Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with trojan horse patched_c.LZI in my services.exe


  • This topic is locked This topic is locked
32 replies to this topic

#1 Rosealee

Rosealee

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:07:10 PM

Posted 01 August 2012 - 09:45 PM

I am experiencing difficulty with this virus, I have tried to remove it myself but nothing works. I used AVG, and Advanced System Care Pro. This threat warning comes up like every 15 minutes, it randomly logs me off of my laptop and then back on. It opens up pages on my opera where it goes to other sites, then when I google something and click on it, it goes to an entirely different site, re-directing me. Please I need help.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.6001.19272 BrowserJavaVersion: 1.6.0_31
Run by Rosealee at 22:32:00 on 2012-08-01
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4028.1438 [GMT -4:00]
.
AV: AVG Anti-Virus *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe
C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files (x86)\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\AVG\AVG9\avgam.exe
C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\AVG\AVG9\avgemc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
C:\Program Files (x86)\IObit\Game Booster\gbtray.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\AVG\AVG9\avgtray.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\AIM\aim.exe
C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\WLANExt.exe
C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
-netsvcs
C:\Program Files (x86)\Opera\Opera.exe
C:\Program Files (x86)\Opera\pluginwrapper\opera_plugin_wrapper.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
c:\program files (x86)\real\realplayer\RealPlay.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
.
============= FINISH: 22:40:06.71 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:10 PM

Posted 02 August 2012 - 06:28 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Rosealee

Rosealee
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:07:10 PM

Posted 02 August 2012 - 07:26 PM

I ran the security check up, and got this:

`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0 %
````````````````````End of Log``````````````````````


I tried to run the combofix after disabling my anti-virus and malware programs, and I got the blue screen of death, let it do its physical dump. So once my computer loaded, I tried again, and I got the blue screen of death again halfway through the combofix. So I do not have the report for it and that is all I did so far, just waiting for your instructions.

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:10 PM

Posted 02 August 2012 - 08:26 PM

Hello

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.

[*]First Press the Scan button.
[*]It will make a log (FRST.txt)

[*]Second Type the following in the edit box after "Search:". services.exe
[*]Click the Search button
[*]It will make a log (Search.txt)
[/list]
I want you to poste Both the FRST.txt report and the Search.txt into your reply to me

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Rosealee

Rosealee
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:07:10 PM

Posted 03 August 2012 - 02:12 AM

To enter System Recovery Options from the Advanced Boot Options:
Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.

When I tried to do this, it did not show my user profile, I am the admin on this laptop, so I tried to enter it with the username and password and it would not accept it. So it won't let me do this part. Apparently this nasty bugger hates me. Any other idea? By the way, thank you for helping, I apologize if my laptop is being a pain in the butt.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:10 PM

Posted 03 August 2012 - 02:18 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Rosealee

Rosealee
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:07:10 PM

Posted 04 August 2012 - 09:10 PM

21:58:32.0139 5708 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
21:58:32.0478 5708 ============================================================
21:58:32.0478 5708 Current date / time: 2012/08/04 21:58:32.0478
21:58:32.0478 5708 SystemInfo:
21:58:32.0478 5708
21:58:32.0478 5708 OS Version: 6.0.6002 ServicePack: 2.0
21:58:32.0478 5708 Product type: Workstation
21:58:32.0478 5708 ComputerName: ROSEALEE-LAPTOP
21:58:32.0479 5708 UserName: Rosealee
21:58:32.0479 5708 Windows directory: C:\Windows
21:58:32.0479 5708 System windows directory: C:\Windows
21:58:32.0479 5708 Running under WOW64
21:58:32.0479 5708 Processor architecture: Intel x64
21:58:32.0479 5708 Number of processors: 2
21:58:32.0479 5708 Page size: 0x1000
21:58:32.0479 5708 Boot type: Normal boot
21:58:32.0479 5708 ============================================================
21:58:34.0477 5708 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:58:34.0483 5708 ============================================================
21:58:34.0483 5708 \Device\Harddisk0\DR0:
21:58:34.0483 5708 MBR partitions:
21:58:34.0483 5708 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x1D4C000
21:58:34.0483 5708 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D5F9C5, BlocksNum 0x1B4657AB
21:58:34.0483 5708 ============================================================
21:58:34.0521 5708 C: <-> \Device\Harddisk0\DR0\Partition1
21:58:34.0599 5708 D: <-> \Device\Harddisk0\DR0\Partition0
21:58:34.0600 5708 ============================================================
21:58:34.0600 5708 Initialize success
21:58:34.0600 5708 ============================================================
21:58:36.0509 5764 ============================================================
21:58:36.0510 5764 Scan started
21:58:36.0510 5764 Mode: Manual;
21:58:36.0510 5764 ============================================================
21:58:38.0702 5764 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
21:58:38.0722 5764 ACDaemon - ok
21:58:38.0882 5764 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
21:58:38.0887 5764 ACPI - ok
21:58:38.0912 5764 adfs (2f0683fd2df1d92e891caca14b45a8c1) C:\Windows\system32\drivers\adfs.sys
21:58:38.0912 5764 adfs - ok
21:58:39.0027 5764 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:58:39.0032 5764 AdobeARMservice - ok
21:58:39.0217 5764 AdobeFlashPlayerUpdateSvc (6c40d5ed8951ab7b90d08af655224ee4) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:58:39.0222 5764 AdobeFlashPlayerUpdateSvc - ok
21:58:39.0562 5764 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
21:58:39.0592 5764 adp94xx - ok
21:58:39.0652 5764 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
21:58:39.0657 5764 adpahci - ok
21:58:39.0698 5764 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
21:58:39.0703 5764 adpu160m - ok
21:58:39.0738 5764 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
21:58:39.0743 5764 adpu320 - ok
21:58:40.0043 5764 AdvancedSystemCareService5 (96d6cdd0b32846e8cfbe592f4f32e608) C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
21:58:40.0053 5764 AdvancedSystemCareService5 - ok
21:58:40.0113 5764 AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll
21:58:40.0113 5764 AeLookupSvc - ok
21:58:40.0268 5764 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe
21:58:40.0268 5764 AESTFilters - ok
21:58:40.0363 5764 AFD (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys
21:58:40.0373 5764 AFD - ok
21:58:40.0413 5764 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
21:58:40.0418 5764 agp440 - ok
21:58:40.0448 5764 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
21:58:40.0448 5764 aic78xx - ok
21:58:40.0478 5764 ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe
21:58:40.0478 5764 ALG - ok
21:58:40.0513 5764 aliide (9544c2c55541c0c6bfd7b489d0e7d430) C:\Windows\system32\drivers\aliide.sys
21:58:40.0513 5764 aliide - ok
21:58:40.0538 5764 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
21:58:40.0543 5764 amdide - ok
21:58:40.0573 5764 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
21:58:40.0583 5764 AmdK8 - ok
21:58:40.0613 5764 Appinfo (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll
21:58:40.0613 5764 Appinfo - ok
21:58:40.0778 5764 Application Updater (e205a5eb19d55a5d7e69d1ee9fe9711b) C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
21:58:40.0793 5764 Application Updater - ok
21:58:40.0843 5764 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
21:58:40.0848 5764 arc - ok
21:58:40.0868 5764 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
21:58:40.0868 5764 arcsas - ok
21:58:41.0128 5764 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
21:58:41.0128 5764 aspnet_state - ok
21:58:41.0248 5764 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
21:58:41.0248 5764 AsyncMac - ok
21:58:41.0313 5764 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
21:58:41.0313 5764 atapi - ok
21:58:41.0458 5764 AudioEndpointBuilder (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
21:58:41.0468 5764 AudioEndpointBuilder - ok
21:58:41.0473 5764 AudioSrv (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
21:58:41.0478 5764 AudioSrv - ok
21:58:41.0678 5764 avg9emc (aa054cd537357f03d5ba6aba7562b35f) C:\Program Files (x86)\AVG\AVG9\avgemc.exe
21:58:41.0688 5764 avg9emc - ok
21:58:41.0738 5764 avg9wd (c4d15594db5be042d3346ea58df87d89) C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
21:58:41.0743 5764 avg9wd - ok
21:58:41.0958 5764 AvgLdx64 (b447db072bf939db9e07bef2adf4ecbd) C:\Windows\System32\Drivers\avgldx64.sys
21:58:41.0963 5764 AvgLdx64 - ok
21:58:41.0998 5764 AvgMfx64 (0db5a749acd8e66091736f88c40207bd) C:\Windows\System32\Drivers\avgmfx64.sys
21:58:41.0998 5764 AvgMfx64 - ok
21:58:42.0048 5764 AvgRkx64 (5e7f0f9cbe0f7823371a4d51df29f7ff) C:\Windows\system32\Drivers\avgrkx64.sys
21:58:42.0053 5764 AvgRkx64 - ok
21:58:42.0109 5764 AvgTdiA (8aa68c0ba2b84fd7eb3e1f10bbfc825b) C:\Windows\System32\Drivers\avgtdia.sys
21:58:42.0109 5764 AvgTdiA - ok
21:58:42.0324 5764 BBSvc (2ed050291bc1d7f9e322e328db3aaecf) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
21:58:42.0329 5764 BBSvc - ok
21:58:42.0389 5764 BBUpdate (785de7abda13309d6065305542829e76) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
21:58:42.0394 5764 BBUpdate - ok
21:58:42.0424 5764 BCM42RLY (a7c9995ba861fce78b2ceaae61d39fd7) C:\Windows\system32\drivers\BCM42RLY.sys
21:58:42.0424 5764 BCM42RLY - ok
21:58:42.0594 5764 BCM43XX (d32f962b71fee6bdaaee630bb2c17280) C:\Windows\system32\DRIVERS\bcmwl664.sys
21:58:42.0604 5764 BCM43XX - ok
21:58:42.0814 5764 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
21:58:42.0819 5764 blbdrive - ok
21:58:42.0864 5764 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
21:58:42.0864 5764 bowser - ok
21:58:42.0889 5764 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
21:58:42.0909 5764 BrFiltLo - ok
21:58:42.0929 5764 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
21:58:42.0929 5764 BrFiltUp - ok
21:58:42.0969 5764 Browser (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll
21:58:42.0974 5764 Browser - ok
21:58:42.0999 5764 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
21:58:42.0999 5764 Brserid - ok
21:58:43.0024 5764 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
21:58:43.0024 5764 BrSerWdm - ok
21:58:43.0059 5764 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
21:58:43.0064 5764 BrUsbMdm - ok
21:58:43.0079 5764 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
21:58:43.0079 5764 BrUsbSer - ok
21:58:43.0109 5764 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
21:58:43.0109 5764 BTHMODEM - ok
21:58:43.0159 5764 BVRPMPR5a64 (9887ca12f407d7fbc7f48f3678f5f0b6) C:\Windows\system32\drivers\BVRPMPR5a64.SYS
21:58:43.0164 5764 BVRPMPR5a64 - ok
21:58:43.0184 5764 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
21:58:43.0189 5764 cdfs - ok
21:58:43.0219 5764 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
21:58:43.0224 5764 cdrom - ok
21:58:43.0264 5764 CertPropSvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
21:58:43.0264 5764 CertPropSvc - ok
21:58:43.0309 5764 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
21:58:43.0309 5764 circlass - ok
21:58:43.0509 5764 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
21:58:43.0514 5764 CLFS - ok
21:58:43.0639 5764 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:58:43.0694 5764 clr_optimization_v2.0.50727_32 - ok
21:58:43.0784 5764 clr_optimization_v2.0.50727_64 (ce07a466201096f021cd09d631b21540) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:58:43.0784 5764 clr_optimization_v2.0.50727_64 - ok
21:58:43.0874 5764 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:58:43.0874 5764 clr_optimization_v4.0.30319_32 - ok
21:58:43.0974 5764 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:58:43.0974 5764 clr_optimization_v4.0.30319_64 - ok
21:58:44.0009 5764 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
21:58:44.0009 5764 CmBatt - ok
21:58:44.0054 5764 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
21:58:44.0059 5764 cmdide - ok
21:58:44.0095 5764 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
21:58:44.0095 5764 Compbatt - ok
21:58:44.0095 5764 COMSysApp - ok
21:58:44.0240 5764 cpudrv64 (3ca734ce373e5675fbc15ca2c45228e5) C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys
21:58:44.0260 5764 cpudrv64 - ok
21:58:44.0315 5764 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
21:58:44.0315 5764 crcdisk - ok
21:58:44.0365 5764 CryptSvc (62740b9d2a137e8ced41a9e4239a7a31) C:\Windows\system32\cryptsvc.dll
21:58:44.0370 5764 CryptSvc - ok
21:58:44.0475 5764 CtClsFlt (0d260d60fc1302e482850bb8f432d8d5) C:\Windows\system32\DRIVERS\CtClsFlt.sys
21:58:44.0480 5764 CtClsFlt - ok
21:58:45.0015 5764 DcomLaunch (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
21:58:45.0055 5764 DcomLaunch - ok
21:58:45.0247 5764 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
21:58:45.0252 5764 DfsC - ok
21:58:45.0707 5764 DFSR (c647f468f7de343df8c143655c5557d4) C:\Windows\system32\DFSR.exe
21:58:45.0807 5764 DFSR - ok
21:58:45.0962 5764 Dhcp (3ed0321127ce70acdaabbf77e157c2a7) C:\Windows\System32\dhcpcsvc.dll
21:58:45.0967 5764 Dhcp - ok
21:58:46.0032 5764 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
21:58:46.0032 5764 disk - ok
21:58:46.0077 5764 Dnscache (06230f1b721494a6df8d47fd395bb1b0) C:\Windows\System32\dnsrslvr.dll
21:58:46.0077 5764 Dnscache - ok
21:58:46.0172 5764 DockLoginService (0840abbbdf438691ee65a20040635cbe) C:\Program Files\Dell\DellDock\DockLogin.exe
21:58:46.0177 5764 DockLoginService - ok
21:58:46.0222 5764 dot3svc (1a7156dd1e850e9914e5e991e3225b94) C:\Windows\System32\dot3svc.dll
21:58:46.0227 5764 dot3svc - ok
21:58:46.0282 5764 Dot4 (74c02b1717740c3b8039539e23e4b53f) C:\Windows\system32\DRIVERS\Dot4.sys
21:58:46.0282 5764 Dot4 - ok
21:58:46.0367 5764 Dot4Print (08321d1860235bf42cf2854234337aea) C:\Windows\system32\DRIVERS\Dot4Prt.sys
21:58:46.0372 5764 Dot4Print - ok
21:58:46.0417 5764 dot4usb (4adccf0124f2b6911d3786a5d0e779e5) C:\Windows\system32\DRIVERS\dot4usb.sys
21:58:46.0417 5764 dot4usb - ok
21:58:46.0542 5764 DPS (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll
21:58:46.0542 5764 DPS - ok
21:58:46.0572 5764 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
21:58:46.0572 5764 drmkaud - ok
21:58:46.0577 5764 dump_wmimmc - ok
21:58:46.0762 5764 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
21:58:46.0772 5764 DXGKrnl - ok
21:58:46.0832 5764 e1express (17d40652ef3e55eeae187a89df40965a) C:\Windows\system32\DRIVERS\e1e6032e.sys
21:58:46.0837 5764 e1express - ok
21:58:46.0872 5764 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
21:58:46.0877 5764 E1G60 - ok
21:58:46.0882 5764 EagleX64 - ok
21:58:46.0917 5764 EapHost (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll
21:58:46.0917 5764 EapHost - ok
21:58:46.0977 5764 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
21:58:46.0982 5764 Ecache - ok
21:58:47.0167 5764 ehRecvr (14ce384d2e27b64c256bda4dc39c312d) C:\Windows\ehome\ehRecvr.exe
21:58:47.0172 5764 ehRecvr - ok
21:58:47.0202 5764 ehSched (b93159c1313d66fdfbbe876f5189cd52) C:\Windows\ehome\ehsched.exe
21:58:47.0207 5764 ehSched - ok
21:58:47.0222 5764 ehstart (f5ee2527d74449868e3c3227a59bcd28) C:\Windows\ehome\ehstart.dll
21:58:47.0227 5764 ehstart - ok
21:58:47.0287 5764 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
21:58:47.0297 5764 elxstor - ok
21:58:47.0397 5764 EMDMgmt (a9b18b63a4fd6baab83326706d857fab) C:\Windows\system32\emdmgmt.dll
21:58:47.0402 5764 EMDMgmt - ok
21:58:47.0427 5764 ErrDev (991fab6aa066e1214efb5b496fb7959a) C:\Windows\system32\drivers\errdev.sys
21:58:47.0452 5764 ErrDev - ok
21:58:47.0557 5764 EventSystem (e12f22b73f153dece721cd45ec05b4af) C:\Windows\system32\es.dll
21:58:47.0562 5764 EventSystem - ok
21:58:47.0622 5764 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
21:58:47.0627 5764 exfat - ok
21:58:47.0677 5764 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
21:58:47.0677 5764 fastfat - ok
21:58:47.0712 5764 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
21:58:47.0712 5764 fdc - ok
21:58:47.0757 5764 fdPHost (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll
21:58:47.0762 5764 fdPHost - ok
21:58:47.0782 5764 FDResPub (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll
21:58:47.0787 5764 FDResPub - ok
21:58:47.0812 5764 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
21:58:47.0812 5764 FileInfo - ok
21:58:47.0952 5764 FileMonitor (7a0e303a18b04771a9dfa64932b5aee0) C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\wlh_amd64\FileMonitor.sys
21:58:47.0952 5764 FileMonitor - ok
21:58:47.0982 5764 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
21:58:47.0982 5764 Filetrace - ok
21:58:48.0092 5764 FLEXnet Licensing Service (d778107d7c2a19d7e7a884a9f0d79581) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
21:58:48.0102 5764 FLEXnet Licensing Service - ok
21:58:48.0138 5764 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
21:58:48.0138 5764 flpydisk - ok
21:58:48.0183 5764 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
21:58:48.0188 5764 FltMgr - ok
21:58:48.0308 5764 FontCache (be1c5bd1ca7ed015bc6fa1ae67e592c8) C:\Windows\system32\FntCache.dll
21:58:48.0323 5764 FontCache - ok
21:58:48.0403 5764 FontCache3.0.0.0 (bc5b0be5af3510b0fd8c140ee42c6d3e) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:58:48.0403 5764 FontCache3.0.0.0 - ok
21:58:48.0478 5764 fssfltr (dc0dce4ec2c5d2cf6472f9fd6aa9a7dc) C:\Windows\system32\DRIVERS\fssfltr.sys
21:58:48.0483 5764 fssfltr - ok
21:58:48.0718 5764 fsssvc (40cdfad174b3d5e80f95dda003c0b97f) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
21:58:48.0738 5764 fsssvc - ok
21:58:48.0908 5764 Fs_Rec (5779b86cd8b32519fbecb136394d946a) C:\Windows\system32\drivers\Fs_Rec.sys
21:58:48.0913 5764 Fs_Rec - ok
21:58:48.0953 5764 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
21:58:48.0958 5764 gagp30kx - ok
21:58:49.0038 5764 gpsvc (a0e1b575ba8f504968cd40c0faeb2384) C:\Windows\System32\gpsvc.dll
21:58:49.0053 5764 gpsvc - ok
21:58:49.0213 5764 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:58:49.0213 5764 gupdate - ok
21:58:49.0218 5764 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:58:49.0218 5764 gupdatem - ok
21:58:49.0383 5764 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:58:49.0418 5764 HDAudBus - ok
21:58:49.0448 5764 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
21:58:49.0448 5764 HidBth - ok
21:58:49.0468 5764 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
21:58:49.0468 5764 HidIr - ok
21:58:49.0533 5764 hidserv (59361d38a297755d46a540e450202b2a) C:\Windows\system32\hidserv.dll
21:58:49.0533 5764 hidserv - ok
21:58:49.0568 5764 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
21:58:49.0573 5764 HidUsb - ok
21:58:49.0608 5764 hkmsvc (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll
21:58:49.0613 5764 hkmsvc - ok
21:58:49.0648 5764 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
21:58:49.0653 5764 HpCISSs - ok
21:58:49.0763 5764 hpqcxs08 (0a3c6aa4a9fc38c20ba4eac2c3351c05) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
21:58:49.0768 5764 hpqcxs08 - ok
21:58:49.0803 5764 hpqddsvc (df446ba625cc441617843e87798ce048) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
21:58:49.0808 5764 hpqddsvc - ok
21:58:49.0878 5764 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
21:58:49.0888 5764 HTTP - ok
21:58:49.0923 5764 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
21:58:49.0923 5764 i2omp - ok
21:58:49.0958 5764 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
21:58:49.0958 5764 i8042prt - ok
21:58:50.0003 5764 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
21:58:50.0008 5764 iaStorV - ok
21:58:50.0178 5764 idsvc (749f5f8cedca70f2a512945325fc489d) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:58:50.0218 5764 idsvc - ok
21:58:51.0848 5764 igfx (4eaa4261e1ad4b860657cada790b9b38) C:\Windows\system32\DRIVERS\igdkmd64.sys
21:58:52.0068 5764 igfx - ok
21:58:52.0824 5764 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
21:58:52.0829 5764 iirsp - ok
21:58:52.0934 5764 IKEEXT (0c9ea6e654e7b0471741e343a6c671af) C:\Windows\System32\ikeext.dll
21:58:52.0954 5764 IKEEXT - ok
21:58:53.0219 5764 IMFservice (8ae99ebe30e8338907361018d9030835) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
21:58:53.0229 5764 IMFservice - ok
21:58:53.0299 5764 IntcHdmiAddService (b014ce58f0a8048d3924ba8d5ccbc5f1) C:\Windows\system32\drivers\IntcHdmi.sys
21:58:53.0304 5764 IntcHdmiAddService - ok
21:58:53.0329 5764 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
21:58:53.0334 5764 intelide - ok
21:58:53.0359 5764 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
21:58:53.0364 5764 intelppm - ok
21:58:53.0394 5764 IPBusEnum (5624bc1bc5eeb49c0ab76a8114f05ea3) C:\Windows\system32\ipbusenum.dll
21:58:53.0399 5764 IPBusEnum - ok
21:58:53.0484 5764 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:58:53.0489 5764 IpFilterDriver - ok
21:58:53.0514 5764 IpInIp - ok
21:58:53.0549 5764 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
21:58:53.0554 5764 IPMIDRV - ok
21:58:53.0584 5764 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
21:58:53.0589 5764 IPNAT - ok
21:58:53.0609 5764 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
21:58:53.0609 5764 IRENUM - ok
21:58:53.0619 5764 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
21:58:53.0619 5764 isapnp - ok
21:58:53.0664 5764 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
21:58:53.0669 5764 iScsiPrt - ok
21:58:53.0799 5764 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
21:58:53.0804 5764 iteatapi - ok
21:58:53.0809 5764 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
21:58:53.0814 5764 iteraid - ok
21:58:53.0904 5764 k57nd60a (eb5c7891b9e6e4a1a4428f2160b12b53) C:\Windows\system32\DRIVERS\k57nd60a.sys
21:58:53.0909 5764 k57nd60a - ok
21:58:53.0964 5764 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
21:58:53.0964 5764 kbdclass - ok
21:58:53.0984 5764 kbdhid (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\DRIVERS\kbdhid.sys
21:58:53.0984 5764 kbdhid - ok
21:58:54.0029 5764 KeyIso (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
21:58:54.0034 5764 KeyIso - ok
21:58:54.0144 5764 KSecDD (88956ad9fa510848ad176777a6c6c1f5) C:\Windows\system32\Drivers\ksecdd.sys
21:58:54.0169 5764 KSecDD - ok
21:58:54.0204 5764 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
21:58:54.0209 5764 ksthunk - ok
21:58:54.0264 5764 KtmRm (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll
21:58:54.0274 5764 KtmRm - ok
21:58:54.0319 5764 LanmanServer (50c7a3cb427e9bb5ed0708a669956ab5) C:\Windows\system32\srvsvc.dll
21:58:54.0324 5764 LanmanServer - ok
21:58:54.0369 5764 LanmanWorkstation (caf86fc1388be1e470f1a7b43e348adb) C:\Windows\System32\wkssvc.dll
21:58:54.0379 5764 LanmanWorkstation - ok
21:58:54.0394 5764 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
21:58:54.0394 5764 lltdio - ok
21:58:54.0454 5764 lltdsvc (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll
21:58:54.0464 5764 lltdsvc - ok
21:58:54.0489 5764 lmhosts (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll
21:58:54.0494 5764 lmhosts - ok
21:58:54.0534 5764 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
21:58:54.0539 5764 LSI_FC - ok
21:58:54.0549 5764 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
21:58:54.0554 5764 LSI_SAS - ok
21:58:54.0599 5764 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
21:58:54.0599 5764 LSI_SCSI - ok
21:58:54.0629 5764 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
21:58:54.0629 5764 luafv - ok
21:58:54.0689 5764 Mcx2Svc (76a58df02bd4ea29f189b82d0bef17f8) C:\Windows\system32\Mcx2Svc.dll
21:58:54.0694 5764 Mcx2Svc - ok
21:58:54.0809 5764 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe
21:58:54.0814 5764 MDM - ok
21:58:54.0854 5764 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
21:58:54.0854 5764 megasas - ok
21:58:54.0889 5764 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
21:58:54.0894 5764 MegaSR - ok
21:58:54.0934 5764 MMCSS (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
21:58:54.0939 5764 MMCSS - ok
21:58:54.0949 5764 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
21:58:54.0949 5764 Modem - ok
21:58:54.0980 5764 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
21:58:54.0985 5764 monitor - ok
21:58:55.0005 5764 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
21:58:55.0005 5764 mouclass - ok
21:58:55.0030 5764 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
21:58:55.0030 5764 mouhid - ok
21:58:55.0060 5764 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
21:58:55.0060 5764 MountMgr - ok
21:58:55.0110 5764 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
21:58:55.0110 5764 mpio - ok
21:58:55.0125 5764 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
21:58:55.0125 5764 mpsdrv - ok
21:58:55.0150 5764 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
21:58:55.0155 5764 Mraid35x - ok
21:58:55.0190 5764 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
21:58:55.0190 5764 MRxDAV - ok
21:58:55.0256 5764 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:58:55.0271 5764 mrxsmb - ok
21:58:55.0296 5764 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:58:55.0301 5764 mrxsmb10 - ok
21:58:55.0354 5764 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:58:55.0356 5764 mrxsmb20 - ok
21:58:55.0398 5764 msahci (aa459f2ab3ab603c357ff117cae3d818) C:\Windows\system32\drivers\msahci.sys
21:58:55.0399 5764 msahci - ok
21:58:55.0448 5764 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
21:58:55.0450 5764 msdsm - ok
21:58:55.0494 5764 MSDTC (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe
21:58:55.0498 5764 MSDTC - ok
21:58:55.0524 5764 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
21:58:55.0525 5764 Msfs - ok
21:58:55.0552 5764 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
21:58:55.0554 5764 msisadrv - ok
21:58:55.0592 5764 MSiSCSI (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll
21:58:55.0596 5764 MSiSCSI - ok
21:58:55.0602 5764 msiserver - ok
21:58:55.0623 5764 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
21:58:55.0625 5764 MSKSSRV - ok
21:58:55.0638 5764 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
21:58:55.0640 5764 MSPCLOCK - ok
21:58:55.0676 5764 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
21:58:55.0677 5764 MSPQM - ok
21:58:55.0785 5764 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
21:58:55.0805 5764 MsRPC - ok
21:58:55.0845 5764 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
21:58:55.0846 5764 mssmbios - ok
21:58:55.0984 5764 MSSQLSERVER - ok
21:58:56.0050 5764 MSSQLServerADHelper (4fa047ea300ab0e00edaafce8ac52468) C:\Program Files (x86)\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe
21:58:56.0053 5764 MSSQLServerADHelper - ok
21:58:56.0087 5764 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
21:58:56.0088 5764 MSTEE - ok
21:58:56.0133 5764 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
21:58:56.0135 5764 Mup - ok
21:58:56.0206 5764 napagent (a5b10c845e7538c60c0f5d87a57cb3f5) C:\Windows\system32\qagentRT.dll
21:58:56.0246 5764 napagent - ok
21:58:56.0304 5764 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
21:58:56.0307 5764 NativeWifiP - ok
21:58:56.0448 5764 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
21:58:56.0484 5764 NDIS - ok
21:58:56.0584 5764 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
21:58:56.0585 5764 NdisTapi - ok
21:58:56.0599 5764 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
21:58:56.0601 5764 Ndisuio - ok
21:58:56.0651 5764 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
21:58:56.0655 5764 NdisWan - ok
21:58:56.0702 5764 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
21:58:56.0704 5764 NDProxy - ok
21:58:56.0748 5764 NEOFLTR_650_14951 (45d13003781b257645322421b925cd33) C:\Windows\system32\Drivers\NEOFLTR_650_14951.SYS
21:58:56.0749 5764 NEOFLTR_650_14951 - ok
21:58:56.0800 5764 Net Driver HPZ12 (59267d2f0328599aa3b5408c2e06126f) C:\Windows\system32\HPZinw12.dll
21:58:56.0802 5764 Net Driver HPZ12 - ok
21:58:56.0842 5764 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
21:58:56.0843 5764 NetBIOS - ok
21:58:56.0899 5764 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
21:58:56.0903 5764 netbt - ok
21:58:56.0948 5764 Netlogon (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
21:58:56.0949 5764 Netlogon - ok
21:58:57.0103 5764 Netman (9b63b29defc0f3115a559d2597bf5d75) C:\Windows\System32\netman.dll
21:58:57.0123 5764 Netman - ok
21:58:57.0294 5764 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:58:57.0322 5764 NetMsmqActivator - ok
21:58:57.0330 5764 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:58:57.0332 5764 NetPipeActivator - ok
21:58:57.0397 5764 netprofm (7846d0136cc2b264926a73047ba7688a) C:\Windows\System32\netprofm.dll
21:58:57.0403 5764 netprofm - ok
21:58:57.0407 5764 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:58:57.0409 5764 NetTcpActivator - ok
21:58:57.0416 5764 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:58:57.0417 5764 NetTcpPortSharing - ok
21:58:57.0625 5764 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
21:58:57.0627 5764 nfrd960 - ok
21:58:57.0671 5764 NlaSvc (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll
21:58:57.0676 5764 NlaSvc - ok
21:58:57.0712 5764 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
21:58:57.0715 5764 Npfs - ok
21:58:57.0720 5764 npggsvc - ok
21:58:57.0732 5764 NPPTNT2 - ok
21:58:57.0748 5764 nsi (acb62baa1c319b17752553df3026eeeb) C:\Windows\system32\nsisvc.dll
21:58:57.0750 5764 nsi - ok
21:58:57.0785 5764 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
21:58:57.0786 5764 nsiproxy - ok
21:58:58.0053 5764 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
21:58:58.0115 5764 Ntfs - ok
21:58:58.0249 5764 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
21:58:58.0250 5764 Null - ok
21:58:58.0290 5764 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
21:58:58.0293 5764 nvraid - ok
21:58:58.0349 5764 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
21:58:58.0351 5764 nvstor - ok
21:58:58.0367 5764 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
21:58:58.0370 5764 nv_agp - ok
21:58:58.0378 5764 NwlnkFlt - ok
21:58:58.0385 5764 NwlnkFwd - ok
21:58:58.0454 5764 OA008Ufd (404b0121ae1a75d9a63b6934eb07c258) C:\Windows\system32\DRIVERS\OA008Ufd.sys
21:58:58.0457 5764 OA008Ufd - ok
21:58:58.0492 5764 OA008Vid (126885007e8f601861165fc77c93f1be) C:\Windows\system32\DRIVERS\OA008Vid.sys
21:58:58.0497 5764 OA008Vid - ok
21:58:58.0689 5764 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:58:58.0734 5764 odserv - ok
21:58:58.0805 5764 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
21:58:58.0806 5764 ohci1394 - ok
21:58:58.0871 5764 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:58:58.0875 5764 ose - ok
21:58:58.0977 5764 p2pimsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
21:58:58.0991 5764 p2pimsvc - ok
21:58:59.0005 5764 p2psvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
21:58:59.0011 5764 p2psvc - ok
21:58:59.0052 5764 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
21:58:59.0055 5764 Parport - ok
21:58:59.0100 5764 partmgr (b43751085e2abe389da466bc62a4b987) C:\Windows\system32\drivers\partmgr.sys
21:58:59.0102 5764 partmgr - ok
21:58:59.0144 5764 PcaSvc (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll
21:58:59.0147 5764 PcaSvc - ok
21:58:59.0194 5764 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
21:58:59.0198 5764 pci - ok
21:58:59.0234 5764 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
21:58:59.0236 5764 pciide - ok
21:58:59.0271 5764 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
21:58:59.0275 5764 pcmcia - ok
21:58:59.0337 5764 PCTCore (d48bd0ff27afb97005b33c9b6d26da3f) C:\Windows\system32\drivers\PCTCore64.sys
21:58:59.0343 5764 PCTCore - ok
21:58:59.0405 5764 PCTSD (9b7670b21e7fcbe9da9c4a751f31cca6) C:\Windows\system32\Drivers\PCTSD64.sys
21:58:59.0407 5764 PCTSD - ok
21:58:59.0490 5764 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
21:58:59.0501 5764 PEAUTH - ok
21:58:59.0678 5764 PerfHost (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe
21:58:59.0680 5764 PerfHost - ok
21:58:59.0918 5764 pla (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll
21:58:59.0976 5764 pla - ok
21:59:00.0212 5764 PlugPlay (fe6b0f59215c9fd9f9d26539c58c8b82) C:\Windows\system32\umpnpmgr.dll
21:59:00.0268 5764 PlugPlay - ok
21:59:00.0351 5764 Pml Driver HPZ12 (5261a2fd55183ac6993145ab6662cddf) C:\Windows\system32\HPZipm12.dll
21:59:00.0353 5764 Pml Driver HPZ12 - ok
21:59:00.0707 5764 PNRPAutoReg (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
21:59:00.0716 5764 PNRPAutoReg - ok
21:59:00.0727 5764 PNRPsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
21:59:00.0736 5764 PNRPsvc - ok
21:59:00.0973 5764 PolicyAgent (89a5560671c2d8b4a4b51f3e1aa069d8) C:\Windows\System32\ipsecsvc.dll
21:59:00.0983 5764 PolicyAgent - ok
21:59:01.0482 5764 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
21:59:01.0484 5764 PptpMiniport - ok
21:59:01.0609 5764 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
21:59:01.0611 5764 Processor - ok
21:59:01.0672 5764 ProfSvc (e058ce4fc2449d8bfa14739c83b7ff2a) C:\Windows\system32\profsvc.dll
21:59:01.0676 5764 ProfSvc - ok
21:59:01.0804 5764 ProtectedStorage (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
21:59:01.0805 5764 ProtectedStorage - ok
21:59:01.0842 5764 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
21:59:01.0844 5764 PSched - ok
21:59:02.0575 5764 PSI_SVC_2 (543a4ef0923bf70d126625b034ef25af) c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
21:59:02.0578 5764 PSI_SVC_2 - ok
21:59:02.0931 5764 PxHlpa64 (46851bc18322da70f3f2299a1007c479) C:\Windows\system32\Drivers\PxHlpa64.sys
21:59:02.0933 5764 PxHlpa64 - ok
21:59:03.0081 5764 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
21:59:03.0125 5764 ql2300 - ok
21:59:03.0153 5764 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
21:59:03.0156 5764 ql40xx - ok
21:59:03.0226 5764 QWAVE (90574842c3da781e279061a3eff91f07) C:\Windows\system32\qwave.dll
21:59:03.0244 5764 QWAVE - ok
21:59:03.0271 5764 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
21:59:03.0273 5764 QWAVEdrv - ok
21:59:03.0510 5764 R300 (2a09a6b271d1f50adf5e33b37d460de6) C:\Windows\system32\DRIVERS\atikmdag.sys
21:59:03.0599 5764 R300 - ok
21:59:03.0728 5764 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
21:59:03.0730 5764 RasAcd - ok
21:59:03.0758 5764 RasAuto (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll
21:59:03.0762 5764 RasAuto - ok
21:59:03.0806 5764 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:59:03.0808 5764 Rasl2tp - ok
21:59:03.0841 5764 RasMan (3ad83e4046c43be510de681588acb8af) C:\Windows\System32\rasmans.dll
21:59:03.0847 5764 RasMan - ok
21:59:03.0885 5764 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
21:59:03.0887 5764 RasPppoe - ok
21:59:03.0926 5764 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
21:59:03.0928 5764 RasSstp - ok
21:59:03.0980 5764 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
21:59:03.0988 5764 rdbss - ok
21:59:04.0016 5764 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:59:04.0018 5764 RDPCDD - ok
21:59:04.0062 5764 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
21:59:04.0067 5764 rdpdr - ok
21:59:04.0076 5764 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
21:59:04.0077 5764 RDPENCDD - ok
21:59:04.0125 5764 RDPWD (ae4bd9e1c33d351d8e607fc81f15160c) C:\Windows\system32\drivers\RDPWD.sys
21:59:04.0129 5764 RDPWD - ok
21:59:04.0360 5764 RegFilter (d7aea5375db1d6632a4120ad06c52f6b) C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\wlh_amd64\regfilter.sys
21:59:04.0361 5764 RegFilter - ok
21:59:04.0424 5764 RemoteAccess (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll
21:59:04.0427 5764 RemoteAccess - ok
21:59:04.0595 5764 RemoteRegistry (44b9d8ec2f3ef3a0efb00857af70d861) C:\Windows\system32\regsvc.dll
21:59:04.0617 5764 RemoteRegistry - ok
21:59:04.0740 5764 rimmptsk (d13d70fac45fc1df69f88559b1f72f0a) C:\Windows\system32\DRIVERS\rimmpx64.sys
21:59:04.0742 5764 rimmptsk - ok
21:59:04.0760 5764 rimsptsk (bb9edc55b0b8cb4fcd713428820e0776) C:\Windows\system32\DRIVERS\rimspx64.sys
21:59:04.0762 5764 rimsptsk - ok
21:59:04.0788 5764 rismxdp (481c3fdeacaae04b74c58288dbc91df9) C:\Windows\system32\DRIVERS\rixdpx64.sys
21:59:04.0790 5764 rismxdp - ok
21:59:04.0819 5764 RpcLocator (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe
21:59:04.0821 5764 RpcLocator - ok
21:59:04.0933 5764 RpcSs (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
21:59:04.0940 5764 RpcSs - ok
21:59:04.0991 5764 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
21:59:04.0993 5764 rspndr - ok
21:59:05.0037 5764 SamSs (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
21:59:05.0039 5764 SamSs - ok
21:59:05.0068 5764 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
21:59:05.0070 5764 sbp2port - ok
21:59:05.0122 5764 SCardSvr (fd1cdcf108d5ef3366f00d18b70fb89b) C:\Windows\System32\SCardSvr.dll
21:59:05.0126 5764 SCardSvr - ok
21:59:05.0235 5764 Schedule (0f838c811ad295d2a4489b9993096c63) C:\Windows\system32\schedsvc.dll
21:59:05.0294 5764 Schedule - ok
21:59:05.0360 5764 SCPolicySvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
21:59:05.0362 5764 SCPolicySvc - ok
21:59:05.0522 5764 sdAuxService (17d6a03103586d7954ba74c2219ce1bb) C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe
21:59:05.0529 5764 sdAuxService - ok
21:59:05.0647 5764 sdbus (be100bc2be2513314c717bb2c4cfff10) C:\Windows\system32\DRIVERS\sdbus.sys
21:59:05.0649 5764 sdbus - ok
21:59:05.0955 5764 sdCoreService (d2b30a5a8f57c00b0fa84a8880e9ec5b) C:\Program Files (x86)\PC Tools Security\pctsSvc.exe
21:59:06.0070 5764 sdCoreService - ok
21:59:06.0235 5764 SDRSVC (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll
21:59:06.0240 5764 SDRSVC - ok
21:59:06.0320 5764 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:59:06.0320 5764 secdrv - ok
21:59:06.0360 5764 seclogon (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll
21:59:06.0360 5764 seclogon - ok
21:59:06.0385 5764 SENS (90973a64b96cd647ff81c79443618eed) C:\Windows\System32\sens.dll
21:59:06.0385 5764 SENS - ok
21:59:06.0410 5764 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
21:59:06.0415 5764 Serenum - ok
21:59:06.0460 5764 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
21:59:06.0460 5764 Serial - ok
21:59:06.0480 5764 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
21:59:06.0490 5764 sermouse - ok
21:59:06.0575 5764 SessionEnv (a8e4a4407a09f35dccc3771af590b0c4) C:\Windows\system32\sessenv.dll
21:59:06.0580 5764 SessionEnv - ok
21:59:06.0605 5764 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
21:59:06.0605 5764 sffdisk - ok
21:59:06.0615 5764 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
21:59:06.0615 5764 sffp_mmc - ok
21:59:06.0625 5764 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
21:59:06.0625 5764 sffp_sd - ok
21:59:06.0635 5764 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
21:59:06.0635 5764 sfloppy - ok
21:59:06.0755 5764 ShellHWDetection (56793271ecdedd350c5add305603e963) C:\Windows\System32\shsvcs.dll
21:59:06.0765 5764 ShellHWDetection - ok
21:59:06.0825 5764 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
21:59:06.0825 5764 SiSRaid2 - ok
21:59:06.0900 5764 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
21:59:06.0930 5764 SiSRaid4 - ok
21:59:07.0231 5764 slsvc (a9a27a8e257b45a604fdad4f26fe7241) C:\Windows\system32\SLsvc.exe
21:59:07.0466 5764 slsvc - ok
21:59:07.0616 5764 SLUINotify (fd74b4b7c2088e390a30c85a896fc3af) C:\Windows\system32\SLUINotify.dll
21:59:07.0621 5764 SLUINotify - ok
21:59:07.0696 5764 SmartDefragDriver (327383124d31ac398b98f4ae300421e8) C:\Windows\system32\Drivers\SmartDefragDriver.sys
21:59:07.0696 5764 SmartDefragDriver - ok
21:59:07.0766 5764 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
21:59:07.0766 5764 Smb - ok
21:59:07.0816 5764 SNMPTRAP (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe
21:59:07.0821 5764 SNMPTRAP - ok
21:59:07.0886 5764 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
21:59:07.0886 5764 spldr - ok
21:59:08.0076 5764 Spooler (f66ff751e7efc816d266977939ef5dc3) C:\Windows\System32\spoolsv.exe
21:59:08.0131 5764 Spooler - ok
21:59:08.0266 5764 SQLSERVERAGENT - ok
21:59:08.0401 5764 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
21:59:08.0411 5764 srv - ok
21:59:08.0481 5764 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
21:59:08.0486 5764 srv2 - ok
21:59:08.0556 5764 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
21:59:08.0556 5764 srvnet - ok
21:59:08.0626 5764 SSDPSRV (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll
21:59:08.0631 5764 SSDPSRV - ok
21:59:08.0681 5764 SstpSvc (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll
21:59:08.0686 5764 SstpSvc - ok
21:59:08.0801 5764 STacSV (c5df63ae2693c9b6b01b4a2e6c1c64ac) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe
21:59:08.0806 5764 STacSV - ok
21:59:08.0891 5764 STHDA (ba16447226abfd342e130d2f24f73d32) C:\Windows\system32\DRIVERS\stwrt64.sys
21:59:08.0896 5764 STHDA - ok
21:59:09.0021 5764 stisvc (15825c1fbfb8779992cb65087f316af5) C:\Windows\System32\wiaservc.dll
21:59:09.0031 5764 stisvc - ok
21:59:09.0177 5764 stllssvr (1d0063597c3666404fcf97698abeb019) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
21:59:09.0177 5764 stllssvr - ok
21:59:09.0202 5764 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
21:59:09.0202 5764 swenum - ok
21:59:09.0342 5764 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
21:59:09.0352 5764 SwitchBoard - ok
21:59:09.0452 5764 swprv (6de37f4de19d4efd9c48c43addbc949a) C:\Windows\System32\swprv.dll
21:59:09.0457 5764 swprv - ok
21:59:09.0512 5764 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
21:59:09.0512 5764 Symc8xx - ok
21:59:09.0547 5764 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
21:59:09.0547 5764 Sym_hi - ok
21:59:09.0617 5764 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
21:59:09.0617 5764 Sym_u3 - ok
21:59:09.0627 5764 SynTP - ok
21:59:09.0752 5764 SysMain (92d7a8b0f87b036f17d25885937897a6) C:\Windows\system32\sysmain.dll
21:59:09.0812 5764 SysMain - ok
21:59:09.0892 5764 TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll
21:59:09.0897 5764 TabletInputService - ok
21:59:09.0947 5764 TapiSrv (cc2562b4d55e0b6a4758c65407f63b79) C:\Windows\System32\tapisrv.dll
21:59:09.0957 5764 TapiSrv - ok
21:59:09.0997 5764 TBS (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll
21:59:10.0002 5764 TBS - ok
21:59:10.0214 5764 Tcpip (46d448e9117464e4d3bbf36d7e3fa48e) C:\Windows\system32\drivers\tcpip.sys
21:59:10.0304 5764 Tcpip - ok
21:59:10.0644 5764 Tcpip6 (46d448e9117464e4d3bbf36d7e3fa48e) C:\Windows\system32\DRIVERS\tcpip.sys
21:59:10.0654 5764 Tcpip6 - ok
21:59:10.0819 5764 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
21:59:10.0819 5764 tcpipreg - ok
21:59:10.0889 5764 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
21:59:10.0889 5764 TDPIPE - ok
21:59:10.0899 5764 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
21:59:10.0899 5764 TDTCP - ok
21:59:10.0959 5764 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
21:59:10.0959 5764 tdx - ok
21:59:11.0024 5764 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
21:59:11.0024 5764 TermDD - ok
21:59:11.0109 5764 TermService (5cdd30bc217082dac71a9878d9bfd566) C:\Windows\System32\termsrv.dll
21:59:11.0119 5764 TermService - ok
21:59:11.0269 5764 Themes (56793271ecdedd350c5add305603e963) C:\Windows\system32\shsvcs.dll
21:59:11.0274 5764 Themes - ok
21:59:11.0324 5764 THREADORDER (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
21:59:11.0329 5764 THREADORDER - ok
21:59:11.0379 5764 TrkWks (f4689f05af472a651a7b1b7b02d200e7) C:\Windows\System32\trkwks.dll
21:59:11.0384 5764 TrkWks - ok
21:59:11.0489 5764 TrustedInstaller (66328b08ef5a9305d8ede36b93930369) C:\Windows\servicing\TrustedInstaller.exe
21:59:11.0494 5764 TrustedInstaller - ok
21:59:11.0564 5764 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:59:11.0564 5764 tssecsrv - ok
21:59:11.0589 5764 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
21:59:11.0589 5764 tunmp - ok
21:59:11.0665 5764 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
21:59:11.0670 5764 tunnel - ok
21:59:11.0700 5764 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
21:59:11.0705 5764 uagp35 - ok
21:59:11.0805 5764 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
21:59:11.0810 5764 udfs - ok
21:59:11.0865 5764 UI0Detect (060507c4113391394478f6953a79eedc) C:\Windows\system32\UI0Detect.exe
21:59:11.0865 5764 UI0Detect - ok
21:59:11.0915 5764 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
21:59:11.0915 5764 uliagpkx - ok
21:59:11.0985 5764 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
21:59:11.0990 5764 uliahci - ok
21:59:12.0020 5764 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
21:59:12.0025 5764 UlSata - ok
21:59:12.0050 5764 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
21:59:12.0055 5764 ulsata2 - ok
21:59:12.0075 5764 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
21:59:12.0080 5764 umbus - ok
21:59:12.0140 5764 upnphost (7093799ff80e9deca0680d2e3535be60) C:\Windows\System32\upnphost.dll
21:59:12.0161 5764 upnphost - ok
21:59:12.0426 5764 UrlFilter (55ba05042febb956be4a54bc5e621593) C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\wlh_amd64\UrlFilter.sys
21:59:12.0426 5764 UrlFilter - ok
21:59:12.0491 5764 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
21:59:12.0491 5764 usbccgp - ok
21:59:12.0556 5764 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
21:59:12.0561 5764 usbcir - ok
21:59:12.0586 5764 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
21:59:12.0586 5764 usbehci - ok
21:59:12.0646 5764 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
21:59:12.0651 5764 usbhub - ok
21:59:12.0696 5764 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
21:59:12.0701 5764 usbohci - ok
21:59:12.0761 5764 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
21:59:12.0766 5764 usbprint - ok
21:59:12.0791 5764 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
21:59:12.0791 5764 usbscan - ok
21:59:12.0841 5764 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:59:12.0841 5764 USBSTOR - ok
21:59:12.0861 5764 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
21:59:12.0861 5764 usbuhci - ok
21:59:12.0941 5764 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
21:59:12.0956 5764 usbvideo - ok
21:59:13.0006 5764 UxSms (d76e231e4850bb3f88a3d9a78df191e3) C:\Windows\System32\uxsms.dll
21:59:13.0006 5764 UxSms - ok
21:59:13.0097 5764 vds (294945381dfa7ce58cecf0a9896af327) C:\Windows\System32\vds.exe
21:59:13.0107 5764 vds - ok
21:59:13.0157 5764 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
21:59:13.0157 5764 vga - ok
21:59:13.0192 5764 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
21:59:13.0192 5764 VgaSave - ok
21:59:13.0402 5764 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
21:59:13.0402 5764 viaide - ok
21:59:13.0482 5764 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
21:59:13.0487 5764 volmgr - ok
21:59:13.0567 5764 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
21:59:13.0577 5764 volmgrx - ok
21:59:13.0637 5764 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
21:59:13.0642 5764 volsnap - ok
21:59:13.0712 5764 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
21:59:13.0712 5764 vsmraid - ok
21:59:13.0882 5764 VSS (b75232dad33bfd95bf6f0a3e6bff51e1) C:\Windows\system32\vssvc.exe
21:59:13.0977 5764 VSS - ok
21:59:14.0152 5764 W32Time (f14a7de2ea41883e250892e1e5230a9a) C:\Windows\system32\w32time.dll
21:59:14.0162 5764 W32Time - ok
21:59:14.0237 5764 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
21:59:14.0237 5764 WacomPen - ok
21:59:14.0302 5764 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
21:59:14.0302 5764 Wanarp - ok
21:59:14.0312 5764 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
21:59:14.0312 5764 Wanarpv6 - ok
21:59:14.0417 5764 wcncsvc (b4e4c37d0aa6100090a53213ee2bf1c1) C:\Windows\System32\wcncsvc.dll
21:59:14.0444 5764 wcncsvc - ok
21:59:14.0492 5764 WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:\Windows\System32\WcsPlugInService.dll
21:59:14.0495 5764 WcsPlugInService - ok
21:59:14.0539 5764 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
21:59:14.0541 5764 Wd - ok
21:59:14.0674 5764 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
21:59:14.0717 5764 Wdf01000 - ok
21:59:14.0769 5764 WdiServiceHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
21:59:14.0772 5764 WdiServiceHost - ok
21:59:14.0782 5764 WdiSystemHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
21:59:14.0784 5764 WdiSystemHost - ok
21:59:14.0882 5764 WebClient (3e6d05381cf35f75ebb055544a8ed9ac) C:\Windows\System32\webclnt.dll
21:59:14.0888 5764 WebClient - ok
21:59:14.0936 5764 Wecsvc (8d40bc587993f876658bf9fb0f7d3462) C:\Windows\system32\wecsvc.dll
21:59:14.0941 5764 Wecsvc - ok
21:59:15.0019 5764 wercplsupport (9c980351d7e96288ea0c23ae232bd065) C:\Windows\System32\wercplsupport.dll
21:59:15.0022 5764 wercplsupport - ok
21:59:15.0051 5764 WerSvc (66b9ecebc46683f47edc06333c075fef) C:\Windows\System32\WerSvc.dll
21:59:15.0055 5764 WerSvc - ok
21:59:15.0078 5764 WinHttpAutoProxySvc - ok
21:59:15.0173 5764 Winmgmt (d2e7296ed1bd26d8db2799770c077a02) C:\Windows\system32\wbem\WMIsvc.dll
21:59:15.0178 5764 Winmgmt - ok
21:59:15.0410 5764 WinRM (6cbb0c68f13b9c2ec1b16f5fa5e7c869) C:\Windows\system32\WsmSvc.dll
21:59:15.0491 5764 WinRM - ok
21:59:15.0756 5764 Wlansvc (ec339c8115e91baed835957e9a677f16) C:\Windows\System32\wlansvc.dll
21:59:15.0781 5764 Wlansvc - ok
21:59:15.0907 5764 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
21:59:15.0909 5764 wlcrasvc - ok
21:59:16.0303 5764 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:59:16.0630 5764 wlidsvc - ok
21:59:16.0751 5764 wltrysvc - ok
21:59:16.0828 5764 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
21:59:16.0829 5764 WmiAcpi - ok
21:59:16.0947 5764 wmiApSrv (21fa389e65a852698b6a1341f36ee02d) C:\Windows\system32\wbem\WmiApSrv.exe
21:59:16.0952 5764 wmiApSrv - ok
21:59:17.0000 5764 WMPNetworkSvc - ok
21:59:17.0047 5764 WPCSvc (cbc156c913f099e6680d1df9307db7a8) C:\Windows\System32\wpcsvc.dll
21:59:17.0051 5764 WPCSvc - ok
21:59:17.0112 5764 WPDBusEnum (490a18b4e4d53dc10879deaa8e8b70d9) C:\Windows\system32\wpdbusenum.dll
21:59:17.0116 5764 WPDBusEnum - ok
21:59:17.0168 5764 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
21:59:17.0170 5764 WpdUsb - ok
21:59:17.0380 5764 WPFFontCache_v0400 (991e2c2cf3bc204c2bb2ee1476149e4e) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
21:59:17.0436 5764 WPFFontCache_v0400 - ok
21:59:17.0471 5764 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
21:59:17.0476 5764 ws2ifsl - ok
21:59:17.0485 5764 WSearch - ok
21:59:17.0589 5764 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:59:17.0620 5764 WUDFRd - ok
21:59:17.0664 5764 wudfsvc (6cbd51ff913c851d56ed9dc7f2a27dde) C:\Windows\System32\WUDFSvc.dll
21:59:17.0668 5764 wudfsvc - ok
21:59:17.0769 5764 X5XSEx (8c6413d62c891d8da084a31da53a09e6) C:\Program Files (x86)\Free Ride Games\X5XSEx.Sys
21:59:17.0770 5764 X5XSEx - ok
21:59:18.0237 5764 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
21:59:18.0321 5764 YahooAUService - ok
21:59:18.0347 5764 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
21:59:18.0434 5764 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
21:59:18.0434 5764 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
21:59:18.0458 5764 Boot (0x1200) (3b049f649656950af733513a510b640e) \Device\Harddisk0\DR0\Partition0
21:59:18.0461 5764 \Device\Harddisk0\DR0\Partition0 - ok
21:59:18.0465 5764 Boot (0x1200) (7f97ecefdf9a6836a8796298ebaf9a30) \Device\Harddisk0\DR0\Partition1
21:59:18.0467 5764 \Device\Harddisk0\DR0\Partition1 - ok
21:59:18.0468 5764 ============================================================
21:59:18.0469 5764 Scan finished
21:59:18.0469 5764 ============================================================
21:59:18.0487 5756 Detected object count: 1
21:59:18.0487 5756 Actual detected object count: 1
21:59:24.0626 5756 \Device\Harddisk0\DR0\# - copied to quarantine
21:59:24.0627 5756 \Device\Harddisk0\DR0 - copied to quarantine
21:59:25.0106 5756 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
21:59:25.0106 5756 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
21:59:25.0116 5756 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
21:59:25.0156 5756 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
21:59:25.0171 5756 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
21:59:25.0186 5756 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
21:59:25.0186 5756 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
21:59:25.0202 5756 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
21:59:25.0202 5756 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
21:59:25.0207 5756 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
21:59:25.0207 5756 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
21:59:25.0207 5756 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
21:59:25.0207 5756 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
21:59:25.0207 5756 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
21:59:25.0262 5756 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
21:59:25.0267 5756 \Device\Harddisk0\DR0 - ok
21:59:25.0277 5756 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
21:59:32.0877 5704 Deinitialize success



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-04 22:06:43
-----------------------------
22:06:43.309 OS Version: Windows x64 6.0.6002 Service Pack 2
22:06:43.309 Number of processors: 2 586 0x170A
22:06:43.310 ComputerName: ROSEALEE-LAPTOP UserName: Rosealee
22:06:45.473 Initialize success
22:06:56.223 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
22:06:56.228 Disk 0 Vendor: TOSHIBA_MK2555GSX FG000D Size: 238475MB BusType: 3
22:06:56.243 Disk 0 MBR read successfully
22:06:56.248 Disk 0 MBR scan
22:06:56.253 Disk 0 Windows VISTA default MBR code
22:06:56.253 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
22:06:56.263 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15000 MB offset 80325
22:06:56.283 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 223434 MB offset 30800325
22:06:56.403 Disk 0 scanning C:\Windows\system32\drivers
22:07:10.698 Service scanning
22:07:46.944 Modules scanning
22:07:46.949 Disk 0 trace - called modules:
22:07:46.974 ntoskrnl.exe CLASSPNP.SYS disk.sys PCTCore64.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
22:07:46.974 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004d88060]
22:07:46.979 3 CLASSPNP.SYS[fffffa6000dcac33] -> nt!IofCallDriver -> [0xfffffa8004d87970]
22:07:46.984 5 PCTCore64.sys[fffffa6000a75f38] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004b9c4b0]
22:07:46.989 Scan finished successfully
22:08:00.340 Disk 0 MBR has been saved successfully to "C:\Users\Rosealee\Desktop\MBR.dat"
22:08:00.355 The log file has been saved successfully to "C:\Users\Rosealee\Desktop\aswMBR.txt"

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:10 PM

Posted 04 August 2012 - 09:13 PM

Hello

I would like you to download an updated version of combofix.

update combofix

Delete the version of combofix you have now on your desktop and download a new one from here

Link 1
Link 2
Link 3
**Note: It is important that it is saved directly to your desktop**

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note:Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer
[/list]
"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Rosealee

Rosealee
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:07:10 PM

Posted 04 August 2012 - 09:22 PM

I ran the combofix without a problem, but it does not open me a log. Or does not save one. Or maybe it saved it but did not tell me where. I am not sure.

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:10 PM

Posted 04 August 2012 - 11:33 PM

Hello

Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:10 PM

Posted 08 August 2012 - 07:52 AM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 Rosealee

Rosealee
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:07:10 PM

Posted 09 August 2012 - 01:47 AM

I had gotten sick and had been feeling ill, thank you for your concern. I did the combofix like you asked, and still it did not give a report, and I did it the way you told me to. So I do not know what else to do. I still get that I am infected. And still get redirected whenever I search through google.

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:10 PM

Posted 09 August 2012 - 08:58 AM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 Rosealee

Rosealee
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:07:10 PM

Posted 11 August 2012 - 12:44 AM

OTL logfile created on: 8/11/2012 12:25:55 AM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Rosealee\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19272)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.93 Gb Total Physical Memory | 1.80 Gb Available Physical Memory | 45.65% Memory free
8.04 Gb Paging File | 5.45 Gb Available in Paging File | 67.79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 218.20 Gb Total Space | 41.30 Gb Free Space | 18.93% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 6.85 Gb Free Space | 46.79% Space Free | Partition Type: NTFS

Computer Name: ROSEALEE-LAPTOP | User Name: Rosealee | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Rosealee\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe (IObit)
PRC - C:\Program Files (x86)\Opera\pluginwrapper\opera_plugin_wrapper.exe (Opera Software)
PRC - C:\Program Files (x86)\Opera\opera.exe (Opera Software)
PRC - C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe (IObit)
PRC - C:\Program Files (x86)\IObit\Advanced SystemCare 5\AutoSweep.exe (IObit)
PRC - c:\Program Files (x86)\Real\RealPlayer\realplay.exe (RealNetworks, Inc.)
PRC - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe (IObit)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
PRC - C:\Windows\SysWOW64\cfgmig32.exe ()
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)


========== Modules (No Company Name) ==========

MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstwebmdec.dll ()
MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstwavparse.dll ()
MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstautodetect.dll ()
MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstwaveform.dll ()
MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gsttypefindfunctions.dll ()
MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstoggdec.dll ()
MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstffmpegcolorspace.dll ()
MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstdirectsound.dll ()
MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstdecodebin2.dll ()
MOD - C:\Program Files (x86)\Opera\gstreamer\gstreamer.dll ()
MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstcoreplugins.dll ()
MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstaudioresample.dll ()
MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstaudioconvert.dll ()
MOD - C:\Program Files (x86)\IObit\Advanced SystemCare 5\sqlite3.dll ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL ()
MOD - C:\Program Files (x86)\IObit\Advanced SystemCare 5\madexcept_.bpl ()
MOD - C:\Program Files (x86)\IObit\Advanced SystemCare 5\madbasic_.bpl ()
MOD - C:\Program Files (x86)\IObit\Advanced SystemCare 5\maddisAsm_.bpl ()
MOD - \\?\globalroot\systemroot\syswow64\mswsock.dll ()
MOD - \\.\globalroot\systemroot\syswow64\mswsock.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (CAAMSvc) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\CAAMSvc.exe (CA)
SRV:64bit: - (ccSchedulerSVC) -- C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe (Computer Associates International, Inc.)
SRV:64bit: - (CaCCProvSP) -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe (CA, Inc.)
SRV:64bit: - (CAISafe) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe (Computer Associates International, Inc.)
SRV:64bit: - (UmxEngine) -- C:\Program Files\CA\SharedComponents\TMEngine\UmxEngine.exe (CA)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe (IDT, Inc.)
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (wltrysvc) -- C:\Windows\SysNative\WLTRYSVC.EXE ()
SRV:64bit: - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdvancedSystemCareService5) -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe (IObit)
SRV - (IMFservice) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe (IObit)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Application Updater) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (WinSvchostManagerSrv) -- C:\Windows\SysWOW64\cfgmig32.exe ()
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (npggsvc) -- C:\Windows\SysWOW64\GameMon.des (INCA Internet Co., Ltd.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (PSI_SVC_2) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (KmxCF) -- C:\Windows\SysNative\DRIVERS\KmxCF.sys (CA)
DRV:64bit: - (KmxFw) -- C:\Windows\SysNative\DRIVERS\kmxfw.sys (CA)
DRV:64bit: - (KmxFilter) -- C:\Windows\SysNative\DRIVERS\KmxFilter.sys (CA)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\DRIVERS\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (KmxCfg) -- C:\Windows\SysNative\DRIVERS\kmxcfg.sys (CA)
DRV:64bit: - (KmxAMRT) -- C:\Windows\SysNative\DRIVERS\KmxAMRT.sys (CA)
DRV:64bit: - (KmxAgent) -- C:\Windows\SysNative\DRIVERS\kmxagent.sys (CA)
DRV:64bit: - (KmxFile) -- C:\Windows\SysNative\DRIVERS\KmxFile.sys (CA)
DRV:64bit: - (KmxSbx) -- C:\Windows\SysNative\DRIVERS\KmxSbx.sys (CA)
DRV:64bit: - (SmartDefragDriver) -- C:\Windows\SysNative\Drivers\SmartDefragDriver.sys ()
DRV:64bit: - (BVRPMPR5a64) -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS (Avanquest Software)
DRV:64bit: - (IntcHdmiAddService) -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel® Corporation)
DRV:64bit: - (NEOFLTR_650_14951) -- C:\Windows\SysNative\Drivers\NEOFLTR_650_14951.SYS (Juniper Networks)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (OA008Vid) -- C:\Windows\SysNative\DRIVERS\OA008Vid.sys (Creative Technology Ltd.)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\DRIVERS\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\DRIVERS\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\DRIVERS\CtClsFlt.sys (Creative Technology Ltd.)
DRV:64bit: - (OA008Ufd) -- C:\Windows\SysNative\DRIVERS\OA008Ufd.sys (Creative Technology Ltd.)
DRV:64bit: - (BCM42RLY) -- C:\Windows\SysNative\drivers\BCM42RLY.sys (Broadcom Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys (Broadcom Corporation)
DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\DRIVERS\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys (REDC)
DRV:64bit: - (rimmptsk) -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys (REDC)
DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\DRIVERS\rimspx64.sys (REDC)
DRV:64bit: - (adfs) -- C:\Windows\SysNative\drivers\adfs.sys (Adobe Systems, Inc.)
DRV:64bit: - (e1express) -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys (Intel Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (R300) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV - (UrlFilter) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\wlh_amd64\UrlFilter.sys (IObit.com)
DRV - (RegFilter) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\wlh_amd64\RegFilter.sys (IObit.com)
DRV - (FileMonitor) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\wlh_amd64\FileMonitor.sys (IObit)
DRV - (cpudrv64) -- C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys ()
DRV - (X5XSEx) -- C:\Program Files (x86)\Free Ride Games\X5XSEx.sys (Exent Technologies Ltd.)
DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - No CLSID value found
IE - HKLM\..\URLSearchHook: {31c7d459-9cc3-44f2-9dca-fc11795309b4} - C:\Program Files (x86)\IObitCom\tbIOb1.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMVU.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files (x86)\PageRage\prxtbPage.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuz1.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&query={searchTerms}&invocationType=tb50-ie-aim-chromesbox-en-us
IE - HKLM\..\SearchScopes\{41396b1b-447e-473b-a34b-bb583136c7fc}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=YRyyyyyyYYus&ptb=BA84A11A-3076-4A93-9E62-2C1A276B292F&psa=&ind=2011032605&ptnrS=YRyyyyyyYYus&si=&st=sb&n=77ddec1d&searchfor={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2418376


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0B4A10D1-FBD6-451d-BFDA-F03252B05984}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0B4A10D1-FBD6-451d-BFDA-F03252B05984}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-5491681-450917214-31278784-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKU\S-1-5-21-5491681-450917214-31278784-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-5491681-450917214-31278784-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-5491681-450917214-31278784-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://express-google-search.blogspot.com
IE - HKU\S-1-5-21-5491681-450917214-31278784-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/
IE - HKU\S-1-5-21-5491681-450917214-31278784-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-5491681-450917214-31278784-1000\..\URLSearchHook: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\4.9\iobitToolbarIE.dll (Spigot, Inc.)
IE - HKU\S-1-5-21-5491681-450917214-31278784-1000\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKU\S-1-5-21-5491681-450917214-31278784-1000\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-5491681-450917214-31278784-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-5491681-450917214-31278784-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AVB3DF&pc=AVBR
IE - HKU\S-1-5-21-5491681-450917214-31278784-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=GAM1&o=15491&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=HE&apn_dtid=YYYYYYYYUS&apn_uid=90F21BEB-3D6D-4D51-ABF1-BA47A3E1FF7B&apn_sauid=3259EC30-3F3A-48D7-AE47-642BAD644047
IE - HKU\S-1-5-21-5491681-450917214-31278784-1000\..\SearchScopes\{41396b1b-447e-473b-a34b-bb583136c7fc}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=YRyyyyyyYYus&ptb=BA84A11A-3076-4A93-9E62-2C1A276B292F&psa=&ind=2011032605&ptnrS=YRyyyyyyYYus&si=&st=sb&n=77ddec1d&searchfor={searchTerms}
IE - HKU\S-1-5-21-5491681-450917214-31278784-1000\..\SearchScopes\{650CCF3A-BFFE-4DB3-8ECD-BEE5A5AF8886}: "URL" = http://start.funmoods.com/results.php?f=4&a=bndlr&q={searchTerms}
IE - HKU\S-1-5-21-5491681-450917214-31278784-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rlz=1I7GGLD_en&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-5491681-450917214-31278784-1000\..\SearchScopes\{7d0ac4de-72ac-41ef-b208-ce5bfd9ccd56}: "URL" = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&query={searchTerms}&invocationType=tb50-ie-aim-chromesbox-en-us
IE - HKU\S-1-5-21-5491681-450917214-31278784-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2418376
IE - HKU\S-1-5-21-5491681-450917214-31278784-1000\..\SearchScopes\{B7B664DF-3AF9-4C8E-8148-F42BB7831D27}: "URL" = http://www.ask.com/web?o=15710&l=dis&q={searchTerms}
IE - HKU\S-1-5-21-5491681-450917214-31278784-1000\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}
IE - HKU\S-1-5-21-5491681-450917214-31278784-1000\..\SearchScopes\{F19C001B-73CA-443A-8387-BCE2A969821A}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=135963&p={searchTerms}
IE - HKU\S-1-5-21-5491681-450917214-31278784-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-5491681-450917214-31278784-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Google Powered Search"
FF - prefs.js..browser.search.defaulturl: "http://uk.search.yahoo.com/search?fr=ffsp1&p="
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=135963&ilc=12"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://express-google-search.blogspot.com"
FF - prefs.js..extensions.enabledItems: activegs@freetoolsassociation.com:3.0.246
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872
FF - prefs.js..extensions.enabledItems: dealio@mybrowserbar.com:4.3
FF - prefs.js..extensions.enabledItems: textlinks@gamevance.com:1.0.0
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.60
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: OberonGameHost@OberonGames.com:1.0.5.1344
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3
FF - prefs.js..extensions.enabledItems: {ba14329e-9550-4989-b3f2-9732e92d17cc}:2.5.8.6
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.3
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.5.8.6
FF - prefs.js..extensions.enabledItems: {D9ADB0A8-7BFB-498D-9880-EE78A81CCFA0}:1.0
FF - prefs.js..extensions.enabledItems: ShopperReports@ShopperReports.com:3.0.517.0
FF - prefs.js..keyword.URL: "http://www.google.com/cse?cx=partner-pub-5528014799800033:cevktqnfrvl&ie=ISO-8859-1&q="
FF - prefs.js..network.proxy.type: 2


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@exent.com/npExentCtl,version=7.0.0.0: C:\Program Files (x86)\Free Ride Games\npExentCtl.dll (Exent Technologies Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: File not found
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@worldwinner.com/Launcher2,version=1.9.0.23: C:\Program Files (x86)\WorldWinner.com, Inc\WorldWinner Games\npwwload.dll (WorldWinner.com, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Rosealee\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Rosealee\AppData\Local\Facebook\Messenger\2.1.4590.0\npFbDesktopPlugin.dll (Facebook, Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/17 00:13:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files (x86)\Object\facetheme [2011/12/08 14:36:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/02/14 00:47:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\caaphishtoolbar@ca.com: C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\x86\Toolbar\Firefox [2012/08/10 13:30:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/18 01:54:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/11 11:43:03 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/17 00:13:01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files (x86)\Object\facetheme [2011/12/08 14:36:54 | 000,000,000 | ---D | M]

[2009/12/26 18:13:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rosealee\AppData\Roaming\Mozilla\Extensions
[2009/12/05 07:17:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rosealee\AppData\Roaming\Mozilla\Extensions\IMVUClientXUL@imvu.com
[2012/08/02 19:54:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rosealee\AppData\Roaming\Mozilla\Firefox\Profiles\6rfvqtjt.default\extensions
[2011/05/08 04:26:16 | 000,000,000 | ---D | M] (Veehd Plugin) -- C:\Users\Rosealee\AppData\Roaming\Mozilla\Firefox\Profiles\6rfvqtjt.default\extensions\{3DB5ABE1-407D-458F-AD5D-8D89BD625CCC}
[2012/05/29 04:54:43 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Rosealee\AppData\Roaming\Mozilla\Firefox\Profiles\6rfvqtjt.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/07/19 23:21:58 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Users\Rosealee\AppData\Roaming\Mozilla\Firefox\Profiles\6rfvqtjt.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2012/07/19 23:21:52 | 000,000,000 | ---D | M] (ShopToWin22) -- C:\Users\Rosealee\AppData\Roaming\Mozilla\Firefox\Profiles\6rfvqtjt.default\extensions\{7cd0c597-24e0-45b0-8bde-2e79b3fc0499}
[2012/07/19 23:21:57 | 000,000,000 | ---D | M] (IMVU Inc Community Toolbar) -- C:\Users\Rosealee\AppData\Roaming\Mozilla\Firefox\Profiles\6rfvqtjt.default\extensions\{90b49673-5506-483e-b92b-ca0265bd9ca8}
[2012/07/19 23:22:00 | 000,000,000 | ---D | M] (PageRage Community Toolbar) -- C:\Users\Rosealee\AppData\Roaming\Mozilla\Firefox\Profiles\6rfvqtjt.default\extensions\{9565115d-c7d6-46d3-bd63-b67b481a4368}
[2012/07/19 23:21:55 | 000,000,000 | ---D | M] (Vuze Remote Community Toolbar) -- C:\Users\Rosealee\AppData\Roaming\Mozilla\Firefox\Profiles\6rfvqtjt.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2010/06/19 22:46:42 | 000,000,000 | ---D | M] (ActiveGS) -- C:\Users\Rosealee\AppData\Roaming\Mozilla\Firefox\Profiles\6rfvqtjt.default\extensions\activegs@freetoolsassociation.com
[2011/03/26 22:53:21 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Rosealee\AppData\Roaming\Mozilla\Firefox\Profiles\6rfvqtjt.default\extensions\engine@conduit.com
[2012/03/08 04:09:48 | 000,000,000 | ---D | M] (Funmoods.com) -- C:\Users\Rosealee\AppData\Roaming\Mozilla\Firefox\Profiles\6rfvqtjt.default\extensions\ffxtlbr@funmoods.com
[2010/01/16 04:10:26 | 000,000,000 | ---D | M] (Oberon Game Host) -- C:\Users\Rosealee\AppData\Roaming\Mozilla\Firefox\Profiles\6rfvqtjt.default\extensions\OberonGameHost@OberonGames.com
[2011/07/23 20:18:09 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Users\Rosealee\AppData\Roaming\Mozilla\Firefox\Profiles\6rfvqtjt.default\extensions\plugin@yontoo.com
[2012/02/13 21:42:02 | 000,000,000 | ---D | M] (ShopAtHome.com Intelligent Shopping Toolbar) -- C:\Users\Rosealee\AppData\Roaming\Mozilla\Firefox\Profiles\6rfvqtjt.default\extensions\toolbar@shopathome.com
[2010/07/09 03:41:09 | 000,002,566 | ---- | M] () -- C:\Users\Rosealee\AppData\Roaming\Mozilla\Firefox\Profiles\6rfvqtjt.default\searchplugins\askcom.xml
[2011/12/08 14:37:05 | 000,001,945 | ---- | M] () -- C:\Users\Rosealee\AppData\Roaming\Mozilla\Firefox\Profiles\6rfvqtjt.default\searchplugins\bing-zugo.xml
[2009/12/26 21:16:51 | 000,002,186 | ---- | M] () -- C:\Users\Rosealee\AppData\Roaming\Mozilla\Firefox\Profiles\6rfvqtjt.default\searchplugins\bing.xml
[2010/04/26 07:50:21 | 000,000,911 | ---- | M] () -- C:\Users\Rosealee\AppData\Roaming\Mozilla\Firefox\Profiles\6rfvqtjt.default\searchplugins\conduit.xml
[2012/03/08 04:09:40 | 000,001,799 | ---- | M] () -- C:\Users\Rosealee\AppData\Roaming\Mozilla\Firefox\Profiles\6rfvqtjt.default\searchplugins\funmoods.xml
[2010/01/10 06:35:03 | 000,009,941 | ---- | M] () -- C:\Users\Rosealee\AppData\Roaming\Mozilla\Firefox\Profiles\6rfvqtjt.default\searchplugins\mywebsearch.xml
[2012/03/06 23:16:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/05/30 00:57:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/09 11:54:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/02/06 04:20:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/22 01:59:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/06/11 20:02:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2012/03/06 23:16:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012/06/18 01:54:28 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/03/06 23:15:38 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/03/31 17:16:42 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2009/09/21 12:24:16 | 000,001,329 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\crawlersrch.xml
[2012/03/31 17:16:42 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - default_search_provider: Search (Enabled)
CHR - default_search_provider: search_url = http://start.funmoods.com/results.php?f=4&a=bndlr&q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.60\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.60\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.60\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\PFiles\Plugins\np-mswmp.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Exent\u00AE AOD Gecko Plugin (Enabled) = C:\Program Files (x86)\Free Ride Games\npExentCtl.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: WorldWinner Firefox Launcher Plugin (Enabled) = C:\Program Files (x86)\WorldWinner.com, Inc\WorldWinner Games\npwwload.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Rosealee\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Funmoods = C:\Users\Rosealee\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdloijijlkoblmigdofommgnheckmaki\1.6.0_0\
CHR - Extension: Funmoods = C:\Users\Rosealee\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdloijijlkoblmigdofommgnheckmaki\1.6.0_0\funmoods\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Rosealee\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\

O1 HOSTS File: ([2012/08/11 00:34:31 | 000,001,731 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts:
O1 - Hosts:
O1 - Hosts:
O1 - Hosts:
O1 - Hosts:
O1 - Hosts:
O1 - Hosts:
O1 - Hosts:
O1 - Hosts:
O1 - Hosts:
O1 - Hosts:
O1 - Hosts:
O1 - Hosts:
O1 - Hosts:
O1 - Hosts:
O1 - Hosts:
O1 - Hosts:
O1 - Hosts:
O1 - Hosts:
O1 - Hosts:
O1 - Hosts:
O2:64bit: - BHO: (CA Anti-Phishing Toolbar Helper) - {45011CF5-E4A9-4F13-9093-F30A784EB9B2} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\Toolbar\caIEToolbar.dll (CA, Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O2 - BHO: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\4.9\iobitToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll (Conduit Ltd.)
O2 - BHO: (IObitCom Toolbar) - {31c7d459-9cc3-44f2-9dca-fc11795309b4} - C:\Program Files (x86)\IObitCom\tbIOb1.dll (Conduit Ltd.)
O2 - BHO: (CA Anti-Phishing Toolbar Helper) - {45011CF5-E4A9-4F13-9093-F30A784EB9B2} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\x86\Toolbar\caIEToolbar.dll (CA, Inc.)
O2 - BHO: (Funmoods Helper Object) - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\Program Files (x86)\Funmoods\funmoods\1.5.11.16\bh\funmoods.dll (Funmoods BHO)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (IMVU Inc Toolbar) - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMVU.dll (Conduit Ltd.)
O2 - BHO: (PageRage Toolbar) - {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files (x86)\PageRage\prxtbPage.dll (Conduit Ltd.)
O2 - BHO: (no name) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - No CLSID value found.
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuz1.dll (Conduit Ltd.)
O2 - BHO: (no name) - {BEAC7DC8-E106-4C6A-931E-5A42E7362883} - No CLSID value found.
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (no name) - {E8DAAA30-6CAA-4b58-9603-8E54238219E2} - No CLSID value found.
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (CA Anti-Phishing Toolbar) - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\Toolbar\caIEToolbar.dll (CA, Inc.)
O3 - HKLM\..\Toolbar: (CA Anti-Phishing Toolbar) - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\x86\Toolbar\caIEToolbar.dll (CA, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\4.9\iobitToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (IMVU Inc Toolbar) - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMVU.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (PageRage Toolbar) - {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files (x86)\PageRage\prxtbPage.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Funmoods Toolbar) - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\Program Files (x86)\Funmoods\funmoods\1.5.11.16\funmoodsTlbr.dll (Funmoods)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuz1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\tbVuz1.dll (Conduit Ltd.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\tbVuz1.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-5491681-450917214-31278784-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-5491681-450917214-31278784-1000\..\Toolbar\WebBrowser: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-5491681-450917214-31278784-1000\..\Toolbar\WebBrowser: (IObitCom Toolbar) - {31C7D459-9CC3-44F2-9DCA-FC11795309B4} - C:\Program Files (x86)\IObitCom\tbIOb1.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-5491681-450917214-31278784-1000\..\Toolbar\WebBrowser: (IMVU Inc Toolbar) - {90B49673-5506-483E-B92B-CA0265BD9CA8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMVU.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-5491681-450917214-31278784-1000\..\Toolbar\WebBrowser: (PageRage Toolbar) - {9565115D-C7D6-46D3-BD63-B67B481A4368} - C:\Program Files (x86)\PageRage\prxtbPage.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-5491681-450917214-31278784-1000\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\tbVuz1.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\SysNative\WLTRAY.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [cctray] C:\Program Files\CA\CA Internet Security Suite\casc.exe (CA, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [IObit Malware Fighter] C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe (IObit)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\.DEFAULT..\Run: [Exetender] C:\Program Files (x86)\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
O4 - HKU\S-1-5-18..\Run: [Exetender] C:\Program Files (x86)\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\RA Media Server\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\VetRedir64.dll (Computer Associates International, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\VetRedir64.dll (Computer Associates International, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - C:\Windows\SysNative\VetRedir64.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\SysWow64\VetRedir.dll (Computer Associates International, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AC67047C-C2CF-451D-BC0E-0183C14A1ECF}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (UmxSbxExA64.dll) - C:\Windows\SysNative\UmxSbxExA64.dll (CA)
O20 - AppInit_DLLs: (UmxSbxExw.dll) - C:\Windows\SysWow64\UmxSbxExw.dll (CA)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\PFW: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\PFW: DllName - (UmxWnp.Dll) - C:\Windows\SysWow64\UmxWNP.dll (CA)
O24 - Desktop WallPaper: C:\Users\Rosealee\Documents\wallpaper_Crypt_1920x1080.jpg
O24 - Desktop BackupWallPaper: C:\Users\Rosealee\Documents\wallpaper_Crypt_1920x1080.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/11 00:24:35 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Rosealee\Desktop\OTL.exe
[2012/08/10 13:32:05 | 000,257,872 | ---- | C] (CA, Inc.) -- C:\Windows\SysNative\isafprod64.dll
[2012/08/10 13:32:05 | 000,206,160 | ---- | C] (CA, Inc.) -- C:\Windows\SysWow64\Isafprod.dll
[2012/08/10 13:32:05 | 000,141,136 | ---- | C] (Computer Associates International, Inc.) -- C:\Windows\SysNative\Isafeif64.dll
[2012/08/10 13:32:05 | 000,128,336 | ---- | C] (Computer Associates International, Inc.) -- C:\Windows\SysWow64\Isafeif.dll
[2012/08/10 13:32:05 | 000,103,760 | ---- | C] (Computer Associates International, Inc.) -- C:\Windows\SysNative\Vetredir64.dll
[2012/08/10 13:32:05 | 000,095,568 | ---- | C] (Computer Associates International, Inc.) -- C:\Windows\SysWow64\Vetredir.dll
[2012/08/10 13:31:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CA
[2012/08/10 13:30:45 | 002,990,096 | ---- | C] (PureSight Technologies Ltd) -- C:\Windows\SysWow64\winsflte.dll
[2012/08/10 13:30:41 | 000,000,000 | ---D | C] -- C:\Windows\rnapxs
[2012/08/10 13:30:00 | 000,000,000 | ---D | C] -- C:\Program Files\ISSThirdParty
[2012/08/10 13:29:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CA
[2012/08/10 13:24:21 | 000,000,000 | ---D | C] -- C:\Program Files\CA
[2012/08/10 13:06:46 | 000,000,000 | ---D | C] -- C:\ProgramData\CA
[2012/08/10 13:03:14 | 156,730,120 | ---- | C] (CA, inc) -- C:\Users\Rosealee\Desktop\issdm_ca_en.exe
[2012/08/05 16:30:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RealNetworks
[2012/08/05 00:59:07 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012/08/05 00:55:31 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/08/04 22:14:38 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/04 22:14:31 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/08/04 22:14:07 | 004,725,168 | R--- | C] (Swearware) -- C:\Users\Rosealee\Desktop\ComboFix.exe
[2012/08/04 22:04:16 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Rosealee\Desktop\aswMBR.exe
[2012/08/04 21:59:23 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/08/04 21:58:20 | 002,136,664 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Rosealee\Desktop\tdsskiller.exe
[2012/08/01 22:31:18 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Rosealee\Desktop\dds.scr
[2012/08/01 21:47:45 | 000,000,000 | ---D | C] -- C:\Users\Rosealee\AppData\Roaming\DriverCure
[2012/08/01 21:47:44 | 000,000,000 | ---D | C] -- C:\Users\Rosealee\AppData\Roaming\SpeedyPC Software
[2012/08/01 21:47:38 | 000,000,000 | ---D | C] -- C:\Users\Rosealee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedyPC Software
[2012/08/01 21:47:25 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2012/08/01 20:43:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools Security
[2012/08/01 20:41:07 | 000,000,000 | ---D | C] -- C:\Users\Rosealee\Desktop\Downloads
[2012/07/31 18:09:24 | 000,000,000 | ---D | C] -- C:\IObit
[2012/07/28 07:57:27 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012/07/27 00:35:55 | 000,000,000 | ---D | C] -- C:\Users\Rosealee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook
[2012/07/12 03:03:11 | 000,000,000 | ---D | C] -- C:\0c4c59152c74fd7a53b1fea1c4
[2011/04/18 22:21:45 | 003,489,792 | ---- | C] (Nexon) -- C:\Users\Rosealee\NexonGameManager.exe
[2007/11/01 05:01:00 | 002,687,320 | ---- | C] (Adobe Systems, Copyright 2005-2007) -- C:\Program Files\Setup.exe
[8 C:\Users\Rosealee\Documents\*.tmp files -> C:\Users\Rosealee\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/11 01:00:04 | 000,000,246 | -H-- | M] () -- C:\Windows\tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job
[2012/08/11 00:59:06 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/11 00:40:12 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/11 00:40:12 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/11 00:35:05 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-5491681-450917214-31278784-1000UA.job
[2012/08/11 00:31:02 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/11 00:24:36 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Rosealee\Desktop\OTL.exe
[2012/08/10 18:35:05 | 000,000,918 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-5491681-450917214-31278784-1000Core.job
[2012/08/10 16:40:43 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/10 16:39:30 | 000,000,440 | ---- | M] () -- C:\Windows\tasks\PCConfidential.job
[2012/08/10 16:39:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/10 13:55:39 | 000,202,320 | ---- | M] (CA) -- C:\Windows\SysNative\drivers\KmxCF.sys
[2012/08/10 13:55:39 | 000,143,824 | ---- | M] (CA) -- C:\Windows\SysNative\drivers\KmxFw.sys
[2012/08/10 13:55:39 | 000,099,024 | ---- | M] (CA) -- C:\Windows\SysNative\drivers\KmxFilter.sys
[2012/08/10 13:30:48 | 002,524,176 | ---- | M] () -- C:\Windows\SysNative\winsflt.dll
[2012/08/10 13:30:48 | 001,744,912 | ---- | M] () -- C:\Windows\SysWow64\winsflt.dll
[2012/08/10 13:06:07 | 156,730,120 | ---- | M] (CA, inc) -- C:\Users\Rosealee\Desktop\issdm_ca_en.exe
[2012/08/09 23:13:06 | 000,000,588 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Rosealee.job
[2012/08/04 22:14:11 | 004,725,168 | R--- | M] (Swearware) -- C:\Users\Rosealee\Desktop\ComboFix.exe
[2012/08/04 22:08:00 | 000,000,512 | ---- | M] () -- C:\Users\Rosealee\Desktop\MBR.dat
[2012/08/04 22:06:36 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Rosealee\Desktop\aswMBR.exe
[2012/08/04 21:58:20 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Rosealee\Desktop\tdsskiller.exe
[2012/08/04 11:34:29 | 000,000,132 | ---- | M] () -- C:\Users\Rosealee\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012/08/02 19:50:04 | 000,881,494 | ---- | M] () -- C:\Users\Rosealee\Desktop\SecurityCheck.exe
[2012/08/01 22:41:01 | 000,003,843 | ---- | M] () -- C:\Users\Rosealee\Desktop\Attach.zip
[2012/08/01 22:31:18 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Rosealee\Desktop\dds.scr
[2012/08/01 17:21:29 | 000,001,145 | ---- | M] () -- C:\Users\Public\Desktop\The Weather Channel App.lnk
[2012/07/30 04:24:34 | 000,000,680 | ---- | M] () -- C:\Users\Rosealee\AppData\Local\d3d9caps.dat
[2012/07/27 21:59:59 | 000,001,689 | ---- | M] () -- C:\Users\Rosealee\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2012/07/27 21:59:59 | 000,001,689 | ---- | M] () -- C:\Users\Public\Desktop\Vuze.lnk
[2012/07/27 14:59:17 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/07/27 14:59:17 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/07/24 18:46:43 | 000,190,464 | ---- | M] () -- C:\Users\Rosealee\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/16 07:08:20 | 000,000,414 | ---- | M] () -- C:\Windows\tasks\SmartDefrag.job
[2012/07/14 03:19:23 | 007,977,748 | ---- | M] () -- C:\Users\Rosealee\papas-wingeria.zip
[2012/07/12 07:32:01 | 005,239,496 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[8 C:\Users\Rosealee\Documents\*.tmp files -> C:\Users\Rosealee\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/10 13:32:15 | 001,422,672 | ---- | C] () -- C:\Windows\SysWow64\cfgmig32.dll
[2012/08/10 13:32:15 | 001,422,672 | ---- | C] () -- C:\Windows\SysNative\cfgmig32.dll
[2012/08/10 13:32:15 | 000,263,504 | ---- | C] () -- C:\Windows\SysWow64\cfgmig32.exe
[2012/08/10 13:30:48 | 003,207,184 | ---- | C] () -- C:\Windows\SysNative\mdmcls32.exe
[2012/08/10 13:30:47 | 004,108,304 | ---- | C] () -- C:\Windows\SysWow64\win32cpr.dll
[2012/08/10 13:30:47 | 002,760,720 | ---- | C] () -- C:\Windows\SysWow64\svcprs32.exe
[2012/08/10 13:30:46 | 003,207,184 | ---- | C] () -- C:\Windows\SysWow64\mdmcls32.exe
[2012/08/10 13:30:46 | 002,524,176 | ---- | C] () -- C:\Windows\SysNative\winsflt.dll
[2012/08/10 13:30:46 | 001,744,912 | ---- | C] () -- C:\Windows\SysWow64\winsflt.dll
[2012/08/10 13:30:46 | 000,289,296 | ---- | C] () -- C:\Windows\SysNative\winsfinst.exe
[2012/08/10 13:30:46 | 000,098,320 | ---- | C] () -- C:\Windows\SysWow64\winsfinst.exe
[2012/08/04 22:08:00 | 000,000,512 | ---- | C] () -- C:\Users\Rosealee\Desktop\MBR.dat
[2012/08/02 19:50:04 | 000,881,494 | ---- | C] () -- C:\Users\Rosealee\Desktop\SecurityCheck.exe
[2012/08/01 22:41:01 | 000,003,843 | ---- | C] () -- C:\Users\Rosealee\Desktop\Attach.zip
[2012/07/28 07:30:21 | 000,092,160 | ---- | C] () -- C:\Windows\Installer\{b020e5a0-f11e-23cd-362b-21d8aef48be8}\U\80000032.@
[2012/07/28 07:30:21 | 000,080,896 | ---- | C] () -- C:\Windows\Installer\{b020e5a0-f11e-23cd-362b-21d8aef48be8}\U\80000064.@
[2012/07/28 07:30:21 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{b020e5a0-f11e-23cd-362b-21d8aef48be8}\L\00000004.@
[2012/07/28 07:30:20 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{b020e5a0-f11e-23cd-362b-21d8aef48be8}\U\80000000.@
[2012/07/28 07:30:20 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{b020e5a0-f11e-23cd-362b-21d8aef48be8}\U\00000004.@
[2012/07/28 07:30:20 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{b020e5a0-f11e-23cd-362b-21d8aef48be8}\U\000000cb.@
[2012/07/14 03:19:23 | 007,977,748 | ---- | C] () -- C:\Users\Rosealee\papas-wingeria.zip
[2012/06/15 17:35:23 | 007,825,999 | ---- | C] () -- C:\Users\Rosealee\F-list Messenger 0-8-3 beta.rar
[2012/06/15 03:05:28 | 000,033,479 | ---- | C] () -- C:\Users\Rosealee\ValKai.html
[2012/04/27 02:43:57 | 000,000,132 | ---- | C] () -- C:\Users\Rosealee\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2012/03/21 09:24:13 | 011,763,608 | ---- | C] () -- C:\Users\Rosealee\setup-ziggygames.exe
[2012/03/13 03:38:29 | 000,064,029 | ---- | C] () -- C:\Users\Rosealee\ryo.zip
[2012/01/11 21:55:46 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{b020e5a0-f11e-23cd-362b-21d8aef48be8}\@
[2012/01/11 21:55:46 | 000,002,048 | -HS- | C] () -- C:\Users\Rosealee\AppData\Local\{b020e5a0-f11e-23cd-362b-21d8aef48be8}\@
[2011/12/08 15:10:59 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2011/10/05 22:38:31 | 000,038,357 | ---- | C] () -- C:\Users\Rosealee\default.zip
[2011/04/20 23:35:57 | 000,299,709 | ---- | C] () -- C:\Users\Rosealee\PokerCalculator382.exe
[2011/03/30 03:04:02 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/02/27 02:53:33 | 000,815,104 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/02/27 02:53:33 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/02/06 04:37:56 | 000,000,680 | ---- | C] () -- C:\Users\Rosealee\AppData\Local\d3d9caps.dat
[2010/12/17 01:44:27 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/11/21 01:17:12 | 000,000,132 | ---- | C] () -- C:\Users\Rosealee\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2010/10/20 18:38:45 | 001,970,176 | ---- | C] () -- C:\Windows\SysWow64\d3dx9.dll
[2010/10/11 02:32:11 | 000,022,447 | ---- | C] () -- C:\Users\Rosealee\AppData\Roaming\UserTile.png
[2010/08/25 20:34:30 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/08/25 20:34:30 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010/08/25 20:34:30 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010/07/12 04:20:52 | 000,000,552 | ---- | C] () -- C:\Users\Rosealee\AppData\Local\d3d8caps.dat
[2010/06/07 07:20:39 | 000,023,830 | ---- | C] () -- C:\Users\Rosealee\AppData\Local\slot1.mm1
[2010/05/24 16:54:18 | 012,055,373 | ---- | C] () -- C:\Users\Rosealee\ImTOO_mpeg_encorder_PLUS_Activation_CODE.rar
[2010/05/13 06:28:39 | 000,000,132 | ---- | C] () -- C:\Users\Rosealee\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/02/01 09:08:58 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2010/01/23 09:21:39 | 000,000,670 | ---- | C] () -- C:\Users\Rosealee\AppData\Roaming\DataSafeDotNet.exe
[2009/10/21 22:12:27 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/10/19 18:29:49 | 000,000,000 | ---- | C] () -- C:\Users\Rosealee\AppData\Roaming\wklnhst.dat
[2009/10/11 01:16:09 | 000,190,464 | ---- | C] () -- C:\Users\Rosealee\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/27 01:03:16 | 000,000,583 | ---- | C] () -- C:\Program Files\Ahmbed.gz

========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:78E0DF72
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C6EBC69
@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:5D351BC6
@Alternate Data Stream - 203 bytes -> C:\ProgramData\TEMP:397D67BA
@Alternate Data Stream - 196 bytes -> C:\ProgramData\TEMP:8E5EA40F
@Alternate Data Stream - 190 bytes -> C:\ProgramData\TEMP:A4E7D25F
@Alternate Data Stream - 189 bytes -> C:\ProgramData\TEMP:EE198B1F
@Alternate Data Stream - 188 bytes -> C:\ProgramData\TEMP:943971F5
@Alternate Data Stream - 181 bytes -> C:\ProgramData\TEMP:F26F5952
@Alternate Data Stream - 181 bytes -> C:\ProgramData\TEMP:4A8EB1C4
@Alternate Data Stream - 181 bytes -> C:\ProgramData\TEMP:1A15E356
@Alternate Data Stream - 178 bytes -> C:\ProgramData\TEMP:14B2E0BD
@Alternate Data Stream - 177 bytes -> C:\ProgramData\TEMP:2D133896
@Alternate Data Stream - 173 bytes -> C:\ProgramData\TEMP:587F3582
@Alternate Data Stream - 158 bytes -> C:\ProgramData\TEMP:FB4262DE
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:A039EDF9
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:97AD6135
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:75EC4D20
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:C2F24DB5
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:0E8117B1
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:5520ED93
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:54380FEC
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:021496FB
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:C36D0DFD
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:BAC2F271
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:599BCADA
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:0F38B460
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:07D3634B
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:F67947AF
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:689AB7E9
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:FEECF2C8
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:ED2D63E4
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:2AF322BF
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:DB2748F7
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:D23FAE12
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:5311B0B8
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:E9DC8DCB
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:C62640AC
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:5D432CE3
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:65C4D44A
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:F1F95179
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:B0456F0C
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:AC4C6FB4
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:4EC7F009
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:D2397415
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:A02025CE
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:E5B07840
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:DD629819
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:AA6C7C38
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:9C3AAD57
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:6E2D80C8
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:6A0A47E7
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:008586AE
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:93C48025
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:474022C7
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:0785072C
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:C5CE2DF6
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:9857FAE3
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:2B9555D8
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:D31BE97C
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:CFA8C6E3
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:0F6AC518
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:FDCAE7B5
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:AD2DB2F9
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:98982C88
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:164561C8
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:E8C44CB4
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:11EFE63D
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:2652902F
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:A5F89CA6
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:34EFF1F2
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:EF38B79C
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:EEB25EAE
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:2C250258
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:207C4C79
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:1B389835
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:7C60A173
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:2F8138B7
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:02CC0035
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:28CDD861
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:260575F1
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:15752405
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:957E9765
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:CB16385F
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:4673E9EA
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:417B6FAC
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:E91ADC66
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:A07E3E9D
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:3D36932D

< End of report >

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:10 PM

Posted 11 August 2012 - 12:58 AM

Hello

I see some things in the last report that is better if we remove it this way

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst64.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.

[*]First Press the Scan button.
[*]It will make a log (FRST.txt)

[*]Second Type the following in the edit box after "Search:". services.exe
[*]Click the Search button
[*]It will make a log (Search.txt)
[/list]
I want you to poste Both the FRST.txt report and the Search.txt into your reply to me

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users