Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I think it's clean, please look over log


  • This topic is locked This topic is locked
8 replies to this topic

#1 GranPaSmurf

GranPaSmurf

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Near San Antonio, Texas
  • Local time:04:01 PM

Posted 27 March 2012 - 04:40 PM

My young friend brought me his laptop saying it was too slow to run Photoshop. I found he had AVG but didn't run scans regularly. I installed and ran:
Spybot Search & destroy
Malwarebytes
SUPERantiSpyware
TDSSKiller
MS Security Essentials

The first several scans found and removed several Trojans and Exploits. I would like you to look over the log before I tell him it is clean and coach him on 'safe surfing.'
**********************************************


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 8/22/2010 5:49:37 PM
System Uptime: 3/27/2012 1:52:14 PM (3 hours ago)

Motherboard: Hewlett-Packard | | 1425
Processor: Intel® Core™ i3 CPU M 330 @ 2.13GHz | CPU | 1450/1066mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 285 GiB total, 148.629 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 2.087 GiB free.
E: is FIXED (FAT) - 0 GiB total, 0.097 GiB free.
F: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart Prem C310 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart Prem C310 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

µTorrent
Acrobat.com
Adobe AIR
Adobe Community Help
Adobe Download Assistant
Adobe Flash Player 10 ActiveX
Adobe Illustrator CS5.1
Adobe Reader 9.1 MUI
Adobe Shockwave Player
AIO_CDA_ProductContext
AIO_CDA_Software
AIO_Scan
Apple Application Support
Apple Software Update
ASIO4ALL
Atheros Driver Installation Program
Audacity 1.2.6
BufferChm
C5100
c5100_Help
CANON iMAGE GATEWAY MyCamera Download Plugin
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon MOV Decoder
Canon MOV Encoder
Canon MovieEdit Task for ZoomBrowser EX
Canon Utilities Digital Photo Professional 3.10
Canon Utilities EOS Sample Music
Canon Utilities EOS Utility
Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX
Canon Utilities Movie Uploader for YouTube
Canon Utilities PhotoStitch
Canon Utilities Picture Style Editor
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Clash 'N Slash
Compatibility Pack for the 2007 Office system
Copy
CyberLink DVD Suite
CyberLink PowerDVD 8
CyberLink YouCam
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Destinations
DeviceDiscovery
DocProc
Dropbox
Equation Wizard
ESU for Microsoft Windows 7
Facebook Video Calling 1.2.0.159
Fax
File Type Assistant
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
GPBaseService2
Hewlett-Packard ACLM.NET v1.1.1.0
HP Advisor
HP Customer Experience Enhancements
HP Games
HP Quick Launch Buttons
HP Setup
HP Support Assistant
HP Update
HP User Guides
HP Wireless Assistant
HPPhotoGadget
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPProductAssistant
HPSSupply
HyperCam 2
IL Download Manager
Intel® Graphics Media Accelerator Driver
Intel® Management Engine Components
Java Auto Updater
Java™ 6 Update 29
Junk Mail filter update
LG USB Modem Drivers
LightScribe System Software
LogMeIn
LogMeIn Hamachi
Malwarebytes Anti-Malware version 1.60.1.1000
MarketResearch
Mesh Runtime
Microsoft Live Search Toolbar
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
MSVCRT
MSVCRT Redists
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee Reveal
PDF Settings CS5
Power2Go
Precalculus Solved!
PxMergeModule
QLBCASL
QuickTime
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Recovery Manager
RSDLite
Safari
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition
Skype Click to Call
Skype™ 5.8
SmartWebPrinting
SolutionCenter
Spybot - Search & Destroy
Status
Toolbox
TrayApp
UnloadSupport
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
Update for Microsoft Outlook Social Connector (KB2583935)
Virus Guard - powered by BitDefender
Visual Studio 2008 x64 Redistributables
Vuze
WebReg
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR archiver
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

3/27/2012 7:42:36 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070005: Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2633870).
3/27/2012 7:42:31 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2572078).
3/27/2012 7:41:02 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070005: Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2656351).
3/27/2012 7:40:56 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070005: Security Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows Server 2008 R2 for x64-based Systems (KB2518870).
3/27/2012 7:40:51 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2600217).
3/27/2012 7:27:42 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows Server 2008 R2 for x64-based Systems (KB2468871).
3/27/2012 7:24:18 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2633870).
3/27/2012 7:20:14 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows Server 2008 R2 for x64-based Systems (KB2518870).
3/27/2012 7:18:12 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows Server 2008 R2 for x64-based Systems (KB2533523).
3/27/2012 7:02:55 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2656351).
3/27/2012 6:47:22 AM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
3/27/2012 6:46:36 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
3/27/2012 6:41:28 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
3/27/2012 4:34:10 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
3/26/2012 12:23:19 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolume2.
3/25/2012 1:06:45 PM, Error: Disk [11] - The driver detected a controller error on \...\DR2.
3/25/2012 1:05:53 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR2.
3/24/2012 6:57:06 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer JACK-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{7ADF7519-FF3C-42DF-B1DA-49F1ACAF29EC}. The master browser is stopping or an election is being forced.
3/24/2012 12:08:57 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPSLPSVC service.
3/22/2012 9:16:31 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
3/22/2012 10:20:59 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SBSD Security Center Service service to connect.
3/22/2012 10:20:59 PM, Error: Service Control Manager [7000] - The SBSD Security Center Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/21/2012 7:33:31 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NlaSvc service.

==== End Of File ===========================

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:01 PM

Posted 30 March 2012 - 09:06 AM

We are in the process of researching and investigating your log. Please be patient as we develop a fix for your specific problems.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 mark1956

mark1956

  • Security Colleague
  • 271 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Spain
  • Local time:10:01 PM

Posted 31 March 2012 - 09:04 AM

Hi Granpasmurf, my name is Mark and I will be helping you.

Before doing anything further, if you have not already done so, you should back up all your important documents, personal data files and photos to a CD or DVD drive as some infections may render your computer unbootable during or before the disinfection process. If that occurs there may be no option but to reformat and reinstall the OS or perform a full system recovery. The safest practice is not to backup any files with the following file extensions: exe, .scr, .ini, .htm, .html, .php, .asp, .xml, .zip, .rar, .cab as they may be infected.


We need to see some of the logs from the scans you ran that show us what was detected.

Please follow these instructions.

You have posted Attach.txt which is the incorrect log for me to review at this time.

After running DDS you should have been advised it created two log files (DDS.txt, Attach.txt) and then provided instructions what to do with each after they opened in Notepad. Most likely you were told to save them to your Desktop or a location of your choice. Right-click on the log called DDS.txt to open it in Notepad, then copy and paste the contents in your next reply.

Logs are automatically saved to the following locations:
-- XP: C:\Documents and Settings\Username\Local Settings\Temp\DDS.txt
-- Vista, Windows 7, 2008: C:\Username\AppData\Local\Temp\DDS.txt


If you cannot see the folders, they may be hidden and you will need to reconfigure Windows to show hidden files, folders.

If you did not save your logs and they were not automatically saved, please rerun DDS the same as before, save the logs to your Desktop, then copy and paste ONLY the contents of DDS.txt in your next reply.

Malwarebytes logs
  • Open Malwarebytes.
  • Click on the Logs tab.
  • Click on the entry that shows the items detected.
  • Click on the Open button and then copy and paste the log into your next reply.
SuperAntiSpyware log
  • Open SuperAntiSpyware.
  • Click on the button View Scan Logs.
  • Click on the log you ran that shows the items removed.
  • Copy and paste the log into your next reply.

TDSSKiller
The report can be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.



Important Note: Using any torrent, peer-to-peer (P2P) file sharing program (i.e. Limewire, eMule, Kontiki, BitTorrent, BitComet, uTorrent, BitLord, BearShare, Azureus/Vuze) or visiting such sites is a security risk which can make your system susceptible to a smörgåsbord of malware infections, remote attacks, and exposure of personal information. File sharing networks are thoroughly infected and infested with malware according to Senior Virus Analyst, Norman ASA. As such, it is not uncommon for some anti-virus/anti-malware disinfection tools to detect torrent related files and programs as a threat and attempt to remove them.

The reason for this is that file sharing relies on its members giving and gaining unfettered access to computers across the P2P network. This practice can make you vulnerable to data and identity theft, system infection and remote access exploit by attackers who can take control of your computer without your knowledge. Even if you change the risky default settings to a safer configuration, downloading files from an anonymous source increases your exposure to infection because the files you are downloading may actually contain a disguised threat. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and
malicious Flash ads that install malware. Many malicious worms and Trojans, such as the Storm Worm, target and spread across P2P file sharing networks because of their known vulnerabilities. In some instances the infection may cause so much damage to your system that recovery is not possible and a Repair Install will NOT help!. In those cases, the only option is to wipe your drive, reformat and reinstall the OS.

Even the safest P2P file sharing programs that do not contain bundled spyware, still expose you to risks because of the very nature of the P2P file sharing process. By default, most P2P file sharing programs are configured to automatically launch at startup. They are also configured to allow other P2P users on the same network open access to a shared directory on your computer. The best way to eliminate these risks is to avoid using P2P applications and torrent web sites.
Using such programs or browsing torrent sites is almost a guaranteed way to get yourself infected!!

#4 GranPaSmurf

GranPaSmurf
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Near San Antonio, Texas
  • Local time:04:01 PM

Posted 31 March 2012 - 10:20 AM

DDS (Ver_10-03-17.01) - NTFSX64
Run by Power at 10:03:38.63 on Sat 03/31/2012
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.1844 [GMT -5:00]

SP: Spybot - Search and Destroy *enabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

============== Running Processes ===============

C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k HPService
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Power\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Power\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Power\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Power\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Power\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\DllHost.exe
C:\Users\Power\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.search-results.com/?l=dis&o=16172
uSearch Page =
uSearch Bar =
mLocal Page = c:\windows\syswow64\blank.htm
uInternet Settings,ProxyOverride = *.local;localhost;127.0.0.1;<local>
uInternet Settings,ProxyServer = 127.0.0.1:80
mSearchAssistant =
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files (x86)\yahoo!\companion\installs\cpn\yt.dll
mWinlogon: Userinit=c:\windows\syswow64\userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files (x86)\yahoo!\companion\installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files (x86)\avg\avg2012\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files (x86)\spybot - search & destroy\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~2\micros~4\office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files (x86)\avg secure search\10.2.0.3\AVG Secure Search_toolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~2\micros~4\office14\URLREDIR.DLL
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files (x86)\msn\toolbar\3.0.0566.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files (x86)\yahoo!\companion\installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files (x86)\msn\toolbar\3.0.0566.0\msneshellx.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Dogpile Bundle Toolbar: {c80bdeb2-8735-44c6-bd55-a1ccd555667a} -
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {038CB5C7-48EA-4AF9-94E0-A1646542E62B} - No File
TB: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
TB: {F999A48B-1950-4D81-9971-79018F807B4B} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [LightScribe Control Panel] c:\program files (x86)\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [SpybotSD TeaTimer] c:\program files (x86)\spybot - search & destroy\TeaTimer.exe
uRun: [swg] "c:\program files (x86)\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "c:\users\power\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [wigbi] rundll32.exe "c:\users\power\appdata\local\temp\wigbi.dll",GetLastError
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [MobileDocuments] c:\program files (x86)\common files\apple\internet services\ubd.exe
mRun: [QlbCtrl.exe] c:\program files (x86)\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [WirelessAssistant] c:\program files (x86)\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [hpqSRMon] c:\program files (x86)\hp\digital imaging\bin\hpqSRMon.exe
mRun: [AVG_TRAY] "c:\program files (x86)\avg\avg2012\avgtray.exe"
mRun: [<NO NAME>]
mRun: [vProt] "c:\program files (x86)\avg secure search\vprot.exe"
mRun: [APSDaemon] "c:\program files (x86)\common files\apple\apple application support\APSDaemon.exe"
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~2\micros~4\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\micros~4\office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files (x86)\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files (x86)\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files (x86)\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files (x86)\spybot - search & destroy\SDHelper.dll
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files%20(x86)/Plants%20vs.%20Zombies/Images/stg_drm.ocx
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files%20(x86)/Plants%20vs.%20Zombies/Images/armhelper.ocx
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files (x86)\avg\avg2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~2\common~1\skype\SKYPE4~1.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\common files\avg secure search\viprotocolinstaller\10.2.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files (x86)\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~2\micros~4\office14\GROOVEEX.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files (x86)\common files\lightscribe\LSRunOnce.exe"
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files (x86)\avg\avg2012\avgssiea.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files (x86)\google\google toolbar\GoogleToolbar_64.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files (x86)\google\google toolbar\GoogleToolbar_64.dll
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB-X64: {038CB5C7-48EA-4AF9-94E0-A1646542E62B} - No File
TB-X64: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
TB-X64: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
TB-X64: {F999A48B-1950-4D81-9971-79018F807B4B} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [RTHDVCPL] c:\program files\realtek\audio\hda\RtkNGUI64.exe -s
mRun-x64: [RtkOSD] c:\program files (x86)\realtek\audio\osd\RtVOsd64.exe
mRun-x64: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun-x64: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun-x64: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun-x64: [Persistence] c:\windows\system32\igfxpers.exe
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\progra~1\micros~2\office14\GROOVEEX.DLL

============= SERVICES / DRIVERS ===============

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 26704]
R0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx64.sys [2011-9-13 37456]
R0 PxHlpa64;PxHlpa64;c:\windows\system32\drivers\PxHlpa64.sys [2011-12-30 55280]
R1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx64.sys [2011-10-7 283728]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx64.sys [2011-8-8 46672]
R1 Avgtdia;AVG TDI Driver;c:\windows\system32\drivers\avgtdia.sys [2011-7-11 375376]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 189440]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 59904]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore64.exe [2011-8-11 140672]
R2 AERTFilters;Andrea RT Filters Service;c:\program files\realtek\audio\hda\AERTSr64.exe [2010-2-11 98208]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files (x86)\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\logmein hamachi\hamachi-2.exe [2012-2-28 2343816]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\hewlett-packard\hp support framework\HPSA_Service.exe [2011-6-21 85560]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\hewlett-packard\shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\logmein\x64\LMIGuardianSvc.exe [2011-7-6 375176]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\logmein\x64\rainfo.sys [2011-1-11 15928]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2011-8-30 72216]
R2 RtVOsdService;RtVOsdService Installer;c:\program files\realtek\rtvosd\RtVOsdService.exe [2010-6-24 315392]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\spybot - search & destroy\SDWinSec.exe [2012-3-9 1153368]
R2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\intel\intel® management engine components\uns\UNS.exe [2010-2-11 2320920]
R2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files (x86)\common files\avg secure search\vtoolbarupdater\10.2.0\ToolbarUpdater.exe [2012-3-14 918880]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 120400]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 29776]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2010-1-15 227896]
R3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [2009-9-17 56344]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2009-10-30 244736]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 40832]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 84864]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 288272]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt64win7.sys [2012-3-29 553576]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);c:\program files (x86)\google\update\GoogleUpdate.exe [2010-12-13 136176]
S2 SkypeUpdate;Skype Updater;c:\program files (x86)\skype\updater\Updater.exe [2012-2-29 158856]
S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\motoandroid.sys [2009-7-10 31744]
S3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\google\update\GoogleUpdate.exe [2010-12-13 136176]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam_x64.sys [2008-3-13 27136]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2009-5-8 53632]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 pneteth;PdaNet Broadband;c:\windows\system32\drivers\pneteth.sys [2010-9-2 15360]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2010-2-11 225280]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [2012-3-29 13920]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-11-30 59392]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl64.sys [2011-5-10 51712]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-8-30 1255736]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 23040]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x64.sys [2009-6-10 389120]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 57184]
SUnknown WcsPlugInService32;WcsPlugInService32; [x]

=============== Created Last 30 ================

2012-03-31 13:50:55 0 d-----w- c:\program files\CCleaner
2012-03-31 13:50:41 0 d-----w- C:\618a2d8636115cd516a5
2012-03-31 13:48:33 0 d-----w- C:\09eaae4bca99a2a48f54
2012-03-31 13:46:46 0 d-----w- C:\61dc810bf8cd50a493e9
2012-03-31 13:45:10 0 d-----w- C:\67963df7e62bae18599c9c41a4982312
2012-03-31 13:42:52 0 d-----w- C:\31938d4103bc4712a9c6
2012-03-29 11:42:47 443040 ----a-w- c:\windows\system32\athihvs.dll
2012-03-29 11:39:23 74272 ----a-w- c:\windows\system32\RtNicProp64.dll
2012-03-29 11:39:23 553576 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
2012-03-29 11:33:58 13920 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2012-03-29 11:00:45 0 d-----w- c:\program files (x86)\SlimCleaner
2012-03-29 11:00:05 0 d-----w- c:\program files (x86)\SlimDrivers
2012-03-28 12:24:17 0 d-----w- c:\program files (x86)\MALWAREBYTES ANTI-MALWARE
2012-03-27 11:37:02 0 d-----w- C:\b12929ff479c4b26aacb
2012-03-27 11:22:06 0 ----a-w- c:\users\power\defogger_reenable
2012-03-27 11:09:39 0 d-----w- C:\5262883f30314aae4a9127
2012-03-26 12:10:56 1945 ----a-w- c:\windows\epplauncher.mif
2012-03-26 12:10:45 5358 ----a-w- c:\windows\syswow64\PerfStringBackup.INI
2012-03-26 12:10:43 0 d-----w- c:\program files (x86)\Microsoft Security Client
2012-03-26 12:10:40 0 d-----w- c:\program files\Microsoft Security Client
2012-03-26 12:07:29 208 ----a-w- c:\windows\wininit.ini
2012-03-25 23:04:38 0 d-----w- c:\users\power\appdata\roaming\SUPERAntiSpyware.com
2012-03-25 23:03:12 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2012-03-25 23:03:12 0 d-----w- c:\program files\SUPERAntiSpyware
2012-03-24 21:30:05 0 d-----w- c:\users\power\appdata\roaming\xmldm
2012-03-24 21:30:04 0 d-----w- c:\users\power\appdata\roaming\kock
2012-03-24 16:44:44 0 d-----w- c:\windows\en
2012-03-23 02:17:42 0 d-----w- c:\program files (x86)\GUMAE1D.tmp
2012-03-18 07:08:47 0 d-----w- C:\313b7ee8c1b70414b550
2012-03-14 23:00:56 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 23:00:55 3968368 ----a-w- c:\windows\syswow64\ntkrnlpa.exe
2012-03-14 23:00:54 3913584 ----a-w- c:\windows\syswow64\ntoskrnl.exe
2012-03-13 22:59:33 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-13 22:59:29 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-13 22:59:28 1077248 ----a-w- c:\windows\syswow64\DWrite.dll
2012-03-13 22:46:26 826880 ----a-w- c:\windows\syswow64\rdpcore.dll
2012-03-13 22:46:26 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-13 22:46:26 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-13 22:46:26 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-13 22:46:24 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-13 22:46:24 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-13 22:46:23 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-13 05:02:43 0 d-----w- C:\c94df833d01c043f7e5e
2012-03-12 10:08:39 0 d-----w- C:\65983ce9ca90ff1770ace6804880
2012-03-09 22:59:44 0 d-----w- c:\programdata\Spybot - Search & Destroy
2012-03-09 22:59:44 0 d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-03-09 21:16:38 0 d-----w- c:\users\power\appdata\roaming\Malwarebytes
2012-03-09 21:10:01 0 d-----w- c:\programdata\Malwarebytes
2012-03-09 21:09:46 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-09 21:09:46 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-08 23:50:28 49016 ----a-w- c:\windows\syswow64\sirenacm.dll
2012-03-08 23:37:20 302448 ----a-w- c:\windows\WLXPGSS.SCR
2012-03-08 18:45:37 0 d-----w- c:\programdata\ALM
2012-03-07 13:48:50 0 d-----w- C:\c8beb2108e7bd7e6f7
2012-03-06 18:54:28 0 d-----w- c:\program files (x86)\RocketDock
2012-03-02 00:31:57 0 d-----w- c:\windows\pss
2012-03-01 17:22:15 0 d-----w- c:\users\power\appdata\roaming\TuneUp Software
2012-03-01 17:20:16 0 d-----w- c:\programdata\TuneUp Software
2012-03-01 17:19:58 0 d-sh--w- c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}

==================== Find3M ====================

2012-02-06 16:41:17 87456 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-02-06 16:41:17 80768 ----a-w- c:\windows\system32\LMIinit.dll
2012-02-06 16:41:17 34688 ----a-w- c:\windows\system32\LMIport.dll
2012-01-31 12:44:20 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-11 03:43:30 167704 ----a-w- c:\windows\system32\igfxtray.exe
2012-01-11 03:43:28 510232 ----a-w- c:\windows\system32\igfxsrvc.exe
2012-01-11 03:43:26 417560 ----a-w- c:\windows\system32\igfxpers.exe
2012-01-11 03:43:20 239896 ----a-w- c:\windows\system32\igfxext.exe
2012-01-11 03:43:08 4379416 ----a-w- c:\windows\system32\GfxUI.exe
2012-01-11 03:43:08 392984 ----a-w- c:\windows\system32\hkcmd.exe
2012-01-11 03:43:06 184600 ----a-w- c:\windows\system32\difx64.exe
2012-01-11 03:37:38 90112 ----a-w- c:\windows\system32\igfxCoIn_v2622.dll
2012-01-11 03:28:32 8313856 ----a-w- c:\windows\system32\igdumd64.dll
2012-01-11 03:27:26 867020 ----a-w- c:\windows\syswow64\igkrng575.bin
2012-01-11 03:27:26 867020 ----a-w- c:\windows\system32\igkrng575.bin
2012-01-11 03:27:26 128204 ----a-w- c:\windows\syswow64\igcompkrng575.bin
2012-01-11 03:27:26 128204 ----a-w- c:\windows\system32\igcompkrng575.bin
2012-01-11 03:27:26 105608 ----a-w- c:\windows\syswow64\igfcg575m.bin
2012-01-11 03:27:26 105608 ----a-w- c:\windows\system32\igfcg575m.bin
2012-01-11 03:18:36 6323712 ----a-w- c:\windows\syswow64\igdumd32.dll
2012-01-11 03:12:26 581120 ----a-w- c:\windows\syswow64\igdumdx32.dll
2012-01-11 03:06:22 9528832 ----a-w- c:\windows\system32\igd10umd64.dll
2012-01-11 02:55:08 7988224 ----a-w- c:\windows\syswow64\igd10umd32.dll
2012-01-11 02:42:26 18653696 ----a-w- c:\windows\system32\ig4icd64.dll
2012-01-11 02:29:54 13904384 ----a-w- c:\windows\syswow64\ig4icd32.dll
2012-01-11 02:20:00 375808 ----a-w- c:\windows\system32\igfxpph.dll
2012-01-11 02:19:58 378368 ----a-w- c:\windows\system32\igfxTMM.dll
2012-01-11 02:19:52 28672 ----a-w- c:\windows\system32\igfxexps.dll
2012-01-11 02:19:42 62464 ----a-w- c:\windows\system32\igfxsrvc.dll
2012-01-11 02:19:14 110080 ----a-w- c:\windows\system32\hccutils.dll
2012-01-11 02:19:06 4096 ----a-w- c:\windows\system32\IGFXDEVLib.dll
2012-01-11 02:19:06 390656 ----a-w- c:\windows\system32\igfxdev.dll
2012-01-11 02:19:06 146432 ----a-w- c:\windows\system32\gfxSrvc.dll
2012-01-11 02:18:32 9014784 ----a-w- c:\windows\system32\igfxress.dll
2012-01-11 02:18:32 142336 ----a-w- c:\windows\system32\igfxdo.dll
2012-01-11 02:15:16 24576 ----a-w- c:\windows\syswow64\igfxexps32.dll
2012-01-11 02:14:34 294400 ----a-w- c:\windows\syswow64\igfxdv32.dll
2012-01-11 02:12:12 98304 ----a-w- c:\windows\syswow64\iglhcp32.dll
2012-01-11 02:12:12 98304 ----a-w- c:\windows\system32\iglhcp64.dll
2012-01-11 02:12:12 94208 ----a-w- c:\windows\system32\IccLibDll_x64.dll
2012-01-11 02:12:12 376832 ----a-w- c:\windows\syswow64\iglhsip32.dll
2012-01-11 02:12:12 376832 ----a-w- c:\windows\system32\iglhsip64.dll
2012-01-11 02:12:12 2177536 ----a-w- c:\windows\system32\igfxcmjit64.dll
2012-01-11 02:12:12 171520 ----a-w- c:\windows\syswow64\igfxcmrt32.dll
2012-01-11 02:12:12 1663488 ----a-w- c:\windows\syswow64\igfxcmjit32.dll
2012-01-11 02:12:12 148480 ----a-w- c:\windows\system32\igfxcmrt64.dll
2012-01-09 19:06:24 152576 ----a-w- c:\windows\syswow64\msclmd.dll
2012-01-09 19:06:23 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-01-09 19:06:22 155384 ----a-w- c:\windows\fonts\verdanab.ttf
2012-01-09 19:06:22 135848 ----a-w- c:\windows\fonts\impact.ttf
2012-01-04 10:44:20 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-01-04 08:59:38 12872704 ----a-w- c:\windows\syswow64\shell32.dll
2012-01-04 08:58:41 442880 ----a-w- c:\windows\syswow64\ntshrui.dll
2012-01-02 19:48:03 202858 ----a-w- c:\windows\hpoins18.dat
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2011-04-20 00:00:34 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2011-04-20 00:00:34 32768 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2011-02-10 03:13:14 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\cookies\index.dat
2011-02-10 03:13:14 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\history\history.ie5\index.dat
2011-02-10 03:13:14 32768 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\temporary internet files\content.ie5\index.dat
2011-12-02 16:30:29 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat
2011-04-13 23:19:58 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2011-04-13 23:19:58 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2011-04-13 23:19:58 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat
2011-04-13 12:44:33 262144 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2011-04-13 12:44:25 262144 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat
2010-10-12 03:34:01 32768 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010101120101012\index.dat
2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7601.17514_none_4f7e32f76654bd3c\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7601.17514_none_f35f9773adf74c06\WinMail.exe

============= FINISH: 10:04:59.67 ===============

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.25.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Power :: ERICS_COMPUTER [administrator]

3/25/2012 3:44:56 PM
mbam-log-2012-03-25 (15-44-56).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 397676
Time elapsed: 1 hour(s), 9 minute(s), 36 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 1
C:\Users\Power\AppData\Local\Temp\hspnlt.dll (Trojan.Hiloti) -> Delete on reboot.

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|hspnlt (Trojan.Hiloti) -> Data: rundll32.exe "C:\Users\Power\AppData\Local\Temp\hspnlt.dll",PreprocessShaderFromResourceW -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Userinit (Backdoor.Agent) -> Data: C:\Users\Power\AppData\Roaming\appconf32.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\Power\AppData\Local\Temp\hspnlt.dll (Trojan.Hiloti) -> Delete on reboot.
C:\Users\Power\AppData\Roaming\appconf32.exe (Backdoor.Agent) -> Delete on reboot.

(end)

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/27/2012 at 08:02 PM

Application Version : 5.0.1146

Core Rules Database Version : 8377
Trace Rules Database Version: 6189

Scan type : Complete Scan
Total Scan Time : 01:30:49

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned : 624
Memory threats detected : 0
Registry items scanned : 68926
Registry threats detected : 0
File items scanned : 84644
File threats detected : 101

Adware.Tracking Cookie
C:\Users\Power\AppData\Roaming\Microsoft\Windows\Cookies\power@collective-media[1].txt [ /collective-media ]
C:\USERS\POWER\AppData\Roaming\Microsoft\Windows\Cookies\power@google[1].txt [ Cookie:power@google.com/adsense/support/ ]
C:\USERS\POWER\AppData\Roaming\Microsoft\Windows\Cookies\Low\BYFGI3GV.txt [ Cookie:power@google.com/accounts/ ]
C:\USERS\POWER\AppData\Roaming\Microsoft\Windows\Cookies\Low\power@collective-media[1].txt [ Cookie:power@collective-media.net/ ]
C:\USERS\POWER\AppData\Roaming\Microsoft\Windows\Cookies\Low\P735M4O9.txt [ Cookie:power@accounts.google.com/accounts/ ]
C:\USERS\POWER\AppData\Roaming\Microsoft\Windows\Cookies\Low\4BC73IP6.txt [ Cookie:power@google.com/accounts/recovery/ ]
C:\USERS\POWER\AppData\Roaming\Microsoft\Windows\Cookies\Low\power@google[1].txt [ Cookie:power@google.com/adsense/support/ ]
C:\USERS\POWER\Cookies\power@google[1].txt [ Cookie:power@google.com/adsense/support/ ]
C:\USERS\POWER\Cookies\power@collective-media[1].txt [ Cookie:power@collective-media.net/ ]
.atdmt.com [ C:\USERS\POWER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\POWER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\USERS\POWER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\USERS\POWER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.r1-ads.ace.advertising.com [ C:\USERS\POWER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\POWER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\POWER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\POWER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\POWER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.at.atwola.com [ C:\USERS\POWER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\POWER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.yieldmanager.net [ C:\USERS\POWER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\POWER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pointroll.com [ C:\USERS\POWER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pointroll.com [ C:\USERS\POWER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\POWER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\POWER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\POWER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\POWER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\POWER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\POWER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tribalfusion.com [ C:\USERS\POWER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\USERS\POWER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\POWER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\POWER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\POWER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\POWER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\POWER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\POWER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\POWER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\POWER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.accounts.google.com [ C:\USERS\POWER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.accounts.google.com [ C:\USERS\POWER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\POWER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\POWER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.server.cpmstar.com [ C:\USERS\POWER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.server.cpmstar.com [ C:\USERS\POWER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.server.cpmstar.com [ C:\USERS\POWER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.server.cpmstar.com [ C:\USERS\POWER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.server.cpmstar.com [ C:\USERS\POWER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.server.cpmstar.com [ C:\USERS\POWER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.server.cpmstar.com [ C:\USERS\POWER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.google.com [ C:\USERS\POWER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.google.com [ C:\USERS\POWER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.youtube.com [ C:\USERS\POWER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\POWER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\USERS\POWER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\POWER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\POWER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.apmebf.com [ C:\USERS\POWER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\USERS\POWER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\POWER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\POWER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\POWER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\POWER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\POWER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.yadro.ru [ C:\USERS\POWER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\POWER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\POWER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\POWER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.yadro.ru [ C:\USERS\POWER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\POWER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\POWER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\POWER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.kaspersky.122.2o7.net [ C:\USERS\POWER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\POWER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\POWER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\POWER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\POWER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\USERS\POWER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\USERS\POWER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\POWER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
149.memecounter.com [ C:\USERS\POWER\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\6DZ46RPL ]
ad.insightexpressai.com [ C:\USERS\POWER\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\6DZ46RPL ]
cdn.selectablemedia.com [ C:\USERS\POWER\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\6DZ46RPL ]
cdn.tremormedia.com [ C:\USERS\POWER\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\6DZ46RPL ]
cdn5.tribalfusion.com [ C:\USERS\POWER\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\6DZ46RPL ]
content.yieldmanager.edgesuite.net [ C:\USERS\POWER\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\6DZ46RPL ]
convoad.technoratimedia.net [ C:\USERS\POWER\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\6DZ46RPL ]
core.insightexpressai.com [ C:\USERS\POWER\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\6DZ46RPL ]
ia.media-imdb.com [ C:\USERS\POWER\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\6DZ46RPL ]
konac.kontera.com [ C:\USERS\POWER\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\6DZ46RPL ]
media.mtvnservices.com [ C:\USERS\POWER\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\6DZ46RPL ]
media1.break.com [ C:\USERS\POWER\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\6DZ46RPL ]
objects.tremormedia.com [ C:\USERS\POWER\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\6DZ46RPL ]
s0.2mdn.net [ C:\USERS\POWER\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\6DZ46RPL ]
secure-us.imrworldwide.com [ C:\USERS\POWER\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\6DZ46RPL ]
speed.pointroll.com [ C:\USERS\POWER\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\6DZ46RPL ]
www.bleeptube.com [ C:\USERS\POWER\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\6DZ46RPL ]
www.pornhub.com [ C:\USERS\POWER\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\6DZ46RPL ]

Trojan.Agent/Gen-ImageDocFake
C:\USERS\POWER\DOCUMENTS\VUZE DOWNLOADS\RIOT GEAR FX LITE VERSION\SPLATTER IMAGES\SPLATTER_INK\SPLATTER_17.JPG
C:\USERS\POWER\DOCUMENTS\VUZE DOWNLOADS\RIOT GEAR FX LITE VERSION\SPLATTER IMAGES\SPLATTER_INK\SPLATTER_10.JPG



14:30:49.0829 6116 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
14:30:50.0297 6116 ============================================================
14:30:50.0297 6116 Current date / time: 2012/03/27 14:30:50.0297
14:30:50.0297 6116 SystemInfo:
14:30:50.0297 6116
14:30:50.0297 6116 OS Version: 6.1.7601 ServicePack: 1.0
14:30:50.0297 6116 Product type: Workstation
14:30:50.0297 6116 ComputerName: ERICS_COMPUTER
14:30:50.0297 6116 UserName: Power
14:30:50.0297 6116 Windows directory: C:\Windows
14:30:50.0297 6116 System windows directory: C:\Windows
14:30:50.0297 6116 Running under WOW64
14:30:50.0297 6116 Processor architecture: Intel x64
14:30:50.0297 6116 Number of processors: 4
14:30:50.0297 6116 Page size: 0x1000
14:30:50.0297 6116 Boot type: Normal boot
14:30:50.0297 6116 ============================================================
14:30:51.0124 6116 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:30:51.0140 6116 \Device\Harddisk0\DR0:
14:30:51.0140 6116 MBR used
14:30:51.0140 6116 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
14:30:51.0140 6116 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x23AA1800
14:30:51.0140 6116 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x23B05800, BlocksNum 0x18F5000
14:30:51.0140 6116 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xE, StartLBA 0x253FA800, BlocksNum 0x33AB0
14:30:51.0233 6116 Initialize success
14:30:51.0233 6116 ============================================================
14:30:58.0362 3912 ============================================================
14:30:58.0362 3912 Scan started
14:30:58.0362 3912 Mode: Manual;
14:30:58.0362 3912 ============================================================
14:30:58.0612 3912 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
14:30:58.0612 3912 !SASCORE - ok
14:30:58.0877 3912 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
14:30:58.0877 3912 1394ohci - ok
14:30:58.0924 3912 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
14:30:58.0924 3912 ACPI - ok
14:30:58.0940 3912 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
14:30:58.0955 3912 AcpiPmi - ok
14:30:58.0986 3912 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
14:30:59.0002 3912 adp94xx - ok
14:30:59.0080 3912 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
14:30:59.0096 3912 adpahci - ok
14:30:59.0111 3912 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
14:30:59.0127 3912 adpu320 - ok
14:30:59.0158 3912 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
14:30:59.0158 3912 AeLookupSvc - ok
14:30:59.0220 3912 AERTFilters (d1e343bc00136ce03c4d403194d06a80) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
14:30:59.0220 3912 AERTFilters - ok
14:30:59.0283 3912 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
14:30:59.0283 3912 AFD - ok
14:30:59.0423 3912 AgereSoftModem (98022774d9930ecbb292e70db7601df6) C:\Windows\system32\DRIVERS\agrsm64.sys
14:30:59.0439 3912 AgereSoftModem - ok
14:30:59.0532 3912 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
14:30:59.0532 3912 agp440 - ok
14:30:59.0579 3912 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
14:30:59.0579 3912 ALG - ok
14:30:59.0642 3912 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
14:30:59.0642 3912 aliide - ok
14:30:59.0642 3912 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
14:30:59.0642 3912 amdide - ok
14:30:59.0688 3912 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
14:30:59.0704 3912 AmdK8 - ok
14:30:59.0766 3912 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
14:30:59.0766 3912 AmdPPM - ok
14:30:59.0782 3912 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
14:30:59.0798 3912 amdsata - ok
14:30:59.0798 3912 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
14:30:59.0813 3912 amdsbs - ok
14:30:59.0813 3912 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
14:30:59.0813 3912 amdxata - ok
14:30:59.0860 3912 androidusb (d69f1e9a944a5f46a494af901ed41118) C:\Windows\system32\Drivers\motoandroid.sys
14:30:59.0860 3912 androidusb - ok
14:30:59.0922 3912 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
14:30:59.0922 3912 AppID - ok
14:30:59.0954 3912 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
14:30:59.0954 3912 AppIDSvc - ok
14:31:00.0032 3912 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
14:31:00.0032 3912 Appinfo - ok
14:31:00.0110 3912 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:31:00.0110 3912 Apple Mobile Device - ok
14:31:00.0297 3912 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
14:31:00.0297 3912 arc - ok
14:31:00.0328 3912 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
14:31:00.0328 3912 arcsas - ok
14:31:00.0344 3912 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
14:31:00.0344 3912 AsyncMac - ok
14:31:00.0375 3912 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
14:31:00.0375 3912 atapi - ok
14:31:00.0468 3912 athr (40734f3a5eec4c4ac6a1faf10b293714) C:\Windows\system32\DRIVERS\athrx.sys
14:31:00.0515 3912 athr - ok
14:31:00.0593 3912 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:31:00.0609 3912 AudioEndpointBuilder - ok
14:31:00.0624 3912 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:31:00.0640 3912 AudioSrv - ok
14:31:00.0827 3912 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
14:31:00.0905 3912 AVGIDSAgent - ok
14:31:00.0999 3912 AVGIDSDriver (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
14:31:00.0999 3912 AVGIDSDriver - ok
14:31:01.0030 3912 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
14:31:01.0030 3912 AVGIDSEH - ok
14:31:01.0046 3912 AVGIDSFilter (ed2b25bd7fe35d1944211968842d30da) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
14:31:01.0061 3912 AVGIDSFilter - ok
14:31:01.0108 3912 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys
14:31:01.0108 3912 Avgldx64 - ok
14:31:01.0124 3912 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys
14:31:01.0139 3912 Avgmfx64 - ok
14:31:01.0248 3912 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys
14:31:01.0248 3912 Avgrkx64 - ok
14:31:01.0280 3912 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys
14:31:01.0280 3912 Avgtdia - ok
14:31:01.0342 3912 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
14:31:01.0342 3912 avgwd - ok
14:31:01.0389 3912 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
14:31:01.0389 3912 AxInstSV - ok
14:31:01.0514 3912 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
14:31:01.0529 3912 b06bdrv - ok
14:31:01.0576 3912 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
14:31:01.0576 3912 b57nd60a - ok
14:31:01.0623 3912 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
14:31:01.0623 3912 BDESVC - ok
14:31:01.0732 3912 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
14:31:01.0732 3912 Beep - ok
14:31:01.0794 3912 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
14:31:01.0810 3912 BFE - ok
14:31:01.0841 3912 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
14:31:01.0872 3912 BITS - ok
14:31:01.0982 3912 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
14:31:01.0982 3912 blbdrive - ok
14:31:02.0075 3912 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
14:31:02.0091 3912 Bonjour Service - ok
14:31:02.0200 3912 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
14:31:02.0200 3912 bowser - ok
14:31:02.0247 3912 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:31:02.0247 3912 BrFiltLo - ok
14:31:02.0262 3912 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:31:02.0278 3912 BrFiltUp - ok
14:31:02.0294 3912 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
14:31:02.0309 3912 Browser - ok
14:31:02.0325 3912 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
14:31:02.0340 3912 Brserid - ok
14:31:02.0356 3912 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
14:31:02.0356 3912 BrSerWdm - ok
14:31:02.0387 3912 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:31:02.0387 3912 BrUsbMdm - ok
14:31:02.0403 3912 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
14:31:02.0403 3912 BrUsbSer - ok
14:31:02.0512 3912 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
14:31:02.0512 3912 BTHMODEM - ok
14:31:02.0574 3912 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
14:31:02.0574 3912 bthserv - ok
14:31:02.0621 3912 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
14:31:02.0621 3912 cdfs - ok
14:31:02.0668 3912 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
14:31:02.0684 3912 cdrom - ok
14:31:02.0762 3912 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:31:02.0762 3912 CertPropSvc - ok
14:31:02.0824 3912 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
14:31:02.0824 3912 circlass - ok
14:31:02.0871 3912 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
14:31:02.0886 3912 CLFS - ok
14:31:02.0933 3912 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:31:02.0933 3912 clr_optimization_v2.0.50727_32 - ok
14:31:02.0949 3912 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:31:02.0964 3912 clr_optimization_v2.0.50727_64 - ok
14:31:03.0027 3912 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:31:03.0027 3912 clr_optimization_v4.0.30319_32 - ok
14:31:03.0042 3912 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:31:03.0042 3912 clr_optimization_v4.0.30319_64 - ok
14:31:03.0136 3912 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
14:31:03.0136 3912 CmBatt - ok
14:31:03.0167 3912 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
14:31:03.0167 3912 cmdide - ok
14:31:03.0230 3912 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
14:31:03.0230 3912 CNG - ok
14:31:03.0308 3912 Com4QLBEx (c7a0e61d5714ac20de52d4f66ec773b8) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
14:31:03.0323 3912 Com4QLBEx - ok
14:31:03.0433 3912 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
14:31:03.0433 3912 Compbatt - ok
14:31:03.0464 3912 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
14:31:03.0479 3912 CompositeBus - ok
14:31:03.0495 3912 COMSysApp - ok
14:31:03.0511 3912 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
14:31:03.0526 3912 crcdisk - ok
14:31:03.0557 3912 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
14:31:03.0557 3912 CryptSvc - ok
14:31:03.0698 3912 dc3d (1ca90212a99db6975c344826d11055c9) C:\Windows\system32\DRIVERS\dc3d.sys
14:31:03.0698 3912 dc3d - ok
14:31:03.0745 3912 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
14:31:03.0745 3912 DcomLaunch - ok
14:31:03.0791 3912 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
14:31:03.0807 3912 defragsvc - ok
14:31:03.0932 3912 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
14:31:03.0932 3912 DfsC - ok
14:31:03.0979 3912 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
14:31:03.0979 3912 Dhcp - ok
14:31:04.0010 3912 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
14:31:04.0010 3912 discache - ok
14:31:04.0041 3912 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
14:31:04.0041 3912 Disk - ok
14:31:04.0088 3912 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
14:31:04.0088 3912 Dnscache - ok
14:31:04.0166 3912 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
14:31:04.0166 3912 dot3svc - ok
14:31:04.0259 3912 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
14:31:04.0259 3912 Dot4 - ok
14:31:04.0291 3912 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\drivers\Dot4Prt.sys
14:31:04.0291 3912 Dot4Print - ok
14:31:04.0306 3912 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
14:31:04.0306 3912 dot4usb - ok
14:31:04.0337 3912 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
14:31:04.0337 3912 DPS - ok
14:31:04.0431 3912 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
14:31:04.0431 3912 drmkaud - ok
14:31:04.0478 3912 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
14:31:04.0493 3912 DXGKrnl - ok
14:31:04.0525 3912 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
14:31:04.0540 3912 EapHost - ok
14:31:04.0665 3912 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
14:31:04.0727 3912 ebdrv - ok
14:31:04.0774 3912 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
14:31:04.0774 3912 EFS - ok
14:31:04.0837 3912 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
14:31:04.0852 3912 ehRecvr - ok
14:31:04.0883 3912 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
14:31:04.0883 3912 ehSched - ok
14:31:04.0977 3912 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
14:31:04.0993 3912 elxstor - ok
14:31:05.0039 3912 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
14:31:05.0039 3912 ErrDev - ok
14:31:05.0086 3912 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
14:31:05.0102 3912 EventSystem - ok
14:31:05.0164 3912 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
14:31:05.0164 3912 exfat - ok
14:31:05.0195 3912 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
14:31:05.0195 3912 fastfat - ok
14:31:05.0258 3912 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
14:31:05.0273 3912 Fax - ok
14:31:05.0383 3912 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
14:31:05.0398 3912 fdc - ok
14:31:05.0429 3912 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
14:31:05.0429 3912 fdPHost - ok
14:31:05.0445 3912 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
14:31:05.0445 3912 FDResPub - ok
14:31:05.0461 3912 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
14:31:05.0461 3912 FileInfo - ok
14:31:05.0492 3912 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
14:31:05.0492 3912 Filetrace - ok
14:31:05.0507 3912 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
14:31:05.0507 3912 flpydisk - ok
14:31:05.0554 3912 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
14:31:05.0554 3912 FltMgr - ok
14:31:05.0648 3912 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
14:31:05.0663 3912 FontCache - ok
14:31:05.0726 3912 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:31:05.0726 3912 FontCache3.0.0.0 - ok
14:31:05.0788 3912 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
14:31:05.0788 3912 FsDepends - ok
14:31:05.0866 3912 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
14:31:05.0866 3912 Fs_Rec - ok
14:31:05.0897 3912 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
14:31:05.0913 3912 fvevol - ok
14:31:05.0944 3912 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
14:31:05.0960 3912 gagp30kx - ok
14:31:06.0007 3912 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:31:06.0007 3912 GEARAspiWDM - ok
14:31:06.0053 3912 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
14:31:06.0069 3912 gpsvc - ok
14:31:06.0163 3912 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:31:06.0163 3912 gupdate - ok
14:31:06.0194 3912 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:31:06.0194 3912 gupdatem - ok
14:31:06.0209 3912 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
14:31:06.0225 3912 gusvc - ok
14:31:06.0319 3912 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
14:31:06.0319 3912 hamachi - ok
14:31:06.0459 3912 Hamachi2Svc (d483dbaef409e8ab7477c28615fcd853) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
14:31:06.0506 3912 Hamachi2Svc - ok
14:31:06.0631 3912 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
14:31:06.0646 3912 hcw85cir - ok
14:31:06.0709 3912 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
14:31:06.0724 3912 HdAudAddService - ok
14:31:06.0755 3912 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
14:31:06.0755 3912 HDAudBus - ok
14:31:06.0802 3912 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
14:31:06.0802 3912 HECIx64 - ok
14:31:06.0880 3912 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
14:31:06.0880 3912 HidBatt - ok
14:31:06.0927 3912 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
14:31:06.0927 3912 HidBth - ok
14:31:06.0943 3912 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
14:31:06.0943 3912 HidIr - ok
14:31:06.0974 3912 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
14:31:06.0974 3912 hidserv - ok
14:31:07.0021 3912 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
14:31:07.0021 3912 HidUsb - ok
14:31:07.0052 3912 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
14:31:07.0067 3912 hkmsvc - ok
14:31:07.0114 3912 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
14:31:07.0114 3912 HomeGroupListener - ok
14:31:07.0161 3912 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
14:31:07.0161 3912 HomeGroupProvider - ok
14:31:07.0239 3912 HP Support Assistant Service (170233b8d743efe35f462a5d516b93e3) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
14:31:07.0255 3912 HP Support Assistant Service - ok
14:31:07.0286 3912 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
14:31:07.0286 3912 HPDrvMntSvc.exe - ok
14:31:07.0333 3912 hpqcxs08 (1dae5c46d42b02a6d5862e1482efb390) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
14:31:07.0333 3912 hpqcxs08 - ok
14:31:07.0379 3912 hpqddsvc (99e8eef42fe2f4af29b08c3355dd7685) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
14:31:07.0379 3912 hpqddsvc - ok
14:31:07.0489 3912 HpqKbFiltr (9af482d058be59cc28bce52e7c4b747c) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
14:31:07.0489 3912 HpqKbFiltr - ok
14:31:07.0582 3912 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
14:31:07.0598 3912 hpqwmiex - ok
14:31:07.0723 3912 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
14:31:07.0723 3912 HpSAMD - ok
14:31:07.0847 3912 HPSLPSVC (f37882f128efacefe353e0bae2766909) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
14:31:07.0863 3912 HPSLPSVC - ok
14:31:07.0988 3912 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
14:31:07.0988 3912 HTTP - ok
14:31:08.0019 3912 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
14:31:08.0035 3912 hwpolicy - ok
14:31:08.0050 3912 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
14:31:08.0081 3912 i8042prt - ok
14:31:08.0113 3912 iaStor (be7d72fcf442c26975942007e0831241) C:\Windows\system32\DRIVERS\iaStor.sys
14:31:08.0128 3912 iaStor - ok
14:31:08.0222 3912 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
14:31:08.0237 3912 iaStorV - ok
14:31:08.0315 3912 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:31:08.0331 3912 idsvc - ok
14:31:08.0721 3912 igfx (f4f91789c7c7a159ce8215c1f69f2a85) C:\Windows\system32\DRIVERS\igdkmd64.sys
14:31:09.0080 3912 igfx - ok
14:31:09.0189 3912 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
14:31:09.0189 3912 iirsp - ok
14:31:09.0220 3912 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
14:31:09.0236 3912 IKEEXT - ok
14:31:09.0329 3912 IntcAzAudAddService (d311e2dd59a34079d89c249b2a4d9fdb) C:\Windows\system32\drivers\RTKVHD64.sys
14:31:09.0361 3912 IntcAzAudAddService - ok
14:31:09.0470 3912 IntcDAud (408b401cd7cdb075c7470b0ff7ba8d0b) C:\Windows\system32\DRIVERS\IntcDAud.sys
14:31:09.0470 3912 IntcDAud - ok
14:31:09.0517 3912 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
14:31:09.0517 3912 intelide - ok
14:31:09.0548 3912 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
14:31:09.0563 3912 intelppm - ok
14:31:09.0595 3912 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
14:31:09.0610 3912 IPBusEnum - ok
14:31:09.0719 3912 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:31:09.0735 3912 IpFilterDriver - ok
14:31:09.0766 3912 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
14:31:09.0782 3912 iphlpsvc - ok
14:31:09.0829 3912 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
14:31:09.0829 3912 IPMIDRV - ok
14:31:09.0860 3912 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
14:31:09.0860 3912 IPNAT - ok
14:31:09.0953 3912 iPod Service (ee4c2a137c7088911a8919effc9812e7) C:\Program Files\iPod\bin\iPodService.exe
14:31:09.0969 3912 iPod Service - ok
14:31:10.0078 3912 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
14:31:10.0078 3912 IRENUM - ok
14:31:10.0125 3912 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
14:31:10.0125 3912 isapnp - ok
14:31:10.0156 3912 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
14:31:10.0156 3912 iScsiPrt - ok
14:31:10.0187 3912 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
14:31:10.0187 3912 kbdclass - ok
14:31:10.0219 3912 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
14:31:10.0219 3912 kbdhid - ok
14:31:10.0297 3912 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:31:10.0297 3912 KeyIso - ok
14:31:10.0343 3912 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
14:31:10.0343 3912 KSecDD - ok
14:31:10.0359 3912 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
14:31:10.0375 3912 KSecPkg - ok
14:31:10.0406 3912 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
14:31:10.0406 3912 ksthunk - ok
14:31:10.0453 3912 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
14:31:10.0453 3912 KtmRm - ok
14:31:10.0546 3912 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
14:31:10.0546 3912 LanmanServer - ok
14:31:10.0577 3912 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
14:31:10.0593 3912 LanmanWorkstation - ok
14:31:10.0671 3912 LightScribeService (0ee66bdf485c6828aa65c0ef5d591133) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
14:31:10.0671 3912 LightScribeService - ok
14:31:10.0749 3912 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
14:31:10.0749 3912 lltdio - ok
14:31:10.0827 3912 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
14:31:10.0827 3912 lltdsvc - ok
14:31:10.0858 3912 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
14:31:10.0858 3912 lmhosts - ok
14:31:10.0967 3912 LMIGuardianSvc (ad988709675d9e35a60b2616bef108e9) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
14:31:10.0967 3912 LMIGuardianSvc - ok
14:31:10.0999 3912 LMIInfo (0317335b15ff3bda8e10197e3434cfc0) C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys
14:31:10.0999 3912 LMIInfo - ok
14:31:11.0030 3912 LMIMaint (bd043199fc0bf5f2810f54c8b374590b) C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
14:31:11.0030 3912 LMIMaint - ok
14:31:11.0123 3912 lmimirr (413ecdcfad9a82804d3674c8d7eec24e) C:\Windows\system32\DRIVERS\lmimirr.sys
14:31:11.0123 3912 lmimirr - ok
14:31:11.0155 3912 LMIRfsClientNP - ok
14:31:11.0186 3912 LMIRfsDriver (c57d3faa50e6f395759ffb7c709bd944) C:\Windows\system32\drivers\LMIRfsDriver.sys
14:31:11.0186 3912 LMIRfsDriver - ok
14:31:11.0295 3912 LMS (7485fbcef9136f530953575e2977859d) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
14:31:11.0295 3912 LMS - ok
14:31:11.0342 3912 LogMeIn (d3760bc17e1755091b7120cf32dbf56b) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
14:31:11.0342 3912 LogMeIn - ok
14:31:11.0467 3912 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
14:31:11.0482 3912 LSI_FC - ok
14:31:11.0482 3912 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
14:31:11.0498 3912 LSI_SAS - ok
14:31:11.0498 3912 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:31:11.0498 3912 LSI_SAS2 - ok
14:31:11.0513 3912 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:31:11.0513 3912 LSI_SCSI - ok
14:31:11.0545 3912 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
14:31:11.0545 3912 luafv - ok
14:31:11.0576 3912 ManyCam (d33e2b74cf8b3a652bf0a9fbd068e87a) C:\Windows\system32\DRIVERS\ManyCam_x64.sys
14:31:11.0576 3912 ManyCam - ok
14:31:11.0607 3912 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
14:31:11.0607 3912 Mcx2Svc - ok
14:31:11.0638 3912 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
14:31:11.0638 3912 megasas - ok
14:31:11.0654 3912 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
14:31:11.0669 3912 MegaSR - ok
14:31:11.0732 3912 Microsoft SharePoint Workspace Audit Service - ok
14:31:11.0794 3912 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:31:11.0794 3912 MMCSS - ok
14:31:11.0841 3912 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
14:31:11.0841 3912 Modem - ok
14:31:11.0872 3912 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
14:31:11.0872 3912 monitor - ok
14:31:11.0919 3912 MotDev (3cc500c9b0e4d476802d277353cb2c89) C:\Windows\system32\DRIVERS\motodrv.sys
14:31:11.0919 3912 MotDev - ok
14:31:11.0966 3912 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
14:31:11.0966 3912 mouclass - ok
14:31:12.0044 3912 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
14:31:12.0044 3912 mouhid - ok
14:31:12.0091 3912 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
14:31:12.0091 3912 mountmgr - ok
14:31:12.0169 3912 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
14:31:12.0169 3912 MpFilter - ok
14:31:12.0200 3912 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
14:31:12.0200 3912 mpio - ok
14:31:12.0231 3912 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
14:31:12.0231 3912 MpNWMon - ok
14:31:12.0247 3912 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
14:31:12.0247 3912 mpsdrv - ok
14:31:12.0325 3912 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
14:31:12.0340 3912 MpsSvc - ok
14:31:12.0403 3912 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
14:31:12.0403 3912 MRxDAV - ok
14:31:12.0449 3912 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:31:12.0449 3912 mrxsmb - ok
14:31:12.0481 3912 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:31:12.0481 3912 mrxsmb10 - ok
14:31:12.0527 3912 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:31:12.0527 3912 mrxsmb20 - ok
14:31:12.0543 3912 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
14:31:12.0543 3912 msahci - ok
14:31:12.0574 3912 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
14:31:12.0590 3912 msdsm - ok
14:31:12.0621 3912 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
14:31:12.0621 3912 MSDTC - ok
14:31:12.0683 3912 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
14:31:12.0683 3912 Msfs - ok
14:31:12.0715 3912 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
14:31:12.0730 3912 mshidkmdf - ok
14:31:12.0730 3912 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
14:31:12.0730 3912 msisadrv - ok
14:31:12.0777 3912 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
14:31:12.0777 3912 MSiSCSI - ok
14:31:12.0808 3912 msiserver - ok
14:31:12.0902 3912 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
14:31:12.0902 3912 MSKSSRV - ok
14:31:13.0011 3912 MsMpSvc (157e9e498206a3366baa7e4697bdd947) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
14:31:13.0011 3912 MsMpSvc - ok
14:31:13.0073 3912 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
14:31:13.0073 3912 MSPCLOCK - ok
14:31:13.0151 3912 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
14:31:13.0151 3912 MSPQM - ok
14:31:13.0183 3912 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
14:31:13.0198 3912 MsRPC - ok
14:31:13.0214 3912 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
14:31:13.0229 3912 mssmbios - ok
14:31:13.0245 3912 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
14:31:13.0245 3912 MSTEE - ok
14:31:13.0276 3912 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
14:31:13.0276 3912 MTConfig - ok
14:31:13.0292 3912 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
14:31:13.0292 3912 Mup - ok
14:31:13.0339 3912 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
14:31:13.0339 3912 napagent - ok
14:31:13.0463 3912 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
14:31:13.0463 3912 NativeWifiP - ok
14:31:13.0526 3912 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
14:31:13.0541 3912 NDIS - ok
14:31:13.0573 3912 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
14:31:13.0573 3912 NdisCap - ok
14:31:13.0682 3912 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
14:31:13.0682 3912 NdisTapi - ok
14:31:13.0713 3912 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
14:31:13.0713 3912 Ndisuio - ok
14:31:13.0744 3912 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
14:31:13.0744 3912 NdisWan - ok
14:31:13.0775 3912 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
14:31:13.0775 3912 NDProxy - ok
14:31:13.0838 3912 Net Driver HPZ12 (2334dc48997ba203b794df3ee70521db) C:\Windows\system32\HPZinw12.dll
14:31:13.0838 3912 Net Driver HPZ12 - ok
14:31:13.0947 3912 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
14:31:13.0947 3912 NetBIOS - ok
14:31:13.0994 3912 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
14:31:13.0994 3912 NetBT - ok
14:31:14.0041 3912 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:31:14.0041 3912 Netlogon - ok
14:31:14.0119 3912 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
14:31:14.0134 3912 Netman - ok
14:31:14.0165 3912 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
14:31:14.0165 3912 netprofm - ok
14:31:14.0228 3912 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:31:14.0228 3912 NetTcpPortSharing - ok
14:31:14.0431 3912 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
14:31:14.0509 3912 netw5v64 - ok
14:31:14.0618 3912 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
14:31:14.0618 3912 nfrd960 - ok
14:31:14.0649 3912 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
14:31:14.0649 3912 NisDrv - ok
14:31:14.0758 3912 NisSrv (566ddd5d82520da01d75f81428ac4c38) c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
14:31:14.0758 3912 NisSrv - ok
14:31:14.0805 3912 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
14:31:14.0805 3912 NlaSvc - ok
14:31:14.0899 3912 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
14:31:14.0899 3912 Npfs - ok
14:31:14.0930 3912 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
14:31:14.0945 3912 nsi - ok
14:31:14.0961 3912 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
14:31:14.0961 3912 nsiproxy - ok
14:31:15.0039 3912 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
14:31:15.0070 3912 Ntfs - ok
14:31:15.0179 3912 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
14:31:15.0179 3912 Null - ok
14:31:15.0211 3912 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
14:31:15.0226 3912 nvraid - ok
14:31:15.0242 3912 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
14:31:15.0242 3912 nvstor - ok
14:31:15.0273 3912 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
14:31:15.0273 3912 nv_agp - ok
14:31:15.0304 3912 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
14:31:15.0304 3912 ohci1394 - ok
14:31:15.0367 3912 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:31:15.0367 3912 ose - ok
14:31:15.0538 3912 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
14:31:15.0616 3912 osppsvc - ok
14:31:15.0694 3912 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:31:15.0694 3912 p2pimsvc - ok
14:31:15.0741 3912 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
14:31:15.0757 3912 p2psvc - ok
14:31:15.0819 3912 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
14:31:15.0819 3912 Parport - ok
14:31:15.0850 3912 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
14:31:15.0850 3912 partmgr - ok
14:31:15.0866 3912 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
14:31:15.0881 3912 PcaSvc - ok
14:31:15.0944 3912 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
14:31:15.0944 3912 pci - ok
14:31:15.0959 3912 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
14:31:15.0959 3912 pciide - ok
14:31:15.0991 3912 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
14:31:16.0006 3912 pcmcia - ok
14:31:16.0022 3912 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
14:31:16.0022 3912 pcw - ok
14:31:16.0069 3912 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
14:31:16.0069 3912 PEAUTH - ok
14:31:16.0147 3912 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
14:31:16.0147 3912 PerfHost - ok
14:31:16.0256 3912 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
14:31:16.0287 3912 pla - ok
14:31:16.0349 3912 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
14:31:16.0365 3912 PlugPlay - ok
14:31:16.0443 3912 Pml Driver HPZ12 (ac78df349f0e4cfb8b667c0cfff83cce) C:\Windows\system32\HPZipm12.dll
14:31:16.0443 3912 Pml Driver HPZ12 - ok
14:31:16.0505 3912 pneteth (fe74ba87cdaa80ac9261f49167f0608a) C:\Windows\system32\DRIVERS\pneteth.sys
14:31:16.0537 3912 pneteth - ok
14:31:16.0583 3912 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
14:31:16.0583 3912 PNRPAutoReg - ok
14:31:16.0630 3912 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:31:16.0630 3912 PNRPsvc - ok
14:31:16.0677 3912 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
14:31:16.0677 3912 Point64 - ok
14:31:16.0724 3912 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
14:31:16.0739 3912 PolicyAgent - ok
14:31:16.0817 3912 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
14:31:16.0833 3912 Power - ok
14:31:16.0895 3912 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
14:31:16.0895 3912 PptpMiniport - ok
14:31:16.0942 3912 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
14:31:16.0942 3912 Processor - ok
14:31:16.0973 3912 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
14:31:16.0973 3912 ProfSvc - ok
14:31:17.0005 3912 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:31:17.0005 3912 ProtectedStorage - ok
14:31:17.0067 3912 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
14:31:17.0067 3912 Psched - ok
14:31:17.0161 3912 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
14:31:17.0161 3912 PxHlpa64 - ok
14:31:17.0254 3912 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
14:31:17.0285 3912 ql2300 - ok
14:31:17.0348 3912 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
14:31:17.0348 3912 ql40xx - ok
14:31:17.0379 3912 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
14:31:17.0379 3912 QWAVE - ok
14:31:17.0426 3912 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
14:31:17.0426 3912 QWAVEdrv - ok
14:31:17.0457 3912 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
14:31:17.0457 3912 RasAcd - ok
14:31:17.0504 3912 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
14:31:17.0504 3912 RasAgileVpn - ok
14:31:17.0535 3912 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
14:31:17.0535 3912 RasAuto - ok
14:31:17.0566 3912 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:31:17.0566 3912 Rasl2tp - ok
14:31:17.0613 3912 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
14:31:17.0629 3912 RasMan - ok
14:31:17.0660 3912 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
14:31:17.0675 3912 RasPppoe - ok
14:31:17.0722 3912 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
14:31:17.0722 3912 RasSstp - ok
14:31:17.0753 3912 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
14:31:17.0753 3912 rdbss - ok
14:31:17.0785 3912 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
14:31:17.0785 3912 rdpbus - ok
14:31:17.0816 3912 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:31:17.0816 3912 RDPCDD - ok
14:31:17.0831 3912 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
14:31:17.0847 3912 RDPENCDD - ok
14:31:17.0863 3912 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
14:31:17.0863 3912 RDPREFMP - ok
14:31:17.0894 3912 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
14:31:17.0894 3912 RDPWD - ok
14:31:17.0972 3912 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
14:31:17.0972 3912 rdyboost - ok
14:31:18.0003 3912 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
14:31:18.0003 3912 RemoteAccess - ok
14:31:18.0050 3912 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
14:31:18.0050 3912 RemoteRegistry - ok
14:31:18.0081 3912 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
14:31:18.0081 3912 RpcEptMapper - ok
14:31:18.0097 3912 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
14:31:18.0097 3912 RpcLocator - ok
14:31:18.0143 3912 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
14:31:18.0143 3912 RpcSs - ok
14:31:18.0268 3912 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
14:31:18.0268 3912 rspndr - ok
14:31:18.0315 3912 RSUSBSTOR (483df0b58ca532e5240e59dc41f30aa2) C:\Windows\system32\Drivers\RtsUStor.sys
14:31:18.0315 3912 RSUSBSTOR - ok
14:31:18.0362 3912 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
14:31:18.0362 3912 RTL8167 - ok
14:31:18.0455 3912 RtVOsdService (4ea7e5df0cb237156176fa0349e6e87f) C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
14:31:18.0471 3912 RtVOsdService - ok
14:31:18.0533 3912 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:31:18.0533 3912 SamSs - ok
14:31:18.0580 3912 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
14:31:18.0580 3912 SASDIFSV - ok
14:31:18.0611 3912 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
14:31:18.0611 3912 SASKUTIL - ok
14:31:18.0689 3912 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
14:31:18.0689 3912 sbp2port - ok
14:31:18.0783 3912 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
14:31:18.0799 3912 SBSDWSCService - ok
14:31:18.0877 3912 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
14:31:18.0877 3912 SCardSvr - ok
14:31:18.0939 3912 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
14:31:18.0939 3912 scfilter - ok
14:31:18.0986 3912 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
14:31:19.0017 3912 Schedule - ok
14:31:19.0033 3912 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:31:19.0033 3912 SCPolicySvc - ok
14:31:19.0157 3912 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
14:31:19.0157 3912 sdbus - ok
14:31:19.0189 3912 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
14:31:19.0204 3912 SDRSVC - ok
14:31:19.0235 3912 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
14:31:19.0235 3912 secdrv - ok
14:31:19.0251 3912 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
14:31:19.0267 3912 seclogon - ok
14:31:19.0298 3912 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
14:31:19.0313 3912 SENS - ok
14:31:19.0376 3912 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
14:31:19.0376 3912 SensrSvc - ok
14:31:19.0438 3912 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
14:31:19.0438 3912 Serenum - ok
14:31:19.0469 3912 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
14:31:19.0469 3912 Serial - ok
14:31:19.0501 3912 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
14:31:19.0516 3912 sermouse - ok
14:31:19.0563 3912 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
14:31:19.0563 3912 SessionEnv - ok
14:31:19.0610 3912 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
14:31:19.0610 3912 sffdisk - ok
14:31:19.0672 3912 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
14:31:19.0672 3912 sffp_mmc - ok
14:31:19.0688 3912 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
14:31:19.0688 3912 sffp_sd - ok
14:31:19.0719 3912 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
14:31:19.0719 3912 sfloppy - ok
14:31:19.0750 3912 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
14:31:19.0766 3912 SharedAccess - ok
14:31:19.0813 3912 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
14:31:19.0828 3912 ShellHWDetection - ok
14:31:19.0875 3912 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:31:19.0875 3912 SiSRaid2 - ok
14:31:19.0922 3912 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
14:31:19.0922 3912 SiSRaid4 - ok
14:31:20.0015 3912 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe
14:31:20.0015 3912 SkypeUpdate - ok
14:31:20.0047 3912 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
14:31:20.0062 3912 Smb - ok
14:31:20.0140 3912 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
14:31:20.0156 3912 SNMPTRAP - ok
14:31:20.0218 3912 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
14:31:20.0218 3912 spldr - ok
14:31:20.0281 3912 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
14:31:20.0296 3912 Spooler - ok
14:31:20.0437 3912 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
14:31:20.0499 3912 sppsvc - ok
14:31:20.0608 3912 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
14:31:20.0608 3912 sppuinotify - ok
14:31:20.0686 3912 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
14:31:20.0702 3912 srv - ok
14:31:20.0717 3912 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
14:31:20.0717 3912 srv2 - ok
14:31:20.0764 3912 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
14:31:20.0764 3912 SrvHsfHDA - ok
14:31:20.0873 3912 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
14:31:20.0889 3912 SrvHsfV92 - ok
14:31:20.0983 3912 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
14:31:20.0998 3912 SrvHsfWinac - ok
14:31:21.0076 3912 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
14:31:21.0076 3912 srvnet - ok
14:31:21.0123 3912 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
14:31:21.0123 3912 SSDPSRV - ok
14:31:21.0170 3912 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
14:31:21.0170 3912 SstpSvc - ok
14:31:21.0201 3912 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
14:31:21.0201 3912 stexstor - ok
14:31:21.0232 3912 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
14:31:21.0232 3912 StillCam - ok
14:31:21.0263 3912 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
14:31:21.0279 3912 stisvc - ok
14:31:21.0435 3912 SWDUMon (6525ee4b66cd3ba7a7e8122900ff23f1) C:\Windows\system32\DRIVERS\SWDUMon.sys
14:31:21.0466 3912 SWDUMon - ok
14:31:21.0482 3912 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
14:31:21.0482 3912 swenum - ok
14:31:21.0529 3912 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
14:31:21.0544 3912 swprv - ok
14:31:21.0685 3912 SynTP (ac3cc98b1bdb6540021d3ffb105ac2b9) C:\Windows\system32\DRIVERS\SynTP.sys
14:31:21.0700 3912 SynTP - ok
14:31:21.0763 3912 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
14:31:21.0794 3912 SysMain - ok
14:31:21.0872 3912 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
14:31:21.0872 3912 TabletInputService - ok
14:31:21.0919 3912 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
14:31:21.0919 3912 TapiSrv - ok
14:31:21.0950 3912 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
14:31:21.0950 3912 TBS - ok
14:31:22.0059 3912 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
14:31:22.0090 3912 Tcpip - ok
14:31:22.0199 3912 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
14:31:22.0231 3912 TCPIP6 - ok
14:31:22.0262 3912 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
14:31:22.0277 3912 tcpipreg - ok
14:31:22.0309 3912 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
14:31:22.0309 3912 TDPIPE - ok
14:31:22.0340 3912 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
14:31:22.0340 3912 TDTCP - ok
14:31:22.0387 3912 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
14:31:22.0387 3912 tdx - ok
14:31:22.0496 3912 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
14:31:22.0496 3912 TermDD - ok
14:31:22.0543 3912 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
14:31:22.0558 3912 TermService - ok
14:31:22.0605 3912 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
14:31:22.0605 3912 Themes - ok
14:31:22.0683 3912 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:31:22.0683 3912 THREADORDER - ok
14:31:22.0699 3912 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
14:31:22.0714 3912 TrkWks - ok
14:31:22.0761 3912 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
14:31:22.0761 3912 TrustedInstaller - ok
14:31:22.0823 3912 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:31:22.0823 3912 tssecsrv - ok
14:31:22.0917 3912 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
14:31:22.0917 3912 TsUsbFlt - ok
14:31:22.0964 3912 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
14:31:22.0979 3912 tunnel - ok
14:31:23.0011 3912 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
14:31:23.0011 3912 uagp35 - ok
14:31:23.0073 3912 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
14:31:23.0073 3912 udfs - ok
14:31:23.0120 3912 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
14:31:23.0120 3912 UI0Detect - ok
14:31:23.0198 3912 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
14:31:23.0198 3912 uliagpkx - ok
14:31:23.0260 3912 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
14:31:23.0260 3912 umbus - ok
14:31:23.0323 3912 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
14:31:23.0323 3912 UmPass - ok
14:31:23.0463 3912 UNS (765f2dd351ba064f657751d8d75e58c0) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
14:31:23.0494 3912 UNS - ok
14:31:23.0588 3912 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
14:31:23.0588 3912 upnphost - ok
14:31:23.0650 3912 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
14:31:23.0666 3912 USBAAPL64 - ok
14:31:23.0713 3912 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
14:31:23.0713 3912 usbaudio - ok
14:31:23.0759 3912 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
14:31:23.0759 3912 usbccgp - ok
14:31:23.0869 3912 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
14:31:23.0869 3912 usbcir - ok
14:31:23.0900 3912 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
14:31:23.0900 3912 usbehci - ok
14:31:23.0931 3912 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
14:31:23.0931 3912 usbhub - ok
14:31:23.0978 3912 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
14:31:23.0978 3912 usbohci - ok
14:31:24.0009 3912 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
14:31:24.0009 3912 usbprint - ok
14:31:24.0040 3912 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
14:31:24.0040 3912 usbscan - ok
14:31:24.0118 3912 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:31:24.0118 3912 USBSTOR - ok
14:31:24.0149 3912 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
14:31:24.0165 3912 usbuhci - ok
14:31:24.0196 3912 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
14:31:24.0196 3912 usbvideo - ok
14:31:24.0243 3912 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
14:31:24.0243 3912 usb_rndisx - ok
14:31:24.0274 3912 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
14:31:24.0274 3912 UxSms - ok
14:31:24.0352 3912 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:31:24.0352 3912 VaultSvc - ok
14:31:24.0415 3912 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
14:31:24.0430 3912 vdrvroot - ok
14:31:24.0461 3912 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
14:31:24.0477 3912 vds - ok
14:31:24.0508 3912 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
14:31:24.0508 3912 vga - ok
14:31:24.0602 3912 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
14:31:24.0602 3912 VgaSave - ok
14:31:24.0633 3912 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
14:31:24.0649 3912 vhdmp - ok
14:31:24.0680 3912 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
14:31:24.0680 3912 viaide - ok
14:31:24.0695 3912 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
14:31:24.0711 3912 volmgr - ok
14:31:24.0727 3912 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
14:31:24.0742 3912 volmgrx - ok
14:31:24.0773 3912 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
14:31:24.0773 3912 volsnap - ok
14:31:24.0805 3912 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
14:31:24.0805 3912 vsmraid - ok
14:31:24.0867 3912 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
14:31:24.0898 3912 VSS - ok
14:31:25.0023 3912 vToolbarUpdater10.2.0 (3080f1f093869a19fb3d1f0226c73809) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
14:31:25.0039 3912 vToolbarUpdater10.2.0 - ok
14:31:25.0148 3912 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
14:31:25.0148 3912 vwifibus - ok
14:31:25.0179 3912 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
14:31:25.0179 3912 vwififlt - ok
14:31:25.0257 3912 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
14:31:25.0273 3912 W32Time - ok
14:31:25.0304 3912 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
14:31:25.0304 3912 WacomPen - ok
14:31:25.0335 3912 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:31:25.0335 3912 WANARP - ok
14:31:25.0351 3912 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:31:25.0351 3912 Wanarpv6 - ok
14:31:25.0460 3912 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
14:31:25.0491 3912 WatAdminSvc - ok
14:31:25.0553 3912 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
14:31:25.0569 3912 wbengine - ok
14:31:25.0647 3912 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
14:31:25.0663 3912 WbioSrvc - ok
14:31:25.0694 3912 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
14:31:25.0709 3912 wcncsvc - ok
14:31:25.0725 3912 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
14:31:25.0725 3912 WcsPlugInService - ok
14:31:25.0772 3912 WcsPlugInService32 - ok
14:31:25.0819 3912 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
14:31:25.0819 3912 Wd - ok
14:31:25.0865 3912 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
14:31:25.0865 3912 Wdf01000 - ok
14:31:25.0943 3912 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:31:25.0943 3912 WdiServiceHost - ok
14:31:25.0959 3912 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:31:25.0959 3912 WdiSystemHost - ok
14:31:25.0990 3912 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
14:31:26.0006 3912 WebClient - ok
14:31:26.0021 3912 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
14:31:26.0021 3912 Wecsvc - ok
14:31:26.0053 3912 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
14:31:26.0053 3912 wercplsupport - ok
14:31:26.0084 3912 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
14:31:26.0099 3912 WerSvc - ok
14:31:26.0162 3912 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
14:31:26.0162 3912 WfpLwf - ok
14:31:26.0177 3912 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
14:31:26.0193 3912 WIMMount - ok
14:31:26.0240 3912 WinDefend - ok
14:31:26.0255 3912 WinHttpAutoProxySvc - ok
14:31:26.0349 3912 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
14:31:26.0365 3912 Winmgmt - ok
14:31:26.0443 3912 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
14:31:26.0474 3912 WinRM - ok
14:31:26.0614 3912 WinUSB (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys
14:31:26.0614 3912 WinUSB - ok
14:31:26.0661 3912 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
14:31:26.0692 3912 Wlansvc - ok
14:31:26.0770 3912 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
14:31:26.0770 3912 wlcrasvc - ok
14:31:26.0895 3912 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:31:26.0926 3912 wlidsvc - ok
14:31:27.0051 3912 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
14:31:27.0051 3912 WmiAcpi - ok
14:31:27.0113 3912 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
14:31:27.0113 3912 wmiApSrv - ok
14:31:27.0176 3912 WMPNetworkSvc - ok
14:31:27.0254 3912 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
14:31:27.0254 3912 WPCSvc - ok
14:31:27.0285 3912 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
14:31:27.0285 3912 WPDBusEnum - ok
14:31:27.0347 3912 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
14:31:27.0347 3912 ws2ifsl - ok
14:31:27.0379 3912 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
14:31:27.0379 3912 wscsvc - ok
14:31:27.0425 3912 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
14:31:27.0425 3912 WSDPrintDevice - ok
14:31:27.0441 3912 WSearch - ok
14:31:27.0519 3912 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
14:31:27.0550 3912 wuauserv - ok
14:31:27.0644 3912 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
14:31:27.0659 3912 WudfPf - ok
14:31:27.0691 3912 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:31:27.0691 3912 WUDFRd - ok
14:31:27.0706 3912 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
14:31:27.0722 3912 wudfsvc - ok
14:31:27.0753 3912 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
14:31:27.0769 3912 WwanSvc - ok
14:31:27.0815 3912 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
14:31:27.0831 3912 yukonw7 - ok
14:31:27.0893 3912 MBR (0x1B8) (3c1616f3f722e4f360bbd80cdcf1a638) \Device\Harddisk0\DR0
14:31:27.0925 3912 \Device\Harddisk0\DR0 - ok
14:31:27.0956 3912 Boot (0x1200) (af3111a7af3b6735656719ad095ec963) \Device\Harddisk0\DR0\Partition0
14:31:27.0956 3912 \Device\Harddisk0\DR0\Partition0 - ok
14:31:27.0971 3912 Boot (0x1200) (a05265a63f29504ef7c7cdfe1cbc6c66) \Device\Harddisk0\DR0\Partition1
14:31:27.0971 3912 \Device\Harddisk0\DR0\Partition1 - ok
14:31:27.0987 3912 Boot (0x1200) (85b04b8fe1d10c7a70071cd627f942cb) \Device\Harddisk0\DR0\Partition2
14:31:27.0987 3912 \Device\Harddisk0\DR0\Partition2 - ok
14:31:28.0003 3912 Boot (0x1200) (93f26591cf3db12aa7d31ee16eea3a3f) \Device\Harddisk0\DR0\Partition3
14:31:28.0003 3912 \Device\Harddisk0\DR0\Partition3 - ok
14:31:28.0003 3912 ============================================================
14:31:28.0018 3912 Scan finished
14:31:28.0018 3912 ============================================================
14:31:28.0034 4996 Detected object count: 0
14:31:28.0034 4996 Actual detected object count: 0
16:07:33.0079 5816 Deinitialize success

#5 mark1956

mark1956

  • Security Colleague
  • 271 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Spain
  • Local time:10:01 PM

Posted 01 April 2012 - 05:14 AM

The detections found by Malwarebytes require the PC to be rebooted in order to complete the removal, if you have not already done so, please reboot the PC before continuing.

Could you confirm that the Proxy server setting was done intentionally:
uInternet Settings,ProxyServer = 127.0.0.1:80

There is a Yahoo toolbar installed which has set itself as the default search engine. Yahoo is frequently bundled with third party software and often installed by mistake. Please confirm if this is required to stay in place.

Please tell me how well the PC is running and describe any remaining issues.

You now have several items of security software installed, I would recommend you keep Microsoft Security Essentials, SuperAntiSpyware and the free version of Malwarebytes to run regular scans, but the choice is yours. I need to know so I can give instructions to remove the security software that you no longer require, it is not advisable to keep more than one Anti Virus on the system as this can cause performance issues and actually reduce the level of security. Spybot S&D is no longer a recommendable program mvps.org



Now please follow these instructions and post the logs in your next reply.

STEP 1
Please run Malwarebytes and post the log as follows:

  • Open Malwarebytes and allow it to update with the latest definitions, then run a Quick Scan.
  • After completing the scan, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab .
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.


STEP 2
NOTE: If you have already used Combofix please delete the icon from your desktop.
  • Please download DeFogger and save it to your desktop.
  • Once downloaded, double-click on the DeFogger icon to start the tool.
  • The application window will appear.
  • You should now click on the Disable button to disable your CD Emulation drivers.
  • When it prompts you whether or not you want to continue, please click on the Yes button to continue.
  • When the program has completed you will see a Finished! message. Click on the OK button to exit the program.
  • If CD Emulation programs are present and have been disabled, DeFogger will now ask you to reboot the machine. Please allow it to do so by clicking on the OK button.

STEP 3
Please download ComboFix Posted Image from one of the locations below and save it to your Desktop. <-Important!!!
Be sure to print out and follow these instructions: A guide and tutorial on using ComboFix

Vista/Windows 7 users can skip the Recovery Console instructions and use the Windows DVD to boot into the Vista Recovery Environment or Windows 7 System Recovery Options if something goes awry. XP users need to install the Recovery Console first.
  • Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Click this link to see a list of such programs and how to disable them.
  • If ComboFix detects an older version of itself, you will be asked to update the program.
  • ComboFix will begin by showing a Disclaimer. Read it and click I Agree if you want to continue.
  • Follow the prompts and click on Yes to continue scanning for malware.
  • If using Windows 7 or Vista and you receive a UAC prompt asking if you want to continue running the program, you should press the Continue button.
  • When finished, please copy and paste the contents of C:\ComboFix.txt (which will open after reboot) in your next reply.
  • Be sure to re-enable your anti-virus and other security programs.
-- Do not touch your mouse/keyboard until the ComboFix scan has completed, as this may cause the process to stall or the computer to lock.
-- ComboFix will temporarily disable your desktop, and if interrupted may leave it disabled. If this occurs, please reboot to restore it.
-- ComboFix disables autorun of all CD, floppy and USB devices to assist with malware removal and increase security.


If you no longer have access to your Internet connection after running ComboFix, please reboot to restore it. If that does not restore the connection, then follow the instructions for Manually restoring the Internet connection provided in the "How to Guide" you printed out earlier.

Do NOT use ComboFix unless you have been instructed to do so by a Malware Removal Expert. It is a powerful tool intended by its creator to be used under the guidance and supervision of an expert, NOT for general public or personal use. Using this tool incorrectly could lead to serious problems with your operating system such as preventing it from ever starting again. This site, sUBs and myself will not be responsible for any damage caused to your machine by misusing or running ComboFix on your own. Please read ComboFix's Disclaimer.



#6 GranPaSmurf

GranPaSmurf
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Near San Antonio, Texas
  • Local time:04:01 PM

Posted 04 April 2012 - 05:52 AM

he link you gave for ComboFix is to the Favicon, not the download link. I think the link you have in mind is:
http://www.bleepingcomputer.com/download/anti-virus/combofix
also, I understand the warning about running more than one AV on a computer, but my research tells me that on a 64 bit operating system, more than one AV with real-time protection can co-exist. The system I am working on is a 64 bit system, running Win 7 64. It is not my own, I am cleaning the computer for a client. However my own desktop system is also Win7 64 and I run Prevx and Microsoft Security Essentials real-time protection concurrently with no problem. I did not set them up this way with-out getting advice from both Prevx and MS. I encourage you to research to verify what I said.
Since this machine belongs to my client's teenager, I will probably leave it configured with 2 good AV's running real-time protection. I will probably remove bit-torrent too.
_________________

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.29.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Power :: ERICS_COMPUTER [administrator]

4/1/2012 6:07:15 AM
mbam-log-2012-04-01 (06-07-15).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 392849
Time elapsed: 6 hour(s), 30 minute(s), 40 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
____________________

ComboFix 12-04-01.01 - Power 04/03/2012 6:33.4.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.2522 [GMT -5:00]
Running from: c:\users\Power\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-03-03 to 2012-04-03 )))))))))))))))))))))))))))))))
.
.
2012-04-03 13:43 . 2012-04-03 13:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-03 10:57 . 2012-03-14 01:27 8669240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{03E88A2A-6169-4D76-9085-5925B0FD9613}\mpengine.dll
2012-04-01 10:58 . 2012-04-01 10:58 -------- d-----w- c:\program files\Synergy
2012-04-01 10:29 . 2012-04-01 10:31 -------- d-----w- C:\386e99c437cd428a6e
2012-03-31 13:50 . 2012-03-31 13:50 -------- d-----w- c:\program files\CCleaner
2012-03-31 13:50 . 2012-03-31 13:53 -------- d-----w- C:\618a2d8636115cd516a5
2012-03-29 11:42 . 2011-09-01 04:08 443040 ----a-w- c:\windows\system32\athihvs.dll
2012-03-29 11:39 . 2000-01-01 00:00 74272 ----a-w- c:\windows\system32\RtNicProp64.dll
2012-03-29 11:39 . 2000-01-01 00:00 553576 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
2012-03-29 11:33 . 2012-04-03 13:48 13920 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2012-03-29 11:00 . 2012-03-29 11:01 -------- d-----w- c:\program files (x86)\SlimCleaner
2012-03-29 11:00 . 2012-03-29 11:00 -------- d-----w- c:\program files (x86)\SlimDrivers
2012-03-28 12:24 . 2012-04-01 11:06 -------- d-----w- c:\program files (x86)\MALWAREBYTES ANTI-MALWARE
2012-03-27 11:37 . 2012-03-27 11:41 -------- d-----w- C:\b12929ff479c4b26aacb
2012-03-27 11:32 . 2012-03-14 01:27 8669240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-03-27 11:09 . 2012-03-27 11:12 -------- d-----w- C:\5262883f30314aae4a9127
2012-03-26 12:13 . 2012-03-26 12:13 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EE603488-B5C5-46A3-AD17-6535B62C77C6}\gapaengine.dll
2012-03-26 12:10 . 2012-03-26 12:10 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-03-26 12:10 . 2012-03-26 12:10 -------- d-----w- c:\program files\Microsoft Security Client
2012-03-25 23:04 . 2012-03-25 23:04 -------- d-----w- c:\users\Power\AppData\Roaming\SUPERAntiSpyware.com
2012-03-25 23:03 . 2012-03-25 23:04 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-03-25 23:03 . 2012-03-25 23:03 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-03-24 21:59 . 2012-03-24 21:59 -------- d-----w- c:\users\Power\AppData\Local\{AB43C189-75FC-11E1-826D-B8AC6F996F26}
2012-03-24 21:30 . 2012-03-24 21:47 -------- d-----w- c:\users\Power\AppData\Roaming\xmldm
2012-03-24 21:30 . 2012-03-24 21:47 -------- d-----w- c:\users\Power\AppData\Roaming\kock
2012-03-24 16:44 . 2012-03-24 16:44 -------- d-----w- c:\windows\en
2012-03-24 16:39 . 2012-03-24 16:39 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\adaf1e6e1cd09dc02\MeshBetaRemover.exe
2012-03-24 16:38 . 2012-03-24 16:38 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\9c3d39e91cd09dc01\DSETUP.dll
2012-03-24 16:38 . 2012-03-24 16:38 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\9c3d39e91cd09dc01\DXSETUP.exe
2012-03-24 16:38 . 2012-03-24 16:38 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\9c3d39e91cd09dc01\dsetup32.dll
2012-03-23 02:17 . 2012-03-23 02:18 -------- d-----w- c:\program files (x86)\GUMAE1D.tmp
2012-03-18 07:08 . 2012-03-18 07:08 -------- d-----w- C:\313b7ee8c1b70414b550
2012-03-14 23:00 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 23:00 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 23:00 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-13 22:59 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-13 22:59 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-13 22:59 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-13 22:46 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-13 22:46 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-13 22:46 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-13 22:46 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-13 22:46 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-13 22:46 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-13 22:46 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-13 05:02 . 2012-03-13 05:14 -------- d-----w- C:\c94df833d01c043f7e5e
2012-03-12 10:08 . 2012-03-12 10:10 -------- d-----w- C:\65983ce9ca90ff1770ace6804880
2012-03-09 22:59 . 2012-04-01 10:49 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-03-09 22:59 . 2012-04-01 10:49 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-03-09 21:16 . 2012-03-09 21:16 -------- d-----w- c:\users\Power\AppData\Roaming\Malwarebytes
2012-03-09 21:10 . 2012-03-25 21:57 -------- d-----w- c:\programdata\Malwarebytes
2012-03-09 21:09 . 2012-03-09 21:10 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-09 21:09 . 2011-12-10 21:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-09 04:02 . 2012-03-09 04:02 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-03-08 23:50 . 2012-03-08 23:50 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll
2012-03-08 23:37 . 2012-03-08 23:37 302448 ----a-w- c:\windows\WLXPGSS.SCR
2012-03-08 18:45 . 2012-03-08 18:45 -------- d-----w- c:\programdata\ALM
2012-03-07 13:48 . 2012-03-07 13:48 -------- d-----w- C:\c8beb2108e7bd7e6f7
2012-03-06 18:54 . 2012-03-09 20:51 -------- d-----w- c:\program files (x86)\RocketDock
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-25 17:58 . 2012-02-25 17:58 18944 ----a-r- c:\users\Power\AppData\Roaming\Microsoft\Installer\{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}\IconBB6A16301.exe
2012-02-21 14:01 . 2011-09-23 11:45 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-20 19:49 . 2012-02-20 19:49 61440 ----a-r- c:\users\Power\AppData\Roaming\Microsoft\Installer\{B4D8308B-9369-40E9-ADCD-A46A3FA1ED15}\NewShortcut2_B4D8308B936940E9ADCDA46A3FA1ED15.exe
2012-02-20 19:49 . 2012-02-20 19:49 61440 ----a-r- c:\users\Power\AppData\Roaming\Microsoft\Installer\{B4D8308B-9369-40E9-ADCD-A46A3FA1ED15}\NewShortcut1_B4D8308B936940E9ADCDA46A3FA1ED15.exe
2012-02-06 16:41 . 2011-08-31 00:14 34688 ----a-w- c:\windows\system32\LMIport.dll
2012-02-06 16:41 . 2011-08-31 00:14 87456 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-02-06 16:41 . 2011-08-31 00:14 80768 ----a-w- c:\windows\system32\LMIinit.dll
2012-01-31 12:44 . 2010-08-22 22:11 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-11 03:43 . 2012-01-11 03:43 167704 ----a-w- c:\windows\system32\igfxtray.exe
2012-01-11 03:43 . 2012-01-11 03:43 510232 ----a-w- c:\windows\system32\igfxsrvc.exe
2012-01-11 03:43 . 2012-01-11 03:43 417560 ----a-w- c:\windows\system32\igfxpers.exe
2012-01-11 03:43 . 2012-01-11 03:43 239896 ----a-w- c:\windows\system32\igfxext.exe
2012-01-11 03:43 . 2012-01-11 03:43 4379416 ----a-w- c:\windows\system32\GfxUI.exe
2012-01-11 03:43 . 2012-01-11 03:43 392984 ----a-w- c:\windows\system32\hkcmd.exe
2012-01-11 03:43 . 2012-01-11 03:43 184600 ----a-w- c:\windows\system32\difx64.exe
2012-01-11 03:37 . 2012-01-11 03:37 90112 ----a-w- c:\windows\system32\igfxCoIn_v2622.dll
2012-01-11 03:28 . 2012-01-11 03:28 8313856 ----a-w- c:\windows\system32\igdumd64.dll
2012-01-11 03:28 . 2012-01-11 03:28 12311904 ----a-w- c:\windows\system32\drivers\igdkmd64.sys
2012-01-11 03:27 . 2012-01-11 03:27 867020 ----a-w- c:\windows\system32\igkrng575.bin
2012-01-11 03:27 . 2012-01-11 03:27 128204 ----a-w- c:\windows\system32\igcompkrng575.bin
2012-01-11 03:27 . 2012-01-11 03:27 105608 ----a-w- c:\windows\system32\igfcg575m.bin
2012-01-11 03:18 . 2012-01-11 03:18 6323712 ----a-w- c:\windows\SysWow64\igdumd32.dll
2012-01-11 03:12 . 2012-01-11 03:12 581120 ----a-w- c:\windows\SysWow64\igdumdx32.dll
2012-01-11 03:06 . 2009-11-22 00:18 9528832 ----a-w- c:\windows\system32\igd10umd64.dll
2012-01-11 02:55 . 2012-01-11 02:55 7988224 ----a-w- c:\windows\SysWow64\igd10umd32.dll
2012-01-11 02:42 . 2012-01-11 02:42 18653696 ----a-w- c:\windows\system32\ig4icd64.dll
2012-01-11 02:29 . 2012-01-11 02:29 13904384 ----a-w- c:\windows\SysWow64\ig4icd32.dll
2012-01-11 02:20 . 2012-01-11 02:20 286720 ----a-w- c:\windows\system32\igfxrrom.lrc
2012-01-11 02:20 . 2012-01-11 02:20 286720 ----a-w- c:\windows\system32\igfxrsky.lrc
2012-01-11 02:20 . 2012-01-11 02:20 286720 ----a-w- c:\windows\system32\igfxrhrv.lrc
2012-01-11 02:20 . 2012-01-11 02:20 286208 ----a-w- c:\windows\system32\igfxrslv.lrc
2012-01-11 02:20 . 2012-01-11 02:20 287232 ----a-w- c:\windows\system32\igfxresn.lrc
2012-01-11 02:20 . 2012-01-11 02:20 286208 ----a-w- c:\windows\system32\igfxrtrk.lrc
2012-01-11 02:20 . 2012-01-11 02:20 286208 ----a-w- c:\windows\system32\igfxrsve.lrc
2012-01-11 02:20 . 2012-01-11 02:20 285696 ----a-w- c:\windows\system32\igfxrtha.lrc
2012-01-11 02:20 . 2012-01-11 02:20 286720 ----a-w- c:\windows\system32\igfxrrus.lrc
2012-01-11 02:20 . 2012-01-11 02:20 286720 ----a-w- c:\windows\system32\igfxrptg.lrc
2012-01-11 02:20 . 2012-01-11 02:20 286208 ----a-w- c:\windows\system32\igfxrptb.lrc
2012-01-11 02:20 . 2012-01-11 02:20 286720 ----a-w- c:\windows\system32\igfxrplk.lrc
2012-01-11 02:20 . 2012-01-11 02:20 286208 ----a-w- c:\windows\system32\igfxrnor.lrc
2012-01-11 02:20 . 2012-01-11 02:20 283136 ----a-w- c:\windows\system32\igfxrkor.lrc
2012-01-11 02:20 . 2012-01-11 02:20 286720 ----a-w- c:\windows\system32\igfxrita.lrc
2012-01-11 02:20 . 2012-01-11 02:20 286208 ----a-w- c:\windows\system32\igfxrhun.lrc
2012-01-11 02:20 . 2012-01-11 02:20 285184 ----a-w- c:\windows\system32\igfxrheb.lrc
2012-01-11 02:20 . 2012-01-11 02:20 283648 ----a-w- c:\windows\system32\igfxrjpn.lrc
2012-01-11 02:20 . 2012-01-11 02:20 287232 ----a-w- c:\windows\system32\igfxrfra.lrc
2012-01-11 02:20 . 2012-01-11 02:20 287232 ----a-w- c:\windows\system32\igfxrell.lrc
2012-01-11 02:20 . 2012-01-11 02:20 286720 ----a-w- c:\windows\system32\igfxrdeu.lrc
2012-01-11 02:20 . 2012-01-11 02:20 286720 ----a-w- c:\windows\system32\igfxrnld.lrc
2012-01-11 02:20 . 2012-01-11 02:20 286720 ----a-w- c:\windows\system32\igfxrcsy.lrc
2012-01-11 02:20 . 2012-01-11 02:20 286208 ----a-w- c:\windows\system32\igfxrfin.lrc
2012-01-11 02:20 . 2012-01-11 02:20 285696 ----a-w- c:\windows\system32\igfxrdan.lrc
2012-01-11 02:20 . 2012-01-11 02:20 285184 ----a-w- c:\windows\system32\igfxrara.lrc
2012-01-11 02:20 . 2012-01-11 02:20 282624 ----a-w- c:\windows\system32\igfxrcht.lrc
2012-01-11 02:20 . 2012-01-11 02:20 282624 ----a-w- c:\windows\system32\igfxrchs.lrc
2012-01-11 02:20 . 2012-01-11 02:20 126976 ----a-w- c:\windows\system32\igfxcpl.cpl
2012-01-11 02:20 . 2012-01-11 02:20 375808 ----a-w- c:\windows\system32\igfxpph.dll
2012-01-11 02:19 . 2012-01-11 02:19 378368 ----a-w- c:\windows\system32\igfxTMM.dll
2012-01-11 02:19 . 2012-01-11 02:19 28672 ----a-w- c:\windows\system32\igfxexps.dll
2012-01-11 02:19 . 2009-11-21 23:52 62464 ----a-w- c:\windows\system32\igfxsrvc.dll
2012-01-11 02:19 . 2009-11-21 23:51 110080 ----a-w- c:\windows\system32\hccutils.dll
2012-01-11 02:19 . 2012-01-11 02:19 4096 ----a-w- c:\windows\system32\IGFXDEVLib.dll
2012-01-11 02:19 . 2012-01-11 02:19 390656 ----a-w- c:\windows\system32\igfxdev.dll
2012-01-11 02:19 . 2012-01-11 02:19 146432 ----a-w- c:\windows\system32\gfxSrvc.dll
2012-01-11 02:18 . 2012-01-11 02:18 285696 ----a-w- c:\windows\system32\igfxrenu.lrc
2012-01-11 02:18 . 2012-01-11 02:18 142336 ----a-w- c:\windows\system32\igfxdo.dll
2012-01-11 02:18 . 2009-11-21 23:50 9014784 ----a-w- c:\windows\system32\igfxress.dll
2012-01-11 02:15 . 2012-01-11 02:15 24576 ----a-w- c:\windows\SysWow64\igfxexps32.dll
2012-01-11 02:14 . 2012-01-11 02:14 294400 ----a-w- c:\windows\SysWow64\igfxdv32.dll
2012-01-11 02:12 . 2012-01-11 02:12 98304 ----a-w- c:\windows\SysWow64\iglhcp32.dll
2012-01-11 02:12 . 2012-01-11 02:12 98304 ----a-w- c:\windows\system32\iglhcp64.dll
2012-01-11 02:12 . 2012-01-11 02:12 94208 ----a-w- c:\windows\system32\IccLibDll_x64.dll
2012-01-11 02:12 . 2012-01-11 02:12 376832 ----a-w- c:\windows\SysWow64\iglhsip32.dll
2012-01-11 02:12 . 2012-01-11 02:12 376832 ----a-w- c:\windows\system32\iglhsip64.dll
2012-01-11 02:12 . 2012-01-11 02:12 2177536 ----a-w- c:\windows\system32\igfxcmjit64.dll
2012-01-11 02:12 . 2012-01-11 02:12 171520 ----a-w- c:\windows\SysWow64\igfxcmrt32.dll
2012-01-11 02:12 . 2012-01-11 02:12 1663488 ----a-w- c:\windows\SysWow64\igfxcmjit32.dll
2012-01-11 02:12 . 2012-01-11 02:12 148480 ----a-w- c:\windows\system32\igfxcmrt64.dll
2012-01-09 19:06 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-01-09 19:06 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-02_02.39.20 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2012-04-03 13:04 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-04-01 22:28 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-04-03 13:04 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-01 22:28 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-03 13:04 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-01 22:28 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-01-16 02:04 . 2012-04-03 13:51 70300 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-03 13:51 50578 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-08-22 22:54 . 2012-04-03 13:51 24990 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1919323110-2318573449-1776510850-1001_UserData.bin
- 2010-08-23 00:45 . 2012-04-02 02:33 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-08-23 00:45 . 2012-04-03 13:48 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-08-23 00:45 . 2012-04-03 13:48 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-08-23 00:45 . 2012-04-02 02:33 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-02 02:33 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-03 13:48 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-04-01 22:35 . 2012-04-01 22:35 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-04-03 10:39 . 2012-04-03 10:39 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2012-04-01 22:35 . 2012-04-01 22:35 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-04-03 10:38 . 2012-04-03 10:38 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-04-03 10:38 . 2012-04-03 10:38 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2012-04-01 22:34 . 2012-04-01 22:34 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2012-04-01 22:34 . 2012-04-01 22:34 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-04-03 10:38 . 2012-04-03 10:38 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2012-04-01 22:34 . 2012-04-01 22:34 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-04-03 10:38 . 2012-04-03 10:38 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-04-03 13:48 . 2012-04-03 13:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-02 02:33 . 2012-04-02 02:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-03 13:48 . 2012-04-03 13:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-04-02 02:33 . 2012-04-02 02:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-08-23 16:30 . 2012-04-03 10:31 287676 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 02:36 . 2012-04-03 10:35 536274 c:\windows\system32\perfc009.dat
+ 2010-03-18 20:27 . 2010-03-18 20:27 578896 c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll
- 2011-05-17 15:08 . 2010-03-18 20:27 578896 c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll
+ 2012-04-03 10:39 . 2012-04-03 10:39 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2012-04-01 22:35 . 2012-04-01 22:35 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2012-04-01 22:34 . 2012-04-01 22:34 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
+ 2012-04-03 10:38 . 2012-04-03 10:38 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
- 2012-04-01 22:35 . 2012-04-01 22:35 607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-04-03 10:39 . 2012-04-03 10:39 607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-04-03 10:39 . 2012-04-03 10:39 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2012-04-01 22:35 . 2012-04-01 22:35 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2012-04-01 22:35 . 2012-04-01 22:35 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2012-04-03 10:39 . 2012-04-03 10:39 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2012-04-01 22:35 . 2012-04-01 22:35 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
+ 2012-04-03 10:39 . 2012-04-03 10:39 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
- 2012-04-01 22:35 . 2012-04-01 22:35 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-04-03 10:39 . 2012-04-03 10:39 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-04-03 10:39 . 2012-04-03 10:39 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2012-04-01 22:35 . 2012-04-01 22:35 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2012-04-01 22:35 . 2012-04-01 22:35 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-04-03 10:39 . 2012-04-03 10:39 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2012-04-01 22:35 . 2012-04-01 22:35 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-04-03 10:39 . 2012-04-03 10:39 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2012-04-01 22:35 . 2012-04-01 22:35 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-04-03 10:38 . 2012-04-03 10:38 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-04-03 10:38 . 2012-04-03 10:38 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2012-04-01 22:34 . 2012-04-01 22:35 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2012-04-03 10:38 . 2012-04-03 10:38 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
- 2012-04-01 22:34 . 2012-04-01 22:34 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
- 2012-04-01 22:34 . 2012-04-01 22:34 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-04-03 10:38 . 2012-04-03 10:38 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-04-03 10:38 . 2012-04-03 10:38 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2012-04-01 22:34 . 2012-04-01 22:34 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2009-07-14 02:36 . 2012-04-03 10:35 1851512 c:\windows\system32\perfh009.dat
- 2012-02-01 17:01 . 2012-04-02 02:32 1343000 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-02-01 17:01 . 2012-04-03 13:47 1343000 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-04-03 10:39 . 2012-04-03 10:39 3510600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
- 2012-04-01 22:35 . 2012-04-01 22:35 3510600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
- 2012-04-01 22:35 . 2012-04-01 22:35 2970968 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-04-03 10:39 . 2012-04-03 10:39 2970968 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-04-03 10:38 . 2012-04-03 10:38 5197648 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
- 2012-04-01 22:34 . 2012-04-01 22:34 5197648 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-03-14 07:27 1869152 ----a-w- c:\program files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Power\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Power\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Power\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-10-16 2363392]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-12-14 39408]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-03-07 4785536]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 323640]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-23 150528]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-03-14 982880]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"HP Software Update"=c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-14 136176]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
R2 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [2010-06-24 315392]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [x]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-02-25 227896]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-14 136176]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys [x]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-23 225280]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 2343816]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-02-06 375176]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2011-01-12 15928]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]
S2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [2012-03-14 918880]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-10-16 20:49 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-03 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1919323110-2318573449-1776510850-1001Core.job
- c:\users\Power\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-08 07:07]
.
2012-04-03 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1919323110-2318573449-1776510850-1001UA.job
- c:\users\Power\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-08 07:07]
.
2012-04-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-14 03:47]
.
2012-04-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-14 03:47]
.
2012-04-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1919323110-2318573449-1776510850-1001Core.job
- c:\users\Power\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-06 19:37]
.
2012-04-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1919323110-2318573449-1776510850-1001UA.job
- c:\users\Power\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-06 19:37]
.
2012-04-01 c:\windows\Tasks\HPCeeScheduleForPower.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 12:22]
.
2012-04-03 c:\windows\Tasks\SlimDrivers Startup.job
- c:\program files (x86)\SlimDrivers\SlimDrivers.exe [2012-03-07 20:17]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Power\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Power\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Power\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Power\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-02-10 6489704]
"RtkOSD"="c:\program files (x86)\Realtek\Audio\OSD\RtVOsd64.exe" [2009-10-13 995840]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-11 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-11 392984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-11 417560]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.search-results.com/?l=dis&o=16172
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;localhost;127.0.0.1;<local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.15.1 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
URLSearchHooks-{f999a48b-1950-4d81-9971-79018f807b4b} - (no file)
URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Toolbar-{C80BDEB2-8735-44C6-BD55-A1CCD555667A} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{038CB5C7-48EA-4AF9-94E0-A1646542E62B} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
WebBrowser-{F999A48B-1950-4D81-9971-79018F807B4B} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{1E61ED7C-7CB8-49D6-B9E9-AB4C880C8414}"=hex:51,66,7a,6c,4c,1d,38,12,12,ee,72,
1a,8a,32,b8,0c,c6,ff,e8,0c,8d,52,c0,00
"{338B4DFE-2E2C-4338-9E41-E176D497299E}"=hex:51,66,7a,6c,4c,1d,38,12,90,4e,98,
37,1e,60,56,06,e1,57,a2,36,d1,c9,6d,8a
"{C80BDEB2-8735-44C6-BD55-A1CCD555667A}"=hex:51,66,7a,6c,4c,1d,38,12,dc,dd,18,
cc,07,c9,a8,01,c2,43,e2,8c,d0,0b,22,6e
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"=hex:51,66,7a,6c,4c,1d,38,12,94,83,60,
bb,86,ad,dc,08,d0,28,de,c7,86,fa,1f,e8
"{30F9B915-B755-4826-820B-08FBA6BD249D}"=hex:51,66,7a,6c,4c,1d,38,12,7b,ba,ea,
34,67,f9,48,0d,fd,1d,4b,bb,a3,e3,60,89
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=hex:51,66,7a,6c,4c,1d,38,12,11,7f,11,
d0,78,5b,08,05,de,bb,01,03,dd,4c,30,54
"{0347C33E-8762-4905-BF09-768834316C61}"=hex:51,66,7a,6c,4c,1d,38,12,50,c0,54,
07,50,c9,6b,0c,c0,1f,35,c8,31,6f,28,75
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{8A86D350-37AB-410A-8531-7D1363F317B3}"=hex:51,66,7a,6c,4c,1d,38,12,3e,d0,95,
8e,99,79,64,04,fa,27,3e,53,66,ad,53,a7
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FCBCCB87-9224-4B8D-B117-F56D924BEB18}"=hex:51,66,7a,6c,4c,1d,38,12,e9,c8,af,
f8,16,dc,e3,0e,ce,01,b6,2d,97,15,af,0c
"{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,38,12,91,fc,ec,
fb,7c,81,45,0a,c2,d4,4d,32,e4,48,ec,42
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{32004B8A-44A9-43E7-84E9-808838809519}"=hex:51,66,7a,6c,4c,1d,38,12,e4,48,13,
36,9b,0a,89,06,fb,ff,c3,c8,3d,de,d1,0d
"{555D4D79-4BD2-4094-A395-CFC534424A05}"=hex:51,66,7a,6c,4c,1d,38,12,17,4e,4e,
51,e0,05,fa,05,dc,83,8c,85,31,1c,0e,11
"{54D1A8B1-E558-4419-A1F6-E80293765817}"=hex:51,66,7a,6c,4c,1d,38,12,df,ab,c2,
50,6a,ab,77,01,de,e0,ab,42,96,28,1c,03
"{AC1D5990-CF58-4B1D-9F2C-B3E7C9D7EED1}"=hex:51,66,7a,6c,4c,1d,38,12,fe,5a,0e,
a8,6a,81,73,0e,e0,3a,f0,a7,cc,89,aa,c5
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:aa,a9,a4,ff,d6,82,cc,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,67,48,6f,fb,de,f9,1d,4f,9d,3f,12,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,67,48,6f,fb,de,f9,1d,4f,9d,3f,12,\
.
[HKEY_USERS\S-1-5-21-1919323110-2318573449-1776510850-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.download\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariDownload"
.
[HKEY_USERS\S-1-5-21-1919323110-2318573449-1776510850-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (S-1-5-21-1919323110-2318573449-1776510850-1001)
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-1919323110-2318573449-1776510850-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (S-1-5-21-1919323110-2318573449-1776510850-1001)
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-1919323110-2318573449-1776510850-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.safariextz\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariExtension"
.
[HKEY_USERS\S-1-5-21-1919323110-2318573449-1776510850-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (S-1-5-21-1919323110-2318573449-1776510850-1001)
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-1919323110-2318573449-1776510850-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.SVG\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1919323110-2318573449-1776510850-1001)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-1919323110-2318573449-1776510850-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webarchive\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-1919323110-2318573449-1776510850-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (S-1-5-21-1919323110-2318573449-1776510850-1001)
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-1919323110-2318573449-1776510850-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (S-1-5-21-1919323110-2318573449-1776510850-1001)
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-1919323110-2318573449-1776510850-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-1919323110-2318573449-1776510850-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{65B3610B-482F-688B-DB90-3F61B646778D}*]
"gabhiedkeglhlo"=hex:63,61,61,6c,6b,66,00,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\0c\04\1d\01\0d9L"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
c:\program files (x86)\AVG\AVG2012\avgmfapx.exe
.
**************************************************************************
.
Completion time: 2012-04-03 09:35:31 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-03 14:35
.
Pre-Run: 162,387,275,776 bytes free
Post-Run: 162,356,396,032 bytes free
.
- - End Of File - - B781BED332054E80D255CC68412624EB

#7 mark1956

mark1956

  • Security Colleague
  • 271 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Spain
  • Local time:10:01 PM

Posted 04 April 2012 - 11:12 AM

There is nothing of any significance showing in the logs.

Both the links for the Combofix download are correct from where I am so I am not sure why you found an issue with one of them.

In respect of running two AV's together.
Follow this link and click on the line: Using AVG with other security software products.

You will see here that although MSE is stated as being compatible with AVG this is certainly not the norm and you will see in the information that MSE can block AVG from removing infections so running these two together is certainly not recommended.

Please read the information here for further details: IMPORTANT NOTE: Using more than one anti-virus program is not advisable. Why?

Please tell me if there are any remaining performance issues with the PC.

#8 mark1956

mark1956

  • Security Colleague
  • 271 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Spain
  • Local time:10:01 PM

Posted 08 April 2012 - 07:05 AM

Are you still with us Granpasmurf?

If you no longer require assistance then please let me know so I can move on to helping others that are waiting.

#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:01 PM

Posted 09 April 2012 - 06:54 AM

Due to a lack of response... this topic is now closed. Should you need it reopened, please contact a Forum Moderator or member of the Malware Removal Team. Include the address of this thread in your request. If you have a new issue, please start a New Topic.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users