Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirects in Chrome and slow boots


  • This topic is locked This topic is locked
21 replies to this topic

#1 Scott Calkins

Scott Calkins

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:43 PM

Posted 06 July 2012 - 01:26 AM

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Scott at 23:19:27 on 2012-07-05
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.12286.8198 [GMT -7:00]
.
AV: Lavasoft Ad-Aware *Disabled/Updated* {445B48C3-0FA4-6B16-8F07-6506F305D800}
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: Lavasoft Ad-Aware *Disabled/Updated* {FF3AA927-299E-6498-B5B7-5E74888292BD}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Lavasoft Ad-Aware *Disabled* {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG10\avgchsva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
C:\Windows\SysWOW64\afasrv64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\ProgramData\OfficeGuardianV2N\UACProxy.exe
C:\Program Files (x86)\Gigabyte\EnergySaver2\des2svr.exe
C:\Program Files (x86)\EASEUS\Todo Backup 2.0\bin\Agent.exe
C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe
C:\Program Files (x86)\MediaMall\MediaMallServer.exe
C:\Windows\system32\nlsInterface.exe
C:\Windows\SysWOW64\nlssrv32.exe
C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Ralink\Common\RaIPSrv.exe
C:\Program Files (x86)\Ralink\Common\RaRegistry.exe
C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe
C:\ProgramData\OfficeGuardianV2N\Reminder\SacNetAgent.exe
C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe
C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
C:\Windows\System32\snmp.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Core Temp\Core Temp.exe
C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\PixArt\PAC7302\Monitor.exe
C:\Program Files (x86)\USIM Editor\iconcs144940201.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\ProgramData\OfficeGuardianV2N\Reminder\SacReminder.exe
C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Wootalyzer\woot.exe
C:\Users\Scott\AppData\Local\Amazon\Cloud Drive\AmazonCloudDrive.exe
C:\Tnlenterprises\SentryVision\ControlPanel.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Program Files (x86)\Discover\SOAN\DiscoverSOAN.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\EASEUS\Todo Backup 2.0\bin\EuWatch.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Users\Scott\AppData\Local\Amazon\Cloud Drive\jre\bin\javaw.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Windows\SysWOW64\OBroker.exe
C:\Program Files (x86)\real\realplayer\Update\realsched.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files (x86)\MediaMall\MediaMallServer.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\AlarmClock.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\system32\DllHost.exe
C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe
C:\PROGRA~2\AVG\AVG10\avgrsa.exe
C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO: Secure Online Account Numbers Helper: {435eaa86-d32b-484f-869c-53745fcb1642} - C:\Program Files (x86)\Discover\SOAN\DiscoverSOANHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: PodcastBHO Class: {65134fdf-f8a5-4b3d-91d9-cdf273cfd578} - C:\Program Files (x86)\Common Files\doubleTwist\IEPodcastPlugin.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Secure Online Account Numbers: {a8c7c2ca-6dfd-4e16-8458-592361564d38} - C:\Program Files (x86)\Discover\SOAN\DiscoverSOANToolbar.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
uRun: [Google Update] "C:\Users\Scott\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [SacReminderHDDV2N] C:\ProgramData\OfficeGuardianV2N\reminder\SacReminder.exe
uRun: [4C1D31FDF3597EACE1250555646D3F025973DBC4._service_run] "C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe" --type=service
uRun: [Wootalyzer] "C:\Program Files (x86)\Wootalyzer\woot.exe" /boot
uRun: [Amazon Cloud Drive] C:\Users\Scott\AppData\Local\Amazon\Cloud Drive\AmazonCloudDrive.exe
uRun: [Desura] C:\Program Files (x86)\Desura\desura.exe -autostart
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [Secure Online Account Numbers] C:\PROGRA~2\Discover\SOAN\DISCOV~1.EXE /dontopenmycards
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [EaseUs Watch] "C:\Program Files (x86)\EASEUS\Todo Backup 2.0\bin\EuWatch.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
mRun: [StereoLinksInstall] "C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe" /install1
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [USBestCR] C:\Program Files (x86)\USIM Editor\iconcs144940201.exe RunFromReg
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\real\realplayer\update\realsched.exe" -osboot
mRun: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
mRunOnce: [DES2] C:\Program Files (x86)\Gigabyte\EnergySaver2\des2.exe state
StartupFolder: C:\Users\Scott\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\STARTU~1.LNK - C:\Tnlenterprises\SentryVision\ControlPanel.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\COLORV~1.LNK - C:\Program Files (x86)\ColorVision\Utility\ColorVisionStartup.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{F67268A9-8370-4B3D-BA81-F0668881ED48} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{F67268A9-8370-4B3D-BA81-F0668881ED48} : DhcpNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Secure Online Account Numbers Helper: {435EAA86-D32B-484F-869C-53745FCB1642} - C:\Program Files (x86)\Discover\SOAN\DiscoverSOANHelper.dll
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: PodcastBHO Class: {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Program Files (x86)\Common Files\doubleTwist\IEPodcastPlugin.dll
BHO-X64: dTPodcastBHO - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Secure Online Account Numbers: {A8C7C2CA-6DFD-4E16-8458-592361564D38} - C:\Program Files (x86)\Discover\SOAN\DiscoverSOANToolbar.dll
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
mRun-x64: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [Secure Online Account Numbers] C:\PROGRA~2\Discover\SOAN\DISCOV~1.EXE /dontopenmycards
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [EaseUs Watch] "C:\Program Files (x86)\EASEUS\Todo Backup 2.0\bin\EuWatch.exe"
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
mRun-x64: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
mRun-x64: [StereoLinksInstall] "C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe" /install1
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun-x64: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [USBestCR] C:\Program Files (x86)\USIM Editor\iconcs144940201.exe RunFromReg
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [TkBellExe] "C:\Program Files (x86)\real\realplayer\update\realsched.exe" -osboot
mRun-x64: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
mRun-x64: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
mRunOnce-x64: [DES2] C:\Program Files (x86)\Gigabyte\EnergySaver2\des2.exe state
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\426e73pr.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.quantumlightphotography.com/|about:addons|chrome://fireftp/content/fireftp.xul
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B177206f0-0e5d-4da5-b770-4a18a1794f46%7D&mid=265186ebadebb2ec2a5477f5a2380a9e-cab87e7aeeccffd8fae1bcec151af9e4edd7bd93&ds=AVG&v=11.1.0.7&lang=us&pr=fr&d=2011-12-12%2009%3A25%3A35&sap=ku&q=
FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff4.dll
FF - component: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: C:\Program Files (x86)\Discover\SOAN\components\SlimOrbAddonDiscoverSOAN.dll
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordlegacyext.dll
FF - component: C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\426e73pr.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\Scott\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\426e73pr.default\extensions\2020Player@2020Technologies.com\plugins\NP2020Player.dll
FF - plugin: C:\Users\Scott\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Scott\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 EUBAKUP;EUBAKUP;C:\Windows\system32\drivers\eubakup.sys --> C:\Windows\system32\drivers\eubakup.sys [?]
R0 EUFS;EUFS;C:\Windows\system32\drivers\eufs.sys --> C:\Windows\system32\drivers\eufs.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 EUDSKACS;EUDSKACS;\??\C:\Windows\system32\drivers\eudskacs.sys --> C:\Windows\system32\drivers\eudskacs.sys [?]
R1 SbFw;SbFw;C:\Windows\system32\drivers\SbFw.sys --> C:\Windows\system32\drivers\SbFw.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 Ad-Aware Service;Ad-Aware Service;C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-5-3 1226096]
R2 AfaService;Afa Card Reader Service;C:\Windows\System32\afasrv64.exe [2012-3-23 73728]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2012-1-31 7391072]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2011-2-8 269520]
R2 CFUACProxy_officeguardianv2n;CFUACProxy_officeguardianv2n;C:\ProgramData\OfficeGuardianV2N\UACProxy.exe [2011-5-14 83792]
R2 DES2 Service;DES2 Service for Energy Saving.;C:\Program Files (x86)\Gigabyte\EnergySaver2\des2svr.exe [2010-1-31 68136]
R2 EASEUS Agent;EASEUS Agent;C:\Program Files (x86)\EASEUS\Todo Backup 2.0\bin\Agent.exe [2011-3-4 55688]
R2 FlipShareServer;FlipShare Server;C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [2011-5-6 1085440]
R2 iPodDrv;iPodDrv;\??\C:\Windows\system32\drivers\iPodDrv.sys --> C:\Windows\system32\drivers\iPodDrv.sys [?]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\Windows\system32\drivers\LMIRfsDriver.sys --> C:\Windows\system32\drivers\LMIRfsDriver.sys [?]
R2 MediaMall Server;MediaMall Server;C:\Program Files (x86)\MediaMall\MediaMallServer.exe [2012-4-23 2976632]
R2 nlscc;Nalpeiron X64 Service;C:\Windows\system32\nlsInterface.exe --> C:\Windows\system32\nlsInterface.exe [?]
R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\nlssrv32.exe [2011-12-9 66560]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-9-5 2253120]
R2 RaIPSrv;Ralink IP Service;C:\Program Files (x86)\Ralink\Common\RaIPSrv.exe [2012-5-6 70944]
R2 RalinkRegistryWriter;Ralink Registry Writer;C:\Program Files (x86)\Ralink\Common\RaRegistry.exe [2012-5-6 185632]
R2 RalinkRegistryWriter64;Ralink Registry Writer 64;C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe [2012-5-6 211232]
R2 SacNetAgentService_C57C4F854F53;SacNetAgentService_C57C4F854F53;C:\ProgramData\OfficeGuardianV2N\Reminder\SacNetAgent.exe [2011-5-14 163664]
R2 sbapifs;sbapifs;C:\Windows\system32\DRIVERS\sbapifs.sys --> C:\Windows\system32\DRIVERS\sbapifs.sys [?]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-7-4 1153368]
R2 Smart TimeLock;Smart TimeLock Service;C:\Program Files (x86)\Gigabyte\smart6\timelock\TimeMgmtDaemon.exe [2010-1-31 114688]
R2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe [2012-6-11 935480]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 EuDisk;EASEUS Disk Enumerator;C:\Windows\system32\DRIVERS\EuDisk.sys --> C:\Windows\system32\DRIVERS\EuDisk.sys [?]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\system32\DRIVERS\LEqdUsb.Sys --> C:\Windows\system32\DRIVERS\LEqdUsb.Sys [?]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\system32\DRIVERS\LHidEqd.Sys --> C:\Windows\system32\DRIVERS\LHidEqd.Sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 nvoclk64;NVIDIA Enthusiasts Platform KDM;C:\Windows\system32\DRIVERS\nvoclk64.sys --> C:\Windows\system32\DRIVERS\nvoclk64.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;C:\Windows\system32\DRIVERS\SBFWIM.sys --> C:\Windows\system32\DRIVERS\SBFWIM.sys [?]
S1 SBRE;SBRE;C:\Windows\System32\drivers\SBREDrv.sys [2011-10-26 101112]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-4-6 136176]
S2 PIEUsb;Single Frame Film Scanner;C:\Windows\System32\drivers\USBSCAN.SYS [2010-6-19 12400]
S2 SBAMSvc;Ad-Aware;C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2011-12-19 3289032]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-6-13 250056]
S3 androidusb;ADB Interface Driver;C:\Windows\system32\Drivers\androidusb.sys --> C:\Windows\system32\Drivers\androidusb.sys [?]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-5-20 167264]
S3 CTV1W;Cisco CTV1W Driver;C:\Windows\system32\DRIVERS\CTV1W.sys --> C:\Windows\system32\DRIVERS\CTV1W.sys [?]
S3 Desura Install Service;Desura Install Service;C:\Program Files (x86)\Common Files\Desura\desura_service.exe [2012-6-12 131912]
S3 etdrv;etdrv;C:\Windows\etdrv.sys [2010-1-31 25640]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-4-6 136176]
S3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2010-1-31 30528]
S3 MHIKEY10;MHIKEY10;C:\Windows\system32\Drivers\MHIKEY10x64.sys --> C:\Windows\system32\Drivers\MHIKEY10x64.sys [?]
S3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;C:\Windows\system32\DRIVERS\sbfwim.sys --> C:\Windows\system32\DRIVERS\sbfwim.sys [?]
S3 sbhips;sbhips;C:\Windows\system32\drivers\sbhips.sys --> C:\Windows\system32\drivers\sbhips.sys [?]
S3 sbwtis;sbwtis;C:\Windows\system32\DRIVERS\sbwtis.sys --> C:\Windows\system32\DRIVERS\sbwtis.sys [?]
S3 Spyder2;ColorVision Spyder2;C:\Windows\system32\DRIVERS\Spyder2.sys --> C:\Windows\system32\DRIVERS\Spyder2.sys [?]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 subvgaproduct64;subvgaproduct64;C:\Windows\system32\DRIVERS\subvga64.sys --> C:\Windows\system32\DRIVERS\subvga64.sys [?]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 ubloxusb;ubloxusb;C:\Windows\system32\DRIVERS\ubloxusb.sys --> C:\Windows\system32\DRIVERS\ubloxusb.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 usbezdisplay64;EZ USB;C:\Windows\system32\drivers\usbezdisplay64.sys --> C:\Windows\system32\drivers\usbezdisplay64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2011-8-5 306400]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S4 LMIGuardianSvc;LMIGuardianSvc;"C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe" --> C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-07-05 19:54:45 -------- d-----w- C:\Users\Scott\AppData\Local\Macromedia
2012-07-05 07:10:16 53248 ----a-r- C:\Users\Scott\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-07-05 07:10:02 -------- d-----w- C:\Users\Scott\AppData\Local\Logishrd
2012-07-04 19:45:39 -------- d-----w- C:\Users\Scott\AppData\Local\adaware
2012-07-04 19:45:35 -------- d-----w- C:\ProgramData\Ad-Aware Browsing Protection
2012-07-04 19:44:38 60536 ----a-w- C:\Windows\System32\drivers\sbhips.sys
2012-07-04 19:44:05 119416 ----a-w- C:\Windows\System32\drivers\SbFwIm.sys
2012-07-04 19:44:04 256632 ----a-w- C:\Windows\System32\drivers\SbFw.sys
2012-07-04 19:44:03 57976 ----a-w- C:\Windows\System32\drivers\sbredrv.sys
2012-07-04 19:44:03 45936 ----a-w- C:\Windows\System32\sbbd.exe
2012-07-04 19:43:59 -------- d-----w- C:\Program Files (x86)\Ad-Aware Antivirus
2012-07-04 19:37:05 -------- d-----w- C:\Users\Scott\AppData\Roaming\Ad-Aware Antivirus
2012-07-04 19:34:43 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-07-04 19:34:43 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-07-02 19:34:28 -------- d-----w- C:\Program Files (x86)\Common Files\xing shared
2012-07-02 19:33:58 129176 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
2012-06-28 19:13:44 -------- d-----w- C:\Users\Scott\AppData\Roaming\Awesomium
2012-06-23 03:21:05 9815752 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-06-21 10:28:57 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-21 10:28:10 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-21 10:27:38 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-21 10:27:38 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-13 19:05:51 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-13 19:05:42 -------- d-----w- C:\Users\Scott\AppData\Local\AVG Secure Search
2012-06-13 07:32:41 -------- d-----w- C:\Program Files\iPod
2012-06-13 07:32:40 -------- d-----w- C:\Program Files\iTunes
2012-06-13 02:07:21 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-06-13 02:07:20 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-06-13 02:07:20 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-06-13 02:06:48 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-06-13 02:06:42 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-06-13 02:06:36 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-06-13 02:06:28 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-06-13 02:06:24 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-06-13 02:06:23 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-06-13 02:06:15 3216384 ----a-w- C:\Windows\System32\msi.dll
2012-06-13 02:06:15 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2012-06-13 02:05:47 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-06-13 02:05:46 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-06-13 02:05:46 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-06-13 02:05:46 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-06-13 02:05:46 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-06-13 02:05:46 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-06-12 19:30:37 -------- d-----w- C:\Users\Scott\AppData\Local\Desura
2012-06-12 19:29:59 -------- d-----w- C:\Program Files (x86)\Common Files\Desura
2012-06-12 19:29:00 -------- d-----w- C:\ProgramData\Desura
2012-06-12 19:28:56 -------- d-----w- C:\Program Files (x86)\Desura
.
==================== Find3M ====================
.
2012-07-05 19:38:55 25640 ----a-w- C:\Windows\gdrv.sys
2012-07-05 07:08:19 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2012-07-02 19:33:19 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2012-07-02 19:33:19 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2012-06-29 06:43:54 283312 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-06-29 06:43:54 283312 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-06-28 19:14:03 283312 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-06-28 18:54:42 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-06-23 03:21:10 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-05-11 21:46:06 644400 ----a-w- C:\Windows\SysWow64\mscomct2.ocx
2010-03-06 08:07:08 44 ---h--w- C:\Program Files (x86)\b31e8f6a.tmp
.
============= FINISH: 23:19:55.61 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:43 PM

Posted 06 July 2012 - 05:48 AM

Greetings and Welcome to The Forums!!


My name is Gringo and I'll be glad to help you with your computer problems.

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

:multiple Anti Virus programs:

It looks like you are operating your computer with multiple Anti Virus programs running in memory at once:

AV: Lavasoft Ad-Aware
AV: AVG Anti-Virus Free Edition 2011


Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

Please remove all but one of them.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Scott Calkins

Scott Calkins
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:43 PM

Posted 07 July 2012 - 05:51 PM

Still seeing the redirects. Here are the logs.


Results of screen317's Security Check version 0.99.42
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG Anti-Virus Free Edition 2011
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Ad-Aware
MVPS Hosts File
Out of date HijackThis installed!
Spyder2PRO
HijackThis 2.0.2
Java™ 6 Update 31
Java version out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox 10.0.2 Firefox out of Date!
Mozilla Thunderbird (13.0.1)
Google Chrome 19.0.1084.56
Google Chrome 20.0.1132.47
Google Chrome plugins...
````````Process Check: objlist.exe by Laurent````````
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
AVG avgwdsvc.exe
AVG avgtray.exe
MediaMall MediaMallServer.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 7%
````````````````````End of Log``````````````````````


ComboFix 12-07-06.02 - Scott 07/06/2012 14:07:05.1.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.12286.9490 [GMT -7:00]
Running from: c:\users\Scott\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\users\Scott\AppData\Local\Setup-Super-Word-Search-Maker.exe
c:\users\Scott\g2mdlhlpx.exe
c:\users\Scott\roa1D4E.tmp
J:\Setup.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-06 to 2012-07-06 )))))))))))))))))))))))))))))))
.
.
2012-07-06 21:14 . 2012-07-06 21:14 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-07-06 21:14 . 2012-07-06 21:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-06 19:34 . 2012-07-06 19:34 -------- d-----w- c:\programdata\GFI Software
2012-07-05 19:54 . 2012-07-05 19:54 -------- d-----w- c:\users\Scott\AppData\Local\Macromedia
2012-07-05 07:10 . 2012-07-05 07:10 53248 ----a-r- c:\users\Scott\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-07-05 07:10 . 2012-07-05 07:10 -------- d-----w- c:\users\Scott\AppData\Local\Logishrd
2012-07-05 07:03 . 2012-07-05 07:04 -------- d-----w- c:\program files\Logitech
2012-07-04 19:45 . 2012-07-04 19:45 -------- d-----w- c:\users\Scott\AppData\Local\adaware
2012-07-04 19:45 . 2012-07-04 19:45 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2012-07-04 19:43 . 2012-07-06 19:34 -------- d-----w- c:\program files (x86)\Ad-Aware Antivirus
2012-07-04 19:43 . 2012-07-04 19:43 -------- d-----w- c:\programdata\Lavasoft
2012-07-04 19:37 . 2012-07-05 19:52 -------- d-----w- c:\users\Scott\AppData\Roaming\Ad-Aware Antivirus
2012-07-04 19:34 . 2012-07-06 19:40 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-07-04 19:34 . 2012-07-06 19:40 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-07-02 19:34 . 2012-07-02 19:34 -------- d-----w- c:\program files (x86)\Common Files\xing shared
2012-07-02 19:33 . 2012-07-02 19:33 129176 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
2012-06-28 19:13 . 2012-06-28 19:13 -------- d-----w- c:\users\Scott\AppData\Roaming\Awesomium
2012-06-23 03:21 . 2012-06-23 03:21 9815752 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-06-21 10:28 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 10:28 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 10:28 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 10:28 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 10:28 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-21 10:28 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 10:28 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 10:27 . 2012-06-02 22:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 10:27 . 2012-06-02 22:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-13 19:05 . 2012-06-23 03:21 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-13 19:05 . 2012-06-13 19:05 -------- d-----w- c:\users\Scott\AppData\Local\AVG Secure Search
2012-06-13 07:32 . 2012-06-13 07:32 -------- d-----w- c:\program files\iPod
2012-06-13 07:32 . 2012-06-13 07:33 -------- d-----w- c:\program files\iTunes
2012-06-13 02:07 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-13 02:07 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-13 02:07 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-13 02:06 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-06-13 02:06 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 02:06 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-06-13 02:06 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-13 02:06 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-06-13 02:06 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-13 02:06 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-06-13 02:06 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-06-13 02:05 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 02:05 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 02:05 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-13 02:05 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-13 02:05 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-13 02:05 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-06-12 19:30 . 2012-06-12 19:30 -------- d-----w- c:\users\Scott\AppData\Local\Desura
2012-06-12 19:29 . 2012-06-12 19:29 -------- d-----w- c:\program files (x86)\Common Files\Desura
2012-06-12 19:29 . 2012-06-12 19:29 -------- d-----w- c:\programdata\Desura
2012-06-12 19:28 . 2012-06-18 18:41 -------- d-----w- c:\program files (x86)\Desura
2012-06-07 09:59 . 2012-06-07 09:59 -------- d-----w- c:\users\Scott\AppData\Roaming\PlayFirst
2012-06-07 09:59 . 2012-06-07 09:59 -------- d-----w- c:\programdata\PlayFirst
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-06 20:30 . 2010-02-01 05:00 25640 ----a-w- c:\windows\gdrv.sys
2012-07-05 07:08 . 2010-08-15 09:11 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-07-02 19:33 . 2011-12-03 19:32 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-07-02 19:33 . 2011-12-03 19:32 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-06-29 06:43 . 2010-04-14 20:53 283312 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-06-29 06:43 . 2010-04-14 20:43 283312 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-06-28 19:14 . 2010-04-14 20:43 283312 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-06-28 18:54 . 2010-04-14 20:43 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-06-23 03:21 . 2011-06-21 18:18 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-11 21:46 . 2012-05-11 21:46 644400 ----a-w- c:\windows\SysWow64\mscomct2.ocx
2010-03-06 08:07 . 2010-03-07 20:07 44 ---h--w- c:\program files (x86)\b31e8f6a.tmp
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-06-12 06:22 2068536 ----a-w- c:\program files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll" [2012-06-12 2068536]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-17 221184]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"SacReminderHDDV2N"="c:\programdata\OfficeGuardianV2N\reminder\SacReminder.exe" [2010-11-18 862032]
"4C1D31FDF3597EACE1250555646D3F025973DBC4._service_run"="c:\users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe" [2012-06-28 1250328]
"Wootalyzer"="c:\program files (x86)\Wootalyzer\woot.exe" [2009-03-26 374272]
"Amazon Cloud Drive"="c:\users\Scott\AppData\Local\Amazon\Cloud Drive\AmazonCloudDrive.exe" [2012-05-24 424848]
"Desura"="c:\program files (x86)\Desura\desura.exe" [2012-06-12 2529096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG10\avgtray.exe" [2012-01-18 2339168]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"EaseUs Watch"="c:\program files (x86)\EASEUS\Todo Backup 2.0\bin\EuWatch.exe" [2011-01-22 69000]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-06-12 1104440]
"ROC_roc_dec12"="c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-16 928096]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"USBestCR"="c:\program files (x86)\USIM Editor\iconcs144940201.exe" [2012-03-23 7377920]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]
"TkBellExe"="c:\program files (x86)\real\realplayer\update\realsched.exe" [2012-07-02 296096]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"DES2"="c:\program files (x86)\Gigabyte\EnergySaver2\des2.exe" [2009-07-29 166440]
.
c:\users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
startup helper.lnk - c:\tnlenterprises\SentryVision\ControlPanel.exe [2011-11-26 27244544]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ColorVisionStartup.lnk - c:\program files (x86)\ColorVision\Utility\ColorVisionStartup.exe [2007-2-13 385024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG10\avgchsva.exe /sync\0c:\progra~2\AVG\AVG10\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2012-01-31 7391072]
R2 CFUACProxy_officeguardianv2n;CFUACProxy_officeguardianv2n;c:\programdata\OfficeGuardianV2N\UACProxy.exe [2010-11-18 83792]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
R2 EASEUS Agent;EASEUS Agent;c:\program files (x86)\EASEUS\Todo Backup 2.0\bin\Agent.exe [2011-01-22 55688]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-06 136176]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [x]
R2 PIEUsb;Single Frame Film Scanner;c:\windows\system32\Drivers\usbscan.sys [2009-07-14 41984]
R2 SacNetAgentService_C57C4F854F53;SacNetAgentService_C57C4F854F53;c:\programdata\OfficeGuardianV2N\Reminder\SacNetAgent.exe [2010-11-18 163664]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys [2011-01-05 31744]
R3 AODDriver;AODDriver;c:\program files (x86)\Gigabyte\ET6\amd64\AODDriver.sys [x]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-11-10 167264]
R3 CTV1W;Cisco CTV1W Driver;c:\windows\system32\DRIVERS\CTV1W.sys [2010-04-20 1118048]
R3 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe [2012-06-12 131912]
R3 etdrv;etdrv;c:\windows\etdrv.sys [2010-02-06 25640]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-06 136176]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2010-02-11 30528]
R3 MHIKEY10;MHIKEY10;c:\windows\system32\Drivers\MHIKEY10x64.sys [2010-04-09 59392]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 40464]
R3 Spyder2;ColorVision Spyder2;c:\windows\system32\DRIVERS\Spyder2.sys [2007-01-17 15360]
R3 subvgaproduct64;subvgaproduct64;c:\windows\system32\DRIVERS\subvga64.sys [2009-09-17 11880]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 ubloxusb;ubloxusb;c:\windows\system32\DRIVERS\ubloxusb.sys [2009-11-27 95232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]
R3 usbezdisplay64;EZ USB;c:\windows\system32\drivers\usbezdisplay64.sys [2009-09-26 31336]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-18 1255736]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
R4 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-10-27 834544]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-02-22 26704]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2011-03-16 37456]
S0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2011-01-22 36232]
S0 EUFS;EUFS;c:\windows\system32\drivers\eufs.sys [2011-01-22 26504]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2011-01-07 304720]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-03-01 41552]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2011-04-05 377936]
S1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2011-01-22 17800]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AfaService;Afa Card Reader Service;c:\windows\system32\afasrv64.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG10\avgwdsvc.exe [2011-02-08 269520]
S2 DES2 Service;DES2 Service for Energy Saving.;c:\program files (x86)\Gigabyte\EnergySaver2\des2svr.exe [2009-06-17 68136]
S2 FlipShareServer;FlipShare Server;c:\program files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [2011-05-06 1085440]
S2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [2011-03-10 14952]
S2 MediaMall Server;MediaMall Server;c:\program files (x86)\MediaMall\MediaMallServer.exe [2012-06-18 2976632]
S2 nlscc;Nalpeiron X64 Service;c:\windows\system32\nlsInterface.exe [2010-05-31 72192]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\nlssrv32.exe [2011-12-09 66560]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S2 RaIPSrv;Ralink IP Service;c:\program files (x86)\Ralink\Common\RaIPSrv.exe [2009-10-20 70944]
S2 RalinkRegistryWriter64;Ralink Registry Writer 64;c:\program files (x86)\Ralink\Common\RaRegistry64.exe [2009-07-15 211232]
S2 Smart TimeLock;Smart TimeLock Service;c:\program files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [2009-10-13 114688]
S2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe [2012-06-12 935480]
S3 ALSysIO;ALSysIO;c:\users\Scott\AppData\Local\Temp\ALSysIO64.sys [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-05-28 118864]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-02-10 29264]
S3 EuDisk;EASEUS Disk Enumerator;c:\windows\system32\DRIVERS\EuDisk.sys [2011-01-22 193416]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [2011-09-02 76056]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [2011-09-02 15128]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-11-19 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-11-19 181248]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2011-07-07 174184]
S3 nvoclk64;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\DRIVERS\nvoclk64.sys [2009-09-15 42088]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-03-02 187392]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ALSYSIO
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-13 03:21]
.
2012-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-06 18:56]
.
2012-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-06 18:56]
.
2012-07-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2739247140-3825820621-3931732148-1001Core.job
- c:\users\Scott\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-01 09:38]
.
2012-07-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2739247140-3825820621-3931732148-1001UA.job
- c:\users\Scott\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-01 09:38]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-02-02 446392]
"USBestCR"="c:\program files (x86)\USIM Editor\iconcs144940201.exe" [2012-03-23 7377920]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{F67268A9-8370-4B3D-BA81-F0668881ED48}: NameServer = 8.8.8.8,8.8.4.4
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll
FF - ProfilePath - c:\users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\426e73pr.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.quantumlightphotography.com/|about:addons|chrome://fireftp/content/fireftp.xul
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B177206f0-0e5d-4da5-b770-4a18a1794f46%7D&mid=265186ebadebb2ec2a5477f5a2380a9e-cab87e7aeeccffd8fae1bcec151af9e4edd7bd93&ds=AVG&v=11.1.0.7&lang=us&pr=fr&d=2011-12-12%2009%3A25%3A35&sap=ku&q=
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-StereoLinksInstall - c:\program files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe
AddRemove-GeotagPhotos Offline - c:\windows\system32\javaws.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{A8C7C2CA-6DFD-4E16-8458-592361564D38}"=hex:51,66,7a,6c,4c,1d,38,12,a4,c1,d4,
ac,cf,23,78,0b,fb,4e,1a,63,64,08,09,2c
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{3049C3E9-B461-4BC5-8870-4C09146192CA}"=hex:51,66,7a,6c,4c,1d,38,12,87,c0,5a,
34,53,fa,ab,0e,f7,66,0f,49,11,3f,d6,de
"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
"{435EAA86-D32B-484F-869C-53745FCB1642}"=hex:51,66,7a,6c,4c,1d,38,12,e8,a9,4d,
47,19,9d,21,0d,f9,8a,10,34,5a,95,52,56
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:c9,6f,c2,03,bf,fb,cb,01
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-07-06 14:17:54
ComboFix-quarantined-files.txt 2012-07-06 21:17
.
Pre-Run: 270,946,193,408 bytes free
Post-Run: 280,559,738,880 bytes free
.
- - End Of File - - 441F9B7381019FB91A947B1C011FF3D5

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:43 PM

Posted 07 July 2012 - 08:11 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Scott Calkins

Scott Calkins
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:43 PM

Posted 08 July 2012 - 02:00 PM

01:41:07.0125 9588 TDSS rootkit removing tool 2.7.44.0 Jul 2 2012 20:01:08
01:41:07.0647 9588 ============================================================
01:41:07.0647 9588 Current date / time: 2012/07/08 01:41:07.0647
01:41:07.0647 9588 SystemInfo:
01:41:07.0647 9588
01:41:07.0647 9588 OS Version: 6.1.7601 ServicePack: 1.0
01:41:07.0647 9588 Product type: Workstation
01:41:07.0647 9588 ComputerName: LIQUID2
01:41:07.0647 9588 UserName: Scott
01:41:07.0647 9588 Windows directory: C:\Windows
01:41:07.0647 9588 System windows directory: C:\Windows
01:41:07.0647 9588 Running under WOW64
01:41:07.0647 9588 Processor architecture: Intel x64
01:41:07.0647 9588 Number of processors: 8
01:41:07.0647 9588 Page size: 0x1000
01:41:07.0647 9588 Boot type: Normal boot
01:41:07.0647 9588 ============================================================
01:41:10.0027 9588 Drive \Device\Harddisk0\DR0 - Size: 0xAEA9A00000 (698.65 Gb), SectorSize: 0x200, Cylinders: 0x16442, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
01:41:10.0031 9588 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB5C00 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
01:41:15.0851 9588 Drive \Device\Harddisk6\DR6 - Size: 0x7462FF6000 (465.55 Gb), SectorSize: 0x200, Cylinders: 0xED65, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
01:41:19.0608 9588 Drive \Device\Harddisk7\DR7 - Size: 0xFA00000 (0.24 Gb), SectorSize: 0x200, Cylinders: 0x1F, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
01:41:19.0609 9588 ============================================================
01:41:19.0609 9588 \Device\Harddisk0\DR0:
01:41:19.0615 9588 MBR partitions:
01:41:19.0615 9588 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
01:41:19.0615 9588 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x5751A000
01:41:19.0615 9588 \Device\Harddisk1\DR1:
01:41:19.0616 9588 MBR partitions:
01:41:19.0616 9588 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982
01:41:19.0616 9588 \Device\Harddisk6\DR6:
01:41:19.0616 9588 MBR partitions:
01:41:19.0616 9588 \Device\Harddisk6\DR6\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A316EE6
01:41:19.0616 9588 \Device\Harddisk7\DR7:
01:41:19.0617 9588 MBR partitions:
01:41:19.0617 9588 ============================================================
01:41:19.0636 9588 C: <-> \Device\Harddisk0\DR0\Partition1
01:41:19.0681 9588 J: <-> \Device\Harddisk1\DR1\Partition0
01:41:19.0681 9588 ============================================================
01:41:19.0682 9588 Initialize success
01:41:19.0682 9588 ============================================================
01:41:30.0758 2244 ============================================================
01:41:30.0758 2244 Scan started
01:41:30.0758 2244 Mode: Manual;
01:41:30.0758 2244 ============================================================
01:41:32.0614 2244 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
01:41:32.0620 2244 1394ohci - ok
01:41:32.0741 2244 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
01:41:32.0752 2244 ACPI - ok
01:41:32.0773 2244 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
01:41:32.0775 2244 AcpiPmi - ok
01:41:33.0000 2244 AdobeFlashPlayerUpdateSvc (990dc6edc9f933194d7cd4e65146bc94) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
01:41:33.0002 2244 AdobeFlashPlayerUpdateSvc - ok
01:41:33.0110 2244 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
01:41:33.0126 2244 adp94xx - ok
01:41:33.0155 2244 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
01:41:33.0163 2244 adpahci - ok
01:41:33.0174 2244 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
01:41:33.0179 2244 adpu320 - ok
01:41:33.0237 2244 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
01:41:33.0238 2244 AeLookupSvc - ok
01:41:33.0254 2244 AfaService - ok
01:41:33.0343 2244 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
01:41:33.0357 2244 AFD - ok
01:41:33.0405 2244 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
01:41:33.0407 2244 agp440 - ok
01:41:33.0454 2244 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
01:41:33.0465 2244 ALG - ok
01:41:33.0494 2244 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
01:41:33.0495 2244 aliide - ok
01:41:33.0602 2244 ALSysIO - ok
01:41:33.0645 2244 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
01:41:33.0647 2244 amdide - ok
01:41:33.0705 2244 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
01:41:33.0713 2244 AmdK8 - ok
01:41:33.0732 2244 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
01:41:33.0744 2244 AmdPPM - ok
01:41:33.0812 2244 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
01:41:33.0821 2244 amdsata - ok
01:41:33.0866 2244 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
01:41:33.0878 2244 amdsbs - ok
01:41:33.0899 2244 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
01:41:33.0908 2244 amdxata - ok
01:41:33.0940 2244 androidusb (9c59bf508c5d408bb348254e0ba2ee30) C:\Windows\system32\Drivers\androidusb.sys
01:41:33.0942 2244 androidusb - ok
01:41:34.0010 2244 AODDriver - ok
01:41:34.0083 2244 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
01:41:34.0087 2244 AppID - ok
01:41:34.0110 2244 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
01:41:34.0112 2244 AppIDSvc - ok
01:41:34.0151 2244 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
01:41:34.0155 2244 Appinfo - ok
01:41:34.0244 2244 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
01:41:34.0250 2244 Apple Mobile Device - ok
01:41:34.0353 2244 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
01:41:34.0362 2244 AppMgmt - ok
01:41:34.0398 2244 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
01:41:34.0407 2244 arc - ok
01:41:34.0436 2244 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
01:41:34.0447 2244 arcsas - ok
01:41:34.0467 2244 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
01:41:34.0468 2244 AsyncMac - ok
01:41:34.0498 2244 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
01:41:34.0499 2244 atapi - ok
01:41:34.0795 2244 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
01:41:34.0817 2244 AudioEndpointBuilder - ok
01:41:34.0822 2244 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
01:41:34.0825 2244 AudioSrv - ok
01:41:35.0065 2244 AVG Security Toolbar Service (d45b7995761253a92ab071d576114f28) C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe
01:41:35.0070 2244 AVG Security Toolbar Service - ok
01:41:35.0499 2244 AVGIDSAgent (7a0f6a3e0e41425b9ba54616b482668a) C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
01:41:35.0581 2244 AVGIDSAgent - ok
01:41:35.0734 2244 AVGIDSDriver (e6671e90d38c88764412e07c9d9b3d63) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
01:41:35.0752 2244 AVGIDSDriver - ok
01:41:35.0828 2244 AVGIDSEH (1553b388e0f0462c25ad8f30c3c29e83) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
01:41:35.0830 2244 AVGIDSEH - ok
01:41:35.0890 2244 AVGIDSFilter (dca426a66739e75f51a72160dfb945ad) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
01:41:35.0891 2244 AVGIDSFilter - ok
01:41:35.0996 2244 Avgldx64 (ff7383388a7d2283dae5831abc2b0720) C:\Windows\system32\DRIVERS\avgldx64.sys
01:41:36.0008 2244 Avgldx64 - ok
01:41:36.0018 2244 Avgmfx64 (997d002827d3e3dcbbb25bf46db161ab) C:\Windows\system32\DRIVERS\avgmfx64.sys
01:41:36.0020 2244 Avgmfx64 - ok
01:41:36.0070 2244 Avgrkx64 (bccfe3374c887075cde2ac8fdb1cb2f8) C:\Windows\system32\DRIVERS\avgrkx64.sys
01:41:36.0090 2244 Avgrkx64 - ok
01:41:36.0160 2244 Avgtdia (0d49adcebe243b79366ea523b647519a) C:\Windows\system32\DRIVERS\avgtdia.sys
01:41:36.0173 2244 Avgtdia - ok
01:41:36.0320 2244 avgwd (fc2bc51120a945f7c70376495e4e7737) C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
01:41:36.0331 2244 avgwd - ok
01:41:36.0429 2244 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
01:41:36.0441 2244 AxInstSV - ok
01:41:36.0530 2244 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
01:41:36.0543 2244 b06bdrv - ok
01:41:36.0768 2244 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
01:41:36.0788 2244 b57nd60a - ok
01:41:36.0828 2244 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
01:41:36.0832 2244 BDESVC - ok
01:41:36.0849 2244 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
01:41:36.0851 2244 Beep - ok
01:41:36.0953 2244 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
01:41:36.0967 2244 BFE - ok
01:41:37.0078 2244 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
01:41:37.0098 2244 BITS - ok
01:41:37.0155 2244 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
01:41:37.0166 2244 blbdrive - ok
01:41:37.0321 2244 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
01:41:37.0337 2244 Bonjour Service - ok
01:41:37.0393 2244 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
01:41:37.0397 2244 bowser - ok
01:41:37.0407 2244 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
01:41:37.0408 2244 BrFiltLo - ok
01:41:37.0417 2244 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
01:41:37.0418 2244 BrFiltUp - ok
01:41:37.0464 2244 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
01:41:37.0471 2244 BridgeMP - ok
01:41:37.0535 2244 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
01:41:37.0548 2244 Browser - ok
01:41:37.0634 2244 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
01:41:37.0644 2244 Brserid - ok
01:41:37.0664 2244 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
01:41:37.0671 2244 BrSerWdm - ok
01:41:37.0690 2244 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
01:41:37.0691 2244 BrUsbMdm - ok
01:41:37.0712 2244 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
01:41:37.0714 2244 BrUsbSer - ok
01:41:37.0775 2244 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
01:41:37.0781 2244 BthEnum - ok
01:41:37.0835 2244 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
01:41:37.0860 2244 BTHMODEM - ok
01:41:37.0894 2244 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
01:41:37.0899 2244 BthPan - ok
01:41:37.0999 2244 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
01:41:38.0012 2244 BTHPORT - ok
01:41:38.0112 2244 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
01:41:38.0129 2244 bthserv - ok
01:41:38.0173 2244 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
01:41:38.0183 2244 BTHUSB - ok
01:41:38.0207 2244 catchme - ok
01:41:38.0286 2244 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
01:41:38.0317 2244 cdfs - ok
01:41:38.0504 2244 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
01:41:38.0516 2244 cdrom - ok
01:41:38.0619 2244 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
01:41:38.0721 2244 CertPropSvc - ok
01:41:38.0935 2244 CFUACProxy_officeguardianv2n (23f5d8aee57f208e18e4edff16ee0df9) C:\ProgramData\OfficeGuardianV2N\UACProxy.exe
01:41:38.0938 2244 CFUACProxy_officeguardianv2n - ok
01:41:38.0980 2244 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
01:41:38.0982 2244 circlass - ok
01:41:39.0041 2244 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
01:41:39.0050 2244 CLFS - ok
01:41:39.0147 2244 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
01:41:39.0156 2244 clr_optimization_v2.0.50727_32 - ok
01:41:39.0207 2244 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
01:41:39.0217 2244 clr_optimization_v2.0.50727_64 - ok
01:41:39.0316 2244 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
01:41:39.0323 2244 clr_optimization_v4.0.30319_32 - ok
01:41:39.0415 2244 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
01:41:39.0427 2244 clr_optimization_v4.0.30319_64 - ok
01:41:39.0462 2244 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
01:41:39.0463 2244 CmBatt - ok
01:41:39.0487 2244 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
01:41:39.0488 2244 cmdide - ok
01:41:39.0566 2244 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
01:41:39.0577 2244 CNG - ok
01:41:39.0593 2244 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
01:41:39.0595 2244 Compbatt - ok
01:41:39.0652 2244 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
01:41:39.0660 2244 CompositeBus - ok
01:41:39.0680 2244 COMSysApp - ok
01:41:39.0711 2244 cpuz135 - ok
01:41:39.0727 2244 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
01:41:39.0728 2244 crcdisk - ok
01:41:39.0788 2244 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
01:41:39.0799 2244 CryptSvc - ok
01:41:39.0865 2244 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
01:41:39.0880 2244 CSC - ok
01:41:39.0991 2244 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
01:41:40.0001 2244 CscService - ok
01:41:40.0151 2244 CTV1W (d4edcde32b0fb3b557fe800432958ac1) C:\Windows\system32\DRIVERS\CTV1W.sys
01:41:40.0167 2244 CTV1W - ok
01:41:40.0263 2244 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
01:41:40.0273 2244 DcomLaunch - ok
01:41:40.0344 2244 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
01:41:40.0356 2244 defragsvc - ok
01:41:40.0424 2244 DES2 Service (fdc0c5adde1cde6edb0bef78f0699af3) C:\Program Files (x86)\Gigabyte\EnergySaver2\des2svr.exe
01:41:40.0431 2244 DES2 Service - ok
01:41:40.0558 2244 Desura Install Service (2b9a817dc1bdad9ce5495099b6a7136a) C:\Program Files (x86)\Common Files\Desura\desura_service.exe
01:41:40.0569 2244 Desura Install Service - ok
01:41:40.0669 2244 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
01:41:40.0671 2244 DfsC - ok
01:41:40.0801 2244 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
01:41:40.0812 2244 Dhcp - ok
01:41:40.0823 2244 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
01:41:40.0824 2244 discache - ok
01:41:40.0877 2244 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
01:41:40.0884 2244 Disk - ok
01:41:40.0934 2244 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
01:41:40.0946 2244 Dnscache - ok
01:41:41.0053 2244 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
01:41:41.0066 2244 dot3svc - ok
01:41:41.0119 2244 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
01:41:41.0127 2244 DPS - ok
01:41:41.0153 2244 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
01:41:41.0154 2244 drmkaud - ok
01:41:41.0249 2244 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
01:41:41.0267 2244 DXGKrnl - ok
01:41:41.0332 2244 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
01:41:41.0342 2244 EapHost - ok
01:41:41.0448 2244 EASEUS Agent (2ea8ccc4af7d9223dd397d8ccb636f5d) C:\Program Files (x86)\EASEUS\Todo Backup 2.0\bin\Agent.exe
01:41:41.0460 2244 EASEUS Agent - ok
01:41:41.0713 2244 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
01:41:41.0756 2244 ebdrv - ok
01:41:41.0890 2244 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
01:41:41.0893 2244 EFS - ok
01:41:41.0981 2244 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
01:41:41.0995 2244 ehRecvr - ok
01:41:42.0032 2244 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
01:41:42.0037 2244 ehSched - ok
01:41:42.0161 2244 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
01:41:42.0173 2244 elxstor - ok
01:41:42.0205 2244 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
01:41:42.0212 2244 ErrDev - ok
01:41:42.0250 2244 etdrv (84486624268e078255bc7aa47f0960bc) C:\Windows\etdrv.sys
01:41:42.0251 2244 etdrv - ok
01:41:42.0301 2244 EUBAKUP (74a88f4b1f22f394e27792a0195505d1) C:\Windows\system32\drivers\eubakup.sys
01:41:42.0303 2244 EUBAKUP - ok
01:41:42.0389 2244 EuDisk (a25bed567ea531f27cc87fd5b331bb02) C:\Windows\system32\DRIVERS\EuDisk.sys
01:41:42.0396 2244 EuDisk - ok
01:41:42.0500 2244 EUDSKACS (5a720eacfe8db9d8d28c691c09269a58) C:\Windows\system32\drivers\eudskacs.sys
01:41:42.0516 2244 EUDSKACS - ok
01:41:42.0538 2244 EUFS (84f2d1d52bb527a8477b2db2c220dd0d) C:\Windows\system32\drivers\eufs.sys
01:41:42.0540 2244 EUFS - ok
01:41:42.0716 2244 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
01:41:42.0729 2244 EventSystem - ok
01:41:42.0777 2244 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
01:41:42.0784 2244 exfat - ok
01:41:42.0821 2244 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
01:41:42.0832 2244 fastfat - ok
01:41:43.0026 2244 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
01:41:43.0043 2244 Fax - ok
01:41:43.0079 2244 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
01:41:43.0086 2244 fdc - ok
01:41:43.0112 2244 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
01:41:43.0114 2244 fdPHost - ok
01:41:43.0129 2244 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
01:41:43.0131 2244 FDResPub - ok
01:41:43.0146 2244 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
01:41:43.0150 2244 FileInfo - ok
01:41:43.0160 2244 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
01:41:43.0162 2244 Filetrace - ok
01:41:43.0466 2244 FlipShare Service (b8602c90d3c427d8a86ce60437615cf5) C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
01:41:43.0505 2244 FlipShare Service - ok
01:41:43.0765 2244 FlipShareServer (ac5fb7094f31534594cae48306972cbd) C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe
01:41:43.0780 2244 FlipShareServer - ok
01:41:44.0127 2244 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
01:41:44.0143 2244 flpydisk - ok
01:41:44.0210 2244 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
01:41:44.0219 2244 FltMgr - ok
01:41:44.0362 2244 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
01:41:44.0383 2244 FontCache - ok
01:41:44.0459 2244 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
01:41:44.0461 2244 FontCache3.0.0.0 - ok
01:41:44.0510 2244 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
01:41:44.0515 2244 FsDepends - ok
01:41:44.0644 2244 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
01:41:44.0688 2244 fssfltr - ok
01:41:44.0880 2244 fsssvc (4ce9dac1518ff7e77bd213e6394b9d77) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
01:41:44.0900 2244 fsssvc - ok
01:41:45.0054 2244 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
01:41:45.0056 2244 Fs_Rec - ok
01:41:45.0114 2244 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
01:41:45.0125 2244 fvevol - ok
01:41:45.0168 2244 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
01:41:45.0189 2244 gagp30kx - ok
01:41:45.0245 2244 gdrv (7907e14f9bcf3a4689c9a74a1a873cb6) C:\Windows\gdrv.sys
01:41:45.0247 2244 gdrv - ok
01:41:45.0283 2244 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
01:41:45.0285 2244 GEARAspiWDM - ok
01:41:45.0345 2244 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
01:41:45.0361 2244 gpsvc - ok
01:41:45.0489 2244 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
01:41:45.0490 2244 gupdate - ok
01:41:45.0526 2244 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
01:41:45.0527 2244 gupdatem - ok
01:41:45.0598 2244 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
01:41:45.0607 2244 gusvc - ok
01:41:45.0621 2244 GVTDrv64 (8126331fbd4ed29eb3b356f9c905064d) C:\Windows\GVTDrv64.sys
01:41:45.0622 2244 GVTDrv64 - ok
01:41:45.0653 2244 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
01:41:45.0654 2244 hcw85cir - ok
01:41:45.0750 2244 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
01:41:45.0759 2244 HdAudAddService - ok
01:41:45.0819 2244 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
01:41:45.0838 2244 HDAudBus - ok
01:41:45.0855 2244 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
01:41:45.0856 2244 HidBatt - ok
01:41:45.0881 2244 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
01:41:45.0886 2244 HidBth - ok
01:41:45.0913 2244 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
01:41:45.0918 2244 HidIr - ok
01:41:45.0948 2244 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
01:41:45.0955 2244 hidserv - ok
01:41:46.0006 2244 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
01:41:46.0008 2244 HidUsb - ok
01:41:46.0026 2244 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
01:41:46.0038 2244 hkmsvc - ok
01:41:46.0125 2244 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
01:41:46.0136 2244 HomeGroupListener - ok
01:41:46.0180 2244 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
01:41:46.0186 2244 HomeGroupProvider - ok
01:41:46.0246 2244 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
01:41:46.0253 2244 HpSAMD - ok
01:41:46.0371 2244 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
01:41:46.0387 2244 HTTP - ok
01:41:46.0416 2244 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
01:41:46.0417 2244 hwpolicy - ok
01:41:46.0476 2244 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
01:41:46.0485 2244 i8042prt - ok
01:41:46.0682 2244 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
01:41:46.0684 2244 iaStorV - ok
01:41:46.0777 2244 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
01:41:46.0781 2244 IDriverT - ok
01:41:46.0955 2244 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
01:41:46.0970 2244 idsvc - ok
01:41:47.0081 2244 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
01:41:47.0083 2244 iirsp - ok
01:41:47.0241 2244 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
01:41:47.0257 2244 IKEEXT - ok
01:41:47.0287 2244 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
01:41:47.0289 2244 intelide - ok
01:41:47.0315 2244 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
01:41:47.0317 2244 intelppm - ok
01:41:47.0351 2244 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
01:41:47.0360 2244 IPBusEnum - ok
01:41:47.0448 2244 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
01:41:47.0460 2244 IpFilterDriver - ok
01:41:47.0538 2244 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
01:41:47.0552 2244 iphlpsvc - ok
01:41:47.0597 2244 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
01:41:47.0603 2244 IPMIDRV - ok
01:41:47.0643 2244 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
01:41:47.0654 2244 IPNAT - ok
01:41:47.0811 2244 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe
01:41:47.0829 2244 iPod Service - ok
01:41:47.0885 2244 iPodDrv (02def37ab75e0032c50724646f708de8) C:\Windows\system32\drivers\iPodDrv.sys
01:41:47.0897 2244 iPodDrv - ok
01:41:47.0933 2244 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
01:41:47.0934 2244 IRENUM - ok
01:41:48.0010 2244 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
01:41:48.0011 2244 isapnp - ok
01:41:48.0089 2244 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
01:41:48.0102 2244 iScsiPrt - ok
01:41:48.0142 2244 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
01:41:48.0150 2244 kbdclass - ok
01:41:48.0168 2244 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
01:41:48.0170 2244 kbdhid - ok
01:41:48.0204 2244 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
01:41:48.0205 2244 KeyIso - ok
01:41:48.0239 2244 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
01:41:48.0251 2244 KSecDD - ok
01:41:48.0329 2244 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
01:41:48.0337 2244 KSecPkg - ok
01:41:48.0354 2244 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
01:41:48.0356 2244 ksthunk - ok
01:41:48.0413 2244 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
01:41:48.0430 2244 KtmRm - ok
01:41:48.0517 2244 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
01:41:48.0528 2244 LanmanServer - ok
01:41:48.0677 2244 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
01:41:48.0683 2244 LanmanWorkstation - ok
01:41:48.0854 2244 LBTServ (7772dfab22611050b79504e671b06e6e) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
01:41:48.0902 2244 LBTServ - ok
01:41:48.0995 2244 LEqdUsb (ed7ec050cd6c20e1a93a4dafb7efd14d) C:\Windows\system32\DRIVERS\LEqdUsb.Sys
01:41:49.0004 2244 LEqdUsb - ok
01:41:49.0048 2244 LHidEqd (3267bc698e29474a8381e68904eb0390) C:\Windows\system32\DRIVERS\LHidEqd.Sys
01:41:49.0049 2244 LHidEqd - ok
01:41:49.0145 2244 LHidFilt (241f2648adf090e2a10095bd6d6f5dcb) C:\Windows\system32\DRIVERS\LHidFilt.Sys
01:41:49.0150 2244 LHidFilt - ok
01:41:49.0218 2244 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
01:41:49.0222 2244 lltdio - ok
01:41:49.0304 2244 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
01:41:49.0318 2244 lltdsvc - ok
01:41:49.0338 2244 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
01:41:49.0344 2244 lmhosts - ok
01:41:49.0417 2244 LMIGuardianSvc - ok
01:41:49.0448 2244 LMIInfo - ok
01:41:49.0497 2244 lmimirr (413ecdcfad9a82804d3674c8d7eec24e) C:\Windows\system32\DRIVERS\lmimirr.sys
01:41:49.0499 2244 lmimirr - ok
01:41:49.0524 2244 LMIRfsClientNP - ok
01:41:49.0568 2244 LMIRfsDriver (c57d3faa50e6f395759ffb7c709bd944) C:\Windows\system32\drivers\LMIRfsDriver.sys
01:41:49.0577 2244 LMIRfsDriver - ok
01:41:49.0617 2244 LMouFilt (342ed5a4b3326014438f36d22d803737) C:\Windows\system32\DRIVERS\LMouFilt.Sys
01:41:49.0623 2244 LMouFilt - ok
01:41:49.0667 2244 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
01:41:49.0677 2244 LSI_FC - ok
01:41:49.0701 2244 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
01:41:49.0708 2244 LSI_SAS - ok
01:41:49.0715 2244 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
01:41:49.0717 2244 LSI_SAS2 - ok
01:41:49.0726 2244 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
01:41:49.0728 2244 LSI_SCSI - ok
01:41:49.0797 2244 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
01:41:49.0809 2244 luafv - ok
01:41:49.0859 2244 LUsbFilt (da3494df01c62d821911ed91ce5e1642) C:\Windows\system32\Drivers\LUsbFilt.Sys
01:41:49.0866 2244 LUsbFilt - ok
01:41:49.0910 2244 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
01:41:49.0922 2244 Mcx2Svc - ok
01:41:50.0166 2244 MediaMall Server (dabf5c502202e7999b273a39602f8a0d) C:\Program Files (x86)\MediaMall\MediaMallServer.exe
01:41:50.0180 2244 MediaMall Server - ok
01:41:50.0350 2244 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
01:41:50.0361 2244 megasas - ok
01:41:50.0412 2244 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
01:41:50.0425 2244 MegaSR - ok
01:41:50.0481 2244 MHIKEY10 (e805a347ab28ad569c5ced370a966d80) C:\Windows\system32\Drivers\MHIKEY10x64.sys
01:41:50.0490 2244 MHIKEY10 - ok
01:41:50.0672 2244 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
01:41:50.0674 2244 Microsoft Office Groove Audit Service - ok
01:41:50.0715 2244 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
01:41:50.0719 2244 MMCSS - ok
01:41:50.0744 2244 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
01:41:50.0747 2244 Modem - ok
01:41:50.0789 2244 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
01:41:50.0790 2244 monitor - ok
01:41:50.0844 2244 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
01:41:50.0846 2244 mouclass - ok
01:41:50.0880 2244 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
01:41:50.0887 2244 mouhid - ok
01:41:50.0937 2244 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
01:41:50.0945 2244 mountmgr - ok
01:41:51.0000 2244 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
01:41:51.0010 2244 mpio - ok
01:41:51.0034 2244 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
01:41:51.0044 2244 mpsdrv - ok
01:41:51.0154 2244 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
01:41:51.0159 2244 MpsSvc - ok
01:41:51.0201 2244 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
01:41:51.0206 2244 MRxDAV - ok
01:41:51.0246 2244 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
01:41:51.0256 2244 mrxsmb - ok
01:41:51.0303 2244 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
01:41:51.0312 2244 mrxsmb10 - ok
01:41:51.0346 2244 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
01:41:51.0358 2244 mrxsmb20 - ok
01:41:51.0401 2244 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
01:41:51.0414 2244 msahci - ok
01:41:51.0465 2244 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
01:41:51.0477 2244 msdsm - ok
01:41:51.0531 2244 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
01:41:51.0542 2244 MSDTC - ok
01:41:51.0572 2244 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
01:41:51.0581 2244 Msfs - ok
01:41:51.0593 2244 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
01:41:51.0595 2244 mshidkmdf - ok
01:41:51.0623 2244 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
01:41:51.0632 2244 msisadrv - ok
01:41:51.0699 2244 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
01:41:51.0710 2244 MSiSCSI - ok
01:41:51.0712 2244 msiserver - ok
01:41:51.0733 2244 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
01:41:51.0735 2244 MSKSSRV - ok
01:41:51.0751 2244 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
01:41:51.0753 2244 MSPCLOCK - ok
01:41:51.0756 2244 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
01:41:51.0757 2244 MSPQM - ok
01:41:51.0828 2244 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
01:41:51.0839 2244 MsRPC - ok
01:41:51.0877 2244 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
01:41:51.0879 2244 mssmbios - ok
01:41:51.0893 2244 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
01:41:51.0894 2244 MSTEE - ok
01:41:51.0910 2244 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
01:41:51.0912 2244 MTConfig - ok
01:41:51.0963 2244 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
01:41:51.0973 2244 Mup - ok
01:41:52.0046 2244 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
01:41:52.0049 2244 napagent - ok
01:41:52.0115 2244 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
01:41:52.0126 2244 NativeWifiP - ok
01:41:52.0270 2244 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
01:41:52.0283 2244 NDIS - ok
01:41:52.0311 2244 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
01:41:52.0321 2244 NdisCap - ok
01:41:52.0342 2244 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
01:41:52.0344 2244 NdisTapi - ok
01:41:52.0374 2244 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
01:41:52.0376 2244 Ndisuio - ok
01:41:52.0439 2244 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
01:41:52.0454 2244 NdisWan - ok
01:41:52.0490 2244 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
01:41:52.0492 2244 NDProxy - ok
01:41:52.0526 2244 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
01:41:52.0528 2244 NetBIOS - ok
01:41:52.0628 2244 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
01:41:52.0641 2244 NetBT - ok
01:41:52.0676 2244 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
01:41:52.0677 2244 Netlogon - ok
01:41:52.0780 2244 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
01:41:52.0793 2244 Netman - ok
01:41:52.0843 2244 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
01:41:52.0856 2244 netprofm - ok
01:41:52.0926 2244 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
01:41:52.0933 2244 NetTcpPortSharing - ok
01:41:52.0955 2244 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
01:41:52.0957 2244 nfrd960 - ok
01:41:53.0045 2244 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
01:41:53.0058 2244 NlaSvc - ok
01:41:53.0093 2244 nlscc (40777bd92d73a8ff3b252e4f4881e672) C:\Windows\system32\nlsInterface.exe
01:41:53.0132 2244 nlscc - ok
01:41:53.0267 2244 nlsX86cc (b1ef4686961986dffb7fe8f18e6fcb5b) C:\Windows\SysWOW64\nlssrv32.exe
01:41:53.0279 2244 nlsX86cc - ok
01:41:53.0332 2244 NPF (3ceee0be85d24d911b9c02714817774c) C:\Windows\system32\drivers\npf.sys
01:41:53.0333 2244 NPF - ok
01:41:53.0357 2244 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
01:41:53.0365 2244 Npfs - ok
01:41:53.0388 2244 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
01:41:53.0390 2244 nsi - ok
01:41:53.0407 2244 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
01:41:53.0408 2244 nsiproxy - ok
01:41:53.0576 2244 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
01:41:53.0608 2244 Ntfs - ok
01:41:53.0692 2244 nTuneService - ok
01:41:53.0856 2244 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
01:41:53.0858 2244 Null - ok
01:41:53.0913 2244 nusb3hub (a7127e86f9ffe2a53e271b56b2c4cedf) C:\Windows\system32\DRIVERS\nusb3hub.sys
01:41:53.0923 2244 nusb3hub - ok
01:41:53.0983 2244 nusb3xhc (49bbec6f48d5f9284b03abf3a959b19b) C:\Windows\system32\DRIVERS\nusb3xhc.sys
01:41:53.0992 2244 nusb3xhc - ok
01:41:54.0095 2244 NVHDA (10204955027011e08a9dc27737a48a54) C:\Windows\system32\drivers\nvhda64v.sys
01:41:54.0107 2244 NVHDA - ok
01:41:54.0830 2244 nvlddmkm (b15258b1f45f9571758ac6bb2f043b01) C:\Windows\system32\DRIVERS\nvlddmkm.sys
01:41:54.0955 2244 nvlddmkm - ok
01:41:55.0099 2244 nvoclk64 (8c1d181480796d7d3366a9381fd7782d) C:\Windows\system32\DRIVERS\nvoclk64.sys
01:41:55.0102 2244 nvoclk64 - ok
01:41:55.0166 2244 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
01:41:55.0176 2244 nvraid - ok
01:41:55.0264 2244 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
01:41:55.0279 2244 nvstor - ok
01:41:55.0399 2244 nvsvc (2d7092fec9bd2aca199673bba2ba9277) C:\Windows\system32\nvvsvc.exe
01:41:55.0431 2244 nvsvc - ok
01:41:55.0681 2244 nvUpdatusService (7e22de30e222bfdfcec7e77032baf3cd) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
01:41:55.0709 2244 nvUpdatusService - ok
01:41:55.0900 2244 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
01:41:55.0906 2244 nv_agp - ok
01:41:56.0059 2244 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
01:41:56.0072 2244 odserv - ok
01:41:56.0108 2244 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
01:41:56.0112 2244 ohci1394 - ok
01:41:56.0158 2244 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
01:41:56.0169 2244 ose - ok
01:41:56.0262 2244 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
01:41:56.0277 2244 p2pimsvc - ok
01:41:56.0355 2244 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
01:41:56.0369 2244 p2psvc - ok
01:41:56.0470 2244 PAC7302 (d61b764b27bf05cccadcc5e1e7b73a21) C:\Windows\system32\DRIVERS\PAC7302.SYS
01:41:56.0511 2244 PAC7302 - ok
01:41:56.0648 2244 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
01:41:56.0651 2244 Parport - ok
01:41:56.0694 2244 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
01:41:56.0705 2244 partmgr - ok
01:41:56.0743 2244 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
01:41:56.0756 2244 PcaSvc - ok
01:41:56.0811 2244 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
01:41:56.0817 2244 pci - ok
01:41:56.0829 2244 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
01:41:56.0830 2244 pciide - ok
01:41:56.0913 2244 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
01:41:56.0926 2244 pcmcia - ok
01:41:56.0952 2244 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
01:41:56.0956 2244 pcw - ok
01:41:57.0024 2244 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
01:41:57.0039 2244 PEAUTH - ok
01:41:57.0159 2244 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
01:41:57.0179 2244 PeerDistSvc - ok
01:41:57.0258 2244 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
01:41:57.0260 2244 PerfHost - ok
01:41:57.0356 2244 PIEUsb (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\Drivers\usbscan.sys
01:41:57.0358 2244 PIEUsb - ok
01:41:57.0502 2244 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
01:41:57.0520 2244 pla - ok
01:41:57.0596 2244 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
01:41:57.0611 2244 PlugPlay - ok
01:41:57.0622 2244 PnkBstrA - ok
01:41:57.0649 2244 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
01:41:57.0652 2244 PNRPAutoReg - ok
01:41:57.0718 2244 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
01:41:57.0721 2244 PNRPsvc - ok
01:41:57.0785 2244 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
01:41:57.0797 2244 PolicyAgent - ok
01:41:57.0840 2244 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
01:41:57.0851 2244 Power - ok
01:41:57.0948 2244 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
01:41:57.0953 2244 PptpMiniport - ok
01:41:57.0981 2244 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
01:41:57.0989 2244 Processor - ok
01:41:58.0057 2244 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
01:41:58.0068 2244 ProfSvc - ok
01:41:58.0100 2244 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
01:41:58.0101 2244 ProtectedStorage - ok
01:41:58.0231 2244 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
01:41:58.0241 2244 Psched - ok
01:41:58.0339 2244 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
01:41:58.0360 2244 ql2300 - ok
01:41:58.0551 2244 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
01:41:58.0561 2244 ql40xx - ok
01:41:58.0626 2244 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
01:41:58.0636 2244 QWAVE - ok
01:41:58.0657 2244 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
01:41:58.0659 2244 QWAVEdrv - ok
01:41:58.0780 2244 RaIPSrv (6682cacab437fe88be1e855f82507d74) C:\Program Files (x86)\Ralink\Common\RaIPSrv.exe
01:41:58.0789 2244 RaIPSrv - ok
01:41:58.0837 2244 RalinkRegistryWriter (e155e09229624c69a1a6609c0cb3641f) C:\Program Files (x86)\Ralink\Common\RaRegistry.exe
01:41:58.0846 2244 RalinkRegistryWriter - ok
01:41:58.0891 2244 RalinkRegistryWriter64 (42a952ca5f9de8fcec25307b19570bb9) C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe
01:41:58.0897 2244 RalinkRegistryWriter64 - ok
01:41:58.0911 2244 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
01:41:58.0913 2244 RasAcd - ok
01:41:58.0949 2244 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
01:41:58.0953 2244 RasAgileVpn - ok
01:41:58.0983 2244 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
01:41:58.0998 2244 RasAuto - ok
01:41:59.0065 2244 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
01:41:59.0075 2244 Rasl2tp - ok
01:41:59.0136 2244 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
01:41:59.0148 2244 RasMan - ok
01:41:59.0173 2244 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
01:41:59.0175 2244 RasPppoe - ok
01:41:59.0204 2244 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
01:41:59.0207 2244 RasSstp - ok
01:41:59.0280 2244 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
01:41:59.0302 2244 rdbss - ok
01:41:59.0326 2244 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
01:41:59.0328 2244 rdpbus - ok
01:41:59.0340 2244 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
01:41:59.0341 2244 RDPCDD - ok
01:41:59.0413 2244 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
01:41:59.0423 2244 RDPDR - ok
01:41:59.0448 2244 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
01:41:59.0449 2244 RDPENCDD - ok
01:41:59.0454 2244 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
01:41:59.0455 2244 RDPREFMP - ok
01:41:59.0552 2244 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
01:41:59.0609 2244 RDPWD - ok
01:41:59.0687 2244 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
01:41:59.0700 2244 rdyboost - ok
01:41:59.0744 2244 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
01:41:59.0751 2244 RemoteAccess - ok
01:41:59.0783 2244 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
01:41:59.0802 2244 RemoteRegistry - ok
01:41:59.0868 2244 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
01:41:59.0874 2244 RFCOMM - ok
01:41:59.0973 2244 rpcapd (e51a8d02b4bd33eba1f7a5b76c3766ed) C:\Program Files (x86)\WinPcap\rpcapd.exe
01:41:59.0993 2244 rpcapd - ok
01:42:00.0020 2244 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
01:42:00.0026 2244 RpcEptMapper - ok
01:42:00.0045 2244 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
01:42:00.0048 2244 RpcLocator - ok
01:42:00.0134 2244 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
01:42:00.0137 2244 RpcSs - ok
01:42:00.0170 2244 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
01:42:00.0182 2244 rspndr - ok
01:42:00.0222 2244 RTL8167 (abcb5a38a0d85bdf69b7877e1ad1eed5) C:\Windows\system32\DRIVERS\Rt64win7.sys
01:42:00.0232 2244 RTL8167 - ok
01:42:00.0254 2244 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
01:42:00.0256 2244 s3cap - ok
01:42:00.0435 2244 SacNetAgentService_C57C4F854F53 (4e548fc2c427455836b37a7c7d9923db) C:\ProgramData\OfficeGuardianV2N\Reminder\SacNetAgent.exe
01:42:00.0447 2244 SacNetAgentService_C57C4F854F53 - ok
01:42:00.0485 2244 SaiMini (793c2c61357a38351aceee5df12e56b5) C:\Windows\system32\DRIVERS\SaiMini.sys
01:42:00.0487 2244 SaiMini - ok
01:42:00.0536 2244 SaiNtBus (432284f4bdd98073c5d1b657c3855c0f) C:\Windows\system32\drivers\SaiBus.sys
01:42:00.0542 2244 SaiNtBus - ok
01:42:00.0582 2244 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
01:42:00.0583 2244 SamSs - ok
01:42:00.0697 2244 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
01:42:00.0699 2244 sbp2port - ok
01:42:00.0712 2244 SBRE - ok
01:42:00.0769 2244 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
01:42:00.0778 2244 SCardSvr - ok
01:42:00.0818 2244 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
01:42:00.0823 2244 scfilter - ok
01:42:00.0930 2244 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
01:42:00.0949 2244 Schedule - ok
01:42:01.0015 2244 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
01:42:01.0016 2244 SCPolicySvc - ok
01:42:01.0061 2244 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
01:42:01.0073 2244 SDRSVC - ok
01:42:01.0123 2244 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
01:42:01.0128 2244 secdrv - ok
01:42:01.0161 2244 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
01:42:01.0163 2244 seclogon - ok
01:42:01.0189 2244 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
01:42:01.0191 2244 SENS - ok
01:42:01.0201 2244 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
01:42:01.0203 2244 SensrSvc - ok
01:42:01.0253 2244 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
01:42:01.0267 2244 Serenum - ok
01:42:01.0297 2244 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
01:42:01.0301 2244 Serial - ok
01:42:01.0340 2244 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
01:42:01.0348 2244 sermouse - ok
01:42:01.0401 2244 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
01:42:01.0413 2244 SessionEnv - ok
01:42:01.0442 2244 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
01:42:01.0444 2244 sffdisk - ok
01:42:01.0464 2244 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
01:42:01.0466 2244 sffp_mmc - ok
01:42:01.0469 2244 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
01:42:01.0470 2244 sffp_sd - ok
01:42:01.0481 2244 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
01:42:01.0482 2244 sfloppy - ok
01:42:01.0572 2244 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
01:42:01.0584 2244 SharedAccess - ok
01:42:01.0649 2244 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
01:42:01.0662 2244 ShellHWDetection - ok
01:42:01.0688 2244 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
01:42:01.0696 2244 SiSRaid2 - ok
01:42:01.0714 2244 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
01:42:01.0722 2244 SiSRaid4 - ok
01:42:01.0875 2244 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe
01:42:01.0886 2244 SkypeUpdate - ok
01:42:01.0963 2244 Smart TimeLock (101556f6216e97f1258d87c38203695f) C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe
01:42:01.0974 2244 Smart TimeLock - ok
01:42:02.0012 2244 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
01:42:02.0014 2244 Smb - ok
01:42:02.0093 2244 SNMP (ca62ae004e98374bf7f082cd765eea02) C:\Windows\System32\snmp.exe
01:42:02.0095 2244 SNMP - ok
01:42:02.0131 2244 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
01:42:02.0133 2244 SNMPTRAP - ok
01:42:02.0148 2244 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
01:42:02.0149 2244 spldr - ok
01:42:02.0218 2244 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
01:42:02.0232 2244 Spooler - ok
01:42:02.0457 2244 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
01:42:02.0499 2244 sppsvc - ok
01:42:02.0742 2244 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
01:42:02.0751 2244 sppuinotify - ok
01:42:02.0896 2244 sptd (602884696850c86434530790b110e8eb) C:\Windows\System32\Drivers\sptd.sys
01:42:02.0995 2244 sptd - ok
01:42:03.0046 2244 Spyder2 (b9413b99dbb704e0f5824775a1118cc7) C:\Windows\system32\DRIVERS\Spyder2.sys
01:42:03.0047 2244 Spyder2 - ok
01:42:03.0112 2244 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
01:42:03.0126 2244 srv - ok
01:42:03.0185 2244 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
01:42:03.0203 2244 srv2 - ok
01:42:03.0283 2244 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
01:42:03.0293 2244 srvnet - ok
01:42:03.0335 2244 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
01:42:03.0348 2244 SSDPSRV - ok
01:42:03.0370 2244 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
01:42:03.0372 2244 SstpSvc - ok
01:42:03.0425 2244 Steam Client Service - ok
01:42:03.0434 2244 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
01:42:03.0435 2244 stexstor - ok
01:42:03.0473 2244 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
01:42:03.0474 2244 StillCam - ok
01:42:03.0604 2244 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
01:42:03.0620 2244 stisvc - ok
01:42:03.0653 2244 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
01:42:03.0659 2244 storflt - ok
01:42:03.0688 2244 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
01:42:03.0690 2244 StorSvc - ok
01:42:03.0712 2244 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
01:42:03.0718 2244 storvsc - ok
01:42:03.0758 2244 subvgaproduct64 (9b7d9de6aeefc92ce5267e8bba425620) C:\Windows\system32\DRIVERS\subvga64.sys
01:42:03.0760 2244 subvgaproduct64 - ok
01:42:03.0810 2244 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
01:42:03.0823 2244 swenum - ok
01:42:04.0170 2244 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
01:42:04.0223 2244 SwitchBoard - ok
01:42:04.0321 2244 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
01:42:04.0334 2244 swprv - ok
01:42:04.0488 2244 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
01:42:04.0517 2244 SysMain - ok
01:42:04.0761 2244 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
01:42:04.0773 2244 TabletInputService - ok
01:42:04.0842 2244 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
01:42:04.0853 2244 TapiSrv - ok
01:42:04.0875 2244 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
01:42:04.0885 2244 TBS - ok
01:42:05.0067 2244 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
01:42:05.0093 2244 Tcpip - ok
01:42:05.0377 2244 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
01:42:05.0385 2244 TCPIP6 - ok
01:42:05.0547 2244 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
01:42:05.0554 2244 tcpipreg - ok
01:42:05.0572 2244 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
01:42:05.0574 2244 TDPIPE - ok
01:42:05.0615 2244 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
01:42:05.0621 2244 TDTCP - ok
01:42:05.0708 2244 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
01:42:05.0724 2244 tdx - ok
01:42:05.0760 2244 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
01:42:05.0771 2244 TermDD - ok
01:42:05.0866 2244 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
01:42:05.0883 2244 TermService - ok
01:42:05.0905 2244 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
01:42:05.0908 2244 Themes - ok
01:42:05.0933 2244 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
01:42:05.0935 2244 THREADORDER - ok
01:42:05.0946 2244 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
01:42:05.0967 2244 TrkWks - ok
01:42:06.0063 2244 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
01:42:06.0068 2244 TrustedInstaller - ok
01:42:06.0099 2244 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
01:42:06.0102 2244 tssecsrv - ok
01:42:06.0157 2244 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
01:42:06.0162 2244 TsUsbFlt - ok
01:42:06.0236 2244 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
01:42:06.0246 2244 tunnel - ok
01:42:06.0272 2244 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
01:42:06.0274 2244 uagp35 - ok
01:42:06.0365 2244 ubloxusb (bd9442ecebd3ba06eb99d0816a7ecd16) C:\Windows\system32\DRIVERS\ubloxusb.sys
01:42:06.0371 2244 ubloxusb - ok
01:42:06.0452 2244 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
01:42:06.0460 2244 udfs - ok
01:42:06.0483 2244 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
01:42:06.0486 2244 UI0Detect - ok
01:42:06.0535 2244 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
01:42:06.0544 2244 uliagpkx - ok
01:42:06.0770 2244 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
01:42:06.0789 2244 umbus - ok
01:42:06.0835 2244 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
01:42:06.0837 2244 UmPass - ok
01:42:07.0051 2244 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
01:42:07.0066 2244 UmRdpService - ok
01:42:07.0155 2244 UpdateCenterService - ok
01:42:07.0382 2244 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
01:42:07.0405 2244 upnphost - ok
01:42:07.0529 2244 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
01:42:07.0536 2244 USBAAPL64 - ok
01:42:07.0648 2244 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
01:42:07.0658 2244 usbaudio - ok
01:42:07.0726 2244 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
01:42:07.0732 2244 usbccgp - ok
01:42:07.0780 2244 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
01:42:07.0787 2244 usbcir - ok
01:42:07.0830 2244 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
01:42:07.0834 2244 usbehci - ok
01:42:07.0862 2244 usbezdisplay64 (701de703ed4c98dcda396d393b9c1abd) C:\Windows\system32\drivers\usbezdisplay64.sys
01:42:07.0864 2244 usbezdisplay64 - ok
01:42:07.0985 2244 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
01:42:07.0996 2244 usbhub - ok
01:42:08.0012 2244 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
01:42:08.0014 2244 usbohci - ok
01:42:08.0033 2244 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
01:42:08.0040 2244 usbprint - ok
01:42:08.0067 2244 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
01:42:08.0068 2244 usbscan - ok
01:42:08.0103 2244 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
01:42:08.0111 2244 USBSTOR - ok
01:42:08.0133 2244 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
01:42:08.0139 2244 usbuhci - ok
01:42:08.0226 2244 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
01:42:08.0240 2244 usbvideo - ok
01:42:08.0261 2244 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
01:42:08.0264 2244 UxSms - ok
01:42:08.0295 2244 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
01:42:08.0296 2244 VaultSvc - ok
01:42:08.0326 2244 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
01:42:08.0328 2244 vdrvroot - ok
01:42:08.0398 2244 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
01:42:08.0414 2244 vds - ok
01:42:08.0445 2244 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
01:42:08.0447 2244 vga - ok
01:42:08.0502 2244 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
01:42:08.0518 2244 VgaSave - ok
01:42:08.0662 2244 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
01:42:08.0683 2244 vhdmp - ok
01:42:08.0727 2244 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
01:42:08.0733 2244 viaide - ok
01:42:08.0815 2244 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
01:42:08.0824 2244 vmbus - ok
01:42:08.0841 2244 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
01:42:08.0843 2244 VMBusHID - ok
01:42:08.0883 2244 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
01:42:08.0897 2244 volmgr - ok
01:42:08.0977 2244 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
01:42:08.0986 2244 volmgrx - ok
01:42:09.0089 2244 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
01:42:09.0100 2244 volsnap - ok
01:42:09.0150 2244 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
01:42:09.0162 2244 vsmraid - ok
01:42:09.0327 2244 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
01:42:09.0349 2244 VSS - ok
01:42:09.0587 2244 vToolbarUpdater11.1.0 (5fa45791413acce628d5361458f32dde) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
01:42:09.0605 2244 vToolbarUpdater11.1.0 - ok
01:42:09.0720 2244 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
01:42:09.0721 2244 vwifibus - ok
01:42:09.0747 2244 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
01:42:09.0753 2244 vwififlt - ok
01:42:09.0933 2244 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
01:42:09.0951 2244 W32Time - ok
01:42:09.0985 2244 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
01:42:09.0987 2244 WacomPen - ok
01:42:10.0078 2244 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
01:42:10.0094 2244 WANARP - ok
01:42:10.0127 2244 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
01:42:10.0128 2244 Wanarpv6 - ok
01:42:10.0344 2244 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
01:42:10.0364 2244 WatAdminSvc - ok
01:42:10.0524 2244 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
01:42:10.0544 2244 wbengine - ok
01:42:10.0720 2244 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
01:42:10.0742 2244 WbioSrvc - ok
01:42:10.0825 2244 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
01:42:10.0836 2244 wcncsvc - ok
01:42:10.0850 2244 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
01:42:10.0854 2244 WcsPlugInService - ok
01:42:10.0897 2244 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
01:42:10.0906 2244 Wd - ok
01:42:10.0968 2244 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
01:42:10.0983 2244 Wdf01000 - ok
01:42:11.0052 2244 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
01:42:11.0065 2244 WdiServiceHost - ok
01:42:11.0067 2244 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
01:42:11.0070 2244 WdiSystemHost - ok
01:42:11.0115 2244 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
01:42:11.0128 2244 WebClient - ok
01:42:11.0170 2244 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
01:42:11.0183 2244 Wecsvc - ok
01:42:11.0201 2244 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
01:42:11.0212 2244 wercplsupport - ok
01:42:11.0233 2244 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
01:42:11.0245 2244 WerSvc - ok
01:42:11.0321 2244 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
01:42:11.0322 2244 WfpLwf - ok
01:42:11.0336 2244 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
01:42:11.0338 2244 WIMMount - ok
01:42:11.0380 2244 WinDefend - ok
01:42:11.0383 2244 WinHttpAutoProxySvc - ok
01:42:11.0444 2244 WINIO - ok
01:42:11.0493 2244 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
01:42:11.0504 2244 Winmgmt - ok
01:42:11.0658 2244 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
01:42:11.0692 2244 WinRM - ok
01:42:11.0888 2244 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
01:42:11.0890 2244 WinUsb - ok
01:42:11.0973 2244 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
01:42:11.0990 2244 Wlansvc - ok
01:42:12.0113 2244 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
01:42:12.0123 2244 wlcrasvc - ok
01:42:12.0338 2244 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
01:42:12.0374 2244 wlidsvc - ok
01:42:12.0501 2244 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
01:42:12.0503 2244 WmiAcpi - ok
01:42:12.0648 2244 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
01:42:12.0659 2244 wmiApSrv - ok
01:42:12.0699 2244 WMPNetworkSvc - ok
01:42:12.0866 2244 WMZuneComm (83b6ca03c846fcd47f9883d77d1eb27b) C:\Program Files\Zune\WMZuneComm.exe
01:42:12.0906 2244 WMZuneComm - ok
01:42:12.0959 2244 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
01:42:12.0962 2244 WPCSvc - ok
01:42:13.0026 2244 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
01:42:13.0039 2244 WPDBusEnum - ok
01:42:13.0065 2244 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
01:42:13.0075 2244 ws2ifsl - ok
01:42:13.0107 2244 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
01:42:13.0118 2244 wscsvc - ok
01:42:13.0143 2244 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
01:42:13.0145 2244 WSDPrintDevice - ok
01:42:13.0147 2244 WSearch - ok
01:42:13.0342 2244 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
01:42:13.0377 2244 wuauserv - ok
01:42:13.0581 2244 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
01:42:13.0590 2244 WudfPf - ok
01:42:13.0623 2244 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
01:42:13.0629 2244 WUDFRd - ok
01:42:13.0679 2244 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
01:42:13.0685 2244 wudfsvc - ok
01:42:13.0790 2244 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
01:42:13.0802 2244 WwanSvc - ok
01:42:14.0355 2244 ZuneNetworkSvc (67b787c34fb2888d01b130ae007042d8) C:\Program Files\Zune\ZuneNss.exe
01:42:14.0432 2244 ZuneNetworkSvc - ok
01:42:14.0599 2244 ZuneWlanCfgSvc (4d89fc1c20cf655739efac5da81a67bc) C:\Program Files\Zune\ZuneWlanCfgSvc.exe
01:42:14.0625 2244 ZuneWlanCfgSvc - ok
01:42:14.0657 2244 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
01:42:14.0905 2244 \Device\Harddisk0\DR0 - ok
01:42:14.0908 2244 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
01:42:14.0910 2244 \Device\Harddisk1\DR1 - ok
01:42:18.0655 2244 MBR (0x1B8) (6b3d04169d68d097543d419496096f8a) \Device\Harddisk6\DR6
01:42:18.0709 2244 \Device\Harddisk6\DR6 - ok
01:42:18.0714 2244 MBR (0x1B8) (7f47b0ef55e0f28a25efd9aa5e21389b) \Device\Harddisk7\DR7
01:42:20.0007 2244 \Device\Harddisk7\DR7 - ok
01:42:20.0016 2244 Boot (0x1200) (b7a534d69f7f1809e20972346bb0c00b) \Device\Harddisk0\DR0\Partition0
01:42:20.0018 2244 \Device\Harddisk0\DR0\Partition0 - ok
01:42:20.0027 2244 Boot (0x1200) (0bf2932756ac7789a289bf05930ead89) \Device\Harddisk0\DR0\Partition1
01:42:20.0028 2244 \Device\Harddisk0\DR0\Partition1 - ok
01:42:20.0031 2244 Boot (0x1200) (20c5910d5dce4437a61fd04288f81bc9) \Device\Harddisk1\DR1\Partition0
01:42:20.0033 2244 \Device\Harddisk1\DR1\Partition0 - ok
01:42:20.0035 2244 Boot (0x1200) (80bac01950b95f702c3be2b05c98ae78) \Device\Harddisk6\DR6\Partition0
01:42:20.0037 2244 \Device\Harddisk6\DR6\Partition0 - ok
01:42:20.0038 2244 ============================================================
01:42:20.0038 2244 Scan finished
01:42:20.0038 2244 ============================================================
01:42:20.0046 10300 Detected object count: 0
01:42:20.0046 10300 Actual detected object count: 0



swMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-08 01:44:40
-----------------------------
01:44:40.787 OS Version: Windows x64 6.1.7601 Service Pack 1
01:44:40.787 Number of processors: 8 586 0x1A05
01:44:40.787 ComputerName: LIQUID2 UserName: Scott
01:44:43.554 Initialize success
01:45:31.779 AVAST engine defs: 12070701
01:45:37.461 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
01:45:37.463 Disk 0 Vendor: Intel___ 1.0. Size: 715418MB BusType: 8
01:45:37.474 Disk 0 MBR read successfully
01:45:37.476 Disk 0 MBR scan
01:45:37.479 Disk 0 Windows 7 default MBR code
01:45:37.486 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
01:45:37.497 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 715316 MB offset 206848
01:45:37.524 Disk 0 scanning C:\Windows\system32\drivers
01:45:52.403 Service scanning
01:46:32.501 Modules scanning
01:46:32.507 Disk 0 trace - called modules:
01:46:32.516 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStorV.sys hal.dll
01:46:32.519 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800b9a5790]
01:46:32.522 3 CLASSPNP.SYS[fffff8800181743f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0xfffffa800b372050]
01:46:35.487 AVAST engine scan C:\Windows
01:46:40.910 AVAST engine scan C:\Windows\system32
01:51:43.986 AVAST engine scan C:\Windows\system32\drivers
01:52:11.512 AVAST engine scan C:\Users\Scott
03:30:51.706 AVAST engine scan C:\ProgramData
04:14:11.750 Scan finished successfully
11:58:12.963 Disk 0 MBR has been saved successfully to "C:\Users\Scott\Desktop\MBR.dat"
11:58:12.969 The log file has been saved successfully to "C:\Users\Scott\Desktop\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:43 PM

Posted 08 July 2012 - 05:58 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:43 PM

Posted 11 July 2012 - 12:13 AM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 Scott Calkins

Scott Calkins
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:43 PM

Posted 11 July 2012 - 01:43 AM

Just confirmed I am still seeing redirects on chrome. About one in five times I open a link, a second tab opens at same time to a junk site. It is not any one site that it happens with.

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:43 PM

Posted 11 July 2012 - 02:31 AM

Greetings


After you send me the last report from combofix I want you to uninstall chrome and if asked about user data or settings I want you to remove that also


RESTART the computer and reinstall chrome



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 Scott Calkins

Scott Calkins
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:43 PM

Posted 11 July 2012 - 02:36 PM

Sorry , forgot about the log. I will de-install of chrome tonight after work.

ComboFix 12-07-08.01 - Scott 07/08/2012 23:30:29.2.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.12286.5193 [GMT -7:00]
Running from: C:\Users\Scott\Desktop\ComboFix.exe
Command switches used :: C:\Users\Scott\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


((((((((((((((((((((((((( Files Created from 2012-06-09 to 2012-07-09 )))))))))))))))))))))))))))))))


2012-07-09 06:38:34 . 2012-07-09 06:38:34 -------- d-----w- C:\Users\UpdatusUser\AppData\Local\temp
2012-07-09 06:38:34 . 2012-07-09 06:38:34 -------- d-----w- C:\Users\Default\AppData\Local\temp
2012-07-08 19:52:15 . 2012-07-08 19:53:52 -------- d-----w- C:\Users\Scott\AppData\Roaming\calibre
2012-07-08 19:51:44 . 2012-07-08 19:51:56 -------- d-----w- C:\Program Files (x86)\Calibre2
2012-07-07 09:34:24 . 2012-07-07 09:34:27 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{84B0F89E-2124-4BAD-B6D9-EDA9ACC3146F}\offreg.dll
2012-07-07 00:50:07 . 2012-06-18 10:12:50 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{84B0F89E-2124-4BAD-B6D9-EDA9ACC3146F}\mpengine.dll
2012-07-06 19:34:08 . 2012-07-06 19:34:08 -------- d-----w- C:\ProgramData\GFI Software
2012-07-05 19:54:45 . 2012-07-05 19:54:45 -------- d-----w- C:\Users\Scott\AppData\Local\Macromedia
2012-07-05 07:10:16 . 2012-07-05 07:10:16 53248 ----a-r- C:\Users\Scott\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-07-05 07:10:02 . 2012-07-05 07:10:02 -------- d-----w- C:\Users\Scott\AppData\Local\Logishrd
2012-07-05 07:03:53 . 2012-07-05 07:04:11 -------- d-----w- C:\Program Files\Logitech
2012-07-04 19:45:39 . 2012-07-04 19:45:39 -------- d-----w- C:\Users\Scott\AppData\Local\adaware
2012-07-04 19:45:35 . 2012-07-04 19:45:38 -------- d-----w- C:\ProgramData\Ad-Aware Browsing Protection
2012-07-04 19:43:59 . 2012-07-06 19:34:19 -------- d-----w- C:\Program Files (x86)\Ad-Aware Antivirus
2012-07-04 19:43:59 . 2012-07-04 19:43:59 -------- d-----w- C:\ProgramData\Lavasoft
2012-07-04 19:37:05 . 2012-07-05 19:52:38 -------- d-----w- C:\Users\Scott\AppData\Roaming\Ad-Aware Antivirus
2012-07-04 19:34:43 . 2012-07-06 19:40:27 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-07-04 19:34:43 . 2012-07-06 19:40:26 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-07-02 19:34:28 . 2012-07-02 19:34:28 -------- d-----w- C:\Program Files (x86)\Common Files\xing shared
2012-07-02 19:33:58 . 2012-07-02 19:33:58 129176 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
2012-06-28 19:13:44 . 2012-06-28 19:13:44 -------- d-----w- C:\Users\Scott\AppData\Roaming\Awesomium
2012-06-23 03:21:05 . 2012-06-23 03:21:05 9815752 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-06-21 10:28:57 . 2012-06-02 22:19:43 2428952 ----a-w- C:\Windows\system32\wuaueng.dll
2012-06-21 10:28:57 . 2012-06-02 22:19:42 57880 ----a-w- C:\Windows\system32\wuauclt.exe
2012-06-21 10:28:57 . 2012-06-02 22:19:42 44056 ----a-w- C:\Windows\system32\wups2.dll
2012-06-21 10:28:57 . 2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\system32\wucltux.dll
2012-06-21 10:28:10 . 2012-06-02 22:19:46 38424 ----a-w- C:\Windows\system32\wups.dll
2012-06-21 10:28:10 . 2012-06-02 22:19:23 701976 ----a-w- C:\Windows\system32\wuapi.dll
2012-06-21 10:28:10 . 2012-06-02 22:15:08 99840 ----a-w- C:\Windows\system32\wudriver.dll
2012-06-21 10:27:38 . 2012-06-02 22:19:42 186752 ----a-w- C:\Windows\system32\wuwebv.dll
2012-06-21 10:27:38 . 2012-06-02 22:15:12 36864 ----a-w- C:\Windows\system32\wuapp.exe
2012-06-13 19:05:51 . 2012-06-23 03:21:10 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-13 19:05:42 . 2012-06-13 19:05:42 -------- d-----w- C:\Users\Scott\AppData\Local\AVG Secure Search
2012-06-13 07:32:41 . 2012-06-13 07:32:41 -------- d-----w- C:\Program Files\iPod
2012-06-13 07:32:40 . 2012-06-13 07:33:53 -------- d-----w- C:\Program Files\iTunes
2012-06-13 02:07:21 . 2012-04-26 05:41:55 149504 ----a-w- C:\Windows\system32\rdpcorekmts.dll
2012-06-13 02:07:20 . 2012-04-26 05:41:56 77312 ----a-w- C:\Windows\system32\rdpwsx.dll
2012-06-13 02:07:20 . 2012-04-26 05:34:27 9216 ----a-w- C:\Windows\system32\rdrmemptylst.exe
2012-06-13 02:06:48 . 2012-05-01 05:40:20 209920 ----a-w- C:\Windows\system32\profsvc.dll
2012-06-13 02:06:42 . 2012-04-28 03:55:21 210944 ----a-w- C:\Windows\system32\drivers\rdpwd.sys
2012-06-13 02:06:36 . 2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\system32\win32k.sys
2012-06-13 02:06:28 . 2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\system32\ntoskrnl.exe
2012-06-13 02:06:24 . 2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-06-13 02:06:23 . 2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-06-13 02:06:15 . 2012-04-07 12:31:40 3216384 ----a-w- C:\Windows\system32\msi.dll
2012-06-13 02:06:15 . 2012-04-07 11:26:29 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2012-06-13 02:05:47 . 2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\system32\crypt32.dll
2012-06-13 02:05:46 . 2012-04-24 05:37:37 184320 ----a-w- C:\Windows\system32\cryptsvc.dll
2012-06-13 02:05:46 . 2012-04-24 05:37:37 140288 ----a-w- C:\Windows\system32\cryptnet.dll
2012-06-13 02:05:46 . 2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-06-13 02:05:46 . 2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-06-13 02:05:46 . 2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-06-12 19:30:37 . 2012-06-12 19:30:37 -------- d-----w- C:\Users\Scott\AppData\Local\Desura
2012-06-12 19:29:59 . 2012-06-12 19:29:59 -------- d-----w- C:\Program Files (x86)\Common Files\Desura
2012-06-12 19:29:00 . 2012-06-12 19:29:00 -------- d-----w- C:\ProgramData\Desura
2012-06-12 19:28:56 . 2012-06-18 18:41:08 -------- d-----w- C:\Program Files (x86)\Desura
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2012-07-09 06:26:47 . 2010-02-01 05:00:49 25640 ----a-w- C:\Windows\gdrv.sys
2012-07-05 07:08:19 . 2010-08-15 09:11:37 18960 ----a-w- C:\Windows\system32\drivers\LNonPnP.sys
2012-07-02 19:33:19 . 2011-12-03 19:32:00 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2012-07-02 19:33:19 . 2011-12-03 19:32:00 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2012-06-29 06:43:54 . 2010-04-14 20:53:32 283312 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-06-29 06:43:54 . 2010-04-14 20:43:45 283312 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-06-28 19:14:03 . 2010-04-14 20:43:45 283312 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-06-28 18:54:42 . 2010-04-14 20:43:40 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-06-23 03:21:10 . 2011-06-21 18:18:56 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-31 19:25:12 . 2010-02-01 06:29:54 279656 ------w- C:\Windows\system32\MpSigStub.exe
2012-05-11 21:46:06 . 2012-05-11 21:46:06 644400 ----a-w- C:\Windows\SysWow64\mscomct2.ocx
2010-03-06 08:07:08 . 2010-03-07 20:07:09 44 ---h--w- C:\Program Files (x86)\b31e8f6a.tmp


((((((((((((((((((((((((((((( SnapShot@2012-07-06_21.15.04 )))))))))))))))))))))))))))))))))))))))))

+ 2009-07-14 04:54:17 . 2012-07-08 10:27:14 32768 C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54:17 . 2012-07-06 20:00:32 32768 C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54:17 . 2012-07-06 20:00:32 32768 C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54:17 . 2012-07-08 10:27:14 32768 C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-02-25 18:34:20 . 2012-07-08 10:27:14 262144 C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2011-02-25 18:34:20 . 2012-07-06 20:00:32 262144 C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 04:54:17 . 2012-07-06 20:00:32 409600 C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54:17 . 2012-07-08 10:27:14 409600 C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 02:36:59 . 2012-07-04 19:41:29 624162 C:\Windows\system32\perfh009.dat
+ 2009-07-14 02:36:59 . 2012-07-08 19:44:25 624162 C:\Windows\system32\perfh009.dat
+ 2009-07-14 02:36:59 . 2012-07-08 19:44:25 106538 C:\Windows\system32\perfc009.dat
- 2009-07-14 02:36:59 . 2012-07-04 19:41:29 106538 C:\Windows\system32\perfc009.dat
+ 2009-07-14 04:46:26 . 2012-07-08 16:26:09 111296 C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-07-08 19:49:53 . 2012-07-08 19:49:53 48614928 C:\Windows\Installer\a46bfbe.msi

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-06-12 06:22:39 2068536 ----a-w- C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll" [2012-06-12 06:22:39 2068536]

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-17 14:15:22 221184]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2010-11-20 13:25:17 1475584]
"SacReminderHDDV2N"="C:\ProgramData\OfficeGuardianV2N\reminder\SacReminder.exe" [2010-11-18 09:05:07 862032]
"4C1D31FDF3597EACE1250555646D3F025973DBC4._service_run"="C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe" [2012-06-28 10:28:57 1250328]
"Wootalyzer"="C:\Program Files (x86)\Wootalyzer\woot.exe" [2009-03-26 02:52:26 374272]
"Amazon Cloud Drive"="C:\Users\Scott\AppData\Local\Amazon\Cloud Drive\AmazonCloudDrive.exe" [2012-05-24 23:40:32 424848]
"Desura"="C:\Program Files (x86)\Desura\desura.exe" [2012-06-12 19:29:28 2529096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 01:36:46 30040]
"ISUSScheduler"="C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 14:15:20 81920]
"AVG_TRAY"="C:\Program Files (x86)\AVG\AVG10\avgtray.exe" [2012-01-18 03:03:24 2339168]
"SwitchBoard"="C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 20:37:14 517096]
"AdobeCS5ServiceManager"="C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 05:10:47 402432]
"NUSB3MON"="C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 01:53:16 113288]
"EaseUs Watch"="C:\Program Files (x86)\EASEUS\Todo Backup 2.0\bin\EuWatch.exe" [2011-01-22 22:58:30 69000]
"DivXUpdate"="C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 23:08:12 1259376]
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 03:06:18 59280]
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe" [2011-10-24 21:28:52 421888]
"BrMfcWnd"="C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 23:46:10 1159168]
"ControlCenter3"="C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 17:26:54 114688]
"vProt"="C:\Program Files (x86)\AVG Secure Search\vprot.exe" [2012-06-12 06:22:40 1104440]
"ROC_roc_dec12"="C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-16 19:33:22 928096]
"Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 05:51:18 37296]
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 17:07:56 843712]
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 21:02:04 254696]
"USBestCR"="C:\Program Files (x86)\USIM Editor\iconcs144940201.exe" [2012-03-23 23:44:18 7377920]
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 02:33:22 421776]
"TkBellExe"="C:\Program Files (x86)\real\realplayer\update\realsched.exe" [2012-07-02 19:33:29 296096]
"Ad-Aware Browsing Protection"="C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 09:09:36 198032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"DES2"="C:\Program Files (x86)\Gigabyte\EnergySaver2\des2.exe" [2009-07-29 18:57:24 166440]

C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
startup helper.lnk - C:\Tnlenterprises\SentryVision\ControlPanel.exe [2011-11-26 27244544]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
ColorVisionStartup.lnk - C:\Program Files (x86)\ColorVision\Utility\ColorVisionStartup.exe [2007-2-13 385024]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync\0C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

R1 SBRE;SBRE;C:\Windows\system32\drivers\SBREdrv.sys [x]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2012-01-31 22:02:52 7391072]
R2 CFUACProxy_officeguardianv2n;CFUACProxy_officeguardianv2n;C:\ProgramData\OfficeGuardianV2N\UACProxy.exe [2010-11-18 09:05:11 83792]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 21:27:14 138576]
R2 cpuz135;cpuz135;C:\Windows\system32\drivers\cpuz135_x64.sys [x]
R2 EASEUS Agent;EASEUS Agent;C:\Program Files (x86)\EASEUS\Todo Backup 2.0\bin\Agent.exe [2011-01-22 22:58:30 55688]
R2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-04-06 18:56:52 136176]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [x]
R2 PIEUsb;Single Frame Film Scanner;C:\Windows\system32\Drivers\usbscan.sys [2009-07-14 00:35:32 41984]
R2 SacNetAgentService_C57C4F854F53;SacNetAgentService_C57C4F854F53;C:\ProgramData\OfficeGuardianV2N\Reminder\SacNetAgent.exe [2010-11-18 09:05:06 163664]
R2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-02-29 15:50:48 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 03:21:10 250056]
R3 androidusb;ADB Interface Driver;C:\Windows\system32\Drivers\androidusb.sys [2011-01-05 09:29:00 31744]
R3 AODDriver;AODDriver;C:\Program Files (x86)\Gigabyte\ET6\amd64\AODDriver.sys [x]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-11-10 13:17:31 167264]
R3 CTV1W;Cisco CTV1W Driver;C:\Windows\system32\DRIVERS\CTV1W.sys [2010-04-20 03:28:52 1118048]
R3 Desura Install Service;Desura Install Service;C:\Program Files (x86)\Common Files\Desura\desura_service.exe [2012-06-12 19:29:29 131912]
R3 etdrv;etdrv;C:\Windows\etdrv.sys [2010-02-06 21:55:20 25640]
R3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-04-06 18:56:52 136176]
R3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2010-02-11 01:44:21 30528]
R3 MHIKEY10;MHIKEY10;C:\Windows\system32\Drivers\MHIKEY10x64.sys [2010-04-09 18:24:48 59392]
R3 NPF;NetGroup Packet Filter Driver;C:\Windows\system32\drivers\npf.sys [2007-11-06 20:23:14 40464]
R3 Spyder2;ColorVision Spyder2;C:\Windows\system32\DRIVERS\Spyder2.sys [2007-01-17 21:32:00 15360]
R3 subvgaproduct64;subvgaproduct64;C:\Windows\system32\DRIVERS\subvga64.sys [2009-09-17 03:37:24 11880]
R3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 20:37:14 517096]
R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 11:07:05 59392]
R3 ubloxusb;ubloxusb;C:\Windows\system32\DRIVERS\ubloxusb.sys [2009-11-27 15:40:02 95232]
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys [2011-05-10 15:06:08 51712]
R3 usbezdisplay64;EZ USB;C:\Windows\system32\drivers\usbezdisplay64.sys [2009-09-26 02:26:26 31336]
R3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe [2010-05-18 10:00:39 1255736]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2011-08-05 19:53:12 306400]
R3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 00:39:20 23040]
R4 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [x]
R4 sptd;sptd;C:\Windows\System32\Drivers\sptd.sys [2010-10-27 09:19:31 834544]
R4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 01:10:10 57184]
S0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [2011-02-22 15:12:46 26704]
S0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys [2011-03-16 23:03:18 37456]
S0 EUBAKUP;EUBAKUP;C:\Windows\system32\drivers\eubakup.sys [2011-01-22 22:58:20 36232]
S0 EUFS;EUFS;C:\Windows\system32\drivers\eufs.sys [2011-01-22 22:58:24 26504]
S1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys [2011-01-07 13:41:44 304720]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys [2011-03-01 21:25:18 41552]
S1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys [2011-04-05 07:59:54 377936]
S1 EUDSKACS;EUDSKACS;C:\Windows\system32\drivers\eudskacs.sys [2011-01-22 22:58:22 17800]
S1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 00:07:22 59904]
S2 AfaService;Afa Card Reader Service;C:\Windows\system32\afasrv64.exe [x]
S2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2011-02-08 12:33:42 269520]
S2 DES2 Service;DES2 Service for Energy Saving.;C:\Program Files (x86)\Gigabyte\EnergySaver2\des2svr.exe [2009-06-17 23:13:06 68136]
S2 FlipShareServer;FlipShare Server;C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [2011-05-06 19:58:52 1085440]
S2 iPodDrv;iPodDrv;C:\Windows\system32\drivers\iPodDrv.sys [2011-03-10 02:29:18 14952]
S2 MediaMall Server;MediaMall Server;C:\Program Files (x86)\MediaMall\MediaMallServer.exe [2012-06-18 11:31:10 2976632]
S2 nlscc;Nalpeiron X64 Service;C:\Windows\system32\nlsInterface.exe [2010-05-31 10:36:22 72192]
S2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\nlssrv32.exe [2011-12-09 13:00:20 66560]
S2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 08:53:00 2253120]
S2 RaIPSrv;Ralink IP Service;C:\Program Files (x86)\Ralink\Common\RaIPSrv.exe [2009-10-20 02:55:54 70944]
S2 RalinkRegistryWriter64;Ralink Registry Writer 64;C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe [2009-07-15 04:53:00 211232]
S2 Smart TimeLock;Smart TimeLock Service;C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [2009-10-13 23:39:46 114688]
S2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe [2012-06-12 06:22:43 935480]
S3 ALSysIO;ALSysIO;C:\Users\Scott\AppData\Local\Temp\ALSysIO64.sys [x]
S3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-05-28 02:05:26 118864]
S3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-02-10 14:53:34 29264]
S3 EuDisk;EASEUS Disk Enumerator;C:\Windows\system32\DRIVERS\EuDisk.sys [2011-01-22 22:58:18 193416]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\system32\DRIVERS\LEqdUsb.Sys [2011-09-02 06:30:24 76056]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\system32\DRIVERS\LHidEqd.Sys [2011-09-02 06:30:24 15128]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys [2010-11-19 02:34:26 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys [2010-11-19 02:34:26 181248]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys [2011-07-07 23:21:28 174184]
S3 nvoclk64;NVIDIA Enthusiasts Platform KDM;C:\Windows\system32\DRIVERS\nvoclk64.sys [2009-09-15 20:59:30 42088]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-03-02 06:05:32 187392]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - 64695528
*NewlyCreated* - ALSYSIO
*NewlyCreated* - ASWMBR
*Deregistered* - 64695528
*Deregistered* - aswMBR

Contents of the 'Scheduled Tasks' folder

2012-07-09 C:\Windows\Tasks\Adobe Flash Player Updater.job
- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-13 19:05:52 . 2012-06-23 03:21:10]

2012-07-09 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-04-06 18:56:59 . 2010-04-06 18:56:52]

2012-07-09 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-04-06 18:56:59 . 2010-04-06 18:56:52]

2012-07-09 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2739247140-3825820621-3931732148-1001Core.job
- C:\Users\Scott\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-01 09:38:21 . 2010-02-01 09:38:20]

2012-07-09 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2739247140-3825820621-3931732148-1001UA.job
- C:\Users\Scott\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-01 09:38:21 . 2010-02-01 09:38:20]


--------- X64 Entries -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PAC7302_Monitor"="C:\Windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 18:01:16 319488]
"AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-02-02 01:59:24 446392]
"USBestCR"="C:\Program Files (x86)\USIM Editor\iconcs144940201.exe" [2012-03-23 23:44:18 7377920]
"Zune Launcher"="C:\Program Files\Zune\ZuneLauncher.exe" [2011-08-05 19:53:06 163552]
"EvtMgr6"="C:\Program Files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 09:38:38 1744152]

------- Supplementary Scan -------

uLocal Page = C:\Windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = C:\Windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{F67268A9-8370-4B3D-BA81-F0668881ED48}: NameServer = 8.8.8.8,8.8.4.4
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll
FF - ProfilePath - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\426e73pr.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.quantumlightphotography.com/|about:addons|chrome://fireftp/content/fireftp.xul
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B177206f0-0e5d-4da5-b770-4a18a1794f46%7D&mid=265186ebadebb2ec2a5477f5a2380a9e-cab87e7aeeccffd8fae1bcec151af9e4edd7bd93&ds=AVG&v=11.1.0.7&lang=us&pr=fr&d=2011-12-12%2009%3A25%3A35&sap=ku&q=

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:43 PM

Posted 11 July 2012 - 08:38 PM

how did it go with chrome?


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:43 PM

Posted 13 July 2012 - 11:42 PM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Scott Calkins

Scott Calkins
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:43 PM

Posted 14 July 2012 - 05:28 AM

Sorry, guess I didn't hit reply on last post. No redirects since I re-installed Chrome. Thanks for the help.

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:43 PM

Posted 14 July 2012 - 11:22 AM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Adobe Reader 9.5.0
Java™ 6 Update 31
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Scott Calkins

Scott Calkins
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:43 PM

Posted 14 July 2012 - 04:57 PM

Seems to be running faster now, and knock on wood no redirects. Here are the 2 logs.

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.14.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Scott :: LIQUID2 [administrator]

7/14/2012 2:44:56 PM
mbam-log-2012-07-14 (14-44-56).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 260829
Time elapsed: 7 minute(s), 29 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:53:47 PM, on 7/14/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Windows\PixArt\PAC7302\Monitor.exe
C:\ProgramData\OfficeGuardianV2N\Reminder\SacReminder.exe
C:\Program Files (x86)\Wootalyzer\woot.exe
C:\Users\Scott\AppData\Local\Amazon\Cloud Drive\AmazonCloudDrive.exe
C:\Tnlenterprises\SentryVision\ControlPanel.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Program Files (x86)\Discover\SOAN\DiscoverSOAN.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\EASEUS\Todo Backup 2.0\bin\EuWatch.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
C:\Users\Scott\AppData\Local\Amazon\Cloud Drive\jre\bin\javaw.exe
C:\Windows\SysWOW64\OBroker.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\real\realplayer\Update\realsched.exe
C:\Users\Scott\AppData\Local\Google\Update\1.3.21.115\GoogleCrashHandler.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
O2 - BHO: Secure Online Account Numbers Helper - {435EAA86-D32B-484F-869C-53745FCB1642} - C:\Program Files (x86)\Discover\SOAN\DiscoverSOANHelper.dll
O2 - BHO: dTPodcastBHO - {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Program Files (x86)\Common Files\doubleTwist\IEPodcastPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: Secure Online Account Numbers - {A8C7C2CA-6DFD-4E16-8458-592361564D38} - C:\Program Files (x86)\Discover\SOAN\DiscoverSOANToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Secure Online Account Numbers] C:\PROGRA~2\Discover\SOAN\DISCOV~1.EXE /dontopenmycards
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [EaseUs Watch] "C:\Program Files (x86)\EASEUS\Todo Backup 2.0\bin\EuWatch.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
O4 - HKLM\..\Run: [USBestCR] C:\Program Files (x86)\USIM Editor\iconcs144940201.exe RunFromReg
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\real\realplayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [DES2] C:\Program Files (x86)\Gigabyte\EnergySaver2\des2.exe state
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SacReminderHDDV2N] C:\ProgramData\OfficeGuardianV2N\reminder\SacReminder.exe
O4 - HKCU\..\Run: [4C1D31FDF3597EACE1250555646D3F025973DBC4._service_run] "C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe" --type=service
O4 - HKCU\..\Run: [Wootalyzer] "C:\Program Files (x86)\Wootalyzer\woot.exe" /boot
O4 - HKCU\..\Run: [Amazon Cloud Drive] C:\Users\Scott\AppData\Local\Amazon\Cloud Drive\AmazonCloudDrive.exe
O4 - HKCU\..\Run: [Desura] C:\Program Files (x86)\Desura\desura.exe -autostart
O4 - HKCU\..\Run: [Google Update] "C:\Users\Scott\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-21-2739247140-3825820621-3931732148-1008\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-2739247140-3825820621-3931732148-1008\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Startup: startup helper.lnk = C:\Tnlenterprises\SentryVision\ControlPanel.exe
O4 - Global Startup: ColorVisionStartup.lnk = ColorVision\Utility\ColorVisionStartup.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{F67268A9-8370-4B3D-BA81-F0668881ED48}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Afa Card Reader Service (AfaService) - Unknown owner - C:\Windows\system32\afasrv64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CFUACProxy_officeguardianv2n - Storage Appliance Corp. - C:\ProgramData\OfficeGuardianV2N\UACProxy.exe
O23 - Service: DES2 Service for Energy Saving. (DES2 Service) - Unknown owner - C:\Program Files (x86)\Gigabyte\EnergySaver2\des2svr.exe
O23 - Service: Desura Install Service - Desura Pty Ltd - C:\Program Files (x86)\Common Files\Desura\desura_service.exe
O23 - Service: EASEUS Agent - CHENGDU YIWO Tech Development Co., Ltd - C:\Program Files (x86)\EASEUS\Todo Backup 2.0\bin\Agent.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FlipShare Service - Unknown owner - C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
O23 - Service: FlipShare Server (FlipShareServer) - Unknown owner - C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: MediaMall Server - MediaMall Technologies, Inc. - C:\Program Files (x86)\MediaMall\MediaMallServer.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Nalpeiron X64 Service (nlscc) - Unknown owner - C:\Windows\system32\nlsInterface.exe (file missing)
O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\SysWOW64\nlssrv32.exe
O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Ralink IP Service (RaIPSrv) - Unknown owner - C:\Program Files (x86)\Ralink\Common\RaIPSrv.exe
O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files (x86)\Ralink\Common\RaRegistry.exe
O23 - Service: Ralink Registry Writer 64 (RalinkRegistryWriter64) - Ralink Technology, Corp. - C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: SacNetAgentService_C57C4F854F53 - Storage Appliance Corporation - C:\ProgramData\OfficeGuardianV2N\Reminder\SacNetAgent.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: Smart TimeLock Service (Smart TimeLock) - Gigabyte Technology CO., LTD. - C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater11.2.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 19480 bytes




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users