Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ZeroAccess rootkit infection


  • This topic is locked This topic is locked
24 replies to this topic

#1 ImmaNoob

ImmaNoob

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Philly
  • Local time:03:37 AM

Posted 30 August 2012 - 07:30 PM

I received previous help from Broni, who did a wonderful job thus far, but advised me that it requires elevated help. So to cut things short, here is a link to my previous post and the steps taken thus far.
Previous steps taken and results!

Issues still existing on my computer:

1. My firewall appears to be back up and running.
2. I still am unable to print
3. I'm unable to click hyperlinks in my Outlook emails, it says I don't have access and to contact my system administrator.
4. Windows Defender still won't start receives error 0x80070005

Not sure if anything else is effected, as I haven't tried everything.

I did follow step 6 and here is my DDS log:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Nikita BigBank at 20:17:39 on 2012-08-30
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8079.5920 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SysWOW64\AsHookDevice.exe
C:\Windows\system32\LMabcoms.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Lexmark\ErrorApp\lmab1err.exe
C:\Program Files (x86)\Adobe\Adobe Bridge CS4\Bridge.exe
C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe
C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files (x86)\Intuit\QuickBooks 2011\QBW32.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Users\Nikita BigBank\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nikita BigBank\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Users\Nikita BigBank\AppData\Roaming\mjusbsp\st00001\mjsetup.exe
C:\Users\Nikita BigBank\AppData\Roaming\mjusbsp\magicJack.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://isearch.avg.com/?cid={DF1F8BBF-F620-4AB2-834A-865424B03734}&mid=f65b0b47dd3c47d0aa0c3182083df8b4-7d1635242c391974465c82dbcd1ae62aab975ec3&lang=en&ds=gl011&pr=sa&d=2012-08-20 20:19:27&v=12.2.0.5&sap=hp
mStart Page = hxxp://www.yahoo.com/?ilc=8
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwa0.dll
uURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
mURLSearchHooks: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwa0.dll
mURLSearchHooks: H - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwa0.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\12.2.0.5\AVG Secure Search_toolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
TB: Alexa Toolbar: {ea582743-9076-4178-9aa6-7393fdf4d5ce} - C:\Program Files (x86)\Alexa Toolbar\AlexaToolbar.10.0.dll
TB: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwa0.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\12.2.0.5\AVG Secure Search_toolbar.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [cdloader] "C:\Users\Nikita BigBank\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [LMab1err] C:\Program Files\Lexmark\ErrorApp\LMab1err.exe
uRun: [AdobeBridge] "C:\Program Files (x86)\Adobe\Adobe Bridge CS4\Bridge.exe" -stealth
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
mRun: [RunAIShell] C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INTUIT~1.LNK - C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~2.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files (x86)\Intuit\QuickBooks 2011\QBW32.EXE
uPolicies-explorer: LegacyDrive = b5a8bd68999f30449d01f95569eb96b10061c99ee7e2e2bd893f4082daac16e73b186b629dba6514eaedc643a03db70abfc2c44fe6ac29f6b9204c5485438ae7279336442a7edf502f2dd2b3f092a1e08a4a02625c11347950c5aa9a9d0f7f4b4142c327f686122862356c268e85409a9968caa8aeb09f5d3377873543be8ae05f544e4560f9a0c8b0c450c8bac2426c9fe0c2a02b0b185a07d7955c2230db8cd1a725dc996acd4d45a4a481c22191cedf047b9151bc69c5fa34e8d46a4aadaca7837c1629fd484329a59ca81ca9390c7a3001e0c34914cec4223894167b7e13e95a22a3ffffafb4aafb1a756ddc3c0426c58c3a56ffbb525c403a4d472eaa94e91f93e02c235a57a9446df7770cc13841487eed9c0cf86c97f7e2ee93b8be3955d1987c599bf47a698b05ea6fb3201e888c6f98e459f2eaaaa67083e520bea1b27f88d0bed171b76412584a16fcda40fe2018c8e536ba7853b23386f897473a4a90cba3703dad8a5fcb34a443c7880b203474efb9db6b89b1e2c951f0a05c71bf48b0237958445554b1bca57b3878c568cbea294e28ef0d070a5fb94e94e2042ef30617ba408f73ffa30e3537beb6993f496abe4cf91aa9d9a7508be3ae06475995bb2fceeec60e727de96c40c09d290d79e0ddbb50f60645e7d0dec87a04b32dda74f6f31e2a8f2f958774d1fe9d7a28fcd96ba9c4e558ec19cc31f77a6092bf9ad8e0ec10be95dd5009d8ecda8551f3b17c3b0e0f8fbba35797e570a04b884b047f0ba1a10d707e208b4a3d453a1f55748010767599bcd5748961c34c554485047254609a7e0af3002e93c96588312fb552df4363ca334e6697895481005ee9c85cfa4560c997529b86212ca7d32a8486be0d2fcb620abecf8169a548cab49c1e5723467a7a58111fb94c5dfd178ae003959b4936f9c12300cee7fdcaacd9c8ccbab1802470910e26a2986ef4ba0e0d4e44e2fb75abb1572b8854fad800b1d7a89df7ecf06ecbde135947eba6b34320d20ed3ccfa5210349e0f1c8880126016053718bedd7d12a6e660b22e4e633a27f8ec483f2254a0c0443f2c7b3b2941fed0a642240e917ccd5150e2eb4aae2b278a488fad2533d9e964e5be8eb9526dddf8556724c3529185461987f8250e3493b3879f09657608728648344a2c0d05bb6ad84d1fc769e4c0ef09f9e3a9eab6a5060980c665e7330ac38f364a66bab31a64bef89e1d011e9e09b3e8ddb4bdeda706f4faaac893b20664e877a7ec4d8ed35e5a7dff2759b8e7e5fa7dde7148fd621ddcbcf33a513a25def7fbd3f5e3cce45933a82f1a43b781e6de2c91a124342cfdd2298f4ac409148fb72612d9541ffed36a0ed6977c03bfc47bb2ecd1d468c3a1ad433b576ca3896b7adcfbfd462d246a8cf6391ed725c4bba944f256148acc0975379388c13c07dfe2ac815709c1e09d4620c721555e06bdbbc25597124d4848a2f77f3e313c1d5e1bd77ceea5ce1fb38eaee956e7188c0c257c43767525c4c64f7670ec244e73ce503f8237887773d3ac6abfc3a07a0da0f20dfb25bde21a28cda53acf03c1e900fb753619ed2abae2d104dabfc7b7462bb59cc5613203355ca3cbcd02a331a69ca9e67a8ae464ab35f76a8187449245ca139ef964619e807d4890eab773cc47b38ba0b9d6f237cd4db4bf0c4ebbcacca142f54c608bc801fbd5de2a7e8846aa17b42817d2b9ac0fa84717cbb88a37f6d49e02bf3f49e97a2db5e9d3b2acabd804dafe8b28f7480ccfc4d7bce64c1aa1696a110c788b027aacb56eb9abc8434cfa05530f13cc051eb8aa4af48692d3d0cd6b815d9fcb1e9127034ad63c5bb868369e9aa3fe01da59ac6f618a08d3131d8ccbe0d83b5d88048746a567738eec72f560b0ba9e19a7ac7c9ff17d40f456619c0bd0fdefda491e24b0a5abd7c903d8ba1f409d3884bd6758ee630de312e405a2c93443d8c13d96d3300e0a004c142954811c582a1369a4f00604be213b544373dbee4151f8aef78b7207dd4d1897e44d10ffff4979f1e2b14e8a0aa08ee3fd119ae3d350de57f5aeb344257995847bbf2c306f3ee2b0440111fa284f7425e69a49cdb800bdb95d17a5bb6cea6ed8e83f57a9141cdd01898977d08596844886a0823e18d180d2ebe6d6522835135c05ee374397a123b4e8004db99a4ae6b83eeb9924b3a94c817127e9aa40200d5058fb5334c6a0d59a118bf0fa1e1e48f8513c0c96f5137ba9de39a8894cfb7a0d13f1f6b7f9d6c12b6097e0e625aac32cc7a18242ccff66debf604aabdc40628432d6106026a5e26cbee837597976965f3ce944828fff15140940827b09e2fc34a7e98018eb926cde3cf291e21bdb892411ff4a94e558fc8d13c7089f7afb7291559468a66c95881b208bc6cd03341a2b1b9151de40ac9d5dd9e23a059f95526ba3221ff193134f973995ac14442cfc254ba526260f4c97df0160e4a004c4b19073f7d1426646ae893141ec8e2e6b491fbd35e5c84a882e0e2b0c740c02546ede8808bdf384a76f6f991176cd624859c9c0772a7d7334b8cae80205f9521afba2fc6b5acddedff5586ee01e98b81a5f43b1836a8ec9995392bfebfdf4b9dbd2f9c594a2b8a779954032b1a62096ba2de3819ae9df437341682f58d043455f215d0ff7b7bdc97c51b8c4096b640c8e084e4922af70e39ab45d6a5ab8bf346b730348ceb1537a109bc5d81f38d295455c340964f1df04b865789c096dac5909065a2c37c09961045dfccf349a1452884d377b9ab0808508fd178bd43bb3f90b575d40a57676cfad8afb3ea12308cc1c889b0bb2079bda1c891994d49569d587838704a85a985084bec0217ae7621b284a36e723769d37eb3c32041e12a21aebb9bdd7ca1ecd306a7e26f4ebcefe554e5a7fa42aac1b5ca0af206290148c8b0df5225f0fb9bd1d68e937e5fefa1ea0be26948a59871d2812e1bf7aba5463cf2fd67fdd23dff2111f662f24c70d9eef5f993f808ea4916d6296b26895d1c7140f2c9e17aba392713e4cb00cd58d17943f8da588cce8bdd09253a7d1147a6f080331f89cf880c16284830300c4b2e3523666eb0ccb99bba13eeefc64a3f196ed439f23bfa729a327f3f5716775e675147edd9cbd718085cd193a7db34082ae407d619330504d2eafac659c7f2f47f7ad2814ab8600a106ae1dcc3f130511b61fc7587d329611184fb88381159e616ff2559fd8931d83b59f56ff05a4a43e14514b7dfde7db1c6eea12f5ab1cfeecd6abe662c76daa5b4014be4359951ad6f025ad9393e8996595b8e88362227a950fb242183671b20300ab74ab83f65be44f6f99694347327ea57fb0d372ef19acf38d1e3f91ec955dea032a552530519516827c7e933521996c7449accacf19df8ac0eea79f83e73ab127a3460ae54ce2b3b2d4c5da107eb67729a1432f1ea8b6799d5e45ffb1688947df1331926e51f80506fdd4067d6771e9ed0cddfacc0aa585bfb2646028c67a6a6639dc54b566477a52a78115df23e2b208e714e267381734a5288860e36822c5585d85163b763650e3bce8ef2cabfa611e4040bbc95306ab732752adf6406a82b7637496deeb452761006eb8c9b7bcb466711f18ceba017bd171d64bb029f55989d0a698168e7c2197f0e57b0d46ff1aa949ad258402ea7c90e75efacf462ff7c3e71a1225ecc22dd9fd48b822afa21b3313f012ee4668b814cf1ce6e77313984d16eff98c73cdc052106dbff87093b9078aad75fc7ab510487759979b055ad5626b326a8e68f91d98228974c25fe1819ff7c7fed589b19c226ee7e6999debe1913fabf696a16c378207f8998c9e57531a024387d603dc2404a99d0b13758f7172eabc84a44ce75197a87ae53214c0b22d385435250edad6f0e5ec102eac57d1206d8824bd1841f80d038290b48cad02c6614a1419127cea8f07df443c11c9adcb44d0f51d098ce2346f9d2350c2f085575f3f697ac6d77616f19e8bd8e454f8258619edb9af30328e820219fffd66b22dce1f3deca269a6e534572aab2cd1d6a0a88d52573ed88c9ae2e5b85c0a6595ef0f57f377d722729fb1e18c8a80fed60c1c02821bf5ab2980fa3fc7d2b92107a5c7a2c2ff6219c20b5536cb121c93dca6fc498cb22126518e4e9c393865535a443d1b5694bd8b771e93e7ffef2947b970d5f6d4e95019f1436a917b12fc2237d21dd41c719999640e9e31e301b94b981b01ed822f9215b4d13ea0ac5d7eff6ce13bafba9b627bd6071b95f98b08a96e576492f43d8cce64c2bf30937522d57a7f0759947c6e4b8889ccde089e0ce1f91ed4f1d4ad09ed4c4295aa317d68e8943abc852c669ef1f811aae2a826c516493417f184557badd5165ddc13416d379f013ae49a4802f9556ec83c091aa82cc9666846b43e4f816f093a1bd28cec97e20ba60600b1f7875f31d60abcaeee5949d83958ea59d08ba3d46f02da51daa39199f8a6ab1f2fee50f88b629c61a840a2b1d3b3b18c6ca7d55a8edca1f7f2392cac11645a5f898f5d06c2947b61d14511e99dfdd803407b677ab0f1f92c9e5771049e059b28f18981b5731f962e25f1a6add97e4055b89df547ed1b686958a4a56687e7b4f6e2f56d6025ea8d3d14d00a7e69c0a4b1124abd7f99176a7ae4cdca151e3397f4f596fa67066ba43195351a8d82e7aa507378117a1768ee1fb236e16f86b1ccd61cc934d1d1fcea019012ea7de10a836d2354b8d51541e6ae9cb7a83bc029f89af7c69799a6f1aecce5f2b5dc82eb9422490d0875830b4940bdcf95ead7cb6c000b0b5586fbeecc002eb59d5fdf790b25986e0bc90268b05dfc9fe76eeaaf642c50e3dcca9fb275284e8a7ab02dcd547df719b6c326cd176b0bc965fd1d74f8c39204c42b2cfad4b06e56ebf36f6f86ace666d376bd87b928ba94c3b35f18230f0ff8f876714bccd1196b616f664cadfda60d23b381cd34cb94c016375c82c49356ab465964a3325473b773575b6d492e061591d595d5a147e83fb7495bbb035d6be1d276d4ccdd3345c262a911177a62274ea6a54482abf86704a0e4854645f87ff896105170a0d78c4f948b06621a01d0c6e7e868509251302ba36f1fc3ed9cb7bee21f9d37199527116274a29e03f52c11b601e1a906ff5a2bfce97390fba652fbe994a5ee8f632abc432a7542c4b4eed2651b19706e991a41bf9a7840b6162133531daedd9ab4e97639df8c58996bff4cfb1c5e16234e099958bbde0497bce5114769e3426e022d6a258dbb7049c17d507423f2622c6ff6df5a39dba1fdd4bc2a1f730ee8088e78b7b388e5a87e8ed70125c2fe85f19909f52dfc81bcd6dac84375a3b9c62913083dd8066f86bc5e9ab467f741aa05dc93e9e2bbdba72b965e21f9bc82328bf83623d3088dc53550acbd8bd0e7206c542740aeea8fc529995fffbe50187a981ddae0d3b29f29cb9abe8e9a7499fd8541c01bb362a4e43d574b9284cd49c1c7d8ebd0f57db58abf730f06f22a3bcb040d8a38ec04d023373e15c1592d8dc641d2cacd303a31f9ca49abdd6db69cf899c3571946939f5595dd645db225e6066f0f0e239e2cf3fbbe14a2fadbb51fa6afeaa7d50d4f381d7f54538d2e91019a0359145c0c92affb21c40963c76f6d4054a2852654c9d90f2cc7930be6fd458533cc496ddfdf0a77196a0203516a46a951d2137a74e5a98913e35caa41e7e87ab81005a012df3b523de0f81a298de0dac36f640d2786965111eb3b2295b422e91118b5355fd3ce484f95ccccd554f6e5087d74bdc7a7003837f18d8d83712b9dd9252c82b42d856a613776a6bc3a6efe3b6729482f5c1b38469c117a533c16fe52de9394a6e3bbb8a6dd26af5843bcd37c69d52acdafde9e3e83f8bf291c5e3bf05c23971293eb3e601e29240e30d8aa0bd26bc18e290653f1f8eedec3653e621900dd7e2401acd609d104b7eccd5ffe4e4655369acccb00faac67b86fb746552145f2c491f37a8e4a5bc8542971b5428146df0f7a763d646e01a749935699dddbb1344b18a785f964ff0a02c0c472e7fb98a581d54b043b65adf27db8a0936bbb71d3d05b68ab55ea9d9ff7c50e8cb89534efa0949141aab6ada694ec6f742d59be082c69a15c720aa5dc901a7f76891bf3f1d92ef57fb63f0d95957d00faf00dac1e47ff34ae65815d65e4523825f37a02465739482eb03d4e22fe17b2b25b63f04d5d2a785a840920dae0a3893642513c2797229bd375201738f4d6a4cebf0f6a686bdfbe5c07e850e3f4d6a6c3f62cc92b8c433ede7d8f3793b4250b9c4d7ae4c7f06eb7825e897ac04249849125690b89d5ccc108b06e85042709f334642e2ec43095dd4d13b17404bd88b531a4c276e4ef00a4e3936f88e6bc9c49076e8ab3746c013667592a32581d5971708a2af5423fcff5b6dbcda8224519142e6c01888f5a43de81ec9aef4adc2963c1351dc8110b8fe2bb68a742da89071aab4b67504ce07cd1c4c61f2844faab4fac69a7c551a7a5e0fee36965381b4e56c78ce60b716dc1e18409dc30fea91969c43bf26e483e7e4972c60e5b38c561b66f8a17c7e18768389f57161498ffa02d6b75b9bb7a5ef845401cd1c5e408c4070efcd452f9153b4ac9b75c1520d1f9bdec62a695d5823c7e60f10714ee908aac08da26acce7ca34ddfab2f9679bba48be1ee0aa2068a5d76612e90bf1f65d182827c0f858591ba06bfedcaac899302be6319769394b74b4a119ebebaa08b67acde3d9bbf48bd61e1ceb1368d878dd072fa0a16ad62c8338d6038ea99eeb929d49401e03fdebf13a00d7e2e820dcd9a7da79d8db7f8ea26ab229eb92941b2679ea096f3962dd3d07f2bee7fb027c19017a92de5259d3b42b72df60ab4779cd26f4f3ac37bcc1f40c00790c9ce1fbd207281f4aa876615170f9c4645828ae862666ec95120ea9b500abfa5d7c6d8b8c3d18a65b35b1a6db3568079cf18cd6a0baa7784b5098cf78849d72fd0e00ce2fec25d4ee6ca48c22b5cb35ff7483a20eff2c81866b064fbd0744ee07aab4b4579653d54e0b5f664365b4ec328a073b37a8281b2431153ff5a951998590c01290a10f39924bc3d0e0b78f8503374e7202b96a1cbdbb6f3ff090e80dc22ecaa4e38aab69b47e02a38bcd87ae13843e4e8912a99ce19271d1024d4f043c4846e63d731f46944b6c5441b813e2b2859fd6074ec1eb0b1f7fc582f5594b3f5c63a1510f08cf62ba3a553606192514e1e0a236c44592f9cfa9e6c04a6360f19b07866fc89a3040aed141eae65bd357a0fd2f577a1c59d5eb9ac7521361ea24dd70ba52ad0ad5e652da96d6eae93a51fd5b5bd9e3d0c49842d94e93f6dc5c1b4595e29293361a563be5f170b08f53356879734e5678ccdea233a638d53a4798ec4316cc22bceaf6044e2977abd63934f24b73d9d949d2a39d9c12749d48dc2b321430dd5f8499e7751c3dafe4c6773e2cf8d30627186ed76972fe205dcc62858b7fc78ce574b36d2d289af0b7fbe9fd2e5a033f7e945cbdd6a6c96f3fd6da4dc4e9617fcbf127c80590f5c9f091f0d1f09dfce1a9cd71302fea21ee39b4fcfe87f06bd210eef8583f54f623160f4fff96dd48922e1f107651a80ee39459849f053d151166e24b70e488cdcc6ed78c63937e8c7899622594f0da74d2f7d6525af262ebe496b6931bed508fcae5bb95d66e161fff9fec6d892028b52083862a9b3687d947fa045273e344f95f843048c812cfdc0c5ffe33536794db0d7a2f1a49ea521a61cdf96215f366d4b18ac6f57f93395ec61c3cbd73babf5fc23243093cb2c5a919e92d463a34d86e2a31124848e24b0cf1b6e4114e6afd0025980b77d97faf11a2661bfe275b92b89fee39cac7908a757503a28ca5459927dae34836118f19c694daf8f49bd69797d861e738ea02f6391570818f0ff02976de388af637e79d44fee95ce2990a57ddf6b629dbe525fca0166cccb673a7d7287dae0c4640c315a41d5f107b73f94bb045a79a8a68120a328de98cc3d3036710bcc8c30c9e2995c8c023ea25edff1ed9152b58652a24add808102a153c05b92c7cb4cd114076f1f475ddfbde748f726d92d5cfd81ec3d452ab4d9d0a81b42fa3b6e6196b7453b29e25b72561e9d0f9a48817e3adf99da7969686b0d12746ed4979c14c49562accc20f62fc5f28e84afb50135c252e983024e0446c141daf4658aa1ff6c415d64ac6d4b80e077802660dfcef0302ee7d23c2cc5f5e25249c2b182223c71f6f0946376a9f7c9cf3caba980e7755acfb621ae117b721dd62aa507d926e1fe2bcb636477a5d83c8ae00a3a1300bf1ca7d2de3d08a3d468a6af36ea66dca8eba3a9fdfe72619ff62b9432fb25c774dec06b68aaa90cb37c59cbf84694df0e3dabe0760787dc11c8ceb2d2fb18673e5c472367051b7c1ed701f7651b2ccc2369e7ea1bc92a3b1f196b2981afb661cb3e00d7b0feb90a4207a08964fedbb683f447ca818b0d19f2c65b76978b94009cd7e4b0e42c9babdade0d0016b237c92496a672878f9558fdf2559605d7f21b9fcb140053c52319745bafcba6360e1d9ec44711292c2e347087d1747a4d1332f20d97982b62fbe02d6122b6a642d8cbffac759ecbb942a0c9f91995b7fed53e6b1e07351f74ea180d289ae93bf080b599d71174493db8313e20106b089957baeeaa1fb53e364714e1512a1232ba161510a600959132c0762abb6dd4190f54bbd0e41ebfe19c7a601cd2653cf733a882338fa2aabd2f4764d36a69ce677336e9c875034e7fe2471d7707eb3762e5c1ad573c5177c0e8dc6a73709b641fdd48cad9eac8df3458b7a6666faa6b8219f00d7dc93f3dd06104867053f88bff07f491447d063dd934c49e234ae06d87e4fd94dbd0c1ee1b692c4e5ebc28c208e9611940cb56a2a5dbb0373c51d37aadb38db45fb0b6eaebc2a1073a1cf428c7e58bcbe8a71ae198001424799accab195cdabc75e2c1e1bc2bce3e559243212200b5db075fb3cfa652a8c86d23038fd3fc95bede5b3acfe9c0bb78a4a8ecf33b5cbf31387d52de47550360431ac03da82ff68461a30169dbfae72f5e31474b9dfc8cc68c5266e3712b7b023e8959c41eb5b0704ecbbe952e780af198035592708ace3b7c8e850976b222f45660c0d7de18ed93202c5e7907efeb90cacd22bc11db8fed59b23a96997e72602652c920d4be60075ea465190847d9e182a5976210079250e8d65e81dbb0f29e38bbac1eee3a9575f05ee688f6de5ecc65e1c96931d61b1b61b08f002d1735ba4255446fb873b114439f01ecadd15b4b84afe1a00fad40b28778862a84953452b645951cd5ad4e66db33357c702b67dfa6b39445e6db9ee02ab20a63e36d9cd64360d055ba5fe23612a374a4a0b932a90e33b68b5e9da95c2cb22ccd34d0764313aabe2d523d5b94a0052af35f70304a6393806ef61c5fa31f88a76c239669a24dfbd6c4eb57e8608e99681ccdc27d6b71632ed9e4124b459a3f1242e9bba5be1c76bae1c38d95384c843313d8cfc92c47986c8995bc12a36a17b9c7ec01e6bdd81851a8d140df2df7e9d0d7bc903abaf389b6d1572afb59c03a2ce6fc1cff41adffba27f0970d1d85b750a630220db95f9ebe720c4bd808e53308ffab22bc9fd8b8e5a484bcfb3789b3421de6b24d2f6170c00a709f59075a7d326d9aa640e6ea842c20302be913158114469dc0135882099016e44bcf893e673f3299924f9400fa82f333acc65c9fb501e58e87ee369c9f27486a65826d9654a191ea5ac5bfd382e3e615d0fadebe6ca3a658b603eaf0636b5cdf0286610ff568cdd6c7bcb1c9496377823e5f2ea158f0221164fcb08cc1b458621675147644ece8899a7ebbbb48e7654e172109ae5787a5ae183ae7159dc443590dfb42aa6ccd281d32ca698a9cba54d6d306dd340ca17a5406dd843890dee1444c4fe094b45364915abf45c77486f3f197745d56c3201159a01ca44b076e5483c444ecb19be3e86f88e1da194b940cdf24caa76718dcba93d9043b60c7813465294954e6416703fbdd4598ef292acce7c7026ec4225e594affbba4815407185b5e61e798ee209ae703184c4e9e1816cbd2b7ca3c1b51e47cf04cbdcf9ca002d980499665c85ecf92f20b8965bd211e5a0228cd4596abbd4372d73ff0114454da1a136f363f397cd2651a204b055a4380d2f0cc469c7cab5d74da1da311f72b8872e374c2c5282d42885b6666f2eef08f7084523a371433221cc9216d40955b2ef4d0e22e7222d3eccaa2f3e21e3f8c0a125f78a17fc77b2b67bbd5b72e661864077b3824ac1de1c052fd0d1ddcc2d5bd4fad8788867dfacd26fb901e84d54cd7d6a7bd0cded97ffab2c2dfcf9d063d74af0db4aa78b4fd58104291235a9d0e408abddc86e56210c8c8029161ec067910e835be07f871113efca1060dc4ee76fa8a3221cfc0adcf98f00cfa5bec92423e5271b011c690257f549a2c370347304aaedeecd40ff724df1d86938498152453e25165f510c8381041f1cb6b2e6dcb53038cd53d6d132eacf53db3568cff138267903bf7b40d29128cae0967ecb6bd2759a29ed4a4129b32c920394417f1d7769189371c95e43a1bbb42ebe600c2bfad24321bd05026179afc47822c10ee26b749f24defdfbd83bc65a69e32f07afcc3a37b5c0cb38ad010cd0e12215589ac733d7247da9bdbc28d5b51812a310408fbd227c878649a380d33c7281da5c9524670d433e70ad119df61487c98cd83914443f11d67cbc8879634ee327e06da1a0927b8365c7a2308ea0237123fefedb740607c9e04e2d05ce533384dd74c5fc2f99f7d626a9ececa5e7c4377713778e63ad6e7f924ef5b9d796da7aac090970a4935271e0658f35d9cd7efc43fba795859aa2eebc9269954d46ccbe9ce9452983a22721e33d8b27a0acd9aa231c3bc7458b6f1efd5b1e5a300
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
Trusted Zone: wishuponahero.org
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {15BE8BEE-4105-4A79-B385-25068AA967DB} - hxxp://www.iradiopop.com/IRD/pages/VBIMDPlayer.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} - hxxp://kitchenplanner.ikea.com/US/Core/Player/2020PlayerAX_IKEA_Win32.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{715D61F5-D4FA-4514-AA2B-1A84FEED8AF9} : DhcpNameServer = 192.168.1.1
Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files (x86)\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\System32\mscoree.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.0\ViProtocol.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwa0.dll
BHO-X64: Swag Bucks - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.0.5\AVG Secure Search_toolbar.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
TB-X64: Alexa Toolbar: {EA582743-9076-4178-9AA6-7393FDF4D5CE} - C:\Program Files (x86)\Alexa Toolbar\AlexaToolbar.10.0.dll
TB-X64: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwa0.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.0.5\AVG Secure Search_toolbar.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [RunAIShell] C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun-x64: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Nikita BigBank\AppData\Roaming\Mozilla\Firefox\Profiles\zkp4y21p.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=mkg030&p=
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/?ilc=8
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&q=
FF - prefs.js: network.proxy.type - 4
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 SCMNdisP;General NDIS Protocol Driver;C:\Windows\system32\DRIVERS\scmndisp.sys --> C:\Windows\system32\DRIVERS\scmndisp.sys [?]
R1 avgtp;avgtp;\??\C:\Windows\system32\drivers\avgtpx64.sys --> C:\Windows\system32\drivers\avgtpx64.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 Device Handle Service;Device Handle Service;C:\Windows\SysWOW64\AsHookDevice.exe [2010-1-22 203392]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-8-29 655944]
R2 QBVSS;QBIDPService;C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2010-9-17 1251840]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-1-22 2314240]
R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwlhigh664.sys --> C:\Windows\system32\DRIVERS\bcmwlhigh664.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S2 WSWNDA3100;WSWNDA3100;C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [2010-11-5 278528]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-3 250056]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-4-28 704872]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-4 136176]
S3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 113120]
S3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 wacmoumonitor;Wacom Mode Helper;C:\Windows\system32\DRIVERS\wacmoumonitor.sys --> C:\Windows\system32\DRIVERS\wacmoumonitor.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 Adobe Version Cue CS4;Adobe Version Cue CS4;C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-8-15 284016]
S4 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-11-5 1038088]
S4 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-4 136176]
S4 PGMTrusted;PGMTrusted;C:\Program Files (x86)\Pogo Games\PGMTrusted.exe [2012-1-4 519888]
S4 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-8-13 3064000]
S4 vToolbarUpdater12.2.0;vToolbarUpdater12.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe [2012-8-20 927840]
.
=============== Created Last 30 ================
.
2012-08-31 00:03:53 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E77EC7DB-507C-475E-A9A9-53121028792E}\offreg.dll
2012-08-30 23:17:26 -------- d-----w- C:\$RECYCLE.BIN
2012-08-30 19:40:57 98816 ----a-w- C:\Windows\sed.exe
2012-08-30 19:40:57 518144 ----a-w- C:\Windows\SWREG.exe
2012-08-30 19:40:57 256000 ----a-w- C:\Windows\PEV.exe
2012-08-30 19:40:57 208896 ----a-w- C:\Windows\MBR.exe
2012-08-30 01:23:16 -------- d-----w- C:\Users\Nikita BigBank\AppData\Roaming\Malwarebytes
2012-08-30 01:22:37 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-08-30 01:22:37 -------- d-----w- C:\ProgramData\Malwarebytes
2012-08-30 01:22:36 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-08-29 14:19:25 9310152 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E77EC7DB-507C-475E-A9A9-53121028792E}\mpengine.dll
2012-08-21 00:34:39 -------- d-----w- C:\Program Files (x86)\Palringo
2012-08-21 00:19:38 -------- d-----w- C:\Users\Nikita BigBank\AppData\Local\AVG Secure Search
2012-08-21 00:19:36 -------- d-----w- C:\ProgramData\AVG Secure Search
2012-08-21 00:19:25 31080 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2012-08-21 00:19:23 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search
2012-08-21 00:19:23 -------- d-----w- C:\Program Files (x86)\AVG Secure Search
2012-08-21 00:18:02 -------- d-----w- C:\Program Files (x86)\GhostMouse
2012-08-20 23:56:30 -------- d-----w- C:\Users\Nikita BigBank\AppData\Roaming\UltraVNC
2012-08-20 23:53:49 -------- d-----w- C:\Program Files (x86)\UltraVNC
2012-08-20 14:04:29 328704 ----a-w- C:\Windows\System32\services.exe.00110B61336A4A19
2012-08-20 14:00:31 328704 ----a-w- C:\Windows\System32\services.exe.D8354CD7699DF831
2012-08-20 13:56:50 328704 ----a-w- C:\Windows\System32\services.exe.30519D3DB8EC54CF
2012-08-20 13:52:54 328704 ----a-w- C:\Windows\System32\services.exe.58A1A367C8252BED
2012-08-20 13:48:37 328704 ----a-w- C:\Windows\System32\services.exe.EE37D0BFBA8E685D
2012-08-20 13:44:26 927800 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1E986BA6-FD74-421D-B37E-9DFD8BC938F2}\gapaengine.dll
2012-08-20 13:44:15 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-08-20 13:43:03 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-08-20 13:43:01 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-08-17 16:48:16 -------- d-----r- C:\Program Files (x86)\Skype
2012-08-13 17:35:32 5115584 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2012-08-11 22:45:14 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-08-11 13:21:43 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
.
==================== Find3M ====================
.
2012-08-20 14:07:05 328704 ----a-w- C:\Windows\System32\services.exe
2012-08-15 05:18:05 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-15 05:18:05 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-25 20:04:24 1394248 ----a-w- C:\Windows\SysWow64\msxml4.dll
2012-06-12 03:08:36 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
.
============= FINISH: 20:18:04.13 ===============

Attached Files


Edited by ImmaNoob, 30 August 2012 - 10:52 PM.


BC AdBot (Login to Remove)

 


#2 ImmaNoob

ImmaNoob
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Philly
  • Local time:03:37 AM

Posted 30 August 2012 - 07:43 PM

I am at step 7 at the moment, but the majority of the checklist options are disabled, so I can't check all the boxes that are required, what should I do?

I ran it with only the three options that it allowed and it came back with everything being fine.

The firewall is active now and so is my MSE, however, the emails I am receiving for business that contain hyperlinks I still can not click on. It displays the following:

This operation has been cancelled, due to restrictions in effect on this computer. Please contact your system administrator.

Edited by ImmaNoob, 31 August 2012 - 09:33 AM.


#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:37 AM

Posted 31 August 2012 - 11:41 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 ImmaNoob

ImmaNoob
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Philly
  • Local time:03:37 AM

Posted 01 September 2012 - 07:38 PM

Results of screen317's Security Check version 0.99.49
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
(On Access scanning disabled!)
Error obtaining update status for antivirus!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
Java™ 6 Update 31
Java version out of Date!
Adobe Flash Player 11.3.300.271 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (14.0.1)
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

Here is Combofix

ComboFix 12-08-31.08 - Nikita BigBank 09/01/2012 20:20:57.7.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8079.6685 [GMT -4:00]
Running from: c:\users\Nikita BigBank\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-08-02 to 2012-09-02 )))))))))))))))))))))))))))))))
.
.
2012-09-02 00:28 . 2012-09-02 00:28 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E77EC7DB-507C-475E-A9A9-53121028792E}\offreg.dll
2012-09-02 00:27 . 2012-09-02 00:27 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-09-02 00:27 . 2012-09-02 00:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-30 01:23 . 2012-08-30 01:23 -------- d-----w- c:\users\Nikita BigBank\AppData\Roaming\Malwarebytes
2012-08-30 01:22 . 2012-08-30 01:22 -------- d-----w- c:\programdata\Malwarebytes
2012-08-30 01:22 . 2012-07-03 17:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-30 01:22 . 2012-08-30 01:22 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-29 14:19 . 2012-08-28 05:49 9310152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E77EC7DB-507C-475E-A9A9-53121028792E}\mpengine.dll
2012-08-21 00:34 . 2012-08-21 00:34 -------- d-----w- c:\program files (x86)\Palringo
2012-08-21 00:19 . 2012-08-21 00:19 -------- d-----w- c:\users\Nikita BigBank\AppData\Local\AVG Secure Search
2012-08-21 00:19 . 2012-08-21 00:19 -------- d-----w- c:\programdata\AVG Secure Search
2012-08-21 00:19 . 2012-08-21 00:19 31080 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2012-08-21 00:19 . 2012-08-21 00:19 -------- d-----w- c:\program files (x86)\AVG Secure Search
2012-08-21 00:19 . 2012-08-21 00:19 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2012-08-21 00:18 . 2012-08-21 00:18 -------- d-----w- c:\program files (x86)\GhostMouse
2012-08-20 23:56 . 2012-08-20 23:56 -------- d-----w- c:\users\Nikita BigBank\AppData\Roaming\UltraVNC
2012-08-20 23:53 . 2012-08-20 23:53 -------- d-----w- c:\program files (x86)\UltraVNC
2012-08-20 14:04 . 2012-08-20 14:04 328704 ----a-w- c:\windows\system32\services.exe.00110B61336A4A19
2012-08-20 14:00 . 2012-08-20 14:00 328704 ----a-w- c:\windows\system32\services.exe.D8354CD7699DF831
2012-08-20 13:56 . 2012-08-20 13:56 328704 ----a-w- c:\windows\system32\services.exe.30519D3DB8EC54CF
2012-08-20 13:52 . 2012-08-20 13:52 328704 ----a-w- c:\windows\system32\services.exe.58A1A367C8252BED
2012-08-20 13:48 . 2012-08-20 13:48 328704 ----a-w- c:\windows\system32\services.exe.EE37D0BFBA8E685D
2012-08-20 13:44 . 2012-02-09 18:17 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1E986BA6-FD74-421D-B37E-9DFD8BC938F2}\gapaengine.dll
2012-08-20 13:44 . 2012-07-16 06:40 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-08-20 13:43 . 2012-08-20 13:43 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-08-20 13:43 . 2012-08-20 13:43 -------- d-----w- c:\program files\Microsoft Security Client
2012-08-17 16:48 . 2012-08-17 16:48 -------- d-----r- c:\program files (x86)\Skype
2012-08-17 16:48 . 2012-08-17 16:48 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-08-13 17:35 . 2012-08-13 17:35 5115584 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2012-08-11 22:45 . 2012-08-11 22:45 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-08-11 13:21 . 2012-08-12 11:51 -------- d-----w- c:\program files (x86)\Common Files\Steam
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-20 14:07 . 2009-07-13 23:19 328704 ----a-w- c:\windows\system32\services.exe
2012-08-15 05:18 . 2012-04-03 17:07 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-15 05:18 . 2011-06-16 16:13 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-11 07:02 . 2010-11-05 07:44 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-25 20:04 . 2012-06-25 20:04 1394248 ----a-w- c:\windows\SysWow64\msxml4.dll
2012-06-12 03:08 . 2012-07-11 07:05 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-06-09 05:43 . 2012-07-11 00:13 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-06 06:06 . 2012-07-11 00:14 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-11 00:14 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-11 00:13 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-11 00:14 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-11 00:14 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-11 00:13 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2012-08-30_23.17.28 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-05 18:23 . 2012-09-02 00:20 63486 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-09-02 00:20 37338 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-11-04 11:38 . 2012-09-02 00:20 15768 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-321980617-990551525-4145136555-1000_UserData.bin
+ 2012-09-02 00:28 . 2012-09-02 00:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-08-30 19:48 . 2012-08-30 19:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-08-30 19:48 . 2012-08-30 19:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-09-02 00:28 . 2012-09-02 00:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:36 . 2012-09-02 00:25 617222 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-08-30 19:52 617222 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-09-02 00:25 104496 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-08-30 19:52 104496 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-08-30 19:47 867466 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-09-02 00:27 867466 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-11-04 12:01 . 2012-09-02 00:08 3898224 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2010-11-04 12:01 . 2012-08-30 02:01 3898224 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-06-16 16:12 . 2012-09-01 12:13 5658930 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-321980617-990551525-4145136555-1000-12288.dat
- 2011-06-16 16:12 . 2012-08-30 19:47 5658930 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-321980617-990551525-4145136555-1000-12288.dat
+ 2011-04-03 22:49 . 2012-09-02 00:08 34441048 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-321980617-990551525-4145136555-1000-8192.dat
- 2012-04-03 17:04 . 2012-08-30 02:01 14441020 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-321980617-990551525-4145136555-1000-4096.dat
+ 2012-04-03 17:04 . 2012-09-02 00:08 14441020 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-321980617-990551525-4145136555-1000-4096.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}"= "c:\program files (x86)\Swag_Bucks\prxtbSwa0.dll" [2011-05-09 176936]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll" [2012-03-21 1523512]
.
[HKEY_CLASSES_ROOT\clsid\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}]
2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\Swag_Bucks\prxtbSwa0.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-08-21 00:19 2045024 ----a-w- c:\program files (x86)\AVG Secure Search\12.2.0.5\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{EA582743-9076-4178-9AA6-7393FDF4D5CE}"= "c:\program files (x86)\Alexa Toolbar\AlexaToolbar.10.0.dll" [BU]
"{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}"= "c:\program files (x86)\Swag_Bucks\prxtbSwa0.dll" [2011-05-09 176936]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\12.2.0.5\AVG Secure Search_toolbar.dll" [2012-08-21 2045024]
.
[HKEY_CLASSES_ROOT\clsid\{ea582743-9076-4178-9aa6-7393fdf4d5ce}]
[HKEY_CLASSES_ROOT\TypeLib\{33D0AD98-3347-4A54-8929-5163EBEB9F72}]
.
[HKEY_CLASSES_ROOT\clsid\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdloader"="c:\users\Nikita BigBank\AppData\Roaming\mjusbsp\cdloader2.exe" [2012-02-01 50592]
"LMab1err"="c:\program files\Lexmark\ErrorApp\LMab1err.exe" [2009-10-07 582312]
"AdobeBridge"="c:\program files (x86)\Adobe\Adobe Bridge CS4\Bridge.exe" [2008-08-28 13145448]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\MESSEN~1\YahooMessenger.exe" [2012-02-23 6591800]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RunAIShell"="c:\program files (x86)\ASUS\AI Manager\AsShellApplication.exe" [2009-12-23 232064]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-08-21 1162848]
"ROC_roc_ssl_v12"="c:\program files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" [2012-08-21 1020512]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Intuit Data Protect.lnk - c:\program files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe [2010-9-17 5842776]
NETGEAR WNDA3100v2 Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe [2010-11-5 3280896]
QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2010-9-30 1156384]
QuickBooks_Standard_21.lnk - c:\program files (x86)\Intuit\QuickBooks 2011\QBW32.EXE [2010-9-30 1178400]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"LegacyDrive"= b5a8bd68999f30449d01f95569eb96b10061c99ee7e2e2bd893f4082daac16e73b186b629dba6514eaedc643a03db70abfc2c44fe6ac29f6b9204c5485438ae7279336442a7edf502f2dd2b3f092a1e08a4a02625c11347950c5aa9a9d0f7f4b4142c327f686122862356c268e85409a9968caa8aeb09f5d3377873543be8ae05f544e4560f9a0c8b0c450c8bac2426c9fe0c2a02b0b185a07d7955c2230db8cd1a725dc996acd4d45a4a481c22191cedf047b9151bc69c5fa34e8d46a4aadaca7837c1629fd484329a59ca81ca9390c7a3001e0c34914cec4223894167b7e13e95a22a3ffffafb4aafb1a756ddc3c0426c58c3a56ffbb525c403a4d472eaa94e91f93e02c235a57a9446df7770cc13841487eed9c0cf86c97f7e2ee93b8be3955d1987c599bf47a698b05ea6fb3201e888c6f98e459f2eaaaa67083e520bea1b27f88d0bed171b76412584a16fcda40fe2018c8e536ba7853b23386f897473a4a90cba3703dad8a5fcb34a443c7880b203474efb9db6b89b1e2c951f0a05c71bf48b0237958445554b1bca57b3878c568cbea294e28ef0d070a5fb94e94e2042ef30617ba408f73ffa30e3537beb6993f496abe4cf91aa9d9a7508be3ae06475995bb2fceeec60e727de96c40c09d290d79e0ddbb50f60645e7d0dec87a04b32dda74f6f31e2a8f2f958774d1fe9d7a28fcd96ba9c4e558ec19cc31f77a6092bf9ad8e0ec10be95dd5009d8ecda8551f3b17c3b0e0f8fbba35797e570a04b884b047f0ba1a10d707e208b4a3d453a1f55748010767599bcd5748961c34c554485047254609a7e0af3002e93c96588312fb552df4363ca334e6697895481005ee9c85cfa4560c997529b86212ca7d32a8486be0d2fcb620abecf8169a548cab49c1e5723467a7a58111fb94c5dfd178ae003959b4936f9c12300cee7fdcaacd9c8ccbab1802470910e26a2986ef4ba0e0d4e44e2fb75abb1572b8854fad800b1d7a89df7ecf06ecbde135947eba6b34320d20ed3ccfa5210349e0f1c8880126016053718bedd7d12a6e660b22e4e633a27f8ec483f2254a0c0443f2c7b3b2941fed0a642240e917ccd5150e2eb4aae2b278a488fad2533d9e964e5be8eb9526dddf8556724c3529185461987f8250e3493b3879f09657608728648344a2c0d05bb6ad84d1fc769e4c0ef09f9e3a9eab6a5060980c665e7330ac38f364a66bab31a64bef89e1d011e9e09b3e8ddb4bdeda706f4faaac893b20664e877a7ec4d8ed35e5a7dff2759b8e7e5fa7dde7148fd621ddcbcf33a513a25def7fbd3f5e3cce45933a82f1a43b781e6de2c91a124342cfdd2298f4ac409148fb72612d9541ffed36a0ed6977c03bfc47bb2ecd1d468c3a1ad433b576ca3896b7adcfbfd462d246a8cf6391ed725c4bba944f256148acc0975379388c13c07dfe2ac815709c1e09d4620c721555e06bdbbc25597124d4848a2f77f3e313c1d5e1bd77ceea5ce1fb38eaee956e7188c0c257c43767525c4c64f7670ec244e73ce503f8237887773d3ac6abfc3a07a0da0f20dfb25bde21a28cda53acf03c1e900fb753619ed2abae2d104dabfc7b7462bb59cc5613203355ca3cbcd02a331a69ca9e67a8ae464ab35f76a8187449245ca139ef964619e807d4890eab773cc47b38ba0b9d6f237cd4db4bf0c4ebbcacca142f54c608bc801fbd5de2a7e8846aa17b42817d2b9ac0fa84717cbb88a37f6d49e02bf3f49e97a2db5e9d3b2acabd804dafe8b28f7480ccfc4d7bce64c1aa1696a110c788b027aacb56eb9abc8434cfa05530f13cc051eb8aa4af48692d3d0cd6b815d9fcb1e9127034ad63c5bb868369e9aa3fe01da59ac6f618a08d3131d8ccbe0d83b5d88048746a567738eec72f560b0ba9e19a7ac7c9ff17d40f456619c0bd0fdefda491e24b0a5abd7c903d8ba1f409d3884bd6758ee630de312e405a2c93443d8c13d96d3300e0a004c142954811c582a1369a4f00604be213b544373dbee4151f8aef78b7207dd4d1897e44d10ffff4979f1e2b14e8a0aa08ee3fd119ae3d350de57f5aeb344257995847bbf2c306f3ee2b0440111fa284f7425e69a49cdb800bdb95d17a5bb6cea6ed8e83f57a9141cdd01898977d08596844886a0823e18d180d2ebe6d6522835135c05ee374397a123b4e8004db99a4ae6b83eeb9924b3a94c817127e9aa40200d5058fb5334c6a0d59a118bf0fa1e1e48f8513c0c96f5137ba9de39a8894cfb7a0d13f1f6b7f9d6c12b6097e0e625aac32cc7a18242ccff66debf604aabdc40628432d6106026a5e26cbee837597976965f3ce944828fff15140940827b09e2fc34a7e98018eb926cde3cf291e21bdb892411ff4a94e558fc8d13c7089f7afb7291559468a66c95881b208bc6cd03341a2b1b9151de40ac9d5dd9e23a059f95526ba3221ff193134f973995ac14442cfc254ba526260f4c97df0160e4a004c4b19073f7d1426646ae893141ec8e2e6b491fbd35e5c84a882e0e2b0c740c02546ede8808bdf384a76f6f991176cd624859c9c0772a7d7334b8cae80205f9521afba2fc6b5acddedff5586ee01e98b81a5f43b1836a8ec9995392bfebfdf4b9dbd2f9c594a2b8a779954032b1a62096ba2de3819ae9df437341682f58d043455f215d0ff7b7bdc97c51b8c4096b640c8e084e4922af70e39ab45d6a5ab8bf346b730348ceb1537a109bc5d81f38d295455c340964f1df04b865789c096dac5909065a2c37c09961045dfccf349a1452884d377b9ab0808508fd178bd43bb3f90b575d40a57676cfad8afb3ea12308cc1c889b0bb2079bda1c891994d49569d587838704a85a985084bec0217ae7621b284a36e723769d37eb3c32041e12a21aebb9bdd7ca1ecd306a7e26f4ebcefe554e5a7fa42aac1b5ca0af206290148c8b0df5225f0fb9bd1d68e937e5fefa1ea0be26948a59871d2812e1bf7aba5463cf2fd67fdd23dff2111f662f24c70d9eef5f993f808ea4916d6296b26895d1c7140f2c9e17aba392713e4cb00cd58d17943f8da588cce8bdd09253a7d1147a6f080331f89cf880c16284830300c4b2e3523666eb0ccb99bba13eeefc64a3f196ed439f23bfa729a327f3f5716775e675147edd9cbd718085cd193a7db34082ae407d619330504d2eafac659c7f2f47f7ad2814ab8600a106ae1dcc3f130511b61fc7587d329611184fb88381159e616ff2559fd8931d83b59f56ff05a4a43e14514b7dfde7db1c6eea12f5ab1cfeecd6abe662c76daa5b4014be4359951ad6f025ad9393e8996595b8e88362227a950fb242183671b20300ab74ab83f65be44f6f99694347327ea57fb0d372ef19acf38d1e3f91ec955dea032a552530519516827c7e933521996c7449accacf19df8ac0eea79f83e73ab127a3460ae54ce2b3b2d4c5da107eb67729a1432f1ea8b6799d5e45ffb1688947df1331926e51f80506fdd4067d6771e9ed0cddfacc0aa585bfb2646028c67a6a6639dc54b566477a52a78115df23e2b208e714e267381734a5288860e36822c5585d85163b763650e3bce8ef2cabfa611e4040bbc95306ab732752adf6406a82b7637496deeb452761006eb8c9b7bcb466711f18ceba017bd171d64bb029f55989d0a698168e7c2197f0e57b0d46ff1aa949ad258402ea7c90e75efacf462ff7c3e71a1225ecc22dd9fd48b822afa21b3313f012ee4668b814cf1ce6e77313984d16eff98c73cdc052106dbff87093b9078aad75fc7ab510487759979b055ad5626b326a8e68f91d98228974c25fe1819ff7c7fed589b19c226ee7e6999debe1913fabf696a16c378207f8998c9e57531a024387d603dc2404a99d0b13758f7172eabc84a44ce75197a87ae53214c0b22d385435250edad6f0e5ec102eac57d1206d8824bd1841f80d038290b48cad02c6614a1419127cea8f07df443c11c9adcb44d0f51d098ce2346f9d2350c2f085575f3f697ac6d77616f19e8bd8e454f8258619edb9af30328e820219fffd66b22dce1f3deca269a6e534572aab2cd1d6a0a88d52573ed88c9ae2e5b85c0a6595ef0f57f377d722729fb1e18c8a80fed60c1c02821bf5ab2980fa3fc7d2b92107a5c7a2c2ff6219c20b5536cb121c93dca6fc498cb22126518e4e9c393865535a443d1b5694bd8b771e93e7ffef2947b970d5f6d4e95019f1436a917b12fc2237d21dd41c719999640e9e31e301b94b981b01ed822f9215b4d13ea0ac5d7eff6ce13bafba9b627bd6071b95f98b08a96e576492f43d8cce64c2bf30937522d57a7f0759947c6e4b8889ccde089e0ce1f91ed4f1d4ad09ed4c4295aa317d68e8943abc852c669ef1f811aae2a826c516493417f184557badd5165ddc13416d379f013ae49a4802f9556ec83c091aa82cc9666846b43e4f816f093a1bd28cec97e20ba60600b1f7875f31d60abcaeee5949d83958ea59d08ba3d46f02da51daa39199f8a6ab1f2fee50f88b629c61a840a2b1d3b3b18c6ca7d55a8edca1f7f2392cac11645a5f898f5d06c2947b61d14511e99dfdd803407b677ab0f1f92c9e5771049e059b28f18981b5731f962e25f1a6add97e4055b89df547ed1b686958a4a56687e7b4f6e2f56d6025ea8d3d14d00a7e69c0a4b1124abd7f99176a7ae4cdca151e3397f4f596fa67066ba43195351a8d82e7aa507378117a1768ee1fb236e16f86b1ccd61cc934d1d1fcea019012ea7de10a836d2354b8d51541e6ae9cb7a83bc029f89af7c69799a6f1aecce5f2b5dc82eb9422490d0875830b4940bdcf95ead7cb6c000b0b5586fbeecc002eb59d5fdf790b25986e0bc90268b05dfc9fe76eeaaf642c50e3dcca9fb275284e8a7ab02dcd547df719b6c326cd176b0bc965fd1d74f8c39204c42b2cfad4b06e56ebf36f6f86ace666d376bd87b928ba94c3b35f18230f0ff8f876714bccd1196b616f664cadfda60d23b381cd34cb94c016375c82c49356ab465964a3325473b773575b6d492e061591d595d5a147e83fb7495bbb035d6be1d276d4ccdd3345c262a911177a62274ea6a54482abf86704a0e4854645f87ff896105170a0d78c4f948b06621a01d0c6e7e868509251302ba36f1fc3ed9cb7bee21f9d37199527116274a29e03f52c11b601e1a906ff5a2bfce97390fba652fbe994a5ee8f632abc432a7542c4b4eed2651b19706e991a41bf9a7840b6162133531daedd9ab4e97639df8c58996bff4cfb1c5e16234e099958bbde0497bce5114769e3426e022d6a258dbb7049c17d507423f2622c6ff6df5a39dba1fdd4bc2a1f730ee8088e78b7b388e5a87e8ed70125c2fe85f19909f52dfc81bcd6dac84375a3b9c62913083dd8066f86bc5e9ab467f741aa05dc93e9e2bbdba72b965e21f9bc82328bf83623d3088dc53550acbd8bd0e7206c542740aeea8fc529995fffbe50187a981ddae0d3b29f29cb9abe8e9a7499fd8541c01bb362a4e43d574b9284cd49c1c7d8ebd0f57db58abf730f06f22a3bcb040d8a38ec04d023373e15c1592d8dc641d2cacd303a31f9ca49abdd6db69cf899c3571946939f5595dd645db225e6066f0f0e239e2cf3fbbe14a2fadbb51fa6afeaa7d50d4f381d7f54538d2e91019a0359145c0c92affb21c40963c76f6d4054a2852654c9d90f2cc7930be6fd458533cc496ddfdf0a77196a0203516a46a951d2137a74e5a98913e35caa41e7e87ab81005a012df3b523de0f81a298de0dac36f640d2786965111eb3b2295b422e91118b5355fd3ce484f95ccccd554f6e5087d74bdc7a7003837f18d8d83712b9dd9252c82b42d856a613776a6bc3a6efe3b6729482f5c1b38469c117a533c16fe52de9394a6e3bbb8a6dd26af5843bcd37c69d52acdafde9e3e83f8bf291c5e3bf05c23971293eb3e601e29240e30d8aa0bd26bc18e290653f1f8eedec3653e621900dd7e2401acd609d104b7eccd5ffe4e4655369acccb00faac67b86fb746552145f2c491f37a8e4a5bc8542971b5428146df0f7a763d646e01a749935699dddbb1344b18a785f964ff0a02c0c472e7fb98a581d54b043b65adf27db8a0936bbb71d3d05b68ab55ea9d9ff7c50e8cb89534efa0949141aab6ada694ec6f742d59be082c69a15c720aa5dc901a7f76891bf3f1d92ef57fb63f0d95957d00faf00dac1e47ff34ae65815d65e4523825f37a02465739482eb03d4e22fe17b2b25b63f04d5d2a785a840920dae0a3893642513c2797229bd375201738f4d6a4cebf0f6a686bdfbe5c07e850e3f4d6a6c3f62cc92b8c433ede7d8f3793b4250b9c4d7ae4c7f06eb7825e897ac04249849125690b89d5ccc108b06e85042709f334642e2ec43095dd4d13b17404bd88b531a4c276e4ef00a4e3936f88e6bc9c49076e8ab3746c013667592a32581d5971708a2af5423fcff5b6dbcda8224519142e6c01888f5a43de81ec9aef4adc2963c1351dc8110b8fe2bb68a742da89071aab4b67504ce07cd1c4c61f2844faab4fac69a7c551a7a5e0fee36965381b4e56c78ce60b716dc1e18409dc30fea91969c43bf26e483e7e4972c60e5b38c561b66f8a17c7e18768389f57161498ffa02d6b75b9bb7a5ef845401cd1c5e408c4070efcd452f9153b4ac9b75c1520d1f9bdec62a695d5823c7e60f10714ee908aac08da26acce7ca34ddfab2f9679bba48be1ee0aa2068a5d76612e90bf1f65d182827c0f858591ba06bfedcaac899302be6319769394b74b4a119ebebaa08b67acde3d9bbf48bd61e1ceb1368d878dd072fa0a16ad62c8338d6038ea99eeb929d49401e03fdebf13a00d7e2e820dcd9a7da79d8db7f8ea26ab229eb92941b2679ea096f3962dd3d07f2bee7fb027c19017a92de5259d3b42b72df60ab4779cd26f4f3ac37bcc1f40c00790c9ce1fbd207281f4aa876615170f9c4645828ae862666ec95120ea9b500abfa5d7c6d8b8c3d18a65b35b1a6db3568079cf18cd6a0baa7784b5098cf78849d72fd0e00ce2fec25d4ee6ca48c22b5cb35ff7483a20eff2c81866b064fbd0744ee07aab4b4579653d54e0b5f664365b4ec328a073b37a8281b2431153ff5a951998590c01290a10f39924bc3d0e0b78f8503374e7202b96a1cbdbb6f3ff090e80dc22ecaa4e38aab69b47e02a38bcd87ae13843e4e8912a99ce19271d1024d4f043c4846e63d731f46944b6c5441b813e2b2859fd6074ec1eb0b1f7fc582f5594b3f5c63a1510f08cf62ba3a553606192514e1e0a236c44592f9cfa9e6c04a6360f19b07866fc89a3040aed141eae65bd357a0fd2f577a1c59d5eb9ac7521361ea24dd70ba52ad0ad5e652da96d6eae93a51fd5b5bd9e3d0c49842d94e93f6dc5c1b4595e29293361a563be5f170b08f53356879734e5678ccdea233a638d53a4798ec4316cc22bceaf6044e2977abd63934f24b73d9d949d2a39d9c12749d48dc2b321430dd5f8499e7751c3dafe4c6773e2cf8d30627186ed76972fe205dcc62858b7fc78ce574b36d2d289af0b7fbe9fd2e5a033f7e945cbdd6a6c96f3fd6da4dc4e9617fcbf127c80590f5c9f091f0d1f09dfce1a9cd71302fea21ee39b4fcfe87f06bd210eef8583f54f623160f4fff96dd48922e1f107651a80ee39459849f053d151166e24b70e488cdcc6ed78c63937e8c7899622594f0da74d2f7d6525af262ebe496b6931bed508fcae5bb95d66e161fff9fec6d892028b52083862a9b3687d947fa045273e344f95f843048c812cfdc0c5ffe33536794db0d7a2f1a49ea521a61cdf96215f366d4b18ac6f57f93395ec61c3cbd73babf5fc23243093cb2c5a919e92d463a34d86e2a31124848e24b0cf1b6e4114e6afd0025980b77d97faf11a2661bfe275b92b89fee39cac7908a757503a28ca5459927dae34836118f19c694daf8f49bd69797d861e738ea02f6391570818f0ff02976de388af637e79d44fee95ce2990a57ddf6b629dbe525fca0166cccb673a7d7287dae0c4640c315a41d5f107b73f94bb045a79a8a68120a328de98cc3d3036710bcc8c30c9e2995c8c023ea25edff1ed9152b58652a24add808102a153c05b92c7cb4cd114076f1f475ddfbde748f726d92d5cfd81ec3d452ab4d9d0a81b42fa3b6e6196b7453b29e25b72561e9d0f9a48817e3adf99da7969686b0d12746ed4979c14c49562accc20f62fc5f28e84afb50135c252e983024e0446c141daf4658aa1ff6c415d64ac6d4b80e077802660dfcef0302ee7d23c2cc5f5e25249c2b182223c71f6f0946376a9f7c9cf3caba980e7755acfb621ae117b721dd62aa507d926e1fe2bcb636477a5d83c8ae00a3a1300bf1ca7d2de3d08a3d468a6af36ea66dca8eba3a9fdfe72619ff62b9432fb25c774dec06b68aaa90cb37c59cbf84694df0e3dabe0760787dc11c8ceb2d2fb18673e5c472367051b7c1ed701f7651b2ccc2369e7ea1bc92a3b1f196b2981afb661cb3e00d7b0feb90a4207a08964fedbb683f447ca818b0d19f2c65b76978b94009cd7e4b0e42c9babdade0d0016b237c92496a672878f9558fdf2559605d7f21b9fcb140053c52319745bafcba6360e1d9ec44711292c2e347087d1747a4d1332f20d97982b62fbe02d6122b6a642d8cbffac759ecbb942a0c9f91995b7fed53e6b1e07351f74ea180d289ae93bf080b599d71174493db8313e20106b089957baeeaa1fb53e364714e1512a1232ba161510a600959132c0762abb6dd4190f54bbd0e41ebfe19c7a601cd2653cf733a882338fa2aabd2f4764d36a69ce677336e9c875034e7fe2471d7707eb3762e5c1ad573c5177c0e8dc6a73709b641fdd48cad9eac8df3458b7a6666faa6b8219f00d7dc93f3dd06104867053f88bff07f491447d063dd934c49e234ae06d87e4fd94dbd0c1ee1b692c4e5ebc28c208e9611940cb56a2a5dbb0373c51d37aadb38db45fb0b6eaebc2a1073a1cf428c7e58bcbe8a71ae198001424799accab195cdabc75e2c1e1bc2bce3e559243212200b5db075fb3cfa652a8c86d23038fd3fc95bede5b3acfe9c0bb78a4a8ecf33b5cbf31387d52de47550360431ac03da82ff68461a30169dbfae72f5e31474b9dfc8cc68c5266e3712b7b023e8959c41eb5b0704ecbbe952e780af198035592708ace3b7c8e850976b222f45660c0d7de18ed93202c5e7907efeb90cacd22bc11db8fed59b23a96997e72602652c920d4be60075ea465190847d9e182a5976210079250e8d65e81dbb0f29e38bbac1eee3a9575f05ee688f6de5ecc65e1c96931d61b1b61b08f002d1735ba4255446fb873b114439f01ecadd15b4b84afe1a00fad40b28778862a84953452b645951cd5ad4e66db33357c702b67dfa6b39445e6db9ee02ab20a63e36d9cd64360d055ba5fe23612a374a4a0b932a90e33b68b5e9da95c2cb22ccd34d0764313aabe2d523d5b94a0052af35f70304a6393806ef61c5fa31f88a76c239669a24dfbd6c4eb57e8608e99681ccdc27d6b71632ed9e4124b459a3f1242e9bba5be1c76bae1c38d95384c843313d8cfc92c47986c8995bc12a36a17b9c7ec01e6bdd81851a8d140df2df7e9d0d7bc903abaf389b6d1572afb59c03a2ce6fc1cff41adffba27f0970d1d85b750a630220db95f9ebe720c4bd808e53308ffab22bc9fd8b8e5a484bcfb3789b3421de6b24d2f6170c00a709f59075a7d326d9aa640e6ea842c20302be913158114469dc0135882099016e44bcf893e673f3299924f9400fa82f333acc65c9fb501e58e87ee369c9f27486a65826d9654a191ea5ac5bfd382e3e615d0fadebe6ca3a658b603eaf0636b5cdf0286610ff568cdd6c7bcb1c9496377823e5f2ea158f0221164fcb08cc1b458621675147644ece8899a7ebbbb48e7654e172109ae5787a5ae183ae7159dc443590dfb42aa6ccd281d32ca698a9cba54d6d306dd340ca17a5406dd843890dee1444c4fe094b45364915abf45c77486f3f197745d56c3201159a01ca44b076e5483c444ecb19be3e86f88e1da194b940cdf24caa76718dcba93d9043b60c7813465294954e6416703fbdd4598ef292acce7c7026ec4225e594affbba4815407185b5e61e798ee209ae703184c4e9e1816cbd2b7ca3c1b51e47cf04cbdcf9ca002d980499665c85ecf92f20b8965bd211e5a0228cd4596abbd4372d73ff0114454da1a136f363f397cd2651a204b055a4380d2f0cc469c7cab5d74da1da311f72b8872e374c2c5282d42885b6666f2eef08f7084523a371433221cc9216d40955b2ef4d0e22e7222d3eccaa2f3e21e3f8c0a125f78a17fc77b2b67bbd5b72e661864077b3824ac1de1c052fd0d1ddcc2d5bd4fad8788867dfacd26fb901e84d54cd7d6a7bd0cded97ffab2c2dfcf9d063d74af0db4aa78b4fd58104291235a9d0e408abddc86e56210c8c8029161ec067910e835be07f871113efca1060dc4ee76fa8a3221cfc0adcf98f00cfa5bec92423e5271b011c690257f549a2c370347304aaedeecd40ff724df1d86938498152453e25165f510c8381041f1cb6b2e6dcb53038cd53d6d132eacf53db3568cff138267903bf7b40d29128cae0967ecb6bd2759a29ed4a4129b32c920394417f1d7769189371c95e43a1bbb42ebe600c2bfad24321bd05026179afc47822c10ee26b749f24defdfbd83bc65a69e32f07afcc3a37b5c0cb38ad010cd0e12215589ac733d7247da9bdbc28d5b51812a310408fbd227c878649a380d33c7281da5c9524670d433e70ad119df61487c98cd83914443f11d67cbc8879634ee327e06da1a0927b8365c7a2308ea0237123fefedb740607c9e04e2d05ce533384dd74c5fc2f99f7d626a9ececa5e7c4377713778e63ad6e7f924ef5b9d796da7aac090970a4935271e0658f35d9cd7efc43fba795859aa2eebc9269954d46ccbe9ce9452983a22721e33d8b27a0acd9aa231c3bc7458b6f1efd5b1e5a300
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R2 WSWNDA3100;WSWNDA3100;c:\program files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [2009-11-04 278528]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-15 250056]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-04 136176]
R3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-19 113120]
R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28x.sys [2009-06-10 620544]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2010-01-25 18216]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-05 1255736]
R4 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
R4 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-11-06 1038088]
R4 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-04 136176]
R4 PGMTrusted;PGMTrusted;c:\program files (x86)\Pogo Games\PGMTrusted.exe [2012-01-04 519888]
R4 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-08-13 3064000]
R4 vToolbarUpdater12.2.0;vToolbarUpdater12.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe [2012-08-21 927840]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2008-02-06 54480]
S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys [2007-01-19 25312]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-08-21 31080]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 Device Handle Service;Device Handle Service;c:\windows\SysWOW64\AsHookDevice.exe [2009-12-23 203392]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 QBVSS;QBIDPService;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2010-09-17 1251840]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh664.sys [2009-11-06 838136]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2009-09-25 233984]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-01-21 413800]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-03-19 16:15 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 05:18]
.
2012-09-01 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-321980617-990551525-4145136555-1000Core.job
- c:\users\Nikita BigBank\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-03 22:23]
.
2012-09-01 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-321980617-990551525-4145136555-1000UA.job
- c:\users\Nikita BigBank\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-03 22:23]
.
2012-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-04 12:44]
.
2012-09-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-04 12:44]
.
2012-09-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-321980617-990551525-4145136555-1000Core.job
- c:\users\Nikita BigBank\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-16 22:26]
.
2012-09-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-321980617-990551525-4145136555-1000UA.job
- c:\users\Nikita BigBank\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-16 22:26]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-18 8067616]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://isearch.avg.com/?cid={DF1F8BBF-F620-4AB2-834A-865424B03734}&mid=f65b0b47dd3c47d0aa0c3182083df8b4-7d1635242c391974465c82dbcd1ae62aab975ec3&lang=en&ds=gl011&pr=sa&d=2012-08-20 20:19&v=12.2.0.5&sap=hp
mStart Page = hxxp://www.yahoo.com/?ilc=8
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
Trusted Zone: wishuponahero.org
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.0\ViProtocol.dll
DPF: {15BE8BEE-4105-4A79-B385-25068AA967DB} - hxxp://www.iradiopop.com/IRD/pages/VBIMDPlayer.CAB
DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} - hxxp://kitchenplanner.ikea.com/US/Core/Player/2020PlayerAX_IKEA_Win32.cab
FF - ProfilePath - c:\users\Nikita BigBank\AppData\Roaming\Mozilla\Firefox\Profiles\zkp4y21p.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=mkg030&p=
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/?ilc=8
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&q=
FF - prefs.js: network.proxy.type - 4
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
.
**************************************************************************
.
Completion time: 2012-09-01 20:34:55 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-02 00:34
ComboFix2.txt 2012-09-02 00:15
ComboFix3.txt 2012-09-01 12:23
ComboFix4.txt 2012-08-30 23:21
ComboFix5.txt 2012-09-02 00:20
.
Pre-Run: 877,850,828,800 bytes free
Post-Run: 877,754,654,720 bytes free
.
- - End Of File - - DE4D24CDD2AC1C081BE0E076871C4F9F

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:37 AM

Posted 01 September 2012 - 07:41 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 ImmaNoob

ImmaNoob
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Philly
  • Local time:03:37 AM

Posted 01 September 2012 - 07:54 PM

20:50:15.0456 2576 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
20:50:15.0698 2576 ============================================================
20:50:15.0698 2576 Current date / time: 2012/09/01 20:50:15.0698
20:50:15.0698 2576 SystemInfo:
20:50:15.0698 2576
20:50:15.0699 2576 OS Version: 6.1.7601 ServicePack: 1.0
20:50:15.0699 2576 Product type: Workstation
20:50:15.0699 2576 ComputerName: DAVINCIHD
20:50:15.0699 2576 UserName: Nikita BigBank
20:50:15.0699 2576 Windows directory: C:\Windows
20:50:15.0699 2576 System windows directory: C:\Windows
20:50:15.0699 2576 Running under WOW64
20:50:15.0699 2576 Processor architecture: Intel x64
20:50:15.0699 2576 Number of processors: 4
20:50:15.0699 2576 Page size: 0x1000
20:50:15.0699 2576 Boot type: Normal boot
20:50:15.0699 2576 ============================================================
20:50:17.0551 2576 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:50:17.0554 2576 ============================================================
20:50:17.0554 2576 \Device\Harddisk0\DR0:
20:50:17.0554 2576 MBR partitions:
20:50:17.0554 2576 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x140249A, BlocksNum 0x73303527
20:50:17.0554 2576 ============================================================
20:50:17.0570 2576 C: <-> \Device\Harddisk0\DR0\Partition1
20:50:17.0570 2576 ============================================================
20:50:17.0570 2576 Initialize success
20:50:17.0570 2576 ============================================================
20:50:29.0019 1044 ============================================================
20:50:29.0019 1044 Scan started
20:50:29.0019 1044 Mode: Manual;
20:50:29.0019 1044 ============================================================
20:50:30.0174 1044 ================ Scan system memory ========================
20:50:30.0174 1044 System memory - ok
20:50:30.0174 1044 ================ Scan services =============================
20:50:30.0309 1044 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
20:50:30.0335 1044 1394ohci - ok
20:50:30.0348 1044 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
20:50:30.0351 1044 ACPI - ok
20:50:30.0380 1044 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
20:50:30.0381 1044 AcpiPmi - ok
20:50:30.0412 1044 [ 2F0683FD2DF1D92E891CACA14B45A8C1 ] adfs C:\Windows\system32\drivers\adfs.sys
20:50:30.0412 1044 adfs - ok
20:50:30.0529 1044 [ 57A3B9A69F14414ACE12AFD6BA701773 ] Adobe Version Cue CS4 C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
20:50:30.0532 1044 Adobe Version Cue CS4 - ok
20:50:30.0623 1044 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:50:30.0624 1044 AdobeFlashPlayerUpdateSvc - ok
20:50:30.0644 1044 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
20:50:30.0648 1044 adp94xx - ok
20:50:30.0667 1044 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
20:50:30.0670 1044 adpahci - ok
20:50:30.0682 1044 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
20:50:30.0684 1044 adpu320 - ok
20:50:30.0708 1044 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
20:50:30.0710 1044 AeLookupSvc - ok
20:50:30.0754 1044 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
20:50:30.0758 1044 AFD - ok
20:50:30.0792 1044 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
20:50:30.0793 1044 agp440 - ok
20:50:30.0817 1044 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
20:50:30.0818 1044 ALG - ok
20:50:30.0829 1044 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
20:50:30.0830 1044 aliide - ok
20:50:30.0841 1044 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
20:50:30.0842 1044 amdide - ok
20:50:30.0851 1044 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
20:50:30.0852 1044 AmdK8 - ok
20:50:30.0866 1044 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
20:50:30.0867 1044 AmdPPM - ok
20:50:30.0876 1044 [ 6EC6D772EAE38DC17C14AED9B178D24B ] amdsata C:\Windows\system32\drivers\amdsata.sys
20:50:30.0878 1044 amdsata - ok
20:50:30.0895 1044 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
20:50:30.0897 1044 amdsbs - ok
20:50:30.0908 1044 [ 1142A21DB581A84EA5597B03A26EBAA0 ] amdxata C:\Windows\system32\drivers\amdxata.sys
20:50:30.0909 1044 amdxata - ok
20:50:30.0933 1044 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
20:50:30.0934 1044 AppID - ok
20:50:30.0943 1044 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
20:50:30.0944 1044 AppIDSvc - ok
20:50:30.0972 1044 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
20:50:30.0975 1044 Appinfo - ok
20:50:31.0045 1044 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:50:31.0046 1044 Apple Mobile Device - ok
20:50:31.0063 1044 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
20:50:31.0064 1044 arc - ok
20:50:31.0067 1044 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
20:50:31.0069 1044 arcsas - ok
20:50:31.0113 1044 [ EDAA17CE771C696655B6585F7CAD2100 ] ASInsHelp C:\Windows\SysWow64\drivers\AsInsHelp64.sys
20:50:31.0113 1044 ASInsHelp - ok
20:50:31.0123 1044 [ A82C01606DC27D05D9D3BFB6BB807E32 ] AsIO C:\Windows\syswow64\drivers\AsIO.sys
20:50:31.0123 1044 AsIO - ok
20:50:31.0132 1044 [ 26D66E32E78D3059715B3A17BC679CD9 ] AsUpIO C:\Windows\syswow64\drivers\AsUpIO.sys
20:50:31.0133 1044 AsUpIO - ok
20:50:31.0152 1044 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
20:50:31.0153 1044 AsyncMac - ok
20:50:31.0160 1044 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
20:50:31.0160 1044 atapi - ok
20:50:31.0193 1044 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:50:31.0200 1044 AudioEndpointBuilder - ok
20:50:31.0208 1044 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
20:50:31.0211 1044 AudioSrv - ok
20:50:31.0249 1044 [ E964EA70249DDE1343C8F694B52575EE ] avgtp C:\Windows\system32\drivers\avgtpx64.sys
20:50:31.0249 1044 avgtp - ok
20:50:31.0285 1044 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
20:50:31.0287 1044 AxInstSV - ok
20:50:31.0302 1044 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
20:50:31.0306 1044 b06bdrv - ok
20:50:31.0331 1044 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
20:50:31.0334 1044 b57nd60a - ok
20:50:31.0376 1044 [ E49110A58A32E9450356686A95DD7763 ] BCMH43XX C:\Windows\system32\DRIVERS\bcmwlhigh664.sys
20:50:31.0379 1044 BCMH43XX - ok
20:50:31.0397 1044 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
20:50:31.0399 1044 BDESVC - ok
20:50:31.0409 1044 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
20:50:31.0410 1044 Beep - ok
20:50:31.0463 1044 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
20:50:31.0470 1044 BFE - ok
20:50:31.0480 1044 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
20:50:31.0481 1044 blbdrive - ok
20:50:31.0551 1044 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:50:31.0553 1044 Bonjour Service - ok
20:50:31.0581 1044 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
20:50:31.0584 1044 bowser - ok
20:50:31.0596 1044 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:50:31.0598 1044 BrFiltLo - ok
20:50:31.0604 1044 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:50:31.0605 1044 BrFiltUp - ok
20:50:31.0619 1044 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
20:50:31.0621 1044 BridgeMP - ok
20:50:31.0649 1044 [ 8EF0D5C41EC907751B8429162B1239ED ] Browser C:\Windows\System32\browser.dll
20:50:31.0650 1044 Browser - ok
20:50:31.0663 1044 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
20:50:31.0666 1044 Brserid - ok
20:50:31.0682 1044 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
20:50:31.0683 1044 BrSerWdm - ok
20:50:31.0692 1044 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
20:50:31.0693 1044 BrUsbMdm - ok
20:50:31.0700 1044 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
20:50:31.0701 1044 BrUsbSer - ok
20:50:31.0711 1044 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
20:50:31.0713 1044 BTHMODEM - ok
20:50:31.0724 1044 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
20:50:31.0725 1044 bthserv - ok
20:50:31.0727 1044 catchme - ok
20:50:31.0738 1044 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
20:50:31.0740 1044 cdfs - ok
20:50:31.0767 1044 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
20:50:31.0769 1044 cdrom - ok
20:50:31.0808 1044 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
20:50:31.0809 1044 CertPropSvc - ok
20:50:31.0819 1044 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
20:50:31.0820 1044 circlass - ok
20:50:31.0846 1044 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
20:50:31.0850 1044 CLFS - ok
20:50:31.0900 1044 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:50:31.0909 1044 clr_optimization_v2.0.50727_32 - ok
20:50:31.0954 1044 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:50:31.0955 1044 clr_optimization_v2.0.50727_64 - ok
20:50:31.0967 1044 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
20:50:31.0968 1044 CmBatt - ok
20:50:31.0977 1044 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
20:50:31.0978 1044 cmdide - ok
20:50:32.0003 1044 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
20:50:32.0006 1044 CNG - ok
20:50:32.0016 1044 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
20:50:32.0017 1044 Compbatt - ok
20:50:32.0039 1044 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
20:50:32.0040 1044 CompositeBus - ok
20:50:32.0043 1044 COMSysApp - ok
20:50:32.0054 1044 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
20:50:32.0056 1044 crcdisk - ok
20:50:32.0098 1044 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
20:50:32.0100 1044 CryptSvc - ok
20:50:32.0129 1044 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
20:50:32.0134 1044 DcomLaunch - ok
20:50:32.0146 1044 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
20:50:32.0150 1044 defragsvc - ok
20:50:32.0176 1044 [ 0A403702CB00432AC818523CD416BF67 ] Device Handle Service C:\Windows\SysWOW64\AsHookDevice.exe
20:50:32.0179 1044 Device Handle Service - ok
20:50:32.0206 1044 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
20:50:32.0207 1044 DfsC - ok
20:50:32.0216 1044 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
20:50:32.0219 1044 Dhcp - ok
20:50:32.0227 1044 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
20:50:32.0229 1044 discache - ok
20:50:32.0242 1044 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
20:50:32.0243 1044 Disk - ok
20:50:32.0276 1044 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
20:50:32.0278 1044 Dnscache - ok
20:50:32.0305 1044 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
20:50:32.0307 1044 dot3svc - ok
20:50:32.0339 1044 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
20:50:32.0341 1044 DPS - ok
20:50:32.0364 1044 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
20:50:32.0366 1044 drmkaud - ok
20:50:32.0407 1044 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
20:50:32.0410 1044 DXGKrnl - ok
20:50:32.0434 1044 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
20:50:32.0436 1044 EapHost - ok
20:50:32.0517 1044 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
20:50:32.0566 1044 ebdrv - ok
20:50:32.0594 1044 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
20:50:32.0600 1044 EFS - ok
20:50:32.0652 1044 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
20:50:32.0657 1044 ehRecvr - ok
20:50:32.0676 1044 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
20:50:32.0678 1044 ehSched - ok
20:50:32.0695 1044 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
20:50:32.0700 1044 elxstor - ok
20:50:32.0725 1044 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
20:50:32.0726 1044 ErrDev - ok
20:50:32.0745 1044 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
20:50:32.0748 1044 EventSystem - ok
20:50:32.0760 1044 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
20:50:32.0762 1044 exfat - ok
20:50:32.0778 1044 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
20:50:32.0780 1044 fastfat - ok
20:50:32.0804 1044 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
20:50:32.0810 1044 Fax - ok
20:50:32.0821 1044 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
20:50:32.0822 1044 fdc - ok
20:50:32.0840 1044 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
20:50:32.0841 1044 fdPHost - ok
20:50:32.0852 1044 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
20:50:32.0854 1044 FDResPub - ok
20:50:32.0860 1044 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
20:50:32.0861 1044 FileInfo - ok
20:50:32.0868 1044 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
20:50:32.0870 1044 Filetrace - ok
20:50:32.0912 1044 [ 1F63900E2EB00101B9ACA2B7A870704E ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
20:50:32.0915 1044 FLEXnet Licensing Service - ok
20:50:32.0980 1044 [ 1C3FB052A0BB72EDAED90785C34D6EED ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
20:50:32.0984 1044 FLEXnet Licensing Service 64 - ok
20:50:32.0998 1044 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
20:50:32.0999 1044 flpydisk - ok
20:50:33.0013 1044 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
20:50:33.0016 1044 FltMgr - ok
20:50:33.0055 1044 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
20:50:33.0072 1044 FontCache - ok
20:50:33.0112 1044 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:50:33.0130 1044 FontCache3.0.0.0 - ok
20:50:33.0150 1044 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
20:50:33.0151 1044 FsDepends - ok
20:50:33.0185 1044 [ 6C06701BF1DB05405804D7EB610991CE ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
20:50:33.0186 1044 fssfltr - ok
20:50:33.0300 1044 [ 45B52394F9624237F33A8A3D73C0B221 ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
20:50:33.0308 1044 fsssvc - ok
20:50:33.0329 1044 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
20:50:33.0330 1044 Fs_Rec - ok
20:50:33.0351 1044 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
20:50:33.0352 1044 fvevol - ok
20:50:33.0365 1044 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
20:50:33.0366 1044 gagp30kx - ok
20:50:33.0405 1044 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:50:33.0405 1044 GEARAspiWDM - ok
20:50:33.0442 1044 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
20:50:33.0459 1044 gpsvc - ok
20:50:33.0499 1044 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:50:33.0501 1044 gupdate - ok
20:50:33.0511 1044 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:50:33.0511 1044 gupdatem - ok
20:50:33.0553 1044 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
20:50:33.0556 1044 gusvc - ok
20:50:33.0568 1044 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
20:50:33.0569 1044 hcw85cir - ok
20:50:33.0615 1044 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:50:33.0619 1044 HdAudAddService - ok
20:50:33.0648 1044 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
20:50:33.0649 1044 HDAudBus - ok
20:50:33.0660 1044 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
20:50:33.0662 1044 HECIx64 - ok
20:50:33.0675 1044 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
20:50:33.0676 1044 HidBatt - ok
20:50:33.0684 1044 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
20:50:33.0686 1044 HidBth - ok
20:50:33.0706 1044 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
20:50:33.0707 1044 HidIr - ok
20:50:33.0729 1044 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
20:50:33.0730 1044 hidserv - ok
20:50:33.0747 1044 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
20:50:33.0748 1044 HidUsb - ok
20:50:33.0781 1044 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
20:50:33.0783 1044 hkmsvc - ok
20:50:33.0812 1044 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:50:33.0815 1044 HomeGroupListener - ok
20:50:33.0840 1044 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:50:33.0843 1044 HomeGroupProvider - ok
20:50:33.0861 1044 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
20:50:33.0863 1044 HpSAMD - ok
20:50:33.0905 1044 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
20:50:33.0911 1044 HTTP - ok
20:50:33.0941 1044 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
20:50:33.0942 1044 hwpolicy - ok
20:50:33.0958 1044 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
20:50:33.0960 1044 i8042prt - ok
20:50:33.0986 1044 [ 3DF4395A7CF8B7A72A5F4606366B8C2D ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
20:50:33.0990 1044 iaStorV - ok
20:50:34.0022 1044 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:50:34.0030 1044 idsvc - ok
20:50:34.0431 1044 [ 677AA5991026A65ADA128C4B59CF2BAD ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
20:50:34.0567 1044 igfx - ok
20:50:34.0593 1044 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
20:50:34.0598 1044 iirsp - ok
20:50:34.0722 1044 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
20:50:34.0747 1044 IKEEXT - ok
20:50:34.0905 1044 [ F04D22D7A49A1B2210DBADF0B803E870 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
20:50:34.0912 1044 IntcAzAudAddService - ok
20:50:34.0946 1044 [ 49072EDBC5C2F964917D1B585C90ED0A ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
20:50:34.0948 1044 IntcDAud - ok
20:50:34.0974 1044 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
20:50:34.0975 1044 intelide - ok
20:50:34.0993 1044 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
20:50:34.0993 1044 intelppm - ok
20:50:35.0012 1044 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
20:50:35.0014 1044 IPBusEnum - ok
20:50:35.0039 1044 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:50:35.0040 1044 IpFilterDriver - ok
20:50:35.0084 1044 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
20:50:35.0108 1044 iphlpsvc - ok
20:50:35.0131 1044 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
20:50:35.0132 1044 IPMIDRV - ok
20:50:35.0141 1044 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
20:50:35.0143 1044 IPNAT - ok
20:50:35.0200 1044 [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
20:50:35.0204 1044 iPod Service - ok
20:50:35.0218 1044 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
20:50:35.0219 1044 IRENUM - ok
20:50:35.0235 1044 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
20:50:35.0236 1044 isapnp - ok
20:50:35.0255 1044 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
20:50:35.0258 1044 iScsiPrt - ok
20:50:35.0277 1044 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
20:50:35.0277 1044 kbdclass - ok
20:50:35.0291 1044 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
20:50:35.0292 1044 kbdhid - ok
20:50:35.0299 1044 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
20:50:35.0300 1044 KeyIso - ok
20:50:35.0335 1044 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
20:50:35.0348 1044 KSecDD - ok
20:50:35.0367 1044 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
20:50:35.0395 1044 KSecPkg - ok
20:50:35.0406 1044 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
20:50:35.0407 1044 ksthunk - ok
20:50:35.0433 1044 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
20:50:35.0437 1044 KtmRm - ok
20:50:35.0450 1044 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
20:50:35.0453 1044 LanmanServer - ok
20:50:35.0484 1044 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:50:35.0497 1044 LanmanWorkstation - ok
20:50:35.0538 1044 [ AC2E68E3421AF857B8D438414E7AE31C ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
20:50:35.0539 1044 LightScribeService - ok
20:50:35.0553 1044 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
20:50:35.0555 1044 lltdio - ok
20:50:35.0575 1044 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
20:50:35.0578 1044 lltdsvc - ok
20:50:35.0629 1044 lmab_device - ok
20:50:35.0637 1044 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
20:50:35.0638 1044 lmhosts - ok
20:50:35.0675 1044 [ A1C148801B4AF64847AEB9F3AD9594EF ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
20:50:35.0676 1044 LMS - ok
20:50:35.0687 1044 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
20:50:35.0697 1044 LSI_FC - ok
20:50:35.0711 1044 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
20:50:35.0712 1044 LSI_SAS - ok
20:50:35.0722 1044 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:50:35.0723 1044 LSI_SAS2 - ok
20:50:35.0738 1044 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:50:35.0740 1044 LSI_SCSI - ok
20:50:35.0754 1044 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
20:50:35.0756 1044 luafv - ok
20:50:35.0789 1044 [ DC8490812A3B72811AE534F423B4C206 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
20:50:35.0790 1044 MBAMProtector - ok
20:50:35.0857 1044 [ 43683E970F008C93C9429EF428147A54 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
20:50:35.0863 1044 MBAMService - ok
20:50:35.0903 1044 [ 79D51E7F5926E8CE1B3EBECEBAE28CFF ] mcdbus C:\Windows\system32\DRIVERS\mcdbus.sys
20:50:35.0904 1044 mcdbus - ok
20:50:35.0927 1044 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
20:50:35.0929 1044 Mcx2Svc - ok
20:50:35.0977 1044 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
20:50:35.0980 1044 MDM - ok
20:50:35.0990 1044 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
20:50:35.0991 1044 megasas - ok
20:50:36.0005 1044 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
20:50:36.0007 1044 MegaSR - ok
20:50:36.0018 1044 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
20:50:36.0020 1044 MMCSS - ok
20:50:36.0027 1044 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
20:50:36.0029 1044 Modem - ok
20:50:36.0066 1044 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
20:50:36.0066 1044 monitor - ok
20:50:36.0102 1044 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
20:50:36.0103 1044 mouclass - ok
20:50:36.0121 1044 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
20:50:36.0122 1044 mouhid - ok
20:50:36.0149 1044 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
20:50:36.0151 1044 mountmgr - ok
20:50:36.0182 1044 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:50:36.0185 1044 MozillaMaintenance - ok
20:50:36.0214 1044 [ 94C66EDEDCDB6A126880472F9A704D8E ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
20:50:36.0216 1044 MpFilter - ok
20:50:36.0233 1044 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
20:50:36.0234 1044 mpio - ok
20:50:36.0250 1044 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
20:50:36.0252 1044 mpsdrv - ok
20:50:36.0313 1044 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
20:50:36.0321 1044 MpsSvc - ok
20:50:36.0348 1044 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
20:50:36.0350 1044 MRxDAV - ok
20:50:36.0380 1044 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
20:50:36.0382 1044 mrxsmb - ok
20:50:36.0413 1044 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:50:36.0416 1044 mrxsmb10 - ok
20:50:36.0426 1044 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:50:36.0427 1044 mrxsmb20 - ok
20:50:36.0440 1044 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
20:50:36.0441 1044 msahci - ok
20:50:36.0451 1044 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
20:50:36.0453 1044 msdsm - ok
20:50:36.0467 1044 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
20:50:36.0469 1044 MSDTC - ok
20:50:36.0477 1044 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
20:50:36.0479 1044 Msfs - ok
20:50:36.0491 1044 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
20:50:36.0491 1044 mshidkmdf - ok
20:50:36.0497 1044 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
20:50:36.0498 1044 msisadrv - ok
20:50:36.0519 1044 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
20:50:36.0521 1044 MSiSCSI - ok
20:50:36.0523 1044 msiserver - ok
20:50:36.0540 1044 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
20:50:36.0541 1044 MSKSSRV - ok
20:50:36.0579 1044 [ 59FAAF2C83C8169EA20F9E335E418907 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
20:50:36.0579 1044 MsMpSvc - ok
20:50:36.0594 1044 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
20:50:36.0595 1044 MSPCLOCK - ok
20:50:36.0600 1044 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
20:50:36.0601 1044 MSPQM - ok
20:50:36.0632 1044 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
20:50:36.0635 1044 MsRPC - ok
20:50:36.0648 1044 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
20:50:36.0649 1044 mssmbios - ok
20:50:36.0661 1044 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
20:50:36.0663 1044 MSTEE - ok
20:50:36.0673 1044 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
20:50:36.0674 1044 MTConfig - ok
20:50:36.0691 1044 [ 19B006B181E3875FD254F7B67ACF1E7C ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
20:50:36.0691 1044 MTsensor - ok
20:50:36.0699 1044 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
20:50:36.0700 1044 Mup - ok
20:50:36.0731 1044 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
20:50:36.0736 1044 napagent - ok
20:50:36.0757 1044 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
20:50:36.0760 1044 NativeWifiP - ok
20:50:36.0785 1044 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
20:50:36.0793 1044 NDIS - ok
20:50:36.0805 1044 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
20:50:36.0806 1044 NdisCap - ok
20:50:36.0821 1044 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
20:50:36.0822 1044 NdisTapi - ok
20:50:36.0848 1044 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
20:50:36.0849 1044 Ndisuio - ok
20:50:36.0875 1044 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
20:50:36.0877 1044 NdisWan - ok
20:50:36.0905 1044 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
20:50:36.0907 1044 NDProxy - ok
20:50:36.0951 1044 [ 0FF3C6AA3E0FE0EB316DF5449B569463 ] Nero BackItUp Scheduler 4.0 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
20:50:36.0954 1044 Nero BackItUp Scheduler 4.0 - ok
20:50:36.0973 1044 [ DC6530A291D4BDF6DF399F1F128E7F8F ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
20:50:36.0975 1044 Net Driver HPZ12 - ok
20:50:36.0986 1044 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
20:50:36.0988 1044 NetBIOS - ok
20:50:37.0002 1044 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
20:50:37.0005 1044 NetBT - ok
20:50:37.0014 1044 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
20:50:37.0015 1044 Netlogon - ok
20:50:37.0042 1044 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
20:50:37.0046 1044 Netman - ok
20:50:37.0058 1044 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
20:50:37.0063 1044 netprofm - ok
20:50:37.0084 1044 [ B72BB9496A126FCFC7FC5945DED9B411 ] netr28x C:\Windows\system32\DRIVERS\netr28x.sys
20:50:37.0090 1044 netr28x - ok
20:50:37.0106 1044 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:50:37.0108 1044 NetTcpPortSharing - ok
20:50:37.0119 1044 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
20:50:37.0120 1044 nfrd960 - ok
20:50:37.0151 1044 [ 91B4E0273D2F6C24EF845F2B41311289 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
20:50:37.0153 1044 NisDrv - ok
20:50:37.0187 1044 [ 10A43829A9E606AF3EEF25A1C1665923 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
20:50:37.0190 1044 NisSrv - ok
20:50:37.0218 1044 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
20:50:37.0221 1044 NlaSvc - ok
20:50:37.0233 1044 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
20:50:37.0234 1044 Npfs - ok
20:50:37.0240 1044 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
20:50:37.0242 1044 nsi - ok
20:50:37.0254 1044 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
20:50:37.0255 1044 nsiproxy - ok
20:50:37.0307 1044 [ 05D78AA5CB5F3F5C31160BDB955D0B7C ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
20:50:37.0332 1044 Ntfs - ok
20:50:37.0338 1044 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
20:50:37.0339 1044 Null - ok
20:50:37.0369 1044 [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48 ] nvraid C:\Windows\system32\drivers\nvraid.sys
20:50:37.0371 1044 nvraid - ok
20:50:37.0402 1044 [ F7CD50FE7139F07E77DA8AC8033D1832 ] nvstor C:\Windows\system32\drivers\nvstor.sys
20:50:37.0404 1044 nvstor - ok
20:50:37.0416 1044 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
20:50:37.0418 1044 nv_agp - ok
20:50:37.0449 1044 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
20:50:37.0451 1044 ohci1394 - ok
20:50:37.0484 1044 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:50:37.0486 1044 ose - ok
20:50:37.0506 1044 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
20:50:37.0509 1044 p2pimsvc - ok
20:50:37.0524 1044 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
20:50:37.0529 1044 p2psvc - ok
20:50:37.0543 1044 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
20:50:37.0545 1044 Parport - ok
20:50:37.0572 1044 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
20:50:37.0573 1044 partmgr - ok
20:50:37.0587 1044 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
20:50:37.0592 1044 PcaSvc - ok
20:50:37.0604 1044 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
20:50:37.0605 1044 pci - ok
20:50:37.0611 1044 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
20:50:37.0612 1044 pciide - ok
20:50:37.0627 1044 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
20:50:37.0630 1044 pcmcia - ok
20:50:37.0633 1044 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
20:50:37.0633 1044 pcw - ok
20:50:37.0656 1044 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
20:50:37.0662 1044 PEAUTH - ok
20:50:37.0703 1044 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
20:50:37.0705 1044 PerfHost - ok
20:50:37.0768 1044 [ 8BA0E6570112C4F27571A3C21B3A02A6 ] PGMTrusted C:\Program Files (x86)\Pogo Games\PGMTrusted.exe
20:50:37.0773 1044 PGMTrusted - ok
20:50:37.0816 1044 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
20:50:37.0890 1044 pla - ok
20:50:37.0937 1044 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
20:50:37.0941 1044 PlugPlay - ok
20:50:37.0971 1044 [ 71F62C51DFDFBC04C83C5C64B2B8058E ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
20:50:37.0973 1044 Pml Driver HPZ12 - ok
20:50:37.0979 1044 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
20:50:37.0981 1044 PNRPAutoReg - ok
20:50:37.0997 1044 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
20:50:37.0999 1044 PNRPsvc - ok
20:50:38.0018 1044 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
20:50:38.0023 1044 PolicyAgent - ok
20:50:38.0050 1044 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
20:50:38.0052 1044 Power - ok
20:50:38.0091 1044 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
20:50:38.0093 1044 PptpMiniport - ok
20:50:38.0110 1044 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
20:50:38.0112 1044 Processor - ok
20:50:38.0125 1044 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc C:\Windows\system32\profsvc.dll
20:50:38.0128 1044 ProfSvc - ok
20:50:38.0138 1044 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:50:38.0139 1044 ProtectedStorage - ok
20:50:38.0168 1044 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
20:50:38.0169 1044 Psched - ok
20:50:38.0206 1044 [ 901DBA98359966A62A6548596988E931 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
20:50:38.0206 1044 PxHlpa64 - ok
20:50:38.0250 1044 [ 56A6210ACA051227EAFEEFA628BB5A9B ] QBCFMonitorService C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
20:50:38.0250 1044 QBCFMonitorService - ok
20:50:38.0286 1044 [ 6BEE1814470DC12FA20C53DFC3C97EBB ] QBFCService C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
20:50:38.0287 1044 QBFCService - ok
20:50:38.0344 1044 [ D4FF4102640685C69BDC63F1674CE724 ] QBVSS C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
20:50:38.0351 1044 QBVSS - ok
20:50:38.0383 1044 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
20:50:38.0409 1044 ql2300 - ok
20:50:38.0427 1044 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
20:50:38.0429 1044 ql40xx - ok
20:50:38.0441 1044 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
20:50:38.0444 1044 QWAVE - ok
20:50:38.0451 1044 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
20:50:38.0453 1044 QWAVEdrv - ok
20:50:38.0463 1044 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
20:50:38.0465 1044 RasAcd - ok
20:50:38.0481 1044 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
20:50:38.0482 1044 RasAgileVpn - ok
20:50:38.0491 1044 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
20:50:38.0493 1044 RasAuto - ok
20:50:38.0500 1044 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
20:50:38.0502 1044 Rasl2tp - ok
20:50:38.0511 1044 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
20:50:38.0515 1044 RasMan - ok
20:50:38.0523 1044 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
20:50:38.0524 1044 RasPppoe - ok
20:50:38.0532 1044 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
20:50:38.0534 1044 RasSstp - ok
20:50:38.0544 1044 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
20:50:38.0547 1044 rdbss - ok
20:50:38.0562 1044 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
20:50:38.0563 1044 rdpbus - ok
20:50:38.0571 1044 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
20:50:38.0572 1044 RDPCDD - ok
20:50:38.0596 1044 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
20:50:38.0597 1044 RDPENCDD - ok
20:50:38.0614 1044 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
20:50:38.0615 1044 RDPREFMP - ok
20:50:38.0648 1044 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
20:50:38.0651 1044 RDPWD - ok
20:50:38.0679 1044 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
20:50:38.0681 1044 rdyboost - ok
20:50:38.0694 1044 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
20:50:38.0696 1044 RemoteAccess - ok
20:50:38.0707 1044 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
20:50:38.0710 1044 RemoteRegistry - ok
20:50:38.0716 1044 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
20:50:38.0725 1044 RpcEptMapper - ok
20:50:38.0734 1044 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
20:50:38.0735 1044 RpcLocator - ok
20:50:38.0772 1044 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
20:50:38.0774 1044 RpcSs - ok
20:50:38.0784 1044 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
20:50:38.0785 1044 rspndr - ok
20:50:38.0832 1044 [ 4FE1CEF69D36E913738234303986FBB3 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
20:50:38.0834 1044 RTL8167 - ok
20:50:38.0845 1044 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
20:50:38.0846 1044 SamSs - ok
20:50:38.0871 1044 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
20:50:38.0873 1044 sbp2port - ok
20:50:38.0884 1044 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
20:50:38.0887 1044 SCardSvr - ok
20:50:38.0916 1044 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
20:50:38.0917 1044 scfilter - ok
20:50:38.0957 1044 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
20:50:38.0974 1044 Schedule - ok
20:50:38.0997 1044 [ 6011CDF54BB6F4C69F38FACCDAD73D7E ] SCMNdisP C:\Windows\system32\DRIVERS\scmndisp.sys
20:50:38.0997 1044 SCMNdisP - ok
20:50:39.0025 1044 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
20:50:39.0026 1044 SCPolicySvc - ok
20:50:39.0034 1044 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
20:50:39.0037 1044 SDRSVC - ok
20:50:39.0062 1044 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
20:50:39.0063 1044 secdrv - ok
20:50:39.0095 1044 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
20:50:39.0096 1044 seclogon - ok
20:50:39.0122 1044 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
20:50:39.0124 1044 SENS - ok
20:50:39.0130 1044 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
20:50:39.0132 1044 SensrSvc - ok
20:50:39.0145 1044 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
20:50:39.0146 1044 Serenum - ok
20:50:39.0164 1044 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
20:50:39.0166 1044 Serial - ok
20:50:39.0184 1044 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
20:50:39.0185 1044 sermouse - ok
20:50:39.0217 1044 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
20:50:39.0219 1044 SessionEnv - ok
20:50:39.0226 1044 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
20:50:39.0227 1044 sffdisk - ok
20:50:39.0237 1044 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
20:50:39.0238 1044 sffp_mmc - ok
20:50:39.0244 1044 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
20:50:39.0245 1044 sffp_sd - ok
20:50:39.0253 1044 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
20:50:39.0254 1044 sfloppy - ok
20:50:39.0281 1044 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
20:50:39.0285 1044 SharedAccess - ok
20:50:39.0297 1044 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:50:39.0301 1044 ShellHWDetection - ok
20:50:39.0314 1044 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:50:39.0315 1044 SiSRaid2 - ok
20:50:39.0327 1044 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
20:50:39.0328 1044 SiSRaid4 - ok
20:50:39.0427 1044 [ 753D254205E0A62100A050BD8B458D06 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
20:50:39.0438 1044 Skype C2C Service - ok
20:50:39.0501 1044 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
20:50:39.0503 1044 SkypeUpdate - ok
20:50:39.0525 1044 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
20:50:39.0527 1044 Smb - ok
20:50:39.0547 1044 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
20:50:39.0548 1044 SNMPTRAP - ok
20:50:39.0554 1044 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
20:50:39.0554 1044 spldr - ok
20:50:39.0569 1044 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
20:50:39.0575 1044 Spooler - ok
20:50:39.0638 1044 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
20:50:39.0680 1044 sppsvc - ok
20:50:39.0704 1044 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
20:50:39.0706 1044 sppuinotify - ok
20:50:39.0739 1044 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
20:50:39.0743 1044 srv - ok
20:50:39.0759 1044 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
20:50:39.0763 1044 srv2 - ok
20:50:39.0773 1044 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
20:50:39.0775 1044 srvnet - ok
20:50:39.0798 1044 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
20:50:39.0801 1044 SSDPSRV - ok
20:50:39.0807 1044 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
20:50:39.0809 1044 SstpSvc - ok
20:50:39.0819 1044 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
20:50:39.0820 1044 stexstor - ok
20:50:39.0847 1044 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
20:50:39.0853 1044 stisvc - ok
20:50:39.0862 1044 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
20:50:39.0863 1044 swenum - ok
20:50:39.0881 1044 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
20:50:39.0887 1044 swprv - ok
20:50:39.0939 1044 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
20:50:39.0965 1044 SysMain - ok
20:50:39.0975 1044 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:50:39.0978 1044 TabletInputService - ok
20:50:39.0987 1044 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
20:50:39.0991 1044 TapiSrv - ok
20:50:40.0003 1044 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
20:50:40.0004 1044 TBS - ok
20:50:40.0059 1044 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
20:50:40.0084 1044 Tcpip - ok
20:50:40.0125 1044 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
20:50:40.0132 1044 TCPIP6 - ok
20:50:40.0157 1044 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
20:50:40.0158 1044 tcpipreg - ok
20:50:40.0172 1044 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
20:50:40.0173 1044 TDPIPE - ok
20:50:40.0197 1044 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
20:50:40.0198 1044 TDTCP - ok
20:50:40.0212 1044 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
20:50:40.0214 1044 tdx - ok
20:50:40.0221 1044 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
20:50:40.0222 1044 TermDD - ok
20:50:40.0236 1044 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
20:50:40.0243 1044 TermService - ok
20:50:40.0249 1044 TfFsMon - ok
20:50:40.0255 1044 TfNetMon - ok
20:50:40.0258 1044 TfSysMon - ok
20:50:40.0264 1044 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
20:50:40.0266 1044 Themes - ok
20:50:40.0288 1044 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
20:50:40.0289 1044 THREADORDER - ok
20:50:40.0298 1044 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
20:50:40.0301 1044 TrkWks - ok
20:50:40.0330 1044 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:50:40.0330 1044 TrustedInstaller - ok
20:50:40.0356 1044 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
20:50:40.0357 1044 tssecsrv - ok
20:50:40.0367 1044 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
20:50:40.0368 1044 TsUsbFlt - ok
20:50:40.0397 1044 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
20:50:40.0399 1044 tunnel - ok
20:50:40.0420 1044 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
20:50:40.0422 1044 uagp35 - ok
20:50:40.0439 1044 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
20:50:40.0442 1044 udfs - ok
20:50:40.0459 1044 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
20:50:40.0461 1044 UI0Detect - ok
20:50:40.0471 1044 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
20:50:40.0473 1044 uliagpkx - ok
20:50:40.0482 1044 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
20:50:40.0484 1044 umbus - ok
20:50:40.0497 1044 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
20:50:40.0498 1044 UmPass - ok
20:50:40.0559 1044 [ 41118D920B2B268C0ADC36421248CDCF ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
20:50:40.0599 1044 UNS - ok
20:50:40.0620 1044 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
20:50:40.0624 1044 upnphost - ok
20:50:40.0663 1044 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
20:50:40.0665 1044 USBAAPL64 - ok
20:50:40.0678 1044 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
20:50:40.0680 1044 usbaudio - ok
20:50:40.0693 1044 [ 481DFF26B4DCA8F4CBAC1F7DCE1D6829 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
20:50:40.0695 1044 usbccgp - ok
20:50:40.0716 1044 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
20:50:40.0718 1044 usbcir - ok
20:50:40.0733 1044 [ 74EE782B1D9C241EFE425565854C661C ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
20:50:40.0734 1044 usbehci - ok
20:50:40.0748 1044 [ DC96BD9CCB8403251BCF25047573558E ] usbhub C:\Windows\system32\drivers\usbhub.sys
20:50:40.0751 1044 usbhub - ok
20:50:40.0759 1044 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
20:50:40.0761 1044 usbohci - ok
20:50:40.0773 1044 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
20:50:40.0774 1044 usbprint - ok
20:50:40.0786 1044 [ D76510CFA0FC09023077F22C2F979D86 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:50:40.0788 1044 USBSTOR - ok
20:50:40.0799 1044 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
20:50:40.0800 1044 usbuhci - ok
20:50:40.0814 1044 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
20:50:40.0816 1044 usbvideo - ok
20:50:40.0825 1044 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
20:50:40.0827 1044 UxSms - ok
20:50:40.0835 1044 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
20:50:40.0836 1044 VaultSvc - ok
20:50:40.0847 1044 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
20:50:40.0848 1044 vdrvroot - ok
20:50:40.0866 1044 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
20:50:40.0872 1044 vds - ok
20:50:40.0875 1044 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
20:50:40.0876 1044 vga - ok
20:50:40.0888 1044 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
20:50:40.0889 1044 VgaSave - ok
20:50:40.0901 1044 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
20:50:40.0903 1044 vhdmp - ok
20:50:40.0920 1044 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
20:50:40.0921 1044 viaide - ok
20:50:40.0929 1044 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
20:50:40.0930 1044 volmgr - ok
20:50:40.0961 1044 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
20:50:40.0964 1044 volmgrx - ok
20:50:40.0979 1044 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
20:50:40.0981 1044 volsnap - ok
20:50:40.0995 1044 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
20:50:40.0997 1044 vsmraid - ok
20:50:41.0041 1044 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
20:50:41.0067 1044 VSS - ok
20:50:41.0121 1044 [ EF51747440486C23BD466311048BD924 ] vToolbarUpdater12.2.0 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe
20:50:41.0129 1044 vToolbarUpdater12.2.0 - ok
20:50:41.0141 1044 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
20:50:41.0143 1044 vwifibus - ok
20:50:41.0148 1044 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
20:50:41.0149 1044 vwififlt - ok
20:50:41.0170 1044 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
20:50:41.0170 1044 vwifimp - ok
20:50:41.0199 1044 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
20:50:41.0203 1044 W32Time - ok
20:50:41.0248 1044 [ 37E4600E2CDAD3C1A3613A25B97D457C ] wacmoumonitor C:\Windows\system32\DRIVERS\wacmoumonitor.sys
20:50:41.0249 1044 wacmoumonitor - ok
20:50:41.0261 1044 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
20:50:41.0262 1044 WacomPen - ok
20:50:41.0273 1044 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
20:50:41.0274 1044 WANARP - ok
20:50:41.0279 1044 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
20:50:41.0279 1044 Wanarpv6 - ok
20:50:41.0324 1044 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
20:50:41.0342 1044 WatAdminSvc - ok
20:50:41.0366 1044 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
20:50:41.0392 1044 wbengine - ok
20:50:41.0403 1044 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
20:50:41.0406 1044 WbioSrvc - ok
20:50:41.0432 1044 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
20:50:41.0436 1044 wcncsvc - ok
20:50:41.0443 1044 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:50:41.0445 1044 WcsPlugInService - ok
20:50:41.0455 1044 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
20:50:41.0456 1044 Wd - ok
20:50:41.0479 1044 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
20:50:41.0484 1044 Wdf01000 - ok
20:50:41.0498 1044 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
20:50:41.0500 1044 WdiServiceHost - ok
20:50:41.0503 1044 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
20:50:41.0504 1044 WdiSystemHost - ok
20:50:41.0536 1044 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
20:50:41.0539 1044 WebClient - ok
20:50:41.0554 1044 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
20:50:41.0558 1044 Wecsvc - ok
20:50:41.0570 1044 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
20:50:41.0572 1044 wercplsupport - ok
20:50:41.0596 1044 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
20:50:41.0598 1044 WerSvc - ok
20:50:41.0605 1044 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
20:50:41.0606 1044 WfpLwf - ok
20:50:41.0614 1044 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
20:50:41.0615 1044 WIMMount - ok
20:50:41.0638 1044 WinDefend - ok
20:50:41.0641 1044 WinHttpAutoProxySvc - ok
20:50:41.0683 1044 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
20:50:41.0685 1044 Winmgmt - ok
20:50:41.0721 1044 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
20:50:41.0755 1044 WinRM - ok
20:50:41.0800 1044 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
20:50:41.0801 1044 WinUsb - ok
20:50:41.0822 1044 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
20:50:41.0830 1044 Wlansvc - ok
20:50:41.0912 1044 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:50:41.0920 1044 wlidsvc - ok
20:50:41.0936 1044 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
20:50:41.0937 1044 WmiAcpi - ok
20:50:41.0955 1044 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
20:50:41.0957 1044 wmiApSrv - ok
20:50:41.0962 1044 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
20:50:41.0964 1044 WPCSvc - ok
20:50:41.0987 1044 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
20:50:41.0990 1044 WPDBusEnum - ok
20:50:42.0004 1044 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
20:50:42.0005 1044 ws2ifsl - ok
20:50:42.0018 1044 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
20:50:42.0021 1044 wscsvc - ok
20:50:42.0023 1044 WSearch - ok
20:50:42.0059 1044 [ 2A7DB6A6F2C2E7CB40311D5B9340060D ] WSWNDA3100 C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
20:50:42.0060 1044 WSWNDA3100 - ok
20:50:42.0118 1044 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
20:50:42.0152 1044 wuauserv - ok
20:50:42.0183 1044 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
20:50:42.0185 1044 WudfPf - ok
20:50:42.0198 1044 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
20:50:42.0201 1044 WUDFRd - ok
20:50:42.0225 1044 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
20:50:42.0228 1044 wudfsvc - ok
20:50:42.0241 1044 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
20:50:42.0244 1044 WwanSvc - ok
20:50:42.0281 1044 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
20:50:42.0287 1044 YahooAUService - ok
20:50:42.0306 1044 ================ Scan global ===============================
20:50:42.0318 1044 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
20:50:42.0350 1044 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
20:50:42.0356 1044 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
20:50:42.0371 1044 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
20:50:42.0406 1044 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
20:50:42.0410 1044 [Global] - ok
20:50:42.0411 1044 ================ Scan MBR ==================================
20:50:42.0425 1044 [ 4976D4A7A40B83FC7F06EE4BDD84EB9B ] \Device\Harddisk0\DR0
20:50:42.0577 1044 \Device\Harddisk0\DR0 - ok
20:50:42.0577 1044 ================ Scan VBR ==================================
20:50:42.0584 1044 [ 063C6D6B42897DD6E286B6EB2F53DE3D ] \Device\Harddisk0\DR0\Partition1
20:50:42.0590 1044 \Device\Harddisk0\DR0\Partition1 - ok
20:50:42.0592 1044 ============================================================
20:50:42.0592 1044 Scan finished
20:50:42.0592 1044 ============================================================
20:50:42.0600 4012 Detected object count: 0
20:50:42.0600 4012 Actual detected object count: 0
20:52:18.0757 3536 ============================================================
20:52:18.0757 3536 Scan started
20:52:18.0757 3536 Mode: Manual;
20:52:18.0757 3536 ============================================================
20:52:19.0232 3536 ================ Scan system memory ========================
20:52:19.0232 3536 System memory - ok
20:52:19.0233 3536 ================ Scan services =============================
20:52:19.0346 3536 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
20:52:19.0347 3536 1394ohci - ok
20:52:19.0361 3536 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
20:52:19.0363 3536 ACPI - ok
20:52:19.0377 3536 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
20:52:19.0377 3536 AcpiPmi - ok
20:52:19.0391 3536 [ 2F0683FD2DF1D92E891CACA14B45A8C1 ] adfs C:\Windows\system32\drivers\adfs.sys
20:52:19.0392 3536 adfs - ok
20:52:19.0484 3536 [ 57A3B9A69F14414ACE12AFD6BA701773 ] Adobe Version Cue CS4 C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
20:52:19.0485 3536 Adobe Version Cue CS4 - ok
20:52:19.0561 3536 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:52:19.0562 3536 AdobeFlashPlayerUpdateSvc - ok
20:52:19.0585 3536 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
20:52:19.0587 3536 adp94xx - ok
20:52:19.0605 3536 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
20:52:19.0607 3536 adpahci - ok
20:52:19.0621 3536 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
20:52:19.0622 3536 adpu320 - ok
20:52:19.0646 3536 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
20:52:19.0647 3536 AeLookupSvc - ok
20:52:19.0676 3536 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
20:52:19.0678 3536 AFD - ok
20:52:19.0688 3536 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
20:52:19.0689 3536 agp440 - ok
20:52:19.0722 3536 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
20:52:19.0722 3536 ALG - ok
20:52:19.0734 3536 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
20:52:19.0734 3536 aliide - ok
20:52:19.0746 3536 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
20:52:19.0746 3536 amdide - ok
20:52:19.0756 3536 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
20:52:19.0757 3536 AmdK8 - ok
20:52:19.0771 3536 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
20:52:19.0771 3536 AmdPPM - ok
20:52:19.0781 3536 [ 6EC6D772EAE38DC17C14AED9B178D24B ] amdsata C:\Windows\system32\drivers\amdsata.sys
20:52:19.0781 3536 amdsata - ok
20:52:19.0786 3536 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
20:52:19.0786 3536 amdsbs - ok
20:52:19.0797 3536 [ 1142A21DB581A84EA5597B03A26EBAA0 ] amdxata C:\Windows\system32\drivers\amdxata.sys
20:52:19.0797 3536 amdxata - ok
20:52:19.0821 3536 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
20:52:19.0822 3536 AppID - ok
20:52:19.0831 3536 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
20:52:19.0832 3536 AppIDSvc - ok
20:52:19.0861 3536 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
20:52:19.0861 3536 Appinfo - ok
20:52:19.0917 3536 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:52:19.0917 3536 Apple Mobile Device - ok
20:52:19.0934 3536 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
20:52:19.0935 3536 arc - ok
20:52:19.0939 3536 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
20:52:19.0939 3536 arcsas - ok
20:52:19.0968 3536 [ EDAA17CE771C696655B6585F7CAD2100 ] ASInsHelp C:\Windows\SysWow64\drivers\AsInsHelp64.sys
20:52:19.0968 3536 ASInsHelp - ok
20:52:19.0978 3536 [ A82C01606DC27D05D9D3BFB6BB807E32 ] AsIO C:\Windows\syswow64\drivers\AsIO.sys
20:52:19.0979 3536 AsIO - ok
20:52:19.0988 3536 [ 26D66E32E78D3059715B3A17BC679CD9 ] AsUpIO C:\Windows\syswow64\drivers\AsUpIO.sys
20:52:19.0988 3536 AsUpIO - ok
20:52:19.0998 3536 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
20:52:19.0999 3536 AsyncMac - ok
20:52:20.0007 3536 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
20:52:20.0007 3536 atapi - ok
20:52:20.0040 3536 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:52:20.0043 3536 AudioEndpointBuilder - ok
20:52:20.0050 3536 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
20:52:20.0053 3536 AudioSrv - ok
20:52:20.0079 3536 [ E964EA70249DDE1343C8F694B52575EE ] avgtp C:\Windows\system32\drivers\avgtpx64.sys
20:52:20.0079 3536 avgtp - ok
20:52:20.0107 3536 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
20:52:20.0108 3536 AxInstSV - ok
20:52:20.0123 3536 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
20:52:20.0125 3536 b06bdrv - ok
20:52:20.0137 3536 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
20:52:20.0138 3536 b57nd60a - ok
20:52:20.0172 3536 [ E49110A58A32E9450356686A95DD7763 ] BCMH43XX C:\Windows\system32\DRIVERS\bcmwlhigh664.sys
20:52:20.0175 3536 BCMH43XX - ok
20:52:20.0194 3536 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
20:52:20.0195 3536 BDESVC - ok
20:52:20.0206 3536 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
20:52:20.0206 3536 Beep - ok
20:52:20.0244 3536 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
20:52:20.0247 3536 BFE - ok
20:52:20.0260 3536 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
20:52:20.0261 3536 blbdrive - ok
20:52:20.0314 3536 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:52:20.0316 3536 Bonjour Service - ok
20:52:20.0344 3536 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
20:52:20.0345 3536 bowser - ok
20:52:20.0360 3536 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:52:20.0360 3536 BrFiltLo - ok
20:52:20.0367 3536 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:52:20.0367 3536 BrFiltUp - ok
20:52:20.0383 3536 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
20:52:20.0383 3536 BridgeMP - ok
20:52:20.0412 3536 [ 8EF0D5C41EC907751B8429162B1239ED ] Browser C:\Windows\System32\browser.dll
20:52:20.0413 3536 Browser - ok
20:52:20.0426 3536 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
20:52:20.0428 3536 Brserid - ok
20:52:20.0437 3536 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
20:52:20.0438 3536 BrSerWdm - ok
20:52:20.0448 3536 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
20:52:20.0448 3536 BrUsbMdm - ok
20:52:20.0455 3536 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
20:52:20.0455 3536 BrUsbSer - ok
20:52:20.0467 3536 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
20:52:20.0467 3536 BTHMODEM - ok
20:52:20.0479 3536 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
20:52:20.0480 3536 bthserv - ok
20:52:20.0482 3536 catchme - ok
20:52:20.0527 3536 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
20:52:20.0527 3536 cdfs - ok
20:52:20.0564 3536 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
20:52:20.0565 3536 cdrom - ok
20:52:20.0596 3536 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
20:52:20.0600 3536 CertPropSvc - ok
20:52:20.0616 3536 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
20:52:20.0616 3536 circlass - ok
20:52:20.0643 3536 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
20:52:20.0645 3536 CLFS - ok
20:52:20.0697 3536 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:52:20.0697 3536 clr_optimization_v2.0.50727_32 - ok
20:52:20.0734 3536 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:52:20.0734 3536 clr_optimization_v2.0.50727_64 - ok
20:52:20.0747 3536 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
20:52:20.0748 3536 CmBatt - ok
20:52:20.0757 3536 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
20:52:20.0758 3536 cmdide - ok
20:52:20.0791 3536 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
20:52:20.0793 3536 CNG - ok
20:52:20.0805 3536 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
20:52:20.0805 3536 Compbatt - ok
20:52:20.0819 3536 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
20:52:20.0820 3536 CompositeBus - ok
20:52:20.0824 3536 COMSysApp - ok
20:52:20.0835 3536 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
20:52:20.0835 3536 crcdisk - ok
20:52:20.0861 3536 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
20:52:20.0862 3536 CryptSvc - ok
20:52:20.0901 3536 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
20:52:20.0903 3536 DcomLaunch - ok
20:52:20.0918 3536 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
20:52:20.0919 3536 defragsvc - ok
20:52:20.0940 3536 [ 0A403702CB00432AC818523CD416BF67 ] Device Handle Service C:\Windows\SysWOW64\AsHookDevice.exe
20:52:20.0941 3536 Device Handle Service - ok
20:52:20.0969 3536 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
20:52:20.0970 3536 DfsC - ok
20:52:20.0980 3536 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
20:52:20.0981 3536 Dhcp - ok
20:52:20.0991 3536 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
20:52:20.0991 3536 discache - ok
20:52:21.0006 3536 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
20:52:21.0006 3536 Disk - ok
20:52:21.0039 3536 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
20:52:21.0040 3536 Dnscache - ok
20:52:21.0068 3536 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
20:52:21.0069 3536 dot3svc - ok
20:52:21.0102 3536 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
20:52:21.0103 3536 DPS - ok
20:52:21.0111 3536 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
20:52:21.0112 3536 drmkaud - ok
20:52:21.0154 3536 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
20:52:21.0157 3536 DXGKrnl - ok
20:52:21.0173 3536 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
20:52:21.0174 3536 EapHost - ok
20:52:21.0221 3536 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
20:52:21.0233 3536 ebdrv - ok
20:52:21.0266 3536 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
20:52:21.0267 3536 EFS - ok
20:52:21.0307 3536 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
20:52:21.0309 3536 ehRecvr - ok
20:52:21.0331 3536 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
20:52:21.0332 3536 ehSched - ok
20:52:21.0351 3536 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
20:52:21.0353 3536 elxstor - ok
20:52:21.0380 3536 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
20:52:21.0381 3536 ErrDev - ok
20:52:21.0400 3536 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
20:52:21.0402 3536 EventSystem - ok
20:52:21.0415 3536 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
20:52:21.0416 3536 exfat - ok
20:52:21.0433 3536 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
20:52:21.0434 3536 fastfat - ok
20:52:21.0451 3536 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
20:52:21.0454 3536 Fax - ok
20:52:21.0468 3536 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
20:52:21.0469 3536 fdc - ok
20:52:21.0479 3536 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
20:52:21.0479 3536 fdPHost - ok
20:52:21.0499 3536 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
20:52:21.0500 3536 FDResPub - ok
20:52:21.0507 3536 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
20:52:21.0508 3536 FileInfo - ok
20:52:21.0515 3536 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
20:52:21.0516 3536 Filetrace - ok
20:52:21.0542 3536 [ 1F63900E2EB00101B9ACA2B7A870704E ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
20:52:21.0545 3536 FLEXnet Licensing Service - ok
20:52:21.0589 3536 [ 1C3FB052A0BB72EDAED90785C34D6EED ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
20:52:21.0593 3536 FLEXnet Licensing Service 64 - ok
20:52:21.0603 3536 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
20:52:21.0603 3536 flpydisk - ok
20:52:21.0618 3536 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
20:52:21.0620 3536 FltMgr - ok
20:52:21.0660 3536 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
20:52:21.0665 3536 FontCache - ok
20:52:21.0701 3536 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:52:21.0701 3536 FontCache3.0.0.0 - ok
20:52:21.0714 3536 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
20:52:21.0714 3536 FsDepends - ok
20:52:21.0741 3536 [ 6C06701BF1DB05405804D7EB610991CE ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
20:52:21.0741 3536 fssfltr - ok
20:52:21.0817 3536 [ 45B52394F9624237F33A8A3D73C0B221 ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
20:52:21.0820 3536 fsssvc - ok
20:52:21.0843 3536 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
20:52:21.0843 3536 Fs_Rec - ok
20:52:21.0856 3536 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
20:52:21.0857 3536 fvevol - ok
20:52:21.0870 3536 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
20:52:21.0871 3536 gagp30kx - ok
20:52:21.0889 3536 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:52:21.0889 3536 GEARAspiWDM - ok
20:52:21.0919 3536 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
20:52:21.0922 3536 gpsvc - ok
20:52:21.0963 3536 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:52:21.0964 3536 gupdate - ok
20:52:21.0967 3536 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:52:21.0968 3536 gupdatem - ok
20:52:22.0008 3536 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
20:52:22.0009 3536 gusvc - ok
20:52:22.0023 3536 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
20:52:22.0024 3536 hcw85cir - ok
20:52:22.0051 3536 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:52:22.0052 3536 HdAudAddService - ok
20:52:22.0070 3536 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
20:52:22.0071 3536 HDAudBus - ok
20:52:22.0083 3536 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
20:52:22.0083 3536 HECIx64 - ok
20:52:22.0097 3536 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
20:52:22.0098 3536 HidBatt - ok
20:52:22.0106 3536 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
20:52:22.0107 3536 HidBth - ok
20:52:22.0119 3536 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
20:52:22.0120 3536 HidIr - ok
20:52:22.0134 3536 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
20:52:22.0135 3536 hidserv - ok
20:52:22.0144 3536 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
20:52:22.0144 3536 HidUsb - ok
20:52:22.0179 3536 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
20:52:22.0180 3536 hkmsvc - ok
20:52:22.0209 3536 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:52:22.0211 3536 HomeGroupListener - ok
20:52:22.0238 3536 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:52:22.0239 3536 HomeGroupProvider - ok
20:52:22.0250 3536 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
20:52:22.0251 3536 HpSAMD - ok
20:52:22.0294 3536 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
20:52:22.0297 3536 HTTP - ok
20:52:22.0300 3536 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
20:52:22.0300 3536 hwpolicy - ok
20:52:22.0314 3536 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
20:52:22.0314 3536 i8042prt - ok
20:52:22.0333 3536 [ 3DF4395A7CF8B7A72A5F4606366B8C2D ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
20:52:22.0335 3536 iaStorV - ok
20:52:22.0362 3536 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:52:22.0365 3536 idsvc - ok
20:52:22.0512 3536 [ 677AA5991026A65ADA128C4B59CF2BAD ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
20:52:22.0549 3536 igfx - ok
20:52:22.0582 3536 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
20:52:22.0586 3536 iirsp - ok
20:52:22.0603 3536 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
20:52:22.0606 3536 IKEEXT - ok
20:52:22.0652 3536 [ F04D22D7A49A1B2210DBADF0B803E870 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
20:52:22.0659 3536 IntcAzAudAddService - ok
20:52:22.0685 3536 [ 49072EDBC5C2F964917D1B585C90ED0A ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
20:52:22.0686 3536 IntcDAud - ok
20:52:22.0697 3536 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
20:52:22.0697 3536 intelide - ok
20:52:22.0707 3536 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
20:52:22.0708 3536 intelppm - ok
20:52:22.0735 3536 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
20:52:22.0736 3536 IPBusEnum - ok
20:52:22.0762 3536 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:52:22.0762 3536 IpFilterDriver - ok
20:52:22.0790 3536 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
20:52:22.0793 3536 iphlpsvc - ok
20:52:22.0804 3536 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
20:52:22.0804 3536 IPMIDRV - ok
20:52:22.0814 3536 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
20:52:22.0815 3536 IPNAT - ok
20:52:22.0856 3536 [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
20:52:22.0860 3536 iPod Service - ok
20:52:22.0866 3536 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
20:52:22.0867 3536 IRENUM - ok
20:52:22.0883 3536 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
20:52:22.0883 3536 isapnp - ok
20:52:22.0903 3536 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
20:52:22.0904 3536 iScsiPrt - ok
20:52:22.0917 3536 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
20:52:22.0917 3536 kbdclass - ok
20:52:22.0923 3536 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
20:52:22.0923 3536 kbdhid - ok
20:52:22.0931 3536 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
20:52:22.0931 3536 KeyIso - ok
20:52:22.0958 3536 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
20:52:22.0959 3536 KSecDD - ok
20:52:22.0974 3536 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
20:52:22.0974 3536 KSecPkg - ok
20:52:22.0979 3536 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
20:52:22.0980 3536 ksthunk - ok
20:52:23.0006 3536 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
20:52:23.0008 3536 KtmRm - ok
20:52:23.0023 3536 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
20:52:23.0025 3536 LanmanServer - ok
20:52:23.0057 3536 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:52:23.0058 3536 LanmanWorkstation - ok
20:52:23.0086 3536 [ AC2E68E3421AF857B8D438414E7AE31C ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
20:52:23.0087 3536 LightScribeService - ok
20:52:23.0101 3536 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
20:52:23.0102 3536 lltdio - ok
20:52:23.0123 3536 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
20:52:23.0125 3536 lltdsvc - ok
20:52:23.0127 3536 lmab_device - ok
20:52:23.0143 3536 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
20:52:23.0144 3536 lmhosts - ok
20:52:23.0181 3536 [ A1C148801B4AF64847AEB9F3AD9594EF ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
20:52:23.0183 3536 LMS - ok
20:52:23.0194 3536 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
20:52:23.0195 3536 LSI_FC - ok
20:52:23.0209 3536 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
20:52:23.0210 3536 LSI_SAS - ok
20:52:23.0220 3536 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:52:23.0221 3536 LSI_SAS2 - ok
20:52:23.0228 3536 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:52:23.0228 3536 LSI_SCSI - ok
20:52:23.0244 3536 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
20:52:23.0245 3536 luafv - ok
20:52:23.0271 3536 [ DC8490812A3B72811AE534F423B4C206 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
20:52:23.0271 3536 MBAMProtector - ok
20:52:23.0314 3536 [ 43683E970F008C93C9429EF428147A54 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
20:52:23.0316 3536 MBAMService - ok
20:52:23.0334 3536 [ 79D51E7F5926E8CE1B3EBECEBAE28CFF ] mcdbus C:\Windows\system32\DRIVERS\mcdbus.sys
20:52:23.0336 3536 mcdbus - ok
20:52:23.0359 3536 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
20:52:23.0360 3536 Mcx2Svc - ok
20:52:23.0408 3536 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
20:52:23.0410 3536 MDM - ok
20:52:23.0421 3536 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
20:52:23.0422 3536 megasas - ok
20:52:23.0437 3536 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
20:52:23.0438 3536 MegaSR - ok
20:52:23.0449 3536 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
20:52:23.0450 3536 MMCSS - ok
20:52:23.0459 3536 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
20:52:23.0459 3536 Modem - ok
20:52:23.0489 3536 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
20:52:23.0489 3536 monitor - ok
20:52:23.0517 3536 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
20:52:23.0518 3536 mouclass - ok
20:52:23.0528 3536 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
20:52:23.0528 3536 mouhid - ok
20:52:23.0556 3536 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
20:52:23.0556 3536 mountmgr - ok
20:52:23.0606 3536 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:52:23.0606 3536 MozillaMaintenance - ok
20:52:23.0637 3536 [ 94C66EDEDCDB6A126880472F9A704D8E ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
20:52:23.0638 3536 MpFilter - ok
20:52:23.0656 3536 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
20:52:23.0657 3536 mpio - ok
20:52:23.0674 3536 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
20:52:23.0674 3536 mpsdrv - ok
20:52:23.0707 3536 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
20:52:23.0711 3536 MpsSvc - ok
20:52:23.0738 3536 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
20:52:23.0739 3536 MRxDAV - ok
20:52:23.0770 3536 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
20:52:23.0771 3536 mrxsmb - ok
20:52:23.0803 3536 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:52:23.0804 3536 mrxsmb10 - ok
20:52:23.0816 3536 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:52:23.0816 3536 mrxsmb20 - ok
20:52:23.0830 3536 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
20:52:23.0830 3536 msahci - ok
20:52:23.0842 3536 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
20:52:23.0842 3536 msdsm - ok
20:52:23.0857 3536 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
20:52:23.0858 3536 MSDTC - ok
20:52:23.0867 3536 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
20:52:23.0868 3536 Msfs - ok
20:52:23.0872 3536 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
20:52:23.0873 3536 mshidkmdf - ok
20:52:23.0879 3536 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
20:52:23.0879 3536 msisadrv - ok
20:52:23.0909 3536 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
20:52:23.0910 3536 MSiSCSI - ok
20:52:23.0912 3536 msiserver - ok
20:52:23.0922 3536 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
20:52:23.0922 3536 MSKSSRV - ok
20:52:23.0944 3536 [ 59FAAF2C83C8169EA20F9E335E418907 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
20:52:23.0944 3536 MsMpSvc - ok
20:52:23.0951 3536 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
20:52:23.0951 3536 MSPCLOCK - ok
20:52:23.0957 3536 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
20:52:23.0957 3536 MSPQM - ok
20:52:23.0988 3536 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
20:52:23.0990 3536 MsRPC - ok
20:52:23.0997 3536 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
20:52:23.0997 3536 mssmbios - ok
20:52:24.0010 3536 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
20:52:24.0010 3536 MSTEE - ok
20:52:24.0021 3536 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
20:52:24.0022 3536 MTConfig - ok
20:52:24.0031 3536 [ 19B006B181E3875FD254F7B67ACF1E7C ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
20:52:24.0031 3536 MTsensor - ok
20:52:24.0039 3536 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
20:52:24.0040 3536 Mup - ok
20:52:24.0071 3536 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
20:52:24.0074 3536 napagent - ok
20:52:24.0088 3536 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
20:52:24.0090 3536 NativeWifiP - ok
20:52:24.0108 3536 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
20:52:24.0112 3536 NDIS - ok
20:52:24.0120 3536 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
20:52:24.0121 3536 NdisCap - ok
20:52:24.0136 3536 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
20:52:24.0137 3536 NdisTapi - ok
20:52:24.0163 3536 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
20:52:24.0163 3536 Ndisuio - ok
20:52:24.0173 3536 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
20:52:24.0174 3536 NdisWan - ok
20:52:24.0204 3536 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
20:52:24.0204 3536 NDProxy - ok
20:52:24.0249 3536 [ 0FF3C6AA3E0FE0EB316DF5449B569463 ] Nero BackItUp Scheduler 4.0 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
20:52:24.0253 3536 Nero BackItUp Scheduler 4.0 - ok
20:52:24.0272 3536 [ DC6530A291D4BDF6DF399F1F128E7F8F ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
20:52:24.0273 3536 Net Driver HPZ12 - ok
20:52:24.0285 3536 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
20:52:24.0285 3536 NetBIOS - ok
20:52:24.0301 3536 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
20:52:24.0302 3536 NetBT - ok
20:52:24.0312 3536 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
20:52:24.0313 3536 Netlogon - ok
20:52:24.0333 3536 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
20:52:24.0334 3536 Netman - ok
20:52:24.0348 3536 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
20:52:24.0351 3536 netprofm - ok
20:52:24.0374 3536 [ B72BB9496A126FCFC7FC5945DED9B411 ] netr28x C:\Windows\system32\DRIVERS\netr28x.sys
20:52:24.0377 3536 netr28x - ok
20:52:24.0396 3536 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:52:24.0397 3536 NetTcpPortSharing - ok
20:52:24.0409 3536 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
20:52:24.0409 3536 nfrd960 - ok
20:52:24.0442 3536 [ 91B4E0273D2F6C24EF845F2B41311289 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
20:52:24.0443 3536 NisDrv - ok
20:52:24.0469 3536 [ 10A43829A9E606AF3EEF25A1C1665923 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
20:52:24.0472 3536 NisSrv - ok
20:52:24.0483 3536 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
20:52:24.0484 3536 NlaSvc - ok
20:52:24.0498 3536 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
20:52:24.0499 3536 Npfs - ok
20:52:24.0506 3536 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
20:52:24.0506 3536 nsi - ok
20:52:24.0511 3536 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
20:52:24.0511 3536 nsiproxy - ok
20:52:24.0564 3536 [ 05D78AA5CB5F3F5C31160BDB955D0B7C ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
20:52:24.0570 3536 Ntfs - ok
20:52:24.0587 3536 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
20:52:24.0591 3536 Null - ok
20:52:24.0625 3536 [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48 ] nvraid C:\Windows\system32\drivers\nvraid.sys
20:52:24.0626 3536 nvraid - ok
20:52:24.0642 3536 [ F7CD50FE7139F07E77DA8AC8033D1832 ] nvstor C:\Windows\system32\drivers\nvstor.sys
20:52:24.0643 3536 nvstor - ok
20:52:24.0656 3536 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
20:52:24.0657 3536 nv_agp - ok
20:52:24.0673 3536 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
20:52:24.0673 3536 ohci1394 - ok
20:52:24.0708 3536 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:52:24.0709 3536 ose - ok
20:52:24.0721 3536 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
20:52:24.0723 3536 p2pimsvc - ok
20:52:24.0739 3536 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
20:52:24.0741 3536 p2psvc - ok
20:52:24.0759 3536 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
20:52:24.0759 3536 Parport - ok
20:52:24.0787 3536 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
20:52:24.0787 3536 partmgr - ok
20:52:24.0797 3536 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
20:52:24.0798 3536 PcaSvc - ok
20:52:24.0811 3536 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
20:52:24.0811 3536 pci - ok
20:52:24.0818 3536 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
20:52:24.0819 3536 pciide - ok
20:52:24.0834 3536 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
20:52:24.0835 3536 pcmcia - ok
20:52:24.0844 3536 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
20:52:24.0844 3536 pcw - ok
20:52:24.0863 3536 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
20:52:24.0866 3536 PEAUTH - ok
20:52:24.0910 3536 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
20:52:24.0911 3536 PerfHost - ok
20:52:24.0959 3536 [ 8BA0E6570112C4F27571A3C21B3A02A6 ] PGMTrusted C:\Program Files (x86)\Pogo Games\PGMTrusted.exe
20:52:24.0961 3536 PGMTrusted - ok
20:52:25.0005 3536 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
20:52:25.0011 3536 pla - ok
20:52:25.0044 3536 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
20:52:25.0047 3536 PlugPlay - ok
20:52:25.0061 3536 [ 71F62C51DFDFBC04C83C5C64B2B8058E ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
20:52:25.0062 3536 Pml Driver HPZ12 - ok
20:52:25.0070 3536 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
20:52:25.0071 3536 PNRPAutoReg - ok
20:52:25.0079 3536 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
20:52:25.0081 3536 PNRPsvc - ok
20:52:25.0100 3536 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
20:52:25.0102 3536 PolicyAgent - ok
20:52:25.0123 3536 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
20:52:25.0125 3536 Power - ok
20:52:25.0132 3536 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
20:52:25.0132 3536 PptpMiniport - ok
20:52:25.0143 3536 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
20:52:25.0143 3536 Processor - ok
20:52:25.0157 3536 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc C:\Windows\system32\profsvc.dll
20:52:25.0158 3536 ProfSvc - ok
20:52:25.0170 3536 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:52:25.0171 3536 ProtectedStorage - ok
20:52:25.0200 3536 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
20:52:25.0201 3536 Psched - ok
20:52:25.0221 3536 [ 901DBA98359966A62A6548596988E931 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
20:52:25.0222 3536 PxHlpa64 - ok
20:52:25.0269 3536 [ 56A6210ACA051227EAFEEFA628BB5A9B ] QBCFMonitorService C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
20:52:25.0270 3536 QBCFMonitorService - ok
20:52:25.0301 3536 [ 6BEE1814470DC12FA20C53DFC3C97EBB ] QBFCService C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
20:52:25.0302 3536 QBFCService - ok
20:52:25.0359 3536 [ D4FF4102640685C69BDC63F1674CE724 ] QBVSS C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
20:52:25.0364 3536 QBVSS - ok
20:52:25.0398 3536 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
20:52:25.0404 3536 ql2300 - ok
20:52:25.0426 3536 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
20:52:25.0426 3536 ql40xx - ok
20:52:25.0440 3536 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
20:52:25.0441 3536 QWAVE - ok
20:52:25.0450 3536 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
20:52:25.0451 3536 QWAVEdrv - ok
20:52:25.0462 3536 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
20:52:25.0463 3536 RasAcd - ok
20:52:25.0480 3536 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
20:52:25.0480 3536 RasAgileVpn - ok
20:52:25.0490 3536 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
20:52:25.0491 3536 RasAuto - ok
20:52:25.0499 3536 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
20:52:25.0500 3536 Rasl2tp - ok
20:52:25.0510 3536 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
20:52:25.0512 3536 RasMan - ok
20:52:25.0522 3536 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
20:52:25.0522 3536 RasPppoe - ok
20:52:25.0531 3536 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
20:52:25.0532 3536 RasSstp - ok
20:52:25.0560 3536 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
20:52:25.0561 3536 rdbss - ok
20:52:25.0569 3536 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
20:52:25.0569 3536 rdpbus - ok
20:52:25.0578 3536 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
20:52:25.0578 3536 RDPCDD - ok
20:52:25.0587 3536 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
20:52:25.0587 3536 RDPENCDD - ok
20:52:25.0596 3536 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
20:52:25.0596 3536 RDPREFMP - ok
20:52:25.0630 3536 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
20:52:25.0631 3536 RDPWD - ok
20:52:25.0661 3536 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
20:52:25.0662 3536 rdyboost - ok
20:52:25.0676 3536 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
20:52:25.0677 3536 RemoteAccess - ok
20:52:25.0690 3536 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
20:52:25.0691 3536 RemoteRegistry - ok
20:52:25.0695 3536 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
20:52:25.0696 3536 RpcEptMapper - ok
20:52:25.0708 3536 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
20:52:25.0708 3536 RpcLocator - ok
20:52:25.0745 3536 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
20:52:25.0748 3536 RpcSs - ok
20:52:25.0757 3536 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
20:52:25.0758 3536 rspndr - ok
20:52:25.0790 3536 [ 4FE1CEF69D36E913738234303986FBB3 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
20:52:25.0791 3536 RTL8167 - ok
20:52:25.0803 3536 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
20:52:25.0803 3536 SamSs - ok
20:52:25.0828 3536 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
20:52:25.0829 3536 sbp2port - ok
20:52:25.0841 3536 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
20:52:25.0843 3536 SCardSvr - ok
20:52:25.0873 3536 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
20:52:25.0874 3536 scfilter - ok
20:52:25.0914 3536 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
20:52:25.0919 3536 Schedule - ok
20:52:25.0929 3536 [ 6011CDF54BB6F4C69F38FACCDAD73D7E ] SCMNdisP C:\Windows\system32\DRIVERS\scmndisp.sys
20:52:25.0930 3536 SCMNdisP - ok
20:52:25.0957 3536 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
20:52:25.0958 3536 SCPolicySvc - ok
20:52:25.0966 3536 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
20:52:25.0968 3536 SDRSVC - ok
20:52:25.0978 3536 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
20:52:25.0978 3536 secdrv - ok
20:52:26.0010 3536 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
20:52:26.0011 3536 seclogon - ok
20:52:26.0037 3536 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
20:52:26.0038 3536 SENS - ok
20:52:26.0046 3536 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
20:52:26.0047 3536 SensrSvc - ok
20:52:26.0060 3536 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
20:52:26.0061 3536 Serenum - ok
20:52:26.0071 3536 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
20:52:26.0072 3536 Serial - ok
20:52:26.0083 3536 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
20:52:26.0083 3536 sermouse - ok
20:52:26.0116 3536 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
20:52:26.0117 3536 SessionEnv - ok
20:52:26.0125 3536 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
20:52:26.0125 3536 sffdisk - ok
20:52:26.0136 3536 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
20:52:26.0136 3536 sffp_mmc - ok
20:52:26.0140 3536 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
20:52:26.0140 3536 sffp_sd - ok
20:52:26.0152 3536 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
20:52:26.0152 3536 sfloppy - ok
20:52:26.0171 3536 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
20:52:26.0173 3536 SharedAccess - ok
20:52:26.0187 3536 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:52:26.0190 3536 ShellHWDetection - ok
20:52:26.0204 3536 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:52:26.0205 3536 SiSRaid2 - ok
20:52:26.0217 3536 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
20:52:26.0218 3536 SiSRaid4 - ok
20:52:26.0309 3536 [ 753D254205E0A62100A050BD8B458D06 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
20:52:26.0320 3536 Skype C2C Service - ok
20:52:26.0399 3536 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
20:52:26.0399 3536 SkypeUpdate - ok
20:52:26.0416 3536 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
20:52:26.0416 3536 Smb - ok
20:52:26.0429 3536 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
20:52:26.0430 3536 SNMPTRAP - ok
20:52:26.0436 3536 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
20:52:26.0437 3536 spldr - ok
20:52:26.0451 3536 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
20:52:26.0454 3536 Spooler - ok
20:52:26.0520 3536 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
20:52:26.0533 3536 sppsvc - ok
20:52:26.0545 3536 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
20:52:26.0546 3536 sppuinotify - ok
20:52:26.0572 3536 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
20:52:26.0573 3536 srv - ok
20:52:26.0592 3536 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
20:52:26.0593 3536 srv2 - ok
20:52:26.0605 3536 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
20:52:26.0606 3536 srvnet - ok
20:52:26.0614 3536 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
20:52:26.0615 3536 SSDPSRV - ok
20:52:26.0623 3536 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
20:52:26.0624 3536 SstpSvc - ok
20:52:26.0635 3536 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
20:52:26.0635 3536 stexstor - ok
20:52:26.0654 3536 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
20:52:26.0657 3536 stisvc - ok
20:52:26.0686 3536 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
20:52:26.0687 3536 swenum - ok
20:52:26.0705 3536 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
20:52:26.0708 3536 swprv - ok
20:52:26.0755 3536 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
20:52:26.0762 3536 SysMain - ok
20:52:26.0791 3536 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:52:26.0793 3536 TabletInputService - ok
20:52:26.0803 3536 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
20:52:26.0805 3536 TapiSrv - ok
20:52:26.0818 3536 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
20:52:26.0820 3536 TBS - ok
20:52:26.0874 3536 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
20:52:26.0881 3536 Tcpip - ok
20:52:26.0908 3536 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
20:52:26.0915 3536 TCPIP6 - ok
20:52:26.0948 3536 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
20:52:26.0948 3536 tcpipreg - ok
20:52:26.0962 3536 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
20:52:26.0963 3536 TDPIPE - ok
20:52:26.0987 3536 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
20:52:26.0988 3536 TDTCP - ok
20:52:27.0011 3536 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
20:52:27.0012 3536 tdx - ok
20:52:27.0020 3536 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
20:52:27.0021 3536 TermDD - ok
20:52:27.0052 3536 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
20:52:27.0056 3536 TermService - ok
20:52:27.0058 3536 TfFsMon - ok
20:52:27.0061 3536 TfNetMon - ok
20:52:27.0063 3536 TfSysMon - ok
20:52:27.0072 3536 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
20:52:27.0073 3536 Themes - ok
20:52:27.0095 3536 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
20:52:27.0096 3536 THREADORDER - ok
20:52:27.0106 3536 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
20:52:27.0107 3536 TrkWks - ok
20:52:27.0137 3536 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:52:27.0138 3536 TrustedInstaller - ok
20:52:27.0163 3536 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
20:52:27.0164 3536 tssecsrv - ok
20:52:27.0190 3536 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
20:52:27.0191 3536 TsUsbFlt - ok
20:52:27.0205 3536 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
20:52:27.0205 3536 tunnel - ok
20:52:27.0219 3536 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
20:52:27.0220 3536 uagp35 - ok
20:52:27.0238 3536 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
20:52:27.0239 3536 udfs - ok
20:52:27.0258 3536 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
20:52:27.0259 3536 UI0Detect - ok
20:52:27.0270 3536 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
20:52:27.0271 3536 uliagpkx - ok
20:52:27.0281 3536 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
20:52:27.0282 3536 umbus - ok
20:52:27.0296 3536 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
20:52:27.0297 3536 UmPass - ok
20:52:27.0357 3536 [ 41118D920B2B268C0ADC36421248CDCF ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
20:52:27.0366 3536 UNS - ok
20:52:27.0377 3536 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
20:52:27.0379 3536 upnphost - ok
20:52:27.0404 3536 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
20:52:27.0404 3536 USBAAPL64 - ok
20:52:27.0418 3536 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
20:52:27.0419 3536 usbaudio - ok
20:52:27.0426 3536 [ 481DFF26B4DCA8F4CBAC1F7DCE1D6829 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
20:52:27.0426 3536 usbccgp - ok
20:52:27.0440 3536 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
20:52:27.0441 3536 usbcir - ok
20:52:27.0457 3536 [ 74EE782B1D9C241EFE425565854C661C ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
20:52:27.0458 3536 usbehci - ok
20:52:27.0472 3536 [ DC96BD9CCB8403251BCF25047573558E ] usbhub C:\Windows\system32\drivers\usbhub.sys
20:52:27.0473 3536 usbhub - ok
20:52:27.0484 3536 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
20:52:27.0484 3536 usbohci - ok
20:52:27.0497 3536 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
20:52:27.0497 3536 usbprint - ok
20:52:27.0511 3536 [ D76510CFA0FC09023077F22C2F979D86 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:52:27.0511 3536 USBSTOR - ok
20:52:27.0523 3536 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
20:52:27.0523 3536 usbuhci - ok
20:52:27.0538 3536 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
20:52:27.0539 3536 usbvideo - ok
20:52:27.0550 3536 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
20:52:27.0551 3536 UxSms - ok
20:52:27.0559 3536 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
20:52:27.0560 3536 VaultSvc - ok
20:52:27.0572 3536 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
20:52:27.0572 3536 vdrvroot - ok
20:52:27.0610 3536 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
20:52:27.0613 3536 vds - ok
20:52:27.0618 3536 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
20:52:27.0618 3536 vga - ok
20:52:27.0628 3536 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
20:52:27.0629 3536 VgaSave - ok
20:52:27.0641 3536 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
20:52:27.0642 3536 vhdmp - ok
20:52:27.0660 3536 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
20:52:27.0661 3536 viaide - ok
20:52:27.0669 3536 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
20:52:27.0670 3536 volmgr - ok
20:52:27.0702 3536 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
20:52:27.0703 3536 volmgrx - ok
20:52:27.0711 3536 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
20:52:27.0713 3536 volsnap - ok
20:52:27.0728 3536 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
20:52:27.0729 3536 vsmraid - ok
20:52:27.0774 3536 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
20:52:27.0780 3536 VSS - ok
20:52:27.0828 3536 [ EF51747440486C23BD466311048BD924 ] vToolbarUpdater12.2.0 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe
20:52:27.0832 3536 vToolbarUpdater12.2.0 - ok
20:52:27.0841 3536 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
20:52:27.0841 3536 vwifibus - ok
20:52:27.0847 3536 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
20:52:27.0847 3536 vwififlt - ok
20:52:27.0852 3536 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
20:52:27.0852 3536 vwifimp - ok
20:52:27.0865 3536 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
20:52:27.0867 3536 W32Time - ok
20:52:27.0897 3536 [ 37E4600E2CDAD3C1A3613A25B97D457C ] wacmoumonitor C:\Windows\system32\DRIVERS\wacmoumonitor.sys
20:52:27.0897 3536 wacmoumonitor - ok
20:52:27.0902 3536 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
20:52:27.0902 3536 WacomPen - ok
20:52:27.0913 3536 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
20:52:27.0914 3536 WANARP - ok
20:52:27.0917 3536 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
20:52:27.0918 3536 Wanarpv6 - ok
20:52:27.0957 3536 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
20:52:27.0962 3536 WatAdminSvc - ok
20:52:27.0990 3536 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
20:52:27.0997 3536 wbengine - ok
20:52:28.0010 3536 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
20:52:28.0012 3536 WbioSrvc - ok
20:52:28.0039 3536 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
20:52:28.0042 3536 wcncsvc - ok
20:52:28.0051 3536 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:52:28.0052 3536 WcsPlugInService - ok
20:52:28.0062 3536 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
20:52:28.0063 3536 Wd - ok
20:52:28.0087 3536 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
20:52:28.0090 3536 Wdf01000 - ok
20:52:28.0098 3536 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
20:52:28.0099 3536 WdiServiceHost - ok
20:52:28.0102 3536 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
20:52:28.0104 3536 WdiSystemHost - ok
20:52:28.0136 3536 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
20:52:28.0138 3536 WebClient - ok
20:52:28.0146 3536 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
20:52:28.0148 3536 Wecsvc - ok
20:52:28.0161 3536 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
20:52:28.0163 3536 wercplsupport - ok
20:52:28.0171 3536 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
20:52:28.0172 3536 WerSvc - ok
20:52:28.0180 3536 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
20:52:28.0181 3536 WfpLwf - ok
20:52:28.0189 3536 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
20:52:28.0189 3536 WIMMount - ok
20:52:28.0213 3536 WinDefend - ok
20:52:28.0216 3536 WinHttpAutoProxySvc - ok
20:52:28.0258 3536 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
20:52:28.0259 3536 Winmgmt - ok
20:52:28.0296 3536 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
20:52:28.0305 3536 WinRM - ok
20:52:28.0334 3536 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
20:52:28.0334 3536 WinUsb - ok
20:52:28.0355 3536 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
20:52:28.0360 3536 Wlansvc - ok
20:52:28.0446 3536 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:52:28.0454 3536 wlidsvc - ok
20:52:28.0470 3536 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
20:52:28.0470 3536 WmiAcpi - ok
20:52:28.0488 3536 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
20:52:28.0489 3536 wmiApSrv - ok
20:52:28.0496 3536 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
20:52:28.0497 3536 WPCSvc - ok
20:52:28.0521 3536 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
20:52:28.0523 3536 WPDBusEnum - ok
20:52:28.0530 3536 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
20:52:28.0530 3536 ws2ifsl - ok
20:52:28.0560 3536 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
20:52:28.0562 3536 wscsvc - ok
20:52:28.0564 3536 WSearch - ok
20:52:28.0601 3536 [ 2A7DB6A6F2C2E7CB40311D5B9340060D ] WSWNDA3100 C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
20:52:28.0603 3536 WSWNDA3100 - ok
20:52:28.0659 3536 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
20:52:28.0669 3536 wuauserv - ok
20:52:28.0700 3536 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
20:52:28.0701 3536 WudfPf - ok
20:52:28.0715 3536 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
20:52:28.0716 3536 WUDFRd - ok
20:52:28.0742 3536 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
20:52:28.0743 3536 wudfsvc - ok
20:52:28.0758 3536 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
20:52:28.0760 3536 WwanSvc - ok
20:52:28.0790 3536 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
20:52:28.0792 3536 YahooAUService - ok
20:52:28.0800 3536 ================ Scan global ===============================
20:52:28.0810 3536 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
20:52:28.0842 3536 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
20:52:28.0847 3536 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
20:52:28.0855 3536 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
20:52:28.0889 3536 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
20:52:28.0891 3536 [Global] - ok
20:52:28.0892 3536 ================ Scan MBR ==================================
20:52:28.0900 3536 [ 4976D4A7A40B83FC7F06EE4BDD84EB9B ] \Device\Harddisk0\DR0
20:52:29.0052 3536 \Device\Harddisk0\DR0 - ok
20:52:29.0052 3536 ================ Scan VBR ==================================
20:52:29.0054 3536 [ 063C6D6B42897DD6E286B6EB2F53DE3D ] \Device\Harddisk0\DR0\Partition1
20:52:29.0055 3536 \Device\Harddisk0\DR0\Partition1 - ok
20:52:29.0056 3536 ============================================================
20:52:29.0056 3536 Scan finished
20:52:29.0056 3536 ============================================================
20:52:29.0061 4224 Detected object count: 0
20:52:29.0061 4224 Actual detected object count: 0

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:37 AM

Posted 01 September 2012 - 08:22 PM

did you run the aswMBR report?


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 ImmaNoob

ImmaNoob
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Philly
  • Local time:03:37 AM

Posted 01 September 2012 - 10:10 PM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-01 21:30:46
-----------------------------
21:30:46.455 OS Version: Windows x64 6.1.7601 Service Pack 1
21:30:46.455 Number of processors: 4 586 0x2502
21:30:46.455 ComputerName: DAVINCIHD UserName:
21:30:47.743 Initialize success
21:30:51.973 AVAST engine defs: 12090101
21:31:42.464 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
21:31:42.465 Disk 0 Vendor: ST31000528AS CC44 Size: 953869MB BusType: 3
21:31:42.607 Disk 0 MBR read successfully
21:31:42.608 Disk 0 MBR scan
21:31:42.610 Disk 0 unknown MBR code
21:31:42.636 Disk 0 Partition 1 00 1B Hidd FAT32 NTFS 10244 MB offset 63
21:31:42.640 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 943622 MB offset 20980890
21:31:42.658 Disk 0 scanning C:\Windows\system32\drivers
21:32:06.907 Service scanning
21:32:21.973 Modules scanning
21:32:21.977 Disk 0 trace - called modules:
21:32:22.019 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
21:32:22.022 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007d3c060]
21:32:22.024 3 CLASSPNP.SYS[fffff880019ce43f] -> nt!IofCallDriver -> [0xfffffa8007ab0580]
21:32:22.026 5 ACPI.sys[fffff88000fb17a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8007ab2060]
21:32:24.803 AVAST engine scan C:\Windows
21:32:34.704 AVAST engine scan C:\Windows\system32
21:34:40.980 AVAST engine scan C:\Windows\system32\drivers
21:34:51.669 AVAST engine scan C:\Users\Nikita BigBank
21:49:19.008 AVAST engine scan C:\ProgramData
21:50:25.869 Scan finished successfully
23:09:11.497 Disk 0 MBR has been saved successfully to "C:\Users\Nikita BigBank\Desktop\MBR.dat"
23:09:11.500 The log file has been saved successfully to "C:\Users\Nikita BigBank\Desktop\aswMBR.txt"

#9 ImmaNoob

ImmaNoob
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Philly
  • Local time:03:37 AM

Posted 01 September 2012 - 10:12 PM

so far everything seems fine right now on my computer, my errors have been resolved I think .... lol. Unless you see something else that should get done.

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:37 AM

Posted 01 September 2012 - 10:25 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 ImmaNoob

ImmaNoob
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Philly
  • Local time:03:37 AM

Posted 02 September 2012 - 06:30 AM

ComboFix 12-08-31.08 - Nikita BigBank 09/02/2012 7:00.8.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8079.5647 [GMT -4:00]
Running from: c:\users\Nikita BigBank\Downloads\ComboFix.exe
Command switches used :: c:\users\Nikita BigBank\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-08-02 to 2012-09-02 )))))))))))))))))))))))))))))))
.
.
2012-09-02 11:06 . 2012-09-02 11:06 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B588C1E6-9B43-4F9C-AAB4-6857824A4BCC}\offreg.dll
2012-09-02 11:05 . 2012-09-02 11:05 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-09-02 11:05 . 2012-09-02 11:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-02 03:13 . 2012-08-28 05:49 9310152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B588C1E6-9B43-4F9C-AAB4-6857824A4BCC}\mpengine.dll
2012-08-30 01:23 . 2012-08-30 01:23 -------- d-----w- c:\users\Nikita BigBank\AppData\Roaming\Malwarebytes
2012-08-30 01:22 . 2012-08-30 01:22 -------- d-----w- c:\programdata\Malwarebytes
2012-08-30 01:22 . 2012-07-03 17:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-30 01:22 . 2012-08-30 01:22 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-21 00:34 . 2012-08-21 00:34 -------- d-----w- c:\program files (x86)\Palringo
2012-08-21 00:19 . 2012-08-21 00:19 -------- d-----w- c:\users\Nikita BigBank\AppData\Local\AVG Secure Search
2012-08-21 00:19 . 2012-08-21 00:19 -------- d-----w- c:\programdata\AVG Secure Search
2012-08-21 00:19 . 2012-08-21 00:19 31080 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2012-08-21 00:19 . 2012-08-21 00:19 -------- d-----w- c:\program files (x86)\AVG Secure Search
2012-08-21 00:19 . 2012-08-21 00:19 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2012-08-21 00:18 . 2012-08-21 00:18 -------- d-----w- c:\program files (x86)\GhostMouse
2012-08-20 23:56 . 2012-08-20 23:56 -------- d-----w- c:\users\Nikita BigBank\AppData\Roaming\UltraVNC
2012-08-20 23:53 . 2012-08-20 23:53 -------- d-----w- c:\program files (x86)\UltraVNC
2012-08-20 14:04 . 2012-08-20 14:04 328704 ----a-w- c:\windows\system32\services.exe.00110B61336A4A19
2012-08-20 14:00 . 2012-08-20 14:00 328704 ----a-w- c:\windows\system32\services.exe.D8354CD7699DF831
2012-08-20 13:56 . 2012-08-20 13:56 328704 ----a-w- c:\windows\system32\services.exe.30519D3DB8EC54CF
2012-08-20 13:52 . 2012-08-20 13:52 328704 ----a-w- c:\windows\system32\services.exe.58A1A367C8252BED
2012-08-20 13:48 . 2012-08-20 13:48 328704 ----a-w- c:\windows\system32\services.exe.EE37D0BFBA8E685D
2012-08-20 13:44 . 2012-02-09 18:17 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1E986BA6-FD74-421D-B37E-9DFD8BC938F2}\gapaengine.dll
2012-08-20 13:44 . 2012-07-16 06:40 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-08-20 13:43 . 2012-08-20 13:43 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-08-20 13:43 . 2012-08-20 13:43 -------- d-----w- c:\program files\Microsoft Security Client
2012-08-17 16:48 . 2012-08-17 16:48 -------- d-----r- c:\program files (x86)\Skype
2012-08-17 16:48 . 2012-08-17 16:48 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-08-13 17:35 . 2012-08-13 17:35 5115584 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2012-08-11 22:45 . 2012-08-11 22:45 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-08-11 13:21 . 2012-08-12 11:51 -------- d-----w- c:\program files (x86)\Common Files\Steam
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-20 14:07 . 2009-07-13 23:19 328704 ----a-w- c:\windows\system32\services.exe
2012-08-15 05:18 . 2012-04-03 17:07 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-15 05:18 . 2011-06-16 16:13 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-11 07:02 . 2010-11-05 07:44 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-25 20:04 . 2012-06-25 20:04 1394248 ----a-w- c:\windows\SysWow64\msxml4.dll
2012-06-12 03:08 . 2012-07-11 07:05 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-06-09 05:43 . 2012-07-11 00:13 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-06 06:06 . 2012-07-11 00:14 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-11 00:14 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-11 00:13 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-11 00:14 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-11 00:14 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-11 00:13 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2012-08-30_23.17.28 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-05 18:23 . 2012-09-02 11:07 63834 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-09-02 11:07 37370 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-11-04 11:38 . 2012-09-02 11:07 16202 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-321980617-990551525-4145136555-1000_UserData.bin
+ 2012-09-02 11:06 . 2012-09-02 11:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-08-30 19:48 . 2012-08-30 19:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-08-30 19:48 . 2012-08-30 19:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-09-02 11:06 . 2012-09-02 11:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:36 . 2012-09-02 00:47 617222 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-08-30 19:52 617222 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-09-02 00:47 104496 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-08-30 19:52 104496 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-08-30 19:47 867466 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-09-02 11:05 867466 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-11-04 12:01 . 2012-09-02 00:08 3898224 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2010-11-04 12:01 . 2012-08-30 02:01 3898224 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-06-16 16:12 . 2012-09-02 11:05 5658930 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-321980617-990551525-4145136555-1000-12288.dat
- 2011-06-16 16:12 . 2012-08-30 19:47 5658930 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-321980617-990551525-4145136555-1000-12288.dat
+ 2011-04-03 22:49 . 2012-09-02 11:05 34441048 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-321980617-990551525-4145136555-1000-8192.dat
- 2012-04-03 17:04 . 2012-08-30 02:01 14441020 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-321980617-990551525-4145136555-1000-4096.dat
+ 2012-04-03 17:04 . 2012-09-02 11:05 14441020 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-321980617-990551525-4145136555-1000-4096.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}"= "c:\program files (x86)\Swag_Bucks\prxtbSwa0.dll" [2011-05-09 176936]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll" [2012-03-21 1523512]
.
[HKEY_CLASSES_ROOT\clsid\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}]
2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\Swag_Bucks\prxtbSwa0.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-08-21 00:19 2045024 ----a-w- c:\program files (x86)\AVG Secure Search\12.2.0.5\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{EA582743-9076-4178-9AA6-7393FDF4D5CE}"= "c:\program files (x86)\Alexa Toolbar\AlexaToolbar.10.0.dll" [BU]
"{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}"= "c:\program files (x86)\Swag_Bucks\prxtbSwa0.dll" [2011-05-09 176936]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\12.2.0.5\AVG Secure Search_toolbar.dll" [2012-08-21 2045024]
.
[HKEY_CLASSES_ROOT\clsid\{ea582743-9076-4178-9aa6-7393fdf4d5ce}]
[HKEY_CLASSES_ROOT\TypeLib\{33D0AD98-3347-4A54-8929-5163EBEB9F72}]
.
[HKEY_CLASSES_ROOT\clsid\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdloader"="c:\users\Nikita BigBank\AppData\Roaming\mjusbsp\cdloader2.exe" [2012-02-01 50592]
"LMab1err"="c:\program files\Lexmark\ErrorApp\LMab1err.exe" [2009-10-07 582312]
"AdobeBridge"="c:\program files (x86)\Adobe\Adobe Bridge CS4\Bridge.exe" [2008-08-28 13145448]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\MESSEN~1\YahooMessenger.exe" [2012-02-23 6591800]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RunAIShell"="c:\program files (x86)\ASUS\AI Manager\AsShellApplication.exe" [2009-12-23 232064]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-08-21 1162848]
"ROC_roc_ssl_v12"="c:\program files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" [2012-08-21 1020512]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Intuit Data Protect.lnk - c:\program files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe [2010-9-17 5842776]
NETGEAR WNDA3100v2 Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe [2010-11-5 3280896]
QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2010-9-30 1156384]
QuickBooks_Standard_21.lnk - c:\program files (x86)\Intuit\QuickBooks 2011\QBW32.EXE [2010-9-30 1178400]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"LegacyDrive"= b5a8bd68999f30449d01f95569eb96b10061c99ee7e2e2bd893f4082daac16e73b186b629dba6514eaedc643a03db70abfc2c44fe6ac29f6b9204c5485438ae7279336442a7edf502f2dd2b3f092a1e08a4a02625c11347950c5aa9a9d0f7f4b4142c327f686122862356c268e85409a9968caa8aeb09f5d3377873543be8ae05f544e4560f9a0c8b0c450c8bac2426c9fe0c2a02b0b185a07d7955c2230db8cd1a725dc996acd4d45a4a481c22191cedf047b9151bc69c5fa34e8d46a4aadaca7837c1629fd484329a59ca81ca9390c7a3001e0c34914cec4223894167b7e13e95a22a3ffffafb4aafb1a756ddc3c0426c58c3a56ffbb525c403a4d472eaa94e91f93e02c235a57a9446df7770cc13841487eed9c0cf86c97f7e2ee93b8be3955d1987c599bf47a698b05ea6fb3201e888c6f98e459f2eaaaa67083e520bea1b27f88d0bed171b76412584a16fcda40fe2018c8e536ba7853b23386f897473a4a90cba3703dad8a5fcb34a443c7880b203474efb9db6b89b1e2c951f0a05c71bf48b0237958445554b1bca57b3878c568cbea294e28ef0d070a5fb94e94e2042ef30617ba408f73ffa30e3537beb6993f496abe4cf91aa9d9a7508be3ae06475995bb2fceeec60e727de96c40c09d290d79e0ddbb50f60645e7d0dec87a04b32dda74f6f31e2a8f2f958774d1fe9d7a28fcd96ba9c4e558ec19cc31f77a6092bf9ad8e0ec10be95dd5009d8ecda8551f3b17c3b0e0f8fbba35797e570a04b884b047f0ba1a10d707e208b4a3d453a1f55748010767599bcd5748961c34c554485047254609a7e0af3002e93c96588312fb552df4363ca334e6697895481005ee9c85cfa4560c997529b86212ca7d32a8486be0d2fcb620abecf8169a548cab49c1e5723467a7a58111fb94c5dfd178ae003959b4936f9c12300cee7fdcaacd9c8ccbab1802470910e26a2986ef4ba0e0d4e44e2fb75abb1572b8854fad800b1d7a89df7ecf06ecbde135947eba6b34320d20ed3ccfa5210349e0f1c8880126016053718bedd7d12a6e660b22e4e633a27f8ec483f2254a0c0443f2c7b3b2941fed0a642240e917ccd5150e2eb4aae2b278a488fad2533d9e964e5be8eb9526dddf8556724c3529185461987f8250e3493b3879f09657608728648344a2c0d05bb6ad84d1fc769e4c0ef09f9e3a9eab6a5060980c665e7330ac38f364a66bab31a64bef89e1d011e9e09b3e8ddb4bdeda706f4faaac893b20664e877a7ec4d8ed35e5a7dff2759b8e7e5fa7dde7148fd621ddcbcf33a513a25def7fbd3f5e3cce45933a82f1a43b781e6de2c91a124342cfdd2298f4ac409148fb72612d9541ffed36a0ed6977c03bfc47bb2ecd1d468c3a1ad433b576ca3896b7adcfbfd462d246a8cf6391ed725c4bba944f256148acc0975379388c13c07dfe2ac815709c1e09d4620c721555e06bdbbc25597124d4848a2f77f3e313c1d5e1bd77ceea5ce1fb38eaee956e7188c0c257c43767525c4c64f7670ec244e73ce503f8237887773d3ac6abfc3a07a0da0f20dfb25bde21a28cda53acf03c1e900fb753619ed2abae2d104dabfc7b7462bb59cc5613203355ca3cbcd02a331a69ca9e67a8ae464ab35f76a8187449245ca139ef964619e807d4890eab773cc47b38ba0b9d6f237cd4db4bf0c4ebbcacca142f54c608bc801fbd5de2a7e8846aa17b42817d2b9ac0fa84717cbb88a37f6d49e02bf3f49e97a2db5e9d3b2acabd804dafe8b28f7480ccfc4d7bce64c1aa1696a110c788b027aacb56eb9abc8434cfa05530f13cc051eb8aa4af48692d3d0cd6b815d9fcb1e9127034ad63c5bb868369e9aa3fe01da59ac6f618a08d3131d8ccbe0d83b5d88048746a567738eec72f560b0ba9e19a7ac7c9ff17d40f456619c0bd0fdefda491e24b0a5abd7c903d8ba1f409d3884bd6758ee630de312e405a2c93443d8c13d96d3300e0a004c142954811c582a1369a4f00604be213b544373dbee4151f8aef78b7207dd4d1897e44d10ffff4979f1e2b14e8a0aa08ee3fd119ae3d350de57f5aeb344257995847bbf2c306f3ee2b0440111fa284f7425e69a49cdb800bdb95d17a5bb6cea6ed8e83f57a9141cdd01898977d08596844886a0823e18d180d2ebe6d6522835135c05ee374397a123b4e8004db99a4ae6b83eeb9924b3a94c817127e9aa40200d5058fb5334c6a0d59a118bf0fa1e1e48f8513c0c96f5137ba9de39a8894cfb7a0d13f1f6b7f9d6c12b6097e0e625aac32cc7a18242ccff66debf604aabdc40628432d6106026a5e26cbee837597976965f3ce944828fff15140940827b09e2fc34a7e98018eb926cde3cf291e21bdb892411ff4a94e558fc8d13c7089f7afb7291559468a66c95881b208bc6cd03341a2b1b9151de40ac9d5dd9e23a059f95526ba3221ff193134f973995ac14442cfc254ba526260f4c97df0160e4a004c4b19073f7d1426646ae893141ec8e2e6b491fbd35e5c84a882e0e2b0c740c02546ede8808bdf384a76f6f991176cd624859c9c0772a7d7334b8cae80205f9521afba2fc6b5acddedff5586ee01e98b81a5f43b1836a8ec9995392bfebfdf4b9dbd2f9c594a2b8a779954032b1a62096ba2de3819ae9df437341682f58d043455f215d0ff7b7bdc97c51b8c4096b640c8e084e4922af70e39ab45d6a5ab8bf346b730348ceb1537a109bc5d81f38d295455c340964f1df04b865789c096dac5909065a2c37c09961045dfccf349a1452884d377b9ab0808508fd178bd43bb3f90b575d40a57676cfad8afb3ea12308cc1c889b0bb2079bda1c891994d49569d587838704a85a985084bec0217ae7621b284a36e723769d37eb3c32041e12a21aebb9bdd7ca1ecd306a7e26f4ebcefe554e5a7fa42aac1b5ca0af206290148c8b0df5225f0fb9bd1d68e937e5fefa1ea0be26948a59871d2812e1bf7aba5463cf2fd67fdd23dff2111f662f24c70d9eef5f993f808ea4916d6296b26895d1c7140f2c9e17aba392713e4cb00cd58d17943f8da588cce8bdd09253a7d1147a6f080331f89cf880c16284830300c4b2e3523666eb0ccb99bba13eeefc64a3f196ed439f23bfa729a327f3f5716775e675147edd9cbd718085cd193a7db34082ae407d619330504d2eafac659c7f2f47f7ad2814ab8600a106ae1dcc3f130511b61fc7587d329611184fb88381159e616ff2559fd8931d83b59f56ff05a4a43e14514b7dfde7db1c6eea12f5ab1cfeecd6abe662c76daa5b4014be4359951ad6f025ad9393e8996595b8e88362227a950fb242183671b20300ab74ab83f65be44f6f99694347327ea57fb0d372ef19acf38d1e3f91ec955dea032a552530519516827c7e933521996c7449accacf19df8ac0eea79f83e73ab127a3460ae54ce2b3b2d4c5da107eb67729a1432f1ea8b6799d5e45ffb1688947df1331926e51f80506fdd4067d6771e9ed0cddfacc0aa585bfb2646028c67a6a6639dc54b566477a52a78115df23e2b208e714e267381734a5288860e36822c5585d85163b763650e3bce8ef2cabfa611e4040bbc95306ab732752adf6406a82b7637496deeb452761006eb8c9b7bcb466711f18ceba017bd171d64bb029f55989d0a698168e7c2197f0e57b0d46ff1aa949ad258402ea7c90e75efacf462ff7c3e71a1225ecc22dd9fd48b822afa21b3313f012ee4668b814cf1ce6e77313984d16eff98c73cdc052106dbff87093b9078aad75fc7ab510487759979b055ad5626b326a8e68f91d98228974c25fe1819ff7c7fed589b19c226ee7e6999debe1913fabf696a16c378207f8998c9e57531a024387d603dc2404a99d0b13758f7172eabc84a44ce75197a87ae53214c0b22d385435250edad6f0e5ec102eac57d1206d8824bd1841f80d038290b48cad02c6614a1419127cea8f07df443c11c9adcb44d0f51d098ce2346f9d2350c2f085575f3f697ac6d77616f19e8bd8e454f8258619edb9af30328e820219fffd66b22dce1f3deca269a6e534572aab2cd1d6a0a88d52573ed88c9ae2e5b85c0a6595ef0f57f377d722729fb1e18c8a80fed60c1c02821bf5ab2980fa3fc7d2b92107a5c7a2c2ff6219c20b5536cb121c93dca6fc498cb22126518e4e9c393865535a443d1b5694bd8b771e93e7ffef2947b970d5f6d4e95019f1436a917b12fc2237d21dd41c719999640e9e31e301b94b981b01ed822f9215b4d13ea0ac5d7eff6ce13bafba9b627bd6071b95f98b08a96e576492f43d8cce64c2bf30937522d57a7f0759947c6e4b8889ccde089e0ce1f91ed4f1d4ad09ed4c4295aa317d68e8943abc852c669ef1f811aae2a826c516493417f184557badd5165ddc13416d379f013ae49a4802f9556ec83c091aa82cc9666846b43e4f816f093a1bd28cec97e20ba60600b1f7875f31d60abcaeee5949d83958ea59d08ba3d46f02da51daa39199f8a6ab1f2fee50f88b629c61a840a2b1d3b3b18c6ca7d55a8edca1f7f2392cac11645a5f898f5d06c2947b61d14511e99dfdd803407b677ab0f1f92c9e5771049e059b28f18981b5731f962e25f1a6add97e4055b89df547ed1b686958a4a56687e7b4f6e2f56d6025ea8d3d14d00a7e69c0a4b1124abd7f99176a7ae4cdca151e3397f4f596fa67066ba43195351a8d82e7aa507378117a1768ee1fb236e16f86b1ccd61cc934d1d1fcea019012ea7de10a836d2354b8d51541e6ae9cb7a83bc029f89af7c69799a6f1aecce5f2b5dc82eb9422490d0875830b4940bdcf95ead7cb6c000b0b5586fbeecc002eb59d5fdf790b25986e0bc90268b05dfc9fe76eeaaf642c50e3dcca9fb275284e8a7ab02dcd547df719b6c326cd176b0bc965fd1d74f8c39204c42b2cfad4b06e56ebf36f6f86ace666d376bd87b928ba94c3b35f18230f0ff8f876714bccd1196b616f664cadfda60d23b381cd34cb94c016375c82c49356ab465964a3325473b773575b6d492e061591d595d5a147e83fb7495bbb035d6be1d276d4ccdd3345c262a911177a62274ea6a54482abf86704a0e4854645f87ff896105170a0d78c4f948b06621a01d0c6e7e868509251302ba36f1fc3ed9cb7bee21f9d37199527116274a29e03f52c11b601e1a906ff5a2bfce97390fba652fbe994a5ee8f632abc432a7542c4b4eed2651b19706e991a41bf9a7840b6162133531daedd9ab4e97639df8c58996bff4cfb1c5e16234e099958bbde0497bce5114769e3426e022d6a258dbb7049c17d507423f2622c6ff6df5a39dba1fdd4bc2a1f730ee8088e78b7b388e5a87e8ed70125c2fe85f19909f52dfc81bcd6dac84375a3b9c62913083dd8066f86bc5e9ab467f741aa05dc93e9e2bbdba72b965e21f9bc82328bf83623d3088dc53550acbd8bd0e7206c542740aeea8fc529995fffbe50187a981ddae0d3b29f29cb9abe8e9a7499fd8541c01bb362a4e43d574b9284cd49c1c7d8ebd0f57db58abf730f06f22a3bcb040d8a38ec04d023373e15c1592d8dc641d2cacd303a31f9ca49abdd6db69cf899c3571946939f5595dd645db225e6066f0f0e239e2cf3fbbe14a2fadbb51fa6afeaa7d50d4f381d7f54538d2e91019a0359145c0c92affb21c40963c76f6d4054a2852654c9d90f2cc7930be6fd458533cc496ddfdf0a77196a0203516a46a951d2137a74e5a98913e35caa41e7e87ab81005a012df3b523de0f81a298de0dac36f640d2786965111eb3b2295b422e91118b5355fd3ce484f95ccccd554f6e5087d74bdc7a7003837f18d8d83712b9dd9252c82b42d856a613776a6bc3a6efe3b6729482f5c1b38469c117a533c16fe52de9394a6e3bbb8a6dd26af5843bcd37c69d52acdafde9e3e83f8bf291c5e3bf05c23971293eb3e601e29240e30d8aa0bd26bc18e290653f1f8eedec3653e621900dd7e2401acd609d104b7eccd5ffe4e4655369acccb00faac67b86fb746552145f2c491f37a8e4a5bc8542971b5428146df0f7a763d646e01a749935699dddbb1344b18a785f964ff0a02c0c472e7fb98a581d54b043b65adf27db8a0936bbb71d3d05b68ab55ea9d9ff7c50e8cb89534efa0949141aab6ada694ec6f742d59be082c69a15c720aa5dc901a7f76891bf3f1d92ef57fb63f0d95957d00faf00dac1e47ff34ae65815d65e4523825f37a02465739482eb03d4e22fe17b2b25b63f04d5d2a785a840920dae0a3893642513c2797229bd375201738f4d6a4cebf0f6a686bdfbe5c07e850e3f4d6a6c3f62cc92b8c433ede7d8f3793b4250b9c4d7ae4c7f06eb7825e897ac04249849125690b89d5ccc108b06e85042709f334642e2ec43095dd4d13b17404bd88b531a4c276e4ef00a4e3936f88e6bc9c49076e8ab3746c013667592a32581d5971708a2af5423fcff5b6dbcda8224519142e6c01888f5a43de81ec9aef4adc2963c1351dc8110b8fe2bb68a742da89071aab4b67504ce07cd1c4c61f2844faab4fac69a7c551a7a5e0fee36965381b4e56c78ce60b716dc1e18409dc30fea91969c43bf26e483e7e4972c60e5b38c561b66f8a17c7e18768389f57161498ffa02d6b75b9bb7a5ef845401cd1c5e408c4070efcd452f9153b4ac9b75c1520d1f9bdec62a695d5823c7e60f10714ee908aac08da26acce7ca34ddfab2f9679bba48be1ee0aa2068a5d76612e90bf1f65d182827c0f858591ba06bfedcaac899302be6319769394b74b4a119ebebaa08b67acde3d9bbf48bd61e1ceb1368d878dd072fa0a16ad62c8338d6038ea99eeb929d49401e03fdebf13a00d7e2e820dcd9a7da79d8db7f8ea26ab229eb92941b2679ea096f3962dd3d07f2bee7fb027c19017a92de5259d3b42b72df60ab4779cd26f4f3ac37bcc1f40c00790c9ce1fbd207281f4aa876615170f9c4645828ae862666ec95120ea9b500abfa5d7c6d8b8c3d18a65b35b1a6db3568079cf18cd6a0baa7784b5098cf78849d72fd0e00ce2fec25d4ee6ca48c22b5cb35ff7483a20eff2c81866b064fbd0744ee07aab4b4579653d54e0b5f664365b4ec328a073b37a8281b2431153ff5a951998590c01290a10f39924bc3d0e0b78f8503374e7202b96a1cbdbb6f3ff090e80dc22ecaa4e38aab69b47e02a38bcd87ae13843e4e8912a99ce19271d1024d4f043c4846e63d731f46944b6c5441b813e2b2859fd6074ec1eb0b1f7fc582f5594b3f5c63a1510f08cf62ba3a553606192514e1e0a236c44592f9cfa9e6c04a6360f19b07866fc89a3040aed141eae65bd357a0fd2f577a1c59d5eb9ac7521361ea24dd70ba52ad0ad5e652da96d6eae93a51fd5b5bd9e3d0c49842d94e93f6dc5c1b4595e29293361a563be5f170b08f53356879734e5678ccdea233a638d53a4798ec4316cc22bceaf6044e2977abd63934f24b73d9d949d2a39d9c12749d48dc2b321430dd5f8499e7751c3dafe4c6773e2cf8d30627186ed76972fe205dcc62858b7fc78ce574b36d2d289af0b7fbe9fd2e5a033f7e945cbdd6a6c96f3fd6da4dc4e9617fcbf127c80590f5c9f091f0d1f09dfce1a9cd71302fea21ee39b4fcfe87f06bd210eef8583f54f623160f4fff96dd48922e1f107651a80ee39459849f053d151166e24b70e488cdcc6ed78c63937e8c7899622594f0da74d2f7d6525af262ebe496b6931bed508fcae5bb95d66e161fff9fec6d892028b52083862a9b3687d947fa045273e344f95f843048c812cfdc0c5ffe33536794db0d7a2f1a49ea521a61cdf96215f366d4b18ac6f57f93395ec61c3cbd73babf5fc23243093cb2c5a919e92d463a34d86e2a31124848e24b0cf1b6e4114e6afd0025980b77d97faf11a2661bfe275b92b89fee39cac7908a757503a28ca5459927dae34836118f19c694daf8f49bd69797d861e738ea02f6391570818f0ff02976de388af637e79d44fee95ce2990a57ddf6b629dbe525fca0166cccb673a7d7287dae0c4640c315a41d5f107b73f94bb045a79a8a68120a328de98cc3d3036710bcc8c30c9e2995c8c023ea25edff1ed9152b58652a24add808102a153c05b92c7cb4cd114076f1f475ddfbde748f726d92d5cfd81ec3d452ab4d9d0a81b42fa3b6e6196b7453b29e25b72561e9d0f9a48817e3adf99da7969686b0d12746ed4979c14c49562accc20f62fc5f28e84afb50135c252e983024e0446c141daf4658aa1ff6c415d64ac6d4b80e077802660dfcef0302ee7d23c2cc5f5e25249c2b182223c71f6f0946376a9f7c9cf3caba980e7755acfb621ae117b721dd62aa507d926e1fe2bcb636477a5d83c8ae00a3a1300bf1ca7d2de3d08a3d468a6af36ea66dca8eba3a9fdfe72619ff62b9432fb25c774dec06b68aaa90cb37c59cbf84694df0e3dabe0760787dc11c8ceb2d2fb18673e5c472367051b7c1ed701f7651b2ccc2369e7ea1bc92a3b1f196b2981afb661cb3e00d7b0feb90a4207a08964fedbb683f447ca818b0d19f2c65b76978b94009cd7e4b0e42c9babdade0d0016b237c92496a672878f9558fdf2559605d7f21b9fcb140053c52319745bafcba6360e1d9ec44711292c2e347087d1747a4d1332f20d97982b62fbe02d6122b6a642d8cbffac759ecbb942a0c9f91995b7fed53e6b1e07351f74ea180d289ae93bf080b599d71174493db8313e20106b089957baeeaa1fb53e364714e1512a1232ba161510a600959132c0762abb6dd4190f54bbd0e41ebfe19c7a601cd2653cf733a882338fa2aabd2f4764d36a69ce677336e9c875034e7fe2471d7707eb3762e5c1ad573c5177c0e8dc6a73709b641fdd48cad9eac8df3458b7a6666faa6b8219f00d7dc93f3dd06104867053f88bff07f491447d063dd934c49e234ae06d87e4fd94dbd0c1ee1b692c4e5ebc28c208e9611940cb56a2a5dbb0373c51d37aadb38db45fb0b6eaebc2a1073a1cf428c7e58bcbe8a71ae198001424799accab195cdabc75e2c1e1bc2bce3e559243212200b5db075fb3cfa652a8c86d23038fd3fc95bede5b3acfe9c0bb78a4a8ecf33b5cbf31387d52de47550360431ac03da82ff68461a30169dbfae72f5e31474b9dfc8cc68c5266e3712b7b023e8959c41eb5b0704ecbbe952e780af198035592708ace3b7c8e850976b222f45660c0d7de18ed93202c5e7907efeb90cacd22bc11db8fed59b23a96997e72602652c920d4be60075ea465190847d9e182a5976210079250e8d65e81dbb0f29e38bbac1eee3a9575f05ee688f6de5ecc65e1c96931d61b1b61b08f002d1735ba4255446fb873b114439f01ecadd15b4b84afe1a00fad40b28778862a84953452b645951cd5ad4e66db33357c702b67dfa6b39445e6db9ee02ab20a63e36d9cd64360d055ba5fe23612a374a4a0b932a90e33b68b5e9da95c2cb22ccd34d0764313aabe2d523d5b94a0052af35f70304a6393806ef61c5fa31f88a76c239669a24dfbd6c4eb57e8608e99681ccdc27d6b71632ed9e4124b459a3f1242e9bba5be1c76bae1c38d95384c843313d8cfc92c47986c8995bc12a36a17b9c7ec01e6bdd81851a8d140df2df7e9d0d7bc903abaf389b6d1572afb59c03a2ce6fc1cff41adffba27f0970d1d85b750a630220db95f9ebe720c4bd808e53308ffab22bc9fd8b8e5a484bcfb3789b3421de6b24d2f6170c00a709f59075a7d326d9aa640e6ea842c20302be913158114469dc0135882099016e44bcf893e673f3299924f9400fa82f333acc65c9fb501e58e87ee369c9f27486a65826d9654a191ea5ac5bfd382e3e615d0fadebe6ca3a658b603eaf0636b5cdf0286610ff568cdd6c7bcb1c9496377823e5f2ea158f0221164fcb08cc1b458621675147644ece8899a7ebbbb48e7654e172109ae5787a5ae183ae7159dc443590dfb42aa6ccd281d32ca698a9cba54d6d306dd340ca17a5406dd843890dee1444c4fe094b45364915abf45c77486f3f197745d56c3201159a01ca44b076e5483c444ecb19be3e86f88e1da194b940cdf24caa76718dcba93d9043b60c7813465294954e6416703fbdd4598ef292acce7c7026ec4225e594affbba4815407185b5e61e798ee209ae703184c4e9e1816cbd2b7ca3c1b51e47cf04cbdcf9ca002d980499665c85ecf92f20b8965bd211e5a0228cd4596abbd4372d73ff0114454da1a136f363f397cd2651a204b055a4380d2f0cc469c7cab5d74da1da311f72b8872e374c2c5282d42885b6666f2eef08f7084523a371433221cc9216d40955b2ef4d0e22e7222d3eccaa2f3e21e3f8c0a125f78a17fc77b2b67bbd5b72e661864077b3824ac1de1c052fd0d1ddcc2d5bd4fad8788867dfacd26fb901e84d54cd7d6a7bd0cded97ffab2c2dfcf9d063d74af0db4aa78b4fd58104291235a9d0e408abddc86e56210c8c8029161ec067910e835be07f871113efca1060dc4ee76fa8a3221cfc0adcf98f00cfa5bec92423e5271b011c690257f549a2c370347304aaedeecd40ff724df1d86938498152453e25165f510c8381041f1cb6b2e6dcb53038cd53d6d132eacf53db3568cff138267903bf7b40d29128cae0967ecb6bd2759a29ed4a4129b32c920394417f1d7769189371c95e43a1bbb42ebe600c2bfad24321bd05026179afc47822c10ee26b749f24defdfbd83bc65a69e32f07afcc3a37b5c0cb38ad010cd0e12215589ac733d7247da9bdbc28d5b51812a310408fbd227c878649a380d33c7281da5c9524670d433e70ad119df61487c98cd83914443f11d67cbc8879634ee327e06da1a0927b8365c7a2308ea0237123fefedb740607c9e04e2d05ce533384dd74c5fc2f99f7d626a9ececa5e7c4377713778e63ad6e7f924ef5b9d796da7aac090970a4935271e0658f35d9cd7efc43fba795859aa2eebc9269954d46ccbe9ce9452983a22721e33d8b27a0acd9aa231c3bc7458b6f1efd5b1e5a300
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R2 WSWNDA3100;WSWNDA3100;c:\program files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [2009-11-04 278528]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-15 250056]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-04 136176]
R3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-19 113120]
R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28x.sys [2009-06-10 620544]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2010-01-25 18216]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-05 1255736]
R4 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
R4 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-11-06 1038088]
R4 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-04 136176]
R4 PGMTrusted;PGMTrusted;c:\program files (x86)\Pogo Games\PGMTrusted.exe [2012-01-04 519888]
R4 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-08-13 3064000]
R4 vToolbarUpdater12.2.0;vToolbarUpdater12.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe [2012-08-21 927840]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2008-02-06 54480]
S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys [2007-01-19 25312]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-08-21 31080]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 Device Handle Service;Device Handle Service;c:\windows\SysWOW64\AsHookDevice.exe [2009-12-23 203392]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 QBVSS;QBIDPService;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2010-09-17 1251840]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh664.sys [2009-11-06 838136]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2009-09-25 233984]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-01-21 413800]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-03-19 16:15 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 05:18]
.
2012-09-01 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-321980617-990551525-4145136555-1000Core.job
- c:\users\Nikita BigBank\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-03 22:23]
.
2012-09-02 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-321980617-990551525-4145136555-1000UA.job
- c:\users\Nikita BigBank\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-03 22:23]
.
2012-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-04 12:44]
.
2012-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-04 12:44]
.
2012-09-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-321980617-990551525-4145136555-1000Core.job
- c:\users\Nikita BigBank\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-16 22:26]
.
2012-09-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-321980617-990551525-4145136555-1000UA.job
- c:\users\Nikita BigBank\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-16 22:26]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-18 8067616]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.davincihd.com/
mStart Page = hxxp://www.yahoo.com/?ilc=8
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
Trusted Zone: wishuponahero.org
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.0\ViProtocol.dll
DPF: {15BE8BEE-4105-4A79-B385-25068AA967DB} - hxxp://www.iradiopop.com/IRD/pages/VBIMDPlayer.CAB
DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} - hxxp://kitchenplanner.ikea.com/US/Core/Player/2020PlayerAX_IKEA_Win32.cab
FF - ProfilePath - c:\users\Nikita BigBank\AppData\Roaming\Mozilla\Firefox\Profiles\zkp4y21p.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=mkg030&p=
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/?ilc=8
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&q=
FF - prefs.js: network.proxy.type - 4
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
.
**************************************************************************
.
Completion time: 2012-09-02 07:12:15 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-02 11:12
ComboFix2.txt 2012-09-02 00:34
ComboFix3.txt 2012-09-02 00:15
ComboFix4.txt 2012-09-01 12:23
ComboFix5.txt 2012-09-02 10:59
.
Pre-Run: 875,545,464,832 bytes free
Post-Run: 875,917,938,688 bytes free
.
- - End Of File - - FFB84E24C7928D1C22106FAFE81F62C5

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:37 AM

Posted 02 September 2012 - 06:25 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Adobe Reader 9.1
Advertising Center
Java™ 6 Update 31
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 ImmaNoob

ImmaNoob
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Philly
  • Local time:03:37 AM

Posted 02 September 2012 - 08:49 PM

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.09.02.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Nikita BigBank :: DAVINCIHD [administrator]

Protection: Enabled

9/2/2012 9:45:00 PM
mbam-log-2012-09-02 (21-45-00).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 207027
Time elapsed: 2 minute(s), 55 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKLM\SOFTWARE\Mozilla\Firefox\Extensions|2pffxtbr@CouponAlert_2p.com (PUP.MyWebSearch) -> Data: C:\Program Files (x86)\CouponAlert_2p\bar\1.bin -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#14 ImmaNoob

ImmaNoob
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Philly
  • Local time:03:37 AM

Posted 02 September 2012 - 08:52 PM

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:51:20 PM, on 9/2/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Program Files\Lexmark\ErrorApp\lmab1err.exe
C:\Program Files (x86)\Adobe\Adobe Bridge CS4\Bridge.exe
C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe
C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files (x86)\Intuit\QuickBooks 2011\QBW32.EXE
C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\mIRC\mirc.exe
C:\Users\Nikita BigBank\AppData\Roaming\mjusbsp\magicJack.exe
C:\Users\Nikita BigBank\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nikita BigBank\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nikita BigBank\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nikita BigBank\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nikita BigBank\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.davincihd.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=8
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Swag Bucks Toolbar - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwa0.dll
R3 - URLSearchHook: YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Swag Bucks - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwa0.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O3 - Toolbar: Alexa Toolbar - {EA582743-9076-4178-9AA6-7393FDF4D5CE} - C:\Program Files (x86)\Alexa Toolbar\AlexaToolbar.10.0.dll (file missing)
O3 - Toolbar: Swag Bucks Toolbar - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwa0.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [RunAIShell] C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [cdloader] "C:\Users\Nikita BigBank\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [LMab1err] C:\Program Files\Lexmark\ErrorApp\LMab1err.exe
O4 - HKCU\..\Run: [AdobeBridge] "C:\Program Files (x86)\Adobe\Adobe Bridge CS4\Bridge.exe" -stealth
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
O4 - Global Startup: Intuit Data Protect.lnk = C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe
O4 - Global Startup: NETGEAR WNDA3100v2 Smart Wizard.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: QuickBooks_Standard_21.lnk = C:\Program Files (x86)\Intuit\QuickBooks 2011\QBW32.EXE
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {15BE8BEE-4105-4A79-B385-25068AA967DB} (VBIRDPlayer.Player) - http://www.iradiopop.com/IRD/pages/VBIMDPlayer.CAB
O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} (20-20 3D Viewer for IKEA) - http://kitchenplanner.ikea.com/US/Core/Player/2020PlayerAX_IKEA_Win32.cab
O18 - Protocol: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files (x86)\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Device Handle Service - ASUSTeK Computer Inc. - C:\Windows\SysWOW64\AsHookDevice.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: lmab_device - - C:\Windows\system32\LMabcoms.exe
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: QBIDPService (QBVSS) - Unknown owner - C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: WSWNDA3100 - Unknown owner - C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe

--
End of file - 13129 bytes

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:37 AM

Posted 02 September 2012 - 09:22 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [RunAIShell] C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [AdobeBridge] "C:\Program Files (x86)\Adobe\Adobe Bridge CS4\Bridge.exe" -stealth
      O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
      O4 - Global Startup: Intuit Data Protect.lnk = C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

  • If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
  • close program
  • copy and paste the report here


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users