\System32\appmgmts.dll
23:24:53.0932 3852  AppMgmt - ok
23:24:53.0982 3852  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
23:24:53.0983 3852  arc - ok
23:24:54.0004 3852  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
23:24:54.0005 3852  arcsas - ok
23:24:54.0177 3852  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
23:24:54.0178 3852  aspnet_state - ok
23:24:54.0217 3852  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
23:24:54.0218 3852  AsyncMac - ok
23:24:54.0249 3852  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
23:24:54.0250 3852  atapi - ok
23:24:54.0309 3852  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:24:54.0315 3852  AudioEndpointBuilder - ok
23:24:54.0330 3852  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
23:24:54.0337 3852  AudioSrv - ok
23:24:54.0449 3852  [ 1D56DCD05784B1F1D9C6E2F529043279 ] AVer7231_x64    C:\Windows\system32\DRIVERS\AVer7231_x64.sys
23:24:54.0466 3852  AVer7231_x64 - ok
23:24:54.0507 3852  [ 803B9A93C8D8B72414D7D05DC1A47F34 ] AX88772         C:\Windows\system32\DRIVERS\ax88772.sys
23:24:54.0509 3852  AX88772 - ok
23:24:54.0555 3852  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
23:24:54.0556 3852  AxInstSV - ok
23:24:54.0604 3852  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
23:24:54.0609 3852  b06bdrv - ok
23:24:54.0661 3852  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
23:24:54.0664 3852  b57nd60a - ok
23:24:54.0721 3852  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
23:24:54.0723 3852  BDESVC - ok
23:24:54.0763 3852  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
23:24:54.0764 3852  Beep - ok
23:24:54.0843 3852  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
23:24:54.0850 3852  BFE - ok
23:24:54.0883 3852  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\system32\qmgr.dll
23:24:54.0890 3852  BITS - ok
23:24:54.0932 3852  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
23:24:54.0932 3852  blbdrive - ok
23:24:55.0044 3852  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
23:24:55.0048 3852  Bonjour Service - ok
23:24:55.0110 3852  [ 52D3808A7BD62AF0F18123344779DBA1 ] BootDefragDriver C:\Windows\system32\drivers\BootDefragDriver.sys
23:24:55.0111 3852  BootDefragDriver - ok
23:24:55.0155 3852  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
23:24:55.0156 3852  bowser - ok
23:24:55.0192 3852  [ F46DD257FAD7D2D097EF32E72220A06C ] bpenum          C:\Windows\system32\DRIVERS\bpenum.sys
23:24:55.0193 3852  bpenum - ok
23:24:55.0237 3852  [ E82060AED0F28ED8909F2B07FA276185 ] bpmp            C:\Windows\system32\DRIVERS\bpmp.sys
23:24:55.0239 3852  bpmp - ok
23:24:55.0271 3852  [ FC6313A5A45C1AE53D0491F0057D5A4D ] bpusb           C:\Windows\system32\Drivers\bpusb.sys
23:24:55.0272 3852  bpusb - ok
23:24:55.0322 3852  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:24:55.0322 3852  BrFiltLo - ok
23:24:55.0341 3852  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:24:55.0342 3852  BrFiltUp - ok
23:24:55.0393 3852  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
23:24:55.0394 3852  BridgeMP - ok
23:24:55.0445 3852  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
23:24:55.0447 3852  Browser - ok
23:24:55.0473 3852  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
23:24:55.0476 3852  Brserid - ok
23:24:55.0492 3852  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
23:24:55.0493 3852  BrSerWdm - ok
23:24:55.0507 3852  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
23:24:55.0508 3852  BrUsbMdm - ok
23:24:55.0515 3852  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
23:24:55.0516 3852  BrUsbSer - ok
23:24:55.0569 3852  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
23:24:55.0569 3852  BthEnum - ok
23:24:55.0589 3852  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
23:24:55.0590 3852  BTHMODEM - ok
23:24:55.0629 3852  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
23:24:55.0630 3852  BthPan - ok
23:24:55.0693 3852  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
23:24:55.0698 3852  BTHPORT - ok
23:24:55.0745 3852  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
23:24:55.0747 3852  bthserv - ok
23:24:55.0787 3852  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
23:24:55.0788 3852  BTHUSB - ok
23:24:55.0844 3852  [ 96E22173FD0E2670A2A20C1EEECA162A ] btwampfl        C:\Windows\system32\drivers\btwampfl.sys
23:24:55.0850 3852  btwampfl - ok
23:24:55.0880 3852  [ A771078558477068DFD8037B82EB00F8 ] btwaudio        C:\Windows\system32\drivers\btwaudio.sys
23:24:55.0883 3852  btwaudio - ok
23:24:55.0938 3852  [ 9FF58F76024D25784755B01F926B00BE ] btwavdt         C:\Windows\system32\DRIVERS\btwavdt.sys
23:24:55.0941 3852  btwavdt - ok
23:24:56.0055 3852  [ C540BEA575D4B2E74A2F4AF5B036AE03 ] btwdins         C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
23:24:56.0064 3852  btwdins - ok
23:24:56.0085 3852  [ B1ACFD00CDD13B48D86F46BFEC153BF9 ] btwl2cap        C:\Windows\system32\DRIVERS\btwl2cap.sys
23:24:56.0086 3852  btwl2cap - ok
23:24:56.0110 3852  [ EDD953D635F3AA89EF902E3F82D60D22 ] btwrchid        C:\Windows\system32\DRIVERS\btwrchid.sys
23:24:56.0111 3852  btwrchid - ok
23:24:56.0153 3852  catchme - ok
23:24:56.0187 3852  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
23:24:56.0189 3852  cdfs - ok
23:24:56.0240 3852  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
23:24:56.0241 3852  cdrom - ok
23:24:56.0294 3852  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
23:24:56.0296 3852  CertPropSvc - ok
23:24:56.0348 3852  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
23:24:56.0349 3852  circlass - ok
23:24:56.0414 3852  [ FF60401F1C659CA2ED4BAE85D3FD14DA ] CISVC           C:\Windows\system32\CISVC.EXE
23:24:56.0415 3852  CISVC - ok
23:24:56.0474 3852  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
23:24:56.0478 3852  CLFS - ok
23:24:56.0566 3852  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:24:56.0567 3852  clr_optimization_v2.0.50727_32 - ok
23:24:56.0614 3852  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:24:56.0616 3852  clr_optimization_v2.0.50727_64 - ok
23:24:56.0690 3852  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:24:56.0692 3852  clr_optimization_v4.0.30319_32 - ok
23:24:56.0713 3852  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:24:56.0715 3852  clr_optimization_v4.0.30319_64 - ok
23:24:56.0757 3852  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
23:24:56.0758 3852  CmBatt - ok
23:24:56.0793 3852  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
23:24:56.0794 3852  cmdide - ok
23:24:56.0843 3852  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG             C:\Windows\system32\Drivers\cng.sys
23:24:56.0848 3852  CNG - ok
23:24:56.0883 3852  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
23:24:56.0883 3852  Compbatt - ok
23:24:56.0932 3852  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
23:24:56.0933 3852  CompositeBus - ok
23:24:56.0955 3852  COMSysApp - ok
23:24:57.0043 3852  [ 3CA734CE373E5675FBC15CA2C45228E5 ] cpudrv64        C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys
23:24:57.0044 3852  cpudrv64 - ok
23:24:57.0271 3852  cpuz136 - ok
23:24:57.0391 3852  [ EAC0CBC5EA44F47C8F5DA0B937DC0FC3 ] CrashPlanService C:\Program Files\CrashPlan\CrashPlanService.exe
23:24:57.0394 3852  CrashPlanService - ok
23:24:57.0559 3852  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
23:24:57.0560 3852  crcdisk - ok
23:24:57.0610 3852  [ D8129C49798CBBFB2E4351D4B7B8EF9C ] CryptSvc        C:\Windows\system32\cryptsvc.dll
23:24:57.0613 3852  CryptSvc - ok
23:24:57.0652 3852  [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC             C:\Windows\system32\drivers\csc.sys
23:24:57.0657 3852  CSC - ok
23:24:57.0687 3852  [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService      C:\Windows\System32\cscsvc.dll
23:24:57.0694 3852  CscService - ok
23:24:57.0737 3852  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
23:24:57.0742 3852  DcomLaunch - ok
23:24:57.0772 3852  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
23:24:57.0775 3852  defragsvc - ok
23:24:57.0822 3852  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
23:24:57.0823 3852  DfsC - ok
23:24:57.0863 3852  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
23:24:57.0867 3852  Dhcp - ok
23:24:57.0896 3852  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
23:24:57.0897 3852  discache - ok
23:24:57.0961 3852  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
23:24:57.0962 3852  Disk - ok
23:24:58.0057 3852  [ 61458C120CDDFE7514E2DB125568CA59 ] DMAgent         C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
23:24:58.0061 3852  DMAgent - ok
23:24:58.0094 3852  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
23:24:58.0096 3852  Dnscache - ok
23:24:58.0131 3852  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
23:24:58.0134 3852  dot3svc - ok
23:24:58.0165 3852  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
23:24:58.0168 3852  DPS - ok
23:24:58.0263 3852  [ F7BDA38AFBDA04F0A89DEBA767EEDA79 ] DragonSvc       C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
23:24:58.0266 3852  DragonSvc - ok
23:24:58.0312 3852  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
23:24:58.0312 3852  drmkaud - ok
23:24:58.0371 3852  [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
23:24:58.0380 3852  DXGKrnl - ok
23:24:58.0438 3852  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
23:24:58.0440 3852  EapHost - ok
23:24:58.0554 3852  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
23:24:58.0573 3852  ebdrv - ok
23:24:58.0603 3852  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
23:24:58.0604 3852  EFS - ok
23:24:58.0657 3852  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
23:24:58.0664 3852  ehRecvr - ok
23:24:58.0700 3852  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
23:24:58.0701 3852  ehSched - ok
23:24:58.0747 3852  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
23:24:58.0753 3852  elxstor - ok
23:24:58.0794 3852  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
23:24:58.0794 3852  ErrDev - ok
23:24:58.0842 3852  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
23:24:58.0847 3852  EventSystem - ok
23:24:58.0956 3852  [ BDFCB7E8C108D042B213957D2B044E7E ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe
23:24:58.0969 3852  EvtEng - ok
23:24:59.0009 3852  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
23:24:59.0011 3852  exfat - ok
23:24:59.0030 3852  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
23:24:59.0032 3852  fastfat - ok
23:24:59.0094 3852  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
23:24:59.0102 3852  Fax - ok
23:24:59.0119 3852  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
23:24:59.0120 3852  fdc - ok
23:24:59.0141 3852  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
23:24:59.0141 3852  fdPHost - ok
23:24:59.0161 3852  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
23:24:59.0162 3852  FDResPub - ok
23:24:59.0172 3852  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
23:24:59.0173 3852  FileInfo - ok
23:24:59.0191 3852  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
23:24:59.0191 3852  Filetrace - ok
23:24:59.0285 3852  [ 5CEE6CD43AE5844C49300EA0B1E557EE ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
23:24:59.0298 3852  FLEXnet Licensing Service 64 - ok
23:24:59.0309 3852  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
23:24:59.0309 3852  flpydisk - ok
23:24:59.0325 3852  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
23:24:59.0326 3852  FltMgr - ok
23:24:59.0413 3852  [ C5BA57819B4C7CF89434F06E4F1CF1C3 ] FolderSize      C:\Program Files\FolderSize\FolderSizeSvc.exe
23:24:59.0415 3852  FolderSize - ok
23:24:59.0491 3852  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
23:24:59.0503 3852  FontCache - ok
23:24:59.0612 3852  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:24:59.0613 3852  FontCache3.0.0.0 - ok
23:24:59.0637 3852  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
23:24:59.0638 3852  FsDepends - ok
23:24:59.0665 3852  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
23:24:59.0666 3852  Fs_Rec - ok
23:24:59.0705 3852  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
23:24:59.0707 3852  fvevol - ok
23:24:59.0734 3852  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
23:24:59.0736 3852  gagp30kx - ok
23:24:59.0785 3852  [ 830E853D557DA8F4D9449699E53CBEE0 ] gbridge         C:\Windows\system32\DRIVERS\gbridge64.sys
23:24:59.0786 3852  gbridge - ok
23:24:59.0853 3852  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:24:59.0854 3852  GEARAspiWDM - ok
23:24:59.0900 3852  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
23:24:59.0908 3852  gpsvc - ok
23:25:00.0032 3852  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:25:00.0033 3852  gupdate - ok
23:25:00.0048 3852  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:25:00.0049 3852  gupdatem - ok
23:25:00.0121 3852  [ C1B577B2169900F4CF7190C39F085794 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
23:25:00.0123 3852  gusvc - ok
23:25:00.0192 3852  [ D619BA1712B83D14149850E758B835AD ] hardlock        C:\Windows\system32\drivers\hardlock.sys
23:25:00.0196 3852  hardlock - ok
23:25:00.0225 3852  hasplms - ok
23:25:00.0267 3852  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
23:25:00.0268 3852  hcw85cir - ok
23:25:00.0319 3852  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
23:25:00.0323 3852  HdAudAddService - ok
23:25:00.0359 3852  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
23:25:00.0360 3852  HDAudBus - ok
23:25:00.0419 3852  [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64         C:\Windows\system32\DRIVERS\HECIx64.sys
23:25:00.0420 3852  HECIx64 - ok
23:25:00.0442 3852  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
23:25:00.0443 3852  HidBatt - ok
23:25:00.0471 3852  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
23:25:00.0472 3852  HidBth - ok
23:25:00.0491 3852  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
23:25:00.0492 3852  HidIr - ok
23:25:00.0526 3852  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\System32\hidserv.dll
23:25:00.0528 3852  hidserv - ok
23:25:00.0562 3852  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
23:25:00.0563 3852  HidUsb - ok
23:25:00.0596 3852  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
23:25:00.0598 3852  hkmsvc - ok
23:25:00.0625 3852  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
23:25:00.0629 3852  HomeGroupListener - ok
23:25:00.0659 3852  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
23:25:00.0664 3852  HomeGroupProvider - ok
23:25:00.0728 3852  [ 5E626EA93C77825C56E6FBC2FD5E5DE5 ] hotcore3        C:\Windows\system32\DRIVERS\hotcore3.sys
23:25:00.0729 3852  hotcore3 - ok
23:25:00.0781 3852  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
23:25:00.0782 3852  HpSAMD - ok
23:25:00.0826 3852  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
23:25:00.0833 3852  HTTP - ok
23:25:00.0859 3852  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
23:25:00.0860 3852  hwpolicy - ok
23:25:00.0927 3852  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
23:25:00.0928 3852  i8042prt - ok
23:25:00.0988 3852  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
23:25:00.0992 3852  iaStorV - ok
23:25:01.0034 3852  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:25:01.0040 3852  idsvc - ok
23:25:01.0262 3852  [ F4F91789C7C7A159CE8215C1F69F2A85 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
23:25:01.0312 3852  igfx - ok
23:25:01.0357 3852  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
23:25:01.0359 3852  iirsp - ok
23:25:01.0478 3852  [ EDCCC8C13B1EB882F77BA0ABB84566E7 ] IJPLMSVC        C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
23:25:01.0480 3852  IJPLMSVC - ok
23:25:01.0545 3852  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
23:25:01.0554 3852  IKEEXT - ok
23:25:01.0612 3852  [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd           C:\Windows\system32\DRIVERS\Impcd.sys
23:25:01.0614 3852  Impcd - ok
23:25:01.0715 3852  [ 21B624453727A12F379DD3F61648AEC4 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
23:25:01.0735 3852  IntcAzAudAddService - ok
23:25:01.0795 3852  [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
23:25:01.0798 3852  IntcDAud - ok
23:25:01.0832 3852  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
23:25:01.0833 3852  intelide - ok
23:25:01.0887 3852  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
23:25:01.0888 3852  intelppm - ok
23:25:01.0940 3852  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
23:25:01.0942 3852  IPBusEnum - ok
23:25:01.0983 3852  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:25:01.0985 3852  IpFilterDriver - ok
23:25:02.0026 3852  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
23:25:02.0032 3852  iphlpsvc - ok
23:25:02.0067 3852  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
23:25:02.0068 3852  IPMIDRV - ok
23:25:02.0085 3852  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
23:25:02.0087 3852  IPNAT - ok
23:25:02.0195 3852  [ 0FF335D687C85097725A53458160E81E ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
23:25:02.0201 3852  iPod Service - ok
23:25:02.0250 3852  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
23:25:02.0250 3852  IRENUM - ok
23:25:02.0287 3852  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
23:25:02.0288 3852  isapnp - ok
23:25:02.0327 3852  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
23:25:02.0330 3852  iScsiPrt - ok
23:25:02.0400 3852  [ BD5BF20EC242E003A2F570B8754A56D1 ] ivusb           C:\Windows\system32\DRIVERS\ivusb.sys
23:25:02.0400 3852  ivusb - ok
23:25:02.0452 3852  [ FAA8D5426BD7C04CFDB1286B19C4DFA4 ] JMCR            C:\Windows\system32\DRIVERS\jmcr.sys
23:25:02.0454 3852  JMCR - ok
23:25:02.0497 3852  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
23:25:02.0498 3852  kbdclass - ok
23:25:02.0537 3852  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
23:25:02.0538 3852  kbdhid - ok
23:25:02.0574 3852  keycrypt - ok
23:25:02.0612 3852  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
23:25:02.0614 3852  KeyIso - ok
23:25:02.0653 3852  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
23:25:02.0654 3852  KSecDD - ok
23:25:02.0690 3852  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
23:25:02.0692 3852  KSecPkg - ok
23:25:02.0725 3852  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
23:25:02.0726 3852  ksthunk - ok
23:25:02.0772 3852  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
23:25:02.0778 3852  KtmRm - ok
23:25:02.0829 3852  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\System32\srvsvc.dll
23:25:02.0834 3852  LanmanServer - ok
23:25:02.0872 3852  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:25:02.0876 3852  LanmanWorkstation - ok
23:25:03.0016 3852  [ 70FB6254E29150A7A4A39FDFFD306C33 ] LBTServ         C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
23:25:03.0019 3852  LBTServ - ok
23:25:03.0079 3852  [ A03B765FF67E58BA75333C7C8C0D7706 ] LEqdUsb         C:\Windows\system32\DRIVERS\LEqdUsb.Sys
23:25:03.0080 3852  LEqdUsb - ok
23:25:03.0123 3852  [ 389588725D419476F365370BED4FFE5A ] LHidEqd         C:\Windows\system32\DRIVERS\LHidEqd.Sys
23:25:03.0124 3852  LHidEqd - ok
23:25:03.0155 3852  [ 1470EF17E02E82E4F43346DF9E9F11E1 ] LHidFilt        C:\Windows\system32\DRIVERS\LHidFilt.Sys
23:25:03.0156 3852  LHidFilt - ok
23:25:03.0226 3852  [ C7D21310EA0A644AA6394DE1E46E3D31 ] libusb0         C:\Windows\system32\DRIVERS\libusb0.sys
23:25:03.0227 3852  libusb0 - ok
23:25:03.0282 3852  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
23:25:03.0283 3852  lltdio - ok
23:25:03.0328 3852  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
23:25:03.0333 3852  lltdsvc - ok
23:25:03.0352 3852  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
23:25:03.0354 3852  lmhosts - ok
23:25:03.0372 3852  [ 12814AE119E959437BEA3110F81BD188 ] LMouFilt        C:\Windows\system32\DRIVERS\LMouFilt.Sys
23:25:03.0373 3852  LMouFilt - ok
23:25:03.0441 3852  [ 5DCD36FC4A6ECBF6E7F9B3BF7E0D0F55 ] LPDSVC          C:\Windows\system32\lpdsvc.dll
23:25:03.0444 3852  LPDSVC - ok
23:25:03.0477 3852  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
23:25:03.0478 3852  LSI_FC - ok
23:25:03.0496 3852  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
23:25:03.0497 3852  LSI_SAS - ok
23:25:03.0516 3852  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:25:03.0517 3852  LSI_SAS2 - ok
23:25:03.0537 3852  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:25:03.0538 3852  LSI_SCSI - ok
23:25:03.0580 3852  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
23:25:03.0582 3852  luafv - ok
23:25:03.0643 3852  [ 31C6AFFFAD7C733A65F888929548BC22 ] mbamchameleon   C:\Windows\system32\drivers\mbamchameleon.sys
23:25:03.0644 3852  mbamchameleon - ok
23:25:03.0728 3852  [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
23:25:03.0729 3852  MBAMProtector - ok
23:25:03.0833 3852  [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
23:25:03.0837 3852  MBAMScheduler - ok
23:25:03.0904 3852  [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
23:25:03.0911 3852  MBAMService - ok
23:25:03.0969 3852  [ 79D51E7F5926E8CE1B3EBECEBAE28CFF ] mcdbus          C:\Windows\system32\DRIVERS\mcdbus.sys
23:25:03.0971 3852  mcdbus - ok
23:25:04.0003 3852  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
23:25:04.0006 3852  Mcx2Svc - ok
23:25:04.0037 3852  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
23:25:04.0038 3852  megasas - ok
23:25:04.0070 3852  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
23:25:04.0073 3852  MegaSR - ok
23:25:04.0168 3852  [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
23:25:04.0169 3852  Microsoft Office Groove Audit Service - ok
23:25:04.0206 3852  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
23:25:04.0209 3852  MMCSS - ok
23:25:04.0231 3852  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
23:25:04.0232 3852  Modem - ok
23:25:04.0278 3852  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
23:25:04.0279 3852  monitor - ok
23:25:04.0305 3852  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
23:25:04.0306 3852  mouclass - ok
23:25:04.0345 3852  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
23:25:04.0346 3852  mouhid - ok
23:25:04.0424 3852  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
23:25:04.0425 3852  mountmgr - ok
23:25:04.0492 3852  [ 8F86B1CB567C6B56537468C70BC3C08B ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
23:25:04.0494 3852  MozillaMaintenance - ok
23:25:04.0533 3852  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
23:25:04.0535 3852  mpio - ok
23:25:04.0636 3852  MpKsl8b975037 - ok
23:25:04.0668 3852  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
23:25:04.0669 3852  mpsdrv - ok
23:25:04.0722 3852  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
23:25:04.0731 3852  MpsSvc - ok
23:25:04.0771 3852  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
23:25:04.0773 3852  MRxDAV - ok
23:25:04.0813 3852  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
23:25:04.0815 3852  mrxsmb - ok
23:25:04.0855 3852  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:25:04.0858 3852  mrxsmb10 - ok
23:25:04.0897 3852  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:25:04.0898 3852  mrxsmb20 - ok
23:25:04.0928 3852  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
23:25:04.0929 3852  msahci - ok
23:25:04.0956 3852  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
23:25:04.0958 3852  msdsm - ok
23:25:04.0972 3852  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
23:25:04.0975 3852  MSDTC - ok
23:25:05.0005 3852  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
23:25:05.0006 3852  Msfs - ok
23:25:05.0048 3852  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
23:25:05.0048 3852  mshidkmdf - ok
23:25:05.0062 3852  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
23:25:05.0062 3852  msisadrv - ok
23:25:05.0095 3852  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
23:25:05.0098 3852  MSiSCSI - ok
23:25:05.0104 3852  msiserver - ok
23:25:05.0158 3852  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
23:25:05.0158 3852  MSKSSRV - ok
23:25:05.0307 3852  [ 47A616802531735DF88CD331739D6E97 ] msoidsvc        C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE
23:25:05.0326 3852  msoidsvc - ok
23:25:05.0348 3852  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
23:25:05.0349 3852  MSPCLOCK - ok
23:25:05.0369 3852  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
23:25:05.0369 3852  MSPQM - ok
23:25:05.0402 3852  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
23:25:05.0404 3852  MsRPC - ok
23:25:05.0431 3852  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
23:25:05.0431 3852  mssmbios - ok
23:25:05.0452 3852  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
23:25:05.0453 3852  MSTEE - ok
23:25:05.0474 3852  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
23:25:05.0475 3852  MTConfig - ok
23:25:05.0492 3852  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
23:25:05.0493 3852  Mup - ok
23:25:05.0532 3852  [ 93CD1C4ECB8658A35E5E6EBA02D43E4F ] MyWiFiDHCPDNS   C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
23:25:05.0535 3852  MyWiFiDHCPDNS - ok
23:25:05.0579 3852  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
23:25:05.0585 3852  napagent - ok
23:25:05.0643 3852  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
23:25:05.0646 3852  NativeWifiP - ok
23:25:05.0686 3852  Nbdrv - ok
23:25:05.0740 3852  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
23:25:05.0749 3852  NDIS - ok
23:25:05.0805 3852  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
23:25:05.0806 3852  NdisCap - ok
23:25:05.0838 3852  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
23:25:05.0838 3852  NdisTapi - ok
23:25:05.0866 3852  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
23:25:05.0867 3852  Ndisuio - ok
23:25:05.0899 3852  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
23:25:05.0901 3852  NdisWan - ok
23:25:05.0935 3852  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
23:25:05.0936 3852  NDProxy - ok
23:25:05.0952 3852  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
23:25:05.0953 3852  NetBIOS - ok
23:25:05.0979 3852  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
23:25:05.0981 3852  NetBT - ok
23:25:06.0012 3852  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
23:25:06.0014 3852  Netlogon - ok
23:25:06.0081 3852  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
23:25:06.0086 3852  Netman - ok
23:25:06.0179 3852  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:25:06.0181 3852  NetMsmqActivator - ok
23:25:06.0187 3852  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:25:06.0189 3852  NetPipeActivator - ok
23:25:06.0212 3852  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
23:25:06.0217 3852  netprofm - ok
23:25:06.0241 3852  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:25:06.0243 3852  NetTcpActivator - ok
23:25:06.0247 3852  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:25:06.0249 3852  NetTcpPortSharing - ok
23:25:06.0420 3852  [ 39EDE676D17F37AF4573C2B33EC28ACA ] NETw5s64        C:\Windows\system32\DRIVERS\NETw5s64.sys
23:25:06.0452 3852  NETw5s64 - ok
23:25:06.0630 3852  [ EB43840BABF5589E33186D094DE7381D ] NETwNs64        C:\Windows\system32\DRIVERS\NETwNs64.sys
23:25:06.0663 3852  NETwNs64 - ok
23:25:06.0715 3852  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
23:25:06.0716 3852  nfrd960 - ok
23:25:06.0759 3852  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
23:25:06.0764 3852  NlaSvc - ok
23:25:06.0836 3852  [ DE7FCC77F4A503AF4CA6A47D49B3713D ] NPF             C:\Windows\system32\drivers\npf.sys
23:25:06.0837 3852  NPF - ok
23:25:06.0856 3852  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
23:25:06.0857 3852  Npfs - ok
23:25:06.0889 3852  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
23:25:06.0890 3852  nsi - ok
23:25:06.0910 3852  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
23:25:06.0910 3852  nsiproxy - ok
23:25:06.0928 3852  ntcdrdrv - ok
23:25:06.0982 3852  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
23:25:06.0990 3852  Ntfs - ok
23:25:07.0014 3852  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
23:25:07.0015 3852  Null - ok
23:25:07.0051 3852  [ 857FB74754EBFF94EE3AD40788740916 ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
23:25:07.0053 3852  NVHDA - ok
23:25:07.0341 3852  [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
23:25:07.0397 3852  nvlddmkm - ok
23:25:07.0449 3852  [ 918841B2454F4F2BD94479692079490B ] nvpciflt        C:\Windows\system32\DRIVERS\nvpciflt.sys
23:25:07.0450 3852  nvpciflt - ok
23:25:07.0488 3852  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
23:25:07.0490 3852  nvraid - ok
23:25:07.0524 3852  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
23:25:07.0526 3852  nvstor - ok
23:25:07.0577 3852  [ DDFAFCE89A5C93D04712B86F94E9FCBA ] nvsvc           C:\Windows\system32\nvvsvc.exe
23:25:07.0584 3852  nvsvc - ok
23:25:07.0645 3852  [ 2664F84DBB5904FEF141B8D914A17C39 ] NvtlService     C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
23:25:07.0646 3852  NvtlService - ok
23:25:07.0727 3852  [ 84E035225474E48CD3A6A3CE52332095 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
23:25:07.0739 3852  nvUpdatusService - ok
23:25:07.0794 3852  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
23:25:07.0796 3852  nv_agp - ok
23:25:07.0900 3852  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
23:25:07.0905 3852  odserv - ok
23:25:07.0945 3852  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
23:25:07.0946 3852  ohci1394 - ok
23:25:07.0982 3852  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:25:07.0983 3852  ose - ok
23:25:08.0040 3852  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
23:25:08.0045 3852  p2pimsvc - ok
23:25:08.0070 3852  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
23:25:08.0076 3852  p2psvc - ok
23:25:08.0113 3852  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
23:25:08.0114 3852  Parport - ok
23:25:08.0144 3852  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
23:25:08.0145 3852  partmgr - ok
23:25:08.0163 3852  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
23:25:08.0165 3852  PcaSvc - ok
23:25:08.0180 3852  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
23:25:08.0181 3852  pci - ok
23:25:08.0200 3852  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
23:25:08.0201 3852  pciide - ok
23:25:08.0217 3852  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
23:25:08.0219 3852  pcmcia - ok
23:25:08.0235 3852  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
23:25:08.0236 3852  pcw - ok
23:25:08.0265 3852  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
23:25:08.0269 3852  PEAUTH - ok
23:25:08.0331 3852  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
23:25:08.0341 3852  PeerDistSvc - ok
23:25:08.0432 3852  [ EDFFBC067C9321D2076B3D6F33E0D4C6 ] PenCommService  C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe
23:25:08.0437 3852  PenCommService - ok
23:25:08.0584 3852  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
23:25:08.0586 3852  PerfHost - ok
23:25:08.0671 3852  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
23:25:08.0686 3852  pla - ok
23:25:08.0724 3852  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
23:25:08.0731 3852  PlugPlay - ok
23:25:08.0761 3852  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
23:25:08.0763 3852  PNRPAutoReg - ok
23:25:08.0782 3852  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
23:25:08.0787 3852  PNRPsvc - ok
23:25:08.0809 3852  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
23:25:08.0813 3852  PolicyAgent - ok
23:25:08.0850 3852  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
23:25:08.0853 3852  Power - ok
23:25:08.0902 3852  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
23:25:08.0904 3852  PptpMiniport - ok
23:25:09.0016 3852  [ 1761D6B21BC526F877B208FB9469AD61 ] prio_svc        C:\Program Files\Prio\prio_svc.exe
23:25:09.0017 3852  prio_svc - ok
23:25:09.0055 3852  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
23:25:09.0056 3852  Processor - ok
23:25:09.0165 3852  [ B2F54B16C6E13385E88BFD97ACACA51C ] ProcObsrv       C:\Program Files (x86)\Glary Utilities 3\ProcObsrv.sys
23:25:09.0166 3852  ProcObsrv - ok
23:25:09.0202 3852  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
23:25:09.0206 3852  ProfSvc - ok
23:25:09.0238 3852  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
23:25:09.0240 3852  ProtectedStorage - ok
23:25:09.0297 3852  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
23:25:09.0299 3852  Psched - ok
23:25:09.0348 3852  [ EDC3CC1D029601C8DA3FF8BCFB08881F ] PulseUsb        C:\Windows\system32\DRIVERS\PulseUsb.sys
23:25:09.0349 3852  PulseUsb - ok
23:25:09.0382 3852  [ DA4ECE4EC909E1791339F3FFAF36418A ] QDLService2kDell C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kDell.exe
23:25:09.0386 3852  QDLService2kDell - ok
23:25:09.0443 3852  [ 0928BD20273625622722FE1DE5BBDE57 ] qicflt          C:\Windows\system32\DRIVERS\qicflt.sys
23:25:09.0444 3852  qicflt - ok
23:25:09.0499 3852  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
23:25:09.0513 3852  ql2300 - ok
23:25:09.0543 3852  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
23:25:09.0544 3852  ql40xx - ok
23:25:09.0578 3852  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
23:25:09.0581 3852  QWAVE - ok
23:25:09.0594 3852  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
23:25:09.0595 3852  QWAVEdrv - ok
23:25:09.0609 3852  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
23:25:09.0610 3852  RasAcd - ok
23:25:09.0665 3852  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
23:25:09.0666 3852  RasAgileVpn - ok
23:25:09.0687 3852  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
23:25:09.0690 3852  RasAuto - ok
23:25:09.0723 3852  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
23:25:09.0724 3852  Rasl2tp - ok
23:25:09.0781 3852  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
23:25:09.0785 3852  RasMan - ok
23:25:09.0803 3852  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
23:25:09.0804 3852  RasPppoe - ok
23:25:09.0825 3852  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
23:25:09.0826 3852  RasSstp - ok
23:25:09.0863 3852  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
23:25:09.0867 3852  rdbss - ok
23:25:09.0895 3852  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
23:25:09.0896 3852  rdpbus - ok
23:25:09.0956 3852  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
23:25:09.0957 3852  RDPCDD - ok
23:25:10.0100 3852  [ 1B6163C503398B23FF8B939C67747683 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
23:25:10.0102 3852  RDPDR - ok
23:25:10.0198 3852  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
23:25:10.0198 3852  RDPENCDD - ok
23:25:10.0208 3852  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
23:25:10.0209 3852  RDPREFMP - ok
23:25:10.0271 3852  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
23:25:10.0272 3852  RdpVideoMiniport - ok
23:25:10.0312 3852  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
23:25:10.0315 3852  RDPWD - ok
23:25:10.0352 3852  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
23:25:10.0355 3852  rdyboost - ok
23:25:10.0498 3852  [ A6BAEA839CC888D4961AB5FE16BB8C4A ] RegSrvc         C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
23:25:10.0506 3852  RegSrvc - ok
23:25:10.0536 3852  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
23:25:10.0538 3852  RemoteAccess - ok
23:25:10.0572 3852  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
23:25:10.0575 3852  RemoteRegistry - ok
23:25:10.0637 3852  [ 9C3AC71A9934B884FAC567A8807E9C4D ] Revoflt         C:\Windows\system32\DRIVERS\revoflt.sys
23:25:10.0638 3852  Revoflt - ok
23:25:10.0698 3852  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
23:25:10.0700 3852  RFCOMM - ok
23:25:10.0769 3852  [ 83A6C2CAFE236652D1559640594A0EA8 ] rpcapd          C:\Program Files (x86)\WinPcap\rpcapd.exe
23:25:10.0772 3852  rpcapd - ok
23:25:10.0789 3852  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
23:25:10.0792 3852  RpcEptMapper - ok
23:25:10.0828 3852  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
23:25:10.0830 3852  RpcLocator - ok
23:25:10.0874 3852  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
23:25:10.0882 3852  RpcSs - ok
23:25:10.0921 3852  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
23:25:10.0922 3852  rspndr - ok
23:25:10.0961 3852  [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
23:25:10.0966 3852  RTL8167 - ok
23:25:10.0989 3852  RTL8192cu - ok
23:25:11.0022 3852  [ E60C0A09F997826C7627B244195AB581 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
23:25:11.0022 3852  s3cap - ok
23:25:11.0046 3852  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
23:25:11.0048 3852  SamSs - ok
23:25:11.0067 3852  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
23:25:11.0069 3852  sbp2port - ok
23:25:11.0129 3852  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
23:25:11.0134 3852  SCardSvr - ok
23:25:11.0159 3852  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
23:25:11.0160 3852  scfilter - ok
23:25:11.0210 3852  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
23:25:11.0223 3852  Schedule - ok
23:25:11.0263 3852  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
23:25:11.0264 3852  SCPolicySvc - ok
23:25:11.0313 3852  [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
23:25:11.0315 3852  sdbus - ok
23:25:11.0334 3852  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
23:25:11.0339 3852  SDRSVC - ok
23:25:11.0381 3852  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
23:25:11.0382 3852  secdrv - ok
23:25:11.0401 3852  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
23:25:11.0404 3852  seclogon - ok
23:25:11.0435 3852  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\system32\sens.dll
23:25:11.0438 3852  SENS - ok
23:25:11.0457 3852  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
23:25:11.0460 3852  SensrSvc - ok
23:25:11.0477 3852  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
23:25:11.0478 3852  Serenum - ok
23:25:11.0517 3852  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
23:25:11.0519 3852  Serial - ok
23:25:11.0564 3852  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
23:25:11.0565 3852  sermouse - ok
23:25:11.0609 3852  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
23:25:11.0613 3852  SessionEnv - ok
23:25:11.0628 3852  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
23:25:11.0629 3852  sffdisk - ok
23:25:11.0649 3852  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
23:25:11.0649 3852  sffp_mmc - ok
23:25:11.0668 3852  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
23:25:11.0669 3852  sffp_sd - ok
23:25:11.0688 3852  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
23:25:11.0689 3852  sfloppy - ok
23:25:11.0748 3852  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
23:25:11.0753 3852  SharedAccess - ok
23:25:11.0790 3852  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:25:11.0796 3852  ShellHWDetection - ok
23:25:11.0845 3852  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:25:11.0846 3852  SiSRaid2 - ok
23:25:11.0868 3852  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
23:25:11.0869 3852  SiSRaid4 - ok
23:25:11.0921 3852  [ 355EF7F0DE7B0E00334CCF84B851FDD7 ] SIUSBXP         C:\Windows\system32\drivers\SiUSBXp.sys
23:25:11.0922 3852  SIUSBXP - ok
23:25:12.0083 3852  [ AE40D1BC6FB02A5625516AD74CA9A309 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
23:25:12.0100 3852  Skype C2C Service - ok
23:25:12.0205 3852  [ 3E587DBBDFF938DDE5D4CE4047BE9041 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
23:25:12.0207 3852  SkypeUpdate - ok
23:25:12.0262 3852  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
23:25:12.0264 3852  Smb - ok
23:25:12.0321 3852  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
23:25:12.0324 3852  SNMPTRAP - ok
23:25:12.0414 3852  [ F9369327409492097B0BB7CE86BD29DE ] Soluto          C:\Windows\system32\DRIVERS\Soluto.sys
23:25:12.0416 3852  Soluto - ok
23:25:12.0528 3852  [ D97F48DA4BD1E2A2681067D4CA5AB25A ] SolutoLauncherService C:\Program Files\Soluto\SolutoLauncherService.exe
23:25:12.0531 3852  SolutoLauncherService - ok
23:25:12.0598 3852  [ ECC31829C079477166EEB30D38233D50 ] SolutoRemoteService C:\Program Files\Soluto\SolutoRemoteService.exe
23:25:12.0614 3852  SolutoRemoteService - ok
23:25:12.0659 3852  [ 4D1BB1AFC4985A044644F9A4D9733D56 ] SolutoService   C:\Program Files\Soluto\SolutoService.exe
23:25:12.0663 3852  SolutoService - ok
23:25:12.0695 3852  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
23:25:12.0695 3852  spldr - ok
23:25:12.0732 3852  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
23:25:12.0737 3852  Spooler - ok
23:25:12.0833 3852  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
23:25:12.0853 3852  sppsvc - ok
23:25:12.0895 3852  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
23:25:12.0897 3852  sppuinotify - ok
23:25:12.0967 3852  [ B9657A0AFF28C1CB114ACC0CB93EE4BB ] sp_rsdrv2       C:\Windows\system32\DRIVERS\stflt.sys
23:25:12.0968 3852  sp_rsdrv2 - ok
23:25:13.0009 3852  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
23:25:13.0014 3852  srv - ok
23:25:13.0039 3852  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
23:25:13.0043 3852  srv2 - ok
23:25:13.0070 3852  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
23:25:13.0073 3852  srvnet - ok
23:25:13.0138 3852  [ 8F8324ED1DE63FFC7B1A02CD2D963C72 ] ssadbus         C:\Windows\system32\DRIVERS\ssadbus.sys
23:25:13.0140 3852  ssadbus - ok
23:25:13.0188 3852  [ 58221EFCB74167B73667F0024C661CE0 ] ssadmdfl        C:\Windows\system32\DRIVERS\ssadmdfl.sys
23:25:13.0189 3852  ssadmdfl - ok
23:25:13.0212 3852  [ 4DA7C71BFAC5AD71255B7E4CAB980163 ] ssadmdm         C:\Windows\system32\DRIVERS\ssadmdm.sys
23:25:13.0214 3852  ssadmdm - ok
23:25:13.0269 3852  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
23:25:13.0274 3852  SSDPSRV - ok
23:25:13.0291 3852  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
23:25:13.0294 3852  SstpSvc - ok
23:25:13.0321 3852  [ 92E7F6666633D2DD91D527503DAA7BE0 ] stdcfltn        C:\Windows\system32\DRIVERS\stdcfltn.sys
23:25:13.0322 3852  stdcfltn - ok
23:25:13.0416 3852  [ F0359F7CE712D69ACEF0886BDB4792ED ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
23:25:13.0420 3852  Stereo Service - ok
23:25:13.0458 3852  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
23:25:13.0458 3852  stexstor - ok
23:25:13.0512 3852  [ DECACB6921DED1A38642642685D77DAC ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
23:25:13.0513 3852  StillCam - ok
23:25:13.0563 3852  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
23:25:13.0572 3852  stisvc - ok
23:25:13.0603 3852  [ 7785DC213270D2FC066538DAF94087E7 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
23:25:13.0603 3852  storflt - ok
23:25:13.0625 3852  [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
23:25:13.0626 3852  storvsc - ok
23:25:13.0645 3852  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
23:25:13.0646 3852  swenum - ok
23:25:13.0681 3852  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
23:25:13.0686 3852  swprv - ok
23:25:13.0702 3852  Synth3dVsc - ok
23:25:13.0762 3852  [ 09E811486038F1C06F9E00DFFAAB7A4E ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
23:25:13.0772 3852  SynTP - ok
23:25:13.0835 3852  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
23:25:13.0852 3852  SysMain - ok
23:25:13.0889 3852  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:25:13.0891 3852  TabletInputService - ok
23:25:13.0916 3852  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
23:25:13.0918 3852  TapiSrv - ok
23:25:13.0938 3852  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
23:25:13.0940 3852  TBS - ok
23:25:13.0995 3852  [ 9849EA3843A2ADBDD1497E97A85D8CAE ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
23:25:14.0004 3852  Tcpip - ok
23:25:14.0046 3852  [ 9849EA3843A2ADBDD1497E97A85D8CAE ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
23:25:14.0055 3852  TCPIP6 - ok
23:25:14.0084 3852  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
23:25:14.0085 3852  tcpipreg - ok
23:25:14.0110 3852  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
23:25:14.0110 3852  TDPIPE - ok
23:25:14.0133 3852  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
23:25:14.0134 3852  TDTCP - ok
23:25:14.0162 3852  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
23:25:14.0163 3852  tdx - ok
23:25:14.0544 3852  [ 402794A75A899E296AB3EDEC4ECCB9A8 ] TeamViewer8     C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
23:25:14.0566 3852  TeamViewer8 - ok
23:25:14.0603 3852  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
23:25:14.0604 3852  TermDD - ok
23:25:14.0651 3852  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
23:25:14.0660 3852  TermService - ok
23:25:14.0690 3852  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
23:25:14.0692 3852  Themes - ok
23:25:14.0732 3852  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
23:25:14.0733 3852  THREADORDER - ok
23:25:14.0749 3852  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
23:25:14.0751 3852  TrkWks - ok
23:25:14.0810 3852  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:25:14.0812 3852  TrustedInstaller - ok
23:25:14.0841 3852  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
23:25:14.0842 3852  tssecsrv - ok
23:25:14.0871 3852  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
23:25:14.0872 3852  TsUsbFlt - ok
23:25:14.0878 3852  tsusbhub - ok
23:25:14.0932 3852  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
23:25:14.0934 3852  tunnel - ok
23:25:14.0957 3852  [ B355581A9DA34C92E2DBAFA410D2F829 ] TurboB          C:\Windows\system32\DRIVERS\TurboB.sys
23:25:14.0958 3852  TurboB - ok
23:25:15.0000 3852  [ 6564E84B1522C12EA1C3A181ED03276F ] TurboBoost      C:\Program Files\Intel\TurboBoost\TurboBoost.exe
23:25:15.0002 3852  TurboBoost - ok
23:25:15.0043 3852  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
23:25:15.0044 3852  uagp35 - ok
23:25:15.0071 3852  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
23:25:15.0075 3852  udfs - ok
23:25:15.0122 3852  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
23:25:15.0125 3852  UI0Detect - ok
23:25:15.0198 3852  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
23:25:15.0199 3852  uliagpkx - ok
23:25:15.0231 3852  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
23:25:15.0232 3852  umbus - ok
23:25:15.0261 3852  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
23:25:15.0262 3852  UmPass - ok
23:25:15.0304 3852  [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService    C:\Windows\System32\umrdp.dll
23:25:15.0309 3852  UmRdpService - ok
23:25:15.0331 3852  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
23:25:15.0337 3852  upnphost - ok
23:25:15.0400 3852  [ C9E9D59C0099A9FF51697E9306A44240 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
23:25:15.0401 3852  USBAAPL64 - ok
23:25:15.0453 3852  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
23:25:15.0454 3852  usbaudio - ok
23:25:15.0508 3852  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
23:25:15.0509 3852  usbccgp - ok
23:25:15.0526 3852  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
23:25:15.0528 3852  usbcir - ok
23:25:15.0546 3852  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
23:25:15.0547 3852  usbehci - ok
23:25:15.0589 3852  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
23:25:15.0593 3852  usbhub - ok
23:25:15.0607 3852  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
23:25:15.0608 3852  usbohci - ok
23:25:15.0658 3852  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
23:25:15.0659 3852  usbprint - ok
23:25:15.0716 3852  [ 2C42E595E7E381596B9A14F88F5AE027 ] usbrndis6       C:\Windows\system32\drivers\usb80236.sys
23:25:15.0717 3852  usbrndis6 - ok
23:25:15.0754 3852  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
23:25:15.0755 3852  usbscan - ok
23:25:15.0774 3852  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:25:15.0776 3852  USBSTOR - ok
23:25:15.0795 3852  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
23:25:15.0796 3852  usbuhci - ok
23:25:15.0843 3852  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
23:25:15.0846 3852  usbvideo - ok
23:25:15.0902 3852  [ 70D05EE263568A742D14E1876DF80532 ] usb_rndisx      C:\Windows\system32\drivers\usb8023x.sys
23:25:15.0903 3852  usb_rndisx - ok
23:25:15.0943 3852  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
23:25:15.0946 3852  UxSms - ok
23:25:15.0963 3852  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
23:25:15.0965 3852  VaultSvc - ok
23:25:16.0029 3852  [ FD911873C0BB6945FA38C16E9A2B58F9 ] VClone          C:\Windows\system32\DRIVERS\VClone.sys
23:25:16.0030 3852  VClone - ok
23:25:16.0046 3852  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
23:25:16.0047 3852  vdrvroot - ok
23:25:16.0097 3852  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
23:25:16.0105 3852  vds - ok
23:25:16.0150 3852  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
23:25:16.0151 3852  vga - ok
23:25:16.0176 3852  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
23:25:16.0177 3852  VgaSave - ok
23:25:16.0183 3852  VGPU - ok
23:25:16.0221 3852  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
23:25:16.0224 3852  vhdmp - ok
23:25:16.0240 3852  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
23:25:16.0241 3852  viaide - ok
23:25:16.0265 3852  [ 86EA3E79AE350FEA5331A1303054005F ] vmbus           C:\Windows\system32\drivers\vmbus.sys
23:25:16.0267 3852  vmbus - ok
23:25:16.0284 3852  [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
23:25:16.0284 3852  VMBusHID - ok
23:25:16.0299 3852  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
23:25:16.0300 3852  volmgr - ok
23:25:16.0337 3852  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
23:25:16.0339 3852  volmgrx - ok
23:25:16.0362 3852  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
23:25:16.0364 3852  volsnap - ok
23:25:16.0419 3852  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
23:25:16.0421 3852  vsmraid - ok
23:25:16.0486 3852  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
23:25:16.0500 3852  VSS - ok
23:25:16.0519 3852  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
23:25:16.0519 3852  vwifibus - ok
23:25:16.0540 3852  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
23:25:16.0541 3852  vwififlt - ok
23:25:16.0565 3852  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
23:25:16.0566 3852  vwifimp - ok
23:25:16.0618 3852  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
23:25:16.0625 3852  W32Time - ok
23:25:16.0663 3852  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
23:25:16.0664 3852  WacomPen - ok
23:25:16.0719 3852  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
23:25:16.0721 3852  WANARP - ok
23:25:16.0741 3852  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
23:25:16.0743 3852  Wanarpv6 - ok
23:25:16.0811 3852  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
23:25:16.0822 3852  WatAdminSvc - ok
23:25:16.0924 3852  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
23:25:16.0940 3852  wbengine - ok
23:25:16.0983 3852  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
23:25:16.0986 3852  WbioSrvc - ok
23:25:17.0020 3852  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
23:25:17.0023 3852  wcncsvc - ok
23:25:17.0036 3852  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:25:17.0038 3852  WcsPlugInService - ok
23:25:17.0069 3852  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
23:25:17.0069 3852  Wd - ok
23:25:17.0104 3852  [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM         C:\Windows\system32\DRIVERS\wdcsam64.sys
23:25:17.0104 3852  WDC_SAM - ok
23:25:17.0159 3852  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
23:25:17.0167 3852  Wdf01000 - ok
23:25:17.0191 3852  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
23:25:17.0193 3852  WdiServiceHost - ok
23:25:17.0197 3852  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
23:25:17.0200 3852  WdiSystemHost - ok
23:25:17.0234 3852  [ FE31110E39A0B11ABAE1BA43A2DC94F9 ] wdkmd           C:\Windows\system32\DRIVERS\WDKMD.sys
23:25:17.0235 3852  wdkmd - ok
23:25:17.0267 3852  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
23:25:17.0273 3852  WebClient - ok
23:25:17.0322 3852  [ D5BA7D43FA2EF656BF7E98A188391E40 ] Wecsvc          C:\Windows\system32\wecsvc.dll
23:25:17.0327 3852  Wecsvc - ok
23:25:17.0415 3852  [ 64D42AB68067A07F8B4EBFC0D5BC848F ] WefiEngSvc      C:\Program Files (x86)\WeFi\WefiEngSvc.exe
23:25:17.0417 3852  WefiEngSvc - ok
23:25:17.0452 3852  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
23:25:17.0456 3852  wercplsupport - ok
23:25:17.0478 3852  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
23:25:17.0482 3852  WerSvc - ok
23:25:17.0519 3852  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
23:25:17.0519 3852  WfpLwf - ok
23:25:17.0606 3852  [ 8686E96E13F41AC9806A79CA8004FEEE ] WiMAXAppSrv     C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
23:25:17.0614 3852  WiMAXAppSrv - ok
23:25:17.0636 3852  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
23:25:17.0637 3852  WIMMount - ok
23:25:17.0662 3852  WinDefend - ok
23:25:17.0670 3852  WinHttpAutoProxySvc - ok
23:25:17.0743 3852  [ 136760C1E9697BAF4ECDEAE5590A0806 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
23:25:17.0745 3852  Winmgmt - ok
23:25:17.0831 3852  [ 3BB6B401A780BF434C8F58137DE10BF7 ] WinRM           C:\Windows\system32\WsmSvc.dll
23:25:17.0850 3852  WinRM - ok
23:25:17.0915 3852  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
23:25:17.0916 3852  WinUsb - ok
23:25:17.0965 3852  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
23:25:17.0976 3852  Wlansvc - ok
23:25:18.0126 3852  [ 357CABBF155AFD1D3926E62539D2A3A7 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:25:18.0146 3852  wlidsvc - ok
23:25:18.0187 3852  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
23:25:18.0187 3852  WmiAcpi - ok
23:25:18.0218 3852  [ 4DF841632B62A7CF19A79A05046A8AB1 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
23:25:18.0219 3852  wmiApSrv - ok
23:25:18.0265 3852  WMPNetworkSvc - ok
23:25:18.0293 3852  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
23:25:18.0297 3852  WPCSvc - ok
23:25:18.0324 3852  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
23:25:18.0328 3852  WPDBusEnum - ok
23:25:18.0365 3852  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
23:25:18.0366 3852  ws2ifsl - ok
23:25:18.0429 3852  [ ADD2FE1A9F4EE41A6D724819550D4E1F ] WsAudio_Device  C:\Windows\system32\drivers\VirtualAudio.sys
23:25:18.0430 3852  WsAudio_Device - ok
23:25:18.0495 3852  [ AD12F5C7251BB8D575D560894E73CBBA ] WsAudio_DeviceS(1) C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys
23:25:18.0496 3852  WsAudio_DeviceS(1) - ok
23:25:18.0540 3852  [ AD12F5C7251BB8D575D560894E73CBBA ] WsAudio_DeviceS(2) C:\Windows\system32\drivers\WsAudio_DeviceS(2).sys
23:25:18.0541 3852  WsAudio_DeviceS(2) - ok
23:25:18.0581 3852  [ AD12F5C7251BB8D575D560894E73CBBA ] WsAudio_DeviceS(3) C:\Windows\system32\drivers\WsAudio_DeviceS(3).sys
23:25:18.0582 3852  WsAudio_DeviceS(3) - ok
23:25:18.0599 3852  [ AD12F5C7251BB8D575D560894E73CBBA ] WsAudio_DeviceS(4) C:\Windows\system32\drivers\WsAudio_DeviceS(4).sys
23:25:18.0601 3852  WsAudio_DeviceS(4) - ok
23:25:18.0624 3852  [ AD12F5C7251BB8D575D560894E73CBBA ] WsAudio_DeviceS(5) C:\Windows\system32\drivers\WsAudio_DeviceS(5).sys
23:25:18.0625 3852  WsAudio_DeviceS(5) - ok
23:25:18.0656 3852  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\system32\wscsvc.dll
23:25:18.0660 3852  wscsvc - ok
23:25:18.0690 3852  [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
23:25:18.0691 3852  WSDPrintDevice - ok
23:25:18.0723 3852  [ 4A2A5C50DD1A63577D3ACA94269FBC7F ] WSDScan         C:\Windows\system32\DRIVERS\WSDScan.sys
23:25:18.0724 3852  WSDScan - ok
23:25:18.0729 3852  WSearch - ok
23:25:18.0821 3852  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
23:25:18.0841 3852  wuauserv - ok
23:25:18.0881 3852  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
23:25:18.0882 3852  WudfPf - ok
23:25:18.0919 3852  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
23:25:18.0921 3852  WUDFRd - ok
23:25:18.0957 3852  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
23:25:18.0961 3852  wudfsvc - ok
23:25:18.0994 3852  [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc         C:\Windows\System32\wwansvc.dll
23:25:18.0999 3852  WwanSvc - ok
23:25:19.0096 3852  ================ Scan global ===============================
23:25:19.0129 3852  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
23:25:19.0167 3852  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
23:25:19.0177 3852  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
23:25:19.0203 3852  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
23:25:19.0235 3852  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
23:25:19.0239 3852  [Global] - ok
23:25:19.0239 3852  ================ Scan MBR ==================================
23:25:19.0253 3852  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
23:25:20.0120 3852  \Device\Harddisk0\DR0 - ok
23:25:20.0126 3852  [ 8464D19686910A2E5D0E5C28C70A95AB ] \Device\Harddisk1\DR1
23:25:31.0369 3852  \Device\Harddisk1\DR1 - ok
23:25:31.0376 3852  [ 973E9BA32FDBB305C552ED3E1EBF0686 ] \Device\Harddisk2\DR2
23:25:31.0561 3852  \Device\Harddisk2\DR2 - ok
23:25:31.0562 3852  ================ Scan VBR ==================================
23:25:31.0594 3852  [ 4B081A12ED3F02854F25C128E0199603 ] \Device\Harddisk0\DR0\Partition1
23:25:31.0596 3852  \Device\Harddisk0\DR0\Partition1 - ok
23:25:31.0610 3852  [ 21ADD6BD8AC0E42492D958562BE6B7DB ] \Device\Harddisk0\DR0\Partition2
23:25:31.0612 3852  \Device\Harddisk0\DR0\Partition2 - ok
23:25:31.0616 3852  [ 7DBBB056A2FD5EE086890E6FE47EA9F5 ] \Device\Harddisk1\DR1\Partition1
23:25:31.0618 3852  \Device\Harddisk1\DR1\Partition1 - ok
23:25:31.0624 3852  [ 0FB2ACAFD409D5A7BC6CF7A67CC75A65 ] \Device\Harddisk2\DR2\Partition1
23:25:31.0625 3852  \Device\Harddisk2\DR2\Partition1 - ok
23:25:31.0626 3852  ============================================================
23:25:31.0626 3852  Scan finished
23:25:31.0626 3852  ============================================================
23:25:31.0637 3144  Detected object count: 0
23:25:31.0637 3144  Actual detected object count: 0
23:25:43.0445 2668  Deinitialize success
 

Thanks in advance,

Lars



#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,152 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:59 PM

Posted 11 August 2013 - 06:22 AM

sometimes if ther is a conflict with other security programs, there can be ghost detections,

Let's run the AVG removal tool

Download the AVG remover from http://www.avg.com/ww-en/utilities
(Choose if you have 64 or 32 bit.)
- Run AVG remove tool
- Restart PC

to make sure all leftovers are removed.

Now please download and install Microsoft Security Essentials (if you don't like it, you can uninstall then re-install AVG)

I'd like to see if it comes up with anything:

http://www.microsoft.com/security_essentials/


once installed, run a quick scan, let me know if it finds anything.

then update Malwarebytes definitions, run a quick scan, post the new log
The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif
Microsoft MVP - 2010, 2011, 2012, 2013

#9 TotalBalance

TotalBalance
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Denver, CO
  • Local time:04:59 PM

Posted 11 August 2013 - 09:51 AM

I'm on the road but able to do as instructed before leaving. Don't have log file handy but in summary:
Ran AVG removal toil successfully
Reinstalled MS Essentials and nothing found running initial scan
Ran MalwareByte and bitcoin Trojan still showed up as only threat. Select removal and reboot but same error msg as always before popped up.
I'll be back at PC this evening so will be interest in what you suggest next :)
thanks in advance.

#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,152 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:59 PM

Posted 11 August 2013 - 11:05 AM

Please post the MBAM log

thanks
The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif
Microsoft MVP - 2010, 2011, 2012, 2013

#11 TotalBalance

TotalBalance
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Denver, CO
  • Local time:04:59 PM

Posted 12 August 2013 - 09:46 AM

Hi CatByte,

Here are both MBAM & Protection log files. In summary, no matter whether MB removes C:\Windows\System32\minerd.exe or I manually remove it. On reboot it always seems to be regenerated by what appears to be the c:\windows\syswow64\winvnc86.exe Trojan.BitcoinMiner. What happens if I just remove the winvnc86.exe and or replace it with a fresh copy?

 

protection-log-2013-08-12

2013/08/12 08:18:37 -0600 LARS-PC (null) MESSAGE Starting protection
2013/08/12 08:18:37 -0600 LARS-PC (null) MESSAGE Protection started successfully
2013/08/12 08:18:37 -0600 LARS-PC (null) MESSAGE Starting IP protection
2013/08/12 08:18:41 -0600 LARS-PC (null) MESSAGE IP Protection started successfully
2013/08/12 08:22:19 -0600 LARS-PC Lars DETECTION C:\Windows\SysWOW64\winvnc86.exe Trojan.BitcoinMiner QUARANTINE
2013/08/12 08:22:27 -0600 LARS-PC Lars DETECTION c:\windows\syswow64\winvnc86.exe Trojan.BitcoinMiner QUARANTINE
2013/08/12 08:22:27 -0600 LARS-PC Lars ERROR Quarantine failed:  SDKQuarantine failed with error code 2
 
-----------------------------------------------------------
Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.08.11.03
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
Lars :: LARS-PC [administrator]
 
Protection: Enabled
 
8/11/2013 7:23:54 AM
mbam-log-2013-08-11 (07-23-54).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 378232
Time elapsed: 9 minute(s), 16 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 1
C:\Windows\System32\minerd.exe (Trojan.BitcoinMiner) -> Quarantined and deleted successfully.
 
(end)


#12 TotalBalance

TotalBalance
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Denver, CO
  • Local time:04:59 PM

Posted 12 August 2013 - 10:07 AM

Postscript: Although I still receive the error msg on reboot. I've done a visual manual (with show hidden files selected) and system search for both "minerd.exe" and winvnc86.exe yet nothing can be seen or found. Could everything be "fixed" and this is just a "ghost" ? I've cleared all log files from MB and will reboot again, search again and let you know.

Lars



#13 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,152 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:59 PM

Posted 12 August 2013 - 10:17 AM

That was my thought as no other scanners are picking those detections, I thought it may have been AVG leftovers, but that doesn't seem to be so,

there's one other scanner I'd like to run
  • Download RogueKiller and save it to your desktop.
    32bit version
    64bit version
  • Quit all other programs
  • Start RogueKiller.exe
  • Wait until the Prescan has finished ...
  • Click on Scan
    RGKRScan.png
  • Wait for the end of the scan
  • A report will be created on your desktop.
  • Click on the Delete button
    RGKRDelete.png
  • Next click on the ShortcutsFix
    RGKRShortcutsFix.png
  • another report will be created on your desktop.
Please post: All RKreport.txt text files located on your desktop.
The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif
Microsoft MVP - 2010, 2011, 2012, 2013

#14 TotalBalance

TotalBalance
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Denver, CO
  • Local time:04:59 PM

Posted 12 August 2013 - 11:25 AM

Looks like we FINALLY have success!

Here's a quick rundown of what been done this time:

1) Ran your proceedure. Attached are the reports.

When I rebooted the system there was no error msg!

2) However, just to follow up, I opened MB and got the Win msg to allow MB to make changes to my system. I chose to allow.

Then I did an "Update". Next I ran Scanner.

Damn! It detected the same Object!

Saved report and chose delete.

Most recent MB log files attached.

3) Rebooted system. Again, no error msg. on reboot.

Opened MB and looked at protection file, no reference to malicious file.

Ran Flash Scan, no threats found.

Ran Quick Scan NO Objects detected.

 

Perhaps after everything previously done the last MB delete of object FINALLY removed "ghost" reference. Not sure, just glad all seems to be back to as it should! :-)

Thanks so much for all your patience and help with this very annowing issue!!  :bananas:  :bounce:

----------------------------------------

Just one last question. What is the minerd.exe - Bitcoin.trojan file that caused all this and how do you think I might have gotten it? I ask in hopes I can take actions moving forward so as not get it again?

Background, I'm just an old business man who used my PC for business purposes. I DON'T play any games although I have downloaded the occasional torrent file from questionable sources. However, my new "20 something" roommates play games (WOW, etc) and upload/download questionable files all the time and I'm just wondering if this rouge file could be spread via our shared network.

Thanks again!!

Lars

 

 

Attached Files



#15 TotalBalance

TotalBalance
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Denver, CO
  • Local time:04:59 PM

Posted 12 August 2013 - 11:31 AM

Oh, almost forgot. Are there any final steps I should do just to make sure everythings all clean and as it should be?

Lars






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users