Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

SVCHost infected by some unknown malware


  • This topic is locked This topic is locked
24 replies to this topic

#1 Zer0_C00l

Zer0_C00l

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:01 PM

Posted 24 September 2012 - 01:35 AM

Hello guys,

One of my Svchost process (-k LocalSyetemNetworkRestricted) has raised the VM and Memory size dramatically and sometimes it raises the CPU usage up to 100% gradually. Also I have two more svchost process with the same parameter (-k LocalSyetemNetworkRestricted) which don't have any suspicious activity. I uploaded this file to virustotal and just esfae antivirus detected that as "Win32.TrojanHorse" while other antiviruses didn't detect anything. I am sure some malware is binded to this process and I tried alot to figure it out but it didn't work. I used Combo and tds but they didn't discover anything. Now I want to see if there is any expert who can help me out here.

This is my DDS Log:


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Administrator at 23:12:12 on 2012-09-23
Microsoft Windows 7 Ultimate 6.1.7601.1.1256.981.1033.18.4030.357 [GMT -7:00]
.
AV: Kaspersky Internet Security *Enabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
SP: Kaspersky Internet Security *Enabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security *Enabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\vcsFPService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe
C:\Windows\system32\spool\DRIVERS\x64\3\fppdis4.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
C:\Windows\SysWow64\ArcVCapRender\uArcCapture.exe
C:\Program Files\Motorola\Bluetooth\obexsrv.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\System Explorer\SystemExplorer.exe
C:\Users\Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Everything\Everything.exe
C:\Program Files (x86)\HP HD Webcam [Fixed]\Monitor.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Users\Administrator\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
C:\Users\Administrator\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
C:\Users\Administrator\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
C:\Users\Administrator\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
C:\Users\Administrator\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
C:\Users\Administrator\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
C:\Users\Administrator\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
C:\Users\Administrator\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
C:\Users\Administrator\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
C:\Users\Administrator\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
C:\Users\Administrator\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
C:\Users\Administrator\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
C:\Users\Administrator\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
C:\Users\Administrator\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
C:\Users\Administrator\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtblfs.exe
C:\Users\Administrator\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
C:\Users\Administrator\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
C:\Users\Administrator\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
C:\Users\Administrator\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
C:\Users\Administrator\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
C:\Users\Administrator\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
C:\Users\Administrator\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
C:\Users\Administrator\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
C:\Users\Administrator\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
C:\Users\Administrator\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Users\Administrator\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\Foxit PhantomPDF.exe
C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
C:\Windows\splwow64.exe
C:\Users\Administrator\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
C:\Users\Administrator\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
C:\Users\Administrator\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
C:\Users\Administrator\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Microsoft Office\Office12\POWERPNT.EXE
C:\Windows\regedit.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE
C:\Users\Administrator\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: IeCatch5 Class: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - C:\PROGRA~2\FlashGet\jccatch.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
BHO: QUICKfind BHO Object: {c08df07a-3e49-4e25-9ab0-d3882835f153} - C:\PROGRA~2\IDM\QUICKF~1\PlugIns\IEHelp.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
BHO: gFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - C:\PROGRA~2\FlashGet\getflash.dll
TB: FlashGet Bar: {e0e899ab-f487-11d5-8d29-0050ba6940e3} - C:\PROGRA~2\FlashGet\fgiebar.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [SystemExplorerAutoStart] "C:\Program Files (x86)\System Explorer\SystemExplorer.exe" /TRAY
uRun: [ShowBatteryBar] "C:\Program Files\BatteryBar\ShowBatteryBar.exe" show
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [Everything] "C:\Program Files (x86)\Everything\Everything.exe" -startup
mRun: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe /start
mRun: [HP HD Webcam [Fixed]_Monitor] C:\Program Files (x86)\HP HD Webcam [Fixed]\monitor.exe
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"
mRun: [Babylon Client] C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe -AutoStart
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
dRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
StartupFolder: C:\Users\ADMINI~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SYSTEM~1\FILEBO~1.LNK - C:\Program Files (x86)\FileBX\FileBX.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SYSTEM~1\INTUIT~1.LNK - C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SYSTEM~1\QUICKB~1.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SYSTEM~1\QUICKB~2.LNK - C:\Program Files (x86)\Intuit\QuickBooks 2012\QBW32.EXE
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
IE: Download All by FlashGet - C:\Program Files (x86)\FlashGet\jc_all.htm
IE: Download using FlashGet - C:\Program Files (x86)\FlashGet\jc_link.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Translate with &Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
IE: {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll/206
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~2\FlashGet\flashget.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
LSP: %SystemRoot%\system32\PrxerDrv.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 10.0.0.1
TCP: Interfaces\{CE1B60FB-3879-4A60-834B-564FEBEDA36C} : DhcpNameServer = 10.0.0.1
TCP: Interfaces\{CE1B60FB-3879-4A60-834B-564FEBEDA36C}\14D696277237024637C6F5548545 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{CE1B60FB-3879-4A60-834B-564FEBEDA36C}\94D616E6023533 : DhcpNameServer = 192.168.43.1
TCP: Interfaces\{CE1B60FB-3879-4A60-834B-564FEBEDA36C}\E416478616E60223E24374 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{CFC63336-15E1-4912-82B7-4FD8567719BB} : DhcpNameServer = 192.168.1.254
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files (x86)\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\System32\mscoree.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
LSA: Notification Packages = DPPassFilter scecli
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: IeCatch5 Class: {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~2\FlashGet\jccatch.dll
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: BitComet Helper: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll
BHO-X64: BitComet ClickCapture - No File
BHO-X64: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
BHO-X64: IEVkbdBHO - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
BHO-X64: QUICKfind BHO Object: {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~2\IDM\QUICKF~1\PlugIns\IEHelp.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
BHO-X64: link filter bho - No File
BHO-X64: gFlash Class: {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~2\FlashGet\getflash.dll
TB-X64: FlashGet Bar: {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~2\FlashGet\fgiebar.dll
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [Everything] "C:\Program Files (x86)\Everything\Everything.exe" -startup
mRun-x64: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe /start
mRun-x64: [HP HD Webcam [Fixed]_Monitor] C:\Program Files (x86)\HP HD Webcam [Fixed]\monitor.exe
mRun-x64: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"
mRun-x64: [Babylon Client] C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe -AutoStart
mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
IE-X64: {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm
IE-X64: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll/206
IE-X64: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~2\FlashGet\flashget.exe
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\a4e622py.default\
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdjvu.dll
FF - plugin: C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Users\Administrator\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Administrator\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll
.
============= SERVICES / DRIVERS ===============
.
R1 kl2;kl2;C:\Windows\system32\DRIVERS\kl2.sys --> C:\Windows\system32\DRIVERS\kl2.sys [?]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys --> C:\Windows\system32\DRIVERS\klim6.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-7-15 89600]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [2011-4-24 202296]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files\Motorola\Bluetooth\obexsrv.exe [2012-8-6 680016]
R3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver;C:\Windows\system32\DRIVERS\ArcSoftVCapture.sys --> C:\Windows\system32\DRIVERS\ArcSoftVCapture.sys [?]
R3 Bluetooth Device Manager;Bluetooth Device Manager;C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe [2012-8-6 4151376]
R3 BTMNET;Motorola Bluetooth Network Adapter Service;C:\Windows\system32\DRIVERS\btmnet.sys --> C:\Windows\system32\DRIVERS\btmnet.sys [?]
R3 BTMUSB;Motorola Bluetooth Radio Service;C:\Windows\system32\Drivers\btmusb.sys --> C:\Windows\system32\Drivers\btmusb.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\system32\DRIVERS\klmouflt.sys --> C:\Windows\system32\DRIVERS\klmouflt.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\system32\DRIVERS\rtl8192Ce.sys --> C:\Windows\system32\DRIVERS\rtl8192Ce.sys [?]
R3 SPUVCbv;SPUVCb Driver Service;C:\Windows\system32\Drivers\SPUVCbv_x64.sys --> C:\Windows\system32\Drivers\SPUVCbv_x64.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-7-19 257224]
S3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;C:\Program Files\BitComet\tools\BitCometService.exe -service --> C:\Program Files\BitComet\tools\BitCometService.exe -service [?]
S3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files\Motorola\Bluetooth\audiosrv.exe [2012-8-6 1189968]
S3 BTMCOM;Bluetooth Serial Port;C:\Windows\system32\Drivers\btmcom.sys --> C:\Windows\system32\Drivers\btmcom.sys [?]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 egnyteBackup;Egnyte Backup Service;C:\Program Files (x86)\Egnyte Backup\EgnyteBackupService.exe [2012-8-19 23552]
S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\system32\drivers\synth3dvsc.sys --> C:\Windows\system32\drivers\synth3dvsc.sys [?]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys --> C:\Windows\system32\drivers\terminpt.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 tsusbhub;tsusbhub;C:\Windows\system32\drivers\tsusbhub.sys --> C:\Windows\system32\drivers\tsusbhub.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
.
=============== Created Last 30 ================
.
2012-09-23 22:32:29 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-09-23 22:24:24 -------- d-----w- C:\TDSSKiller_Quarantine
2012-09-23 22:05:52 -------- d-sh--w- C:\$RECYCLE.BIN
2012-09-23 21:39:06 -------- d-----w- C:\Program Files (x86)\TCPEye
2012-09-23 18:32:02 -------- d-----w- C:\Program Files\FrontDoorSoftware
2012-09-18 20:20:40 -------- d-----w- C:\Program Files (x86)\Zone Labs
2012-09-18 20:20:17 -------- d-----w- C:\Windows\Internet Logs
2012-09-18 19:42:24 -------- d-----w- C:\Users\Administrator\AppData\Roaming\BitComet
2012-09-18 19:42:23 -------- d-----w- C:\Program Files\BitComet
2012-09-18 19:24:58 -------- d-----w- C:\Users\Administrator\AppData\Local\DDMSettings
2012-09-18 19:22:21 -------- d-----w- C:\Program Files (x86)\Common Files\DivX Shared
2012-09-18 18:13:05 -------- dc-h--w- C:\ProgramData\{90FF8911-FC06-4E49-8959-C3CF1CA226BB}
2012-09-18 18:12:58 -------- d-----w- C:\Program Files (x86)\Lavasoft
2012-09-18 08:27:03 -------- d-----w- C:\Users\Administrator\AppData\Local\Sunbelt Software
2012-09-13 19:15:22 -------- d-----w- C:\Users\Administrator\AppData\Local\Macromedia
2012-09-13 19:12:10 916456 ----a-w- C:\Windows\System32\deployJava1.dll
2012-09-13 19:12:10 1034216 ----a-w- C:\Windows\System32\npDeployJava1.dll
2012-09-13 19:12:00 108008 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2012-09-13 00:47:04 -------- d-----w- C:\Users\Administrator\AppData\Roaming\Malwarebytes
2012-09-13 00:45:46 -------- d-----w- C:\ProgramData\Malwarebytes
2012-09-13 00:45:44 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-09-08 06:48:31 -------- d-----w- C:\Windows\PCHEALTH
2012-09-08 06:46:36 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
2012-09-07 20:46:05 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{30EF6B9E-7045-4FF6-B694-BAA4C42BCCEC}\offreg.dll
2012-09-07 17:26:59 9310152 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{30EF6B9E-7045-4FF6-B694-BAA4C42BCCEC}\mpengine.dll
2012-09-03 19:19:45 -------- d-----w- C:\Users\Administrator\AppData\Local\ElevatedDiagnostics
2012-08-27 00:20:05 -------- d-----w- C:\Users\Administrator\AppData\Roaming\Hyperionics
2012-08-27 00:19:58 -------- d--h--w- C:\ProgramData\{7A94EF79-C34B-444E-BECC-25AB7D77AA78}
2012-08-27 00:19:57 -------- d-----w- C:\Program Files\FileBX
.
==================== Find3M ====================
.
2012-09-13 05:23:29 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-13 05:23:29 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-18 16:10:32 274720 ------w- C:\Windows\System32\fppr4-x64.dll
2012-07-18 16:10:22 248096 ------w- C:\Windows\System32\fppmon4.dll
2012-07-18 16:10:18 75552 ------w- C:\Windows\System32\fppent4a.dll
2012-07-17 07:26:11 411368 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-07-15 22:53:01 3120 ----a-w- C:\Windows\SysWow64\drivers\wdhih.sys
2012-07-15 20:50:31 81920 ---ha-w- C:\Windows\SysWow64\v3shrtkgn.dll
2012-07-04 22:13:27 59392 ----a-w- C:\Windows\System32\browcli.dll
2012-07-04 22:13:27 136704 ----a-w- C:\Windows\System32\browser.dll
2012-07-04 21:14:34 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-29 03:49:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-29 03:39:48 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-29 00:16:58 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-29 00:09:01 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-29 00:08:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-29 00:04:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-29 00:00:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 23:14:09.41 ===============

Thank you guys.

BC AdBot (Login to Remove)

 


#2 Zer0_C00l

Zer0_C00l
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:01 PM

Posted 24 September 2012 - 04:31 PM

Also Here is the screen shot of my svchosts process..consider the totall cpu and ram usage are in the bottom.

I look forward to hearing from you guys.

Edited by Zer0_C00l, 24 September 2012 - 04:32 PM.


#3 Zer0_C00l

Zer0_C00l
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:01 PM

Posted 26 September 2012 - 01:59 PM

Anyone?

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:01 PM

Posted 26 September 2012 - 11:26 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Zer0_C00l

Zer0_C00l
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:01 PM

Posted 27 September 2012 - 01:20 AM

Hi Gringo,

Thanks for replying.

This is my -AdwCleaner- log:


# AdwCleaner v2.003 - Logfile created 09/26/2012 at 23:10:15
# Updated 23/09/2012 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : Administrator - IMAN-PC
# Boot Mode : Normal
# Running from : C:\Users\Administrator\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Babylon.lnk
File Deleted : C:\Users\Public\Desktop\Babylon.lnk
Folder Deleted : C:\Program Files (x86)\Babylon
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\Users\ADMINI~1\AppData\Local\Temp\Babylon
Folder Deleted : C:\Users\Administrator\AppData\Local\Babylon
Folder Deleted : C:\Users\Administrator\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\Administrator\AppData\Roaming\Babylon

***** [Registry] *****

Key Deleted : HKCU\Software\Babylon
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B16632F1-24E0-4D99-A68D-70BFB6447C48}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BabylonIEPI.DLL
Key Deleted : HKLM\SOFTWARE\Classes\BabyDict
Key Deleted : HKLM\SOFTWARE\Classes\BabyGloss
Key Deleted : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin
Key Deleted : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin.1
Key Deleted : HKLM\SOFTWARE\Classes\BabyOptFile
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A1489C85-4F6F-48C4-AC9E-18B63AF4703E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{F310F027-15CB-4A7F-B10D-3A4AFB5013A5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Babylon.exe
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6AC0BB10-C922-45e2-857D-2A368FE749E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Babylon
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Babylon Client]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v14.0.1 (en-US)

Profile name : default
File : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\a4e622py.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v22.0.1229.79

File : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [2947 octets] - [26/09/2012 23:10:15]

########## EOF - C:\AdwCleaner[S1].txt - [3007 octets] ##########


and this is my --RogueKiller-- log:


RogueKiller V8.0.5 [09/23/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Administrator [Admin rights]
Mode : Remove -- Date : 09/26/2012 23:16:24

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[SCREENSV][SUSP PATH] HKCU\[...]\Desktop (C:\Windows\ADCWOR~1.SCR) -> REPLACED (C:\Windows\system32\logon.scr)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤

¤¤¤ Infection : Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK5061GSYN +++++
--- User ---
[MBR] 3974977914ea10d280b8eca193d91be7
[BSP] b8cb50ba8b244b6afab820fe0b7ad01d : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 117738 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 262132605 | Size: 348943 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] dca2844d6808dd83dfaf19d612798ab3
[BSP] b8cb50ba8b244b6afab820fe0b7ad01d : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 300 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 616448 | Size: 61440 Mo
2 - [ACTIVE] FAT16 (0x06) [VISIBLE] Offset (sectors): 167999488 | Size: 1001 Mo
3 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 171999232 | Size: 1000 Mo

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt


now my computer work normally, but sometimes that svchost process get all of my cpu and ram usage. I am ready for the next step.

Edited by Zer0_C00l, 27 September 2012 - 01:21 AM.


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:01 PM

Posted 27 September 2012 - 01:30 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Zer0_C00l

Zer0_C00l
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:01 PM

Posted 28 September 2012 - 12:56 PM

Dear Gringo,

you can see my combofix log in the below:


ComboFix 12-09-26.06 - Administrator 09/27/2012 23:28:54.2.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1256.981.1033.18.4030.2368 [GMT -7:00]
Running from: c:\users\Administrator\Downloads\ComboFix.exe
AV: Kaspersky Internet Security *Enabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
FW: Kaspersky Internet Security *Enabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
SP: Kaspersky Internet Security *Enabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-08-28 to 2012-09-28 )))))))))))))))))))))))))))))))
.
.
2012-09-28 06:33 . 2012-09-28 06:33 -------- d-----w- c:\users\Iman\AppData\Local\temp
2012-09-28 06:33 . 2012-09-28 06:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-27 07:14 . 2012-09-27 07:14 -------- d-----w- c:\users\Administrator\AppData\Local\Babylon
2012-09-27 07:14 . 2012-09-27 07:14 -------- d-----w- c:\users\Administrator\AppData\Roaming\Babylon
2012-09-27 07:14 . 2012-09-27 07:14 -------- d-----w- c:\programdata\Babylon
2012-09-26 18:40 . 2009-03-17 19:58 145920 ----a-w- c:\program files (x86)\Mozilla Firefox\BabyFox.dll
2012-09-26 18:40 . 2012-09-26 18:40 -------- d-----w- c:\program files (x86)\Babylon4
2012-09-24 17:22 . 2012-09-24 17:22 -------- d-----w- c:\program files (x86)\Babylon2
2012-09-23 22:32 . 2012-09-08 00:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-23 22:24 . 2012-09-23 22:24 -------- d-----w- C:\TDSSKiller_Quarantine
2012-09-23 21:39 . 2012-09-23 21:39 -------- d-----w- c:\program files (x86)\TCPEye
2012-09-23 18:32 . 2012-09-23 18:34 -------- d-----w- c:\program files\FrontDoorSoftware
2012-09-18 20:20 . 2012-09-18 20:20 -------- d-----w- c:\program files (x86)\Zone Labs
2012-09-18 20:20 . 2012-09-18 20:20 -------- d-----w- c:\windows\Internet Logs
2012-09-18 19:42 . 2012-09-27 16:41 -------- d-----w- c:\users\Administrator\AppData\Roaming\BitComet
2012-09-18 19:42 . 2012-09-18 19:42 -------- d-----w- c:\program files\BitComet
2012-09-18 19:24 . 2012-09-18 19:24 -------- d-----w- c:\users\Administrator\AppData\Local\DDMSettings
2012-09-18 19:22 . 2012-09-18 19:22 -------- d-----w- c:\program files (x86)\Common Files\DivX Shared
2012-09-18 18:13 . 2012-09-23 19:08 -------- dc-h--w- c:\programdata\{90FF8911-FC06-4E49-8959-C3CF1CA226BB}
2012-09-18 18:12 . 2012-09-18 18:12 -------- d-----w- c:\program files (x86)\Lavasoft
2012-09-18 08:27 . 2012-09-18 08:27 -------- d-----w- c:\users\Administrator\AppData\Local\Sunbelt Software
2012-09-18 08:26 . 2012-09-23 19:06 -------- d-----w- c:\programdata\Lavasoft
2012-09-13 19:15 . 2012-09-13 19:15 -------- d-----w- c:\users\Administrator\AppData\Local\Macromedia
2012-09-13 19:13 . 2012-09-13 19:13 -------- d-----w- c:\windows\Sun
2012-09-13 19:12 . 2012-09-13 19:11 916456 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-13 19:12 . 2012-09-13 19:11 289768 ----a-w- c:\windows\system32\javaws.exe
2012-09-13 19:12 . 2012-09-13 19:11 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-13 19:12 . 2012-09-13 19:11 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2012-09-13 19:12 . 2012-09-13 19:11 189416 ----a-w- c:\windows\system32\javaw.exe
2012-09-13 19:12 . 2012-09-13 19:11 188904 ----a-w- c:\windows\system32\java.exe
2012-09-13 19:11 . 2012-09-26 18:05 -------- d-----w- c:\program files\Java
2012-09-13 00:47 . 2012-09-13 00:47 -------- d-----w- c:\users\Administrator\AppData\Roaming\Malwarebytes
2012-09-13 00:45 . 2012-09-13 00:45 -------- d-----w- c:\programdata\Malwarebytes
2012-09-13 00:45 . 2012-09-23 22:32 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-09-08 06:49 . 2012-09-08 06:49 -------- d-----w- c:\program files (x86)\Microsoft Works
2012-09-08 06:48 . 2012-09-08 06:48 -------- d-----w- c:\windows\PCHEALTH
2012-09-08 06:46 . 2012-09-08 06:46 -------- d-----w- c:\program files\Microsoft Office
2012-09-08 06:44 . 2012-09-08 06:44 -------- d-----r- C:\MSOCache
2012-09-07 20:46 . 2012-09-07 20:46 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{30EF6B9E-7045-4FF6-B694-BAA4C42BCCEC}\offreg.dll
2012-09-07 17:26 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{30EF6B9E-7045-4FF6-B694-BAA4C42BCCEC}\mpengine.dll
2012-09-03 19:19 . 2012-09-11 06:26 -------- d-----w- c:\users\Administrator\AppData\Local\ElevatedDiagnostics
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-13 05:23 . 2012-07-19 07:33 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-13 05:23 . 2012-07-19 07:33 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-25 21:22 . 2012-07-20 17:22 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-07-20 17:30 . 2012-07-20 17:30 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-07-20 17:30 . 2012-07-20 17:30 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-07-20 17:30 . 2012-07-20 17:30 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-07-20 17:30 . 2012-07-20 17:30 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-07-20 17:30 . 2012-07-20 17:30 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-07-20 17:30 . 2012-07-20 17:30 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-07-20 17:30 . 2012-07-20 17:30 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-07-20 17:30 . 2012-07-20 17:30 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-07-20 17:30 . 2012-07-20 17:30 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-07-20 17:30 . 2012-07-20 17:30 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-07-20 17:30 . 2012-07-20 17:30 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-07-20 17:30 . 2012-07-20 17:30 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-07-20 17:30 . 2012-07-20 17:30 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-07-20 17:30 . 2012-07-20 17:30 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-07-20 17:30 . 2012-07-20 17:30 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-07-20 17:30 . 2012-07-20 17:30 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-07-20 17:30 . 2012-07-20 17:30 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-07-20 17:30 . 2012-07-20 17:30 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-07-20 17:30 . 2012-07-20 17:30 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-07-20 17:30 . 2012-07-20 17:30 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-07-20 17:30 . 2012-07-20 17:30 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-07-20 17:30 . 2012-07-20 17:30 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-07-20 17:30 . 2012-07-20 17:30 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-07-20 17:30 . 2012-07-20 17:30 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-07-20 17:30 . 2012-07-20 17:30 89088 ----a-w- c:\windows\system32\ie4uinit.exe
2012-07-20 17:30 . 2012-07-20 17:30 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-07-20 17:30 . 2012-07-20 17:30 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-07-20 17:30 . 2012-07-20 17:30 82432 ----a-w- c:\windows\system32\icardie.dll
2012-07-20 17:30 . 2012-07-20 17:30 818688 ----a-w- c:\windows\system32\jscript.dll
2012-07-20 17:30 . 2012-07-20 17:30 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-07-20 17:30 . 2012-07-20 17:30 65024 ----a-w- c:\windows\system32\pngfilt.dll
2012-07-20 17:30 . 2012-07-20 17:30 55296 ----a-w- c:\windows\system32\msfeedsbs.dll
2012-07-20 17:30 . 2012-07-20 17:30 534528 ----a-w- c:\windows\system32\ieapfltr.dll
2012-07-20 17:30 . 2012-07-20 17:30 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-07-20 17:30 . 2012-07-20 17:30 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-07-20 17:30 . 2012-07-20 17:30 452608 ----a-w- c:\windows\system32\dxtmsft.dll
2012-07-20 17:30 . 2012-07-20 17:30 448512 ----a-w- c:\windows\system32\html.iec
2012-07-20 17:30 . 2012-07-20 17:30 403248 ----a-w- c:\windows\system32\iedkcs32.dll
2012-07-20 17:30 . 2012-07-20 17:30 39936 ----a-w- c:\windows\system32\iernonce.dll
2012-07-20 17:30 . 2012-07-20 17:30 3695416 ----a-w- c:\windows\system32\ieapfltr.dat
2012-07-20 17:30 . 2012-07-20 17:30 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-07-20 17:30 . 2012-07-20 17:30 282112 ----a-w- c:\windows\system32\dxtrans.dll
2012-07-20 17:30 . 2012-07-20 17:30 267776 ----a-w- c:\windows\system32\ieaksie.dll
2012-07-20 17:30 . 2012-07-20 17:30 249344 ----a-w- c:\windows\system32\webcheck.dll
2012-07-20 17:30 . 2012-07-20 17:30 248320 ----a-w- c:\windows\system32\ieui.dll
2012-07-20 17:30 . 2012-07-20 17:30 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-07-20 17:30 . 2012-07-20 17:30 237056 ----a-w- c:\windows\system32\url.dll
2012-07-20 17:30 . 2012-07-20 17:30 2311680 ----a-w- c:\windows\system32\jscript9.dll
2012-07-20 17:30 . 2012-07-20 17:30 222208 ----a-w- c:\windows\system32\msls31.dll
2012-07-20 17:30 . 2012-07-20 17:30 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-07-20 17:30 . 2012-07-20 17:30 197120 ----a-w- c:\windows\system32\msrating.dll
2012-07-20 17:30 . 2012-07-20 17:30 17807360 ----a-w- c:\windows\system32\mshtml.dll
2012-07-20 17:30 . 2012-07-20 17:30 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-07-20 17:30 . 2012-07-20 17:30 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-07-20 17:30 . 2012-07-20 17:30 163840 ----a-w- c:\windows\system32\ieakui.dll
2012-07-20 17:30 . 2012-07-20 17:30 160256 ----a-w- c:\windows\system32\wextract.exe
2012-07-20 17:30 . 2012-07-20 17:30 160256 ----a-w- c:\windows\system32\ieakeng.dll
2012-07-20 17:30 . 2012-07-20 17:30 149504 ----a-w- c:\windows\system32\occache.dll
2012-07-20 17:30 . 2012-07-20 17:30 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-07-20 17:30 . 2012-07-20 17:30 145920 ----a-w- c:\windows\system32\iepeers.dll
2012-07-20 17:30 . 2012-07-20 17:30 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-07-20 17:30 . 2012-07-20 17:30 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-07-20 17:30 . 2012-07-20 17:30 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-07-20 17:30 . 2012-07-20 17:30 12288 ----a-w- c:\windows\system32\mshta.exe
2012-07-20 17:30 . 2012-07-20 17:30 114176 ----a-w- c:\windows\system32\admparse.dll
2012-07-20 17:30 . 2012-07-20 17:30 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-07-20 17:30 . 2012-07-20 17:30 10924032 ----a-w- c:\windows\system32\ieframe.dll
2012-07-20 17:30 . 2012-07-20 17:30 10752 ----a-w- c:\windows\system32\msfeedssync.exe
2012-07-20 17:30 . 2012-07-20 17:30 103936 ----a-w- c:\windows\system32\inseng.dll
2012-07-20 17:30 . 2012-07-20 17:30 697344 ----a-w- c:\windows\system32\msfeeds.dll
2012-07-20 17:30 . 2012-07-20 17:30 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-07-18 16:10 . 2012-07-27 15:59 274720 ------w- c:\windows\system32\fppr4-x64.dll
2012-07-18 16:10 . 2012-07-27 15:59 248096 ------w- c:\windows\system32\fppmon4.dll
2012-07-18 16:10 . 2012-07-27 15:59 75552 ------w- c:\windows\system32\fppent4a.dll
2012-07-17 07:26 . 2012-07-17 07:26 411368 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-07-15 23:06 . 2012-07-15 23:06 615728 ----a-w- c:\windows\system32\drivers\klif.sys
2012-07-15 22:53 . 2012-07-15 22:53 3120 ----a-w- c:\windows\SysWow64\drivers\wdhih.sys
2012-07-15 20:50 . 2012-07-15 20:50 81920 ---ha-w- c:\windows\SysWow64\v3shrtkgn.dll
2012-07-04 22:16 . 2012-08-15 01:27 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-07-04 22:13 . 2012-08-15 01:27 59392 ----a-w- c:\windows\system32\browcli.dll
2012-07-04 22:13 . 2012-08-15 01:27 136704 ----a-w- c:\windows\system32\browser.dll
2012-07-04 21:14 . 2012-08-15 01:27 41984 ----a-w- c:\windows\SysWow64\browcli.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"SystemExplorerAutoStart"="c:\program files (x86)\System Explorer\SystemExplorer.exe" [2012-09-11 2750936]
"ShowBatteryBar"="c:\program files\BatteryBar\ShowBatteryBar.exe" [2009-05-28 89600]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-01-26 283160]
"Everything"="c:\program files (x86)\Everything\Everything.exe" [2009-03-13 602624]
"QLBController"="c:\program files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe" [2011-07-07 323128]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2011-04-25 202296]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2010-10-11 16856968]
.
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-7-2 26868192]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\SystemExplorerDisabled
FileBox eXtender.lnk - c:\program files\FileBX\FileBX.exe [2011-2-23 614400]
Intuit Data Protect.lnk - c:\program files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe [2012-6-5 5982040]
QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2012-6-5 1176464]
QuickBooks_Standard_21.lnk - c:\program files (x86)\Intuit\QuickBooks 2012\QBW32.EXE [2012-6-5 1181584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-08 676936]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-13 257224]
R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files\BitComet\tools\BitCometService.exe [2010-12-28 1296728]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files\Motorola\Bluetooth\audiosrv.exe [2011-02-28 1189968]
R3 BTMCOM;Bluetooth Serial Port;c:\windows\system32\Drivers\btmcom.sys [2010-06-30 52736]
R3 BTMNET;Motorola Bluetooth Network Adapter Service;c:\windows\system32\DRIVERS\btmnet.sys [2010-07-16 30208]
R3 BTMUSB;Motorola Bluetooth Radio Service;c:\windows\system32\Drivers\btmusb.sys [2011-02-09 486144]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 egnyteBackup;Egnyte Backup Service;c:\program files (x86)\Egnyte Backup\EgnyteBackupService.exe [2011-08-19 23552]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-14 113120]
R3 QBVSS;QBIDPService;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2012-06-05 1248256]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-07-20 1255736]
R4 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-08-16 227896]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2011-03-04 11864]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2011-03-11 29488]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files\Motorola\Bluetooth\obexsrv.exe [2011-02-16 680016]
S2 hpHotkeyMonitor;hpHotkeyMonitor;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [2011-07-07 1698360]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-01-26 30520]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-26 13336]
S2 pdfFactory4;pdfFactory Pro 4;c:\windows\system32\spool\DRIVERS\x64\3\fppdis4.exe [2012-07-18 686368]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-08-17 2358656]
S2 uArcCapture;ArcCapture;c:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [2010-11-11 502464]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-01-17 2656280]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2011-08-23 3175728]
S3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver;c:\windows\system32\DRIVERS\ArcSoftVCapture.sys [2010-11-11 32192]
S3 Bluetooth Device Manager;Bluetooth Device Manager;c:\program files\Motorola\Bluetooth\devmgrsrv.exe [2011-02-09 4151376]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-07-15 1028096]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2011-01-31 174168]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-03 22544]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-08 25928]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2011-07-19 1145448]
S3 SPUVCbv;SPUVCb Driver Service;c:\windows\system32\Drivers\SPUVCbv_x64.sys [2011-02-12 2612728]
S3 SystemExplorerHelpService;System Explorer Service;c:\program files (x86)\System Explorer\service\SystemExplorerService64.exe [2012-08-21 821720]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-19 05:23]
.
2012-09-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3667813626-3408889946-819685109-500Core.job
- c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-16 06:20]
.
2012-09-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3667813626-3408889946-819685109-500UA.job
- c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-16 06:20]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-31 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-31 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-31 418840]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-01-27 835072]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files (x86)\Stardock\Fences\FencesMenu64.dll" [2010-06-22 253288]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Add to Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
IE: Download All by FlashGet - c:\program files (x86)\FlashGet\jc_all.htm
IE: Download using FlashGet - c:\program files (x86)\FlashGet\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Translate with &Babylon - c:\program files (x86)\Babylon4\Babylon-Pro4\Utils\BabylonIEPI.dll/Translate.htm
IE: {{bd707fe6-39f6-4bda-9265-86a76719bdc5} - c:\program files\Motorola\Bluetooth\btmiesend.htm
LSP: %SystemRoot%\system32\PrxerDrv.dll
TCP: DhcpNameServer = 10.0.0.1
Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - c:\program files (x86)\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\a4e622py.default\
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,3b,1b,f1,07,40,
35,c6,00,0b,08,b2,aa,8b,e9,64,69,07,85
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,3b,1b,21,83,11,
e0,6a,97,40,00,a5,32,d2,a9,2a,91,10,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,3b,1b,6f,c3,fe,
a2,55,99,be,5f,a6,e4,44,e0,ca,4d,f0,1b
"{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}"=hex:51,66,7a,6c,4c,1d,3b,1b,a4,27,33,
46,e3,bc,97,0e,bb,a1,2b,e9,cf,e6,c3,38
"{C08DF07A-3E49-4E25-9AB0-D3882835F153}"=hex:51,66,7a,6c,4c,1d,3b,1b,6a,ed,99,
df,79,65,4b,00,80,b9,97,c8,2b,72,b4,47
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,3b,1b,54,1d,dc,
c4,75,ff,35,0d,a6,7d,d8,65,c2,82,cd,bd
"{E33CF602-D945-461A-83F0-819F76A199F8}"=hex:51,66,7a,6c,4c,1d,3b,1b,12,eb,28,
fc,75,82,74,08,99,f9,c5,df,75,e6,dc,ec
"{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,3b,1b,9d,6b,7a,
2d,b2,1a,93,08,86,1f,50,09,a7,d0,d0,e0
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (Administrator)
"Timestamp"=hex:b2,60,e2,45,d2,66,cd,01
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,48,98,65,64,ee,12,2a,4a,ba,22,b4,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,48,98,65,64,ee,12,2a,4a,ba,22,b4,\
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.032"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AAC\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.abr"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADT\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.ani"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.apd"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.arw"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="jetAudio.ASSOC.Video"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.bay"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.bmp"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.bw"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.CDA"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.cr2"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.crw"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.cs1"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.cur"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.dcr"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.dcx"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.dib"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.div\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_div_file"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.divx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_divx_file"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.djv"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.djvu"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.dng"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.emf"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.eps"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.erf"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.fff"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.fpx"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.gif"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.hdr"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromePlusHTML"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromePlusHTML"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.icl"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.icn"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.iff"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.ilbm"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.int"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.inta"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iso\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\VCDMount.exe"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.iw4"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.j2c"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.j2k"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.jbr"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.jfif"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.jif"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.jp2"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.jpc"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.jpe"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.jpeg"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.jpg"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.jpk"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.jpx"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.kdc"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.lbm"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.m3u"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M4A"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.mef"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mkv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="jetAudio.ASSOC.Video"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.mos"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (Administrator)
"Progid"="jetAudio.ASSOC.Video"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.mrw"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.nef"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nfo\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\notepad.exe"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.nrw"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.orf"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pbm"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pbr"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pcd"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pct"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pcx"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="pdf_auto_file"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pef"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pgm"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pic"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pict"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pix"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.png"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.ppm"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.psd"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.psp"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pspbrush"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pspimage"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.raf"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.ras"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.raw"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.rgb"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.rgba"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.rle"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.rsb"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.rw2"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.rwl"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.sgi"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromePlusHTML"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.sr2"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.srf"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.tga"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.thm"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.tif"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.tiff"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tix\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_tix_file"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.ttc"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.ttf"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30po\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.v30po"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30pp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.v30pp"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30ppf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.v30ppf"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAV"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAX"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.wbm"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.wbmp"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMA"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMD"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.wmf"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMS"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="jetAudio.ASSOC.Video"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMZ"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WPL"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WVX"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.xbm"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromePlusHTML"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromePlusHTML"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.xif"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.xmp"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.xpm"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-09-27 23:38:15 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-28 06:38
.
Pre-Run: 46,987,763,712 bytes free
Post-Run: 46,958,145,536 bytes free
.
- - End Of File - - 3EF53DC03A6C770019B757A72778AAB4

when I ran the combofix that svchost process increased the cpu usage up to 80%.

My computer run smoothly almost but as I told you sometimes the svchost process get the cpu and ram usage significantly. My major problem right now is that many times while I am using the Internet the browser is not able to load page ( it does n't matter what kind of browser it is)..I don't have set any proxy for them. Actually I lose my Internet connection and I think it's due to some suspicious svchost activity. I don't have any problem with my router and it's firmware is updated. I hope you can solve this annoying problem.

Thank you Gringo.

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:01 PM

Posted 28 September 2012 - 01:04 PM

Greetings Zer0_C00l

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Zer0_C00l

Zer0_C00l
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:01 PM

Posted 28 September 2012 - 02:06 PM

Greeting Gringo,

Below is my TDS log :


12:04:43.0210 5192 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
12:04:43.0692 5192 ============================================================
12:04:43.0692 5192 Current date / time: 2012/09/28 12:04:43.0692
12:04:43.0692 5192 SystemInfo:
12:04:43.0692 5192
12:04:43.0692 5192 OS Version: 6.1.7601 ServicePack: 1.0
12:04:43.0692 5192 Product type: Workstation
12:04:43.0692 5192 ComputerName: IMAN-PC
12:04:43.0692 5192 UserName: Administrator
12:04:43.0692 5192 Windows directory: C:\Windows
12:04:43.0692 5192 System windows directory: C:\Windows
12:04:43.0692 5192 Running under WOW64
12:04:43.0692 5192 Processor architecture: Intel x64
12:04:43.0692 5192 Number of processors: 4
12:04:43.0692 5192 Page size: 0x1000
12:04:43.0692 5192 Boot type: Normal boot
12:04:43.0692 5192 ============================================================
12:04:44.0531 5192 BG loaded
12:04:44.0843 5192 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:04:44.0846 5192 ============================================================
12:04:44.0846 5192 \Device\Harddisk0\DR0:
12:04:44.0846 5192 MBR partitions:
12:04:44.0846 5192 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xE5F533E
12:04:44.0859 5192 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xF9FD3BC, BlocksNum 0x2A987885
12:04:44.0859 5192 ============================================================
12:04:44.0876 5192 C: <-> \Device\Harddisk0\DR0\Partition1
12:04:44.0900 5192 D: <-> \Device\Harddisk0\DR0\Partition2
12:04:44.0900 5192 ============================================================
12:04:44.0900 5192 Initialize success
12:04:44.0900 5192 ============================================================
12:04:50.0868 6584 ============================================================
12:04:50.0868 6584 Scan started
12:04:50.0868 6584 Mode: Manual; SigCheck; TDLFS;
12:04:50.0868 6584 ============================================================
12:04:51.0994 6584 ================ Scan system memory ========================
12:04:51.0994 6584 System memory - ok
12:04:51.0995 6584 ================ Scan services =============================
12:04:52.0209 6584 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
12:04:52.0279 6584 1394ohci - ok
12:04:52.0295 6584 [ 7A330A42870EB1FA81F88BE514D2D566 ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys
12:04:52.0309 6584 Accelerometer - ok
12:04:52.0396 6584 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
12:04:52.0404 6584 ACDaemon - ok
12:04:52.0436 6584 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
12:04:52.0448 6584 ACPI - ok
12:04:52.0483 6584 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
12:04:52.0495 6584 AcpiPmi - ok
12:04:52.0545 6584 [ EF81932211D51125FBBA7664CAC6E18C ] Adobe LM Service C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
12:04:52.0550 6584 Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning
12:04:52.0550 6584 Adobe LM Service - detected UnsignedFile.Multi.Generic (1)
12:04:52.0676 6584 [ F3CD7B20B27D1772C946DF993FF3635C ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
12:04:52.0689 6584 AdobeFlashPlayerUpdateSvc - ok
12:04:52.0724 6584 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
12:04:52.0739 6584 adp94xx - ok
12:04:52.0778 6584 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
12:04:52.0791 6584 adpahci - ok
12:04:52.0811 6584 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
12:04:52.0821 6584 adpu320 - ok
12:04:52.0849 6584 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
12:04:52.0877 6584 AeLookupSvc - ok
12:04:52.0963 6584 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Program Files\IDT\WDM\AESTSr64.exe
12:04:53.0006 6584 AESTFilters - ok
12:04:53.0065 6584 [ 6CCD1135320109D6B219F1A6E04AD9F6 ] Afc C:\Windows\syswow64\drivers\Afc.sys
12:04:53.0073 6584 Afc - ok
12:04:53.0115 6584 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
12:04:53.0130 6584 AFD - ok
12:04:53.0159 6584 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
12:04:53.0168 6584 agp440 - ok
12:04:53.0185 6584 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
12:04:53.0197 6584 ALG - ok
12:04:53.0219 6584 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
12:04:53.0228 6584 aliide - ok
12:04:53.0239 6584 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
12:04:53.0248 6584 amdide - ok
12:04:53.0260 6584 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
12:04:53.0272 6584 AmdK8 - ok
12:04:53.0309 6584 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
12:04:53.0328 6584 AmdPPM - ok
12:04:53.0345 6584 [ 6EC6D772EAE38DC17C14AED9B178D24B ] amdsata C:\Windows\system32\drivers\amdsata.sys
12:04:53.0357 6584 amdsata - ok
12:04:53.0364 6584 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
12:04:53.0376 6584 amdsbs - ok
12:04:53.0387 6584 [ 1142A21DB581A84EA5597B03A26EBAA0 ] amdxata C:\Windows\system32\drivers\amdxata.sys
12:04:53.0396 6584 amdxata - ok
12:04:53.0445 6584 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
12:04:53.0471 6584 AppID - ok
12:04:53.0500 6584 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
12:04:53.0528 6584 AppIDSvc - ok
12:04:53.0543 6584 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
12:04:53.0569 6584 Appinfo - ok
12:04:53.0615 6584 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:04:53.0637 6584 Apple Mobile Device - ok
12:04:53.0675 6584 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
12:04:53.0687 6584 AppMgmt - ok
12:04:53.0705 6584 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
12:04:53.0714 6584 arc - ok
12:04:53.0729 6584 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
12:04:53.0739 6584 arcsas - ok
12:04:53.0778 6584 [ 357635F16D28558C50870F4EF8AA4712 ] ARCVCAM C:\Windows\system32\DRIVERS\ArcSoftVCapture.sys
12:04:53.0793 6584 ARCVCAM - ok
12:04:53.0904 6584 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
12:04:53.0931 6584 aspnet_state - ok
12:04:53.0949 6584 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
12:04:53.0992 6584 AsyncMac - ok
12:04:54.0024 6584 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
12:04:54.0033 6584 atapi - ok
12:04:54.0119 6584 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:04:54.0174 6584 AudioEndpointBuilder - ok
12:04:54.0183 6584 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
12:04:54.0216 6584 AudioSrv - ok
12:04:54.0275 6584 [ 2718DC27571BD1E37813F5759D2DC118 ] AVP C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
12:04:54.0308 6584 AVP - ok
12:04:54.0338 6584 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
12:04:54.0357 6584 AxInstSV - ok
12:04:54.0406 6584 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
12:04:54.0424 6584 b06bdrv - ok
12:04:54.0459 6584 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
12:04:54.0472 6584 b57nd60a - ok
12:04:54.0512 6584 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
12:04:54.0524 6584 BDESVC - ok
12:04:54.0535 6584 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
12:04:54.0563 6584 Beep - ok
12:04:54.0609 6584 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
12:04:54.0681 6584 BFE - ok
12:04:54.0748 6584 BITCOMET_HELPER_SERVICE - ok
12:04:54.0791 6584 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
12:04:54.0847 6584 BITS - ok
12:04:54.0887 6584 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
12:04:54.0897 6584 blbdrive - ok
12:04:55.0054 6584 [ 94A6341079918DB7BF799EE897BD2563 ] Bluetooth Device Manager C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe
12:04:55.0127 6584 Bluetooth Device Manager - ok
12:04:55.0161 6584 [ 7E76BF0972822A9B63FD55A73DF3EED6 ] Bluetooth Media Service C:\Program Files\Motorola\Bluetooth\audiosrv.exe
12:04:55.0181 6584 Bluetooth Media Service - ok
12:04:55.0232 6584 [ F7D36E135BF9274BB3435F95E7FAD339 ] Bluetooth OBEX Service C:\Program Files\Motorola\Bluetooth\obexsrv.exe
12:04:55.0266 6584 Bluetooth OBEX Service - ok
12:04:55.0321 6584 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
12:04:55.0333 6584 Bonjour Service - ok
12:04:55.0366 6584 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
12:04:55.0376 6584 bowser - ok
12:04:55.0402 6584 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
12:04:55.0415 6584 BrFiltLo - ok
12:04:55.0428 6584 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
12:04:55.0440 6584 BrFiltUp - ok
12:04:55.0451 6584 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
12:04:55.0480 6584 BridgeMP - ok
12:04:55.0506 6584 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
12:04:55.0537 6584 Browser - ok
12:04:55.0543 6584 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
12:04:55.0555 6584 Brserid - ok
12:04:55.0570 6584 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
12:04:55.0582 6584 BrSerWdm - ok
12:04:55.0589 6584 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
12:04:55.0604 6584 BrUsbMdm - ok
12:04:55.0610 6584 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
12:04:55.0635 6584 BrUsbSer - ok
12:04:55.0681 6584 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
12:04:55.0697 6584 BthEnum - ok
12:04:55.0721 6584 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
12:04:55.0734 6584 BTHMODEM - ok
12:04:55.0759 6584 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
12:04:55.0772 6584 BthPan - ok
12:04:55.0792 6584 [ 64C198198501F7560EE41D8D1EFA7952 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
12:04:55.0806 6584 BTHPORT - ok
12:04:55.0837 6584 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
12:04:55.0866 6584 bthserv - ok
12:04:55.0896 6584 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
12:04:55.0907 6584 BTHUSB - ok
12:04:55.0950 6584 [ 6D3FF2B480F7AB8DA103CBC7FBEACD48 ] BTMCOM C:\Windows\system32\Drivers\btmcom.sys
12:04:55.0969 6584 BTMCOM - ok
12:04:56.0021 6584 [ 8AEF214DD4816AF9AFB5D425F7302DAE ] BTMNET C:\Windows\system32\DRIVERS\btmnet.sys
12:04:56.0030 6584 BTMNET - ok
12:04:56.0086 6584 [ B64CFABE65E241C784BB9F301795449B ] BTMUSB C:\Windows\system32\Drivers\btmusb.sys
12:04:56.0126 6584 BTMUSB - ok
12:04:56.0147 6584 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
12:04:56.0186 6584 cdfs - ok
12:04:56.0236 6584 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
12:04:56.0249 6584 cdrom - ok
12:04:56.0282 6584 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
12:04:56.0313 6584 CertPropSvc - ok
12:04:56.0345 6584 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
12:04:56.0357 6584 circlass - ok
12:04:56.0385 6584 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
12:04:56.0401 6584 CLFS - ok
12:04:56.0468 6584 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:04:56.0488 6584 clr_optimization_v2.0.50727_32 - ok
12:04:56.0576 6584 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:04:56.0585 6584 clr_optimization_v2.0.50727_64 - ok
12:04:56.0609 6584 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:04:56.0620 6584 clr_optimization_v4.0.30319_32 - ok
12:04:56.0634 6584 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:04:56.0642 6584 clr_optimization_v4.0.30319_64 - ok
12:04:56.0685 6584 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
12:04:56.0694 6584 CmBatt - ok
12:04:56.0705 6584 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
12:04:56.0714 6584 cmdide - ok
12:04:56.0749 6584 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
12:04:56.0770 6584 CNG - ok
12:04:56.0801 6584 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
12:04:56.0810 6584 Compbatt - ok
12:04:56.0838 6584 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
12:04:56.0853 6584 CompositeBus - ok
12:04:56.0866 6584 COMSysApp - ok
12:04:56.0883 6584 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
12:04:56.0894 6584 crcdisk - ok
12:04:56.0927 6584 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
12:04:56.0939 6584 CryptSvc - ok
12:04:56.0972 6584 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
12:04:56.0988 6584 CSC - ok
12:04:56.0998 6584 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
12:04:57.0017 6584 CscService - ok
12:04:57.0050 6584 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
12:04:57.0080 6584 DcomLaunch - ok
12:04:57.0130 6584 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
12:04:57.0163 6584 defragsvc - ok
12:04:57.0187 6584 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
12:04:57.0227 6584 DfsC - ok
12:04:57.0257 6584 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
12:04:57.0289 6584 Dhcp - ok
12:04:57.0303 6584 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
12:04:57.0331 6584 discache - ok
12:04:57.0358 6584 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
12:04:57.0368 6584 Disk - ok
12:04:57.0403 6584 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
12:04:57.0426 6584 dmvsc - ok
12:04:57.0475 6584 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
12:04:57.0498 6584 Dnscache - ok
12:04:57.0542 6584 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
12:04:57.0578 6584 dot3svc - ok
12:04:57.0675 6584 [ 0B9134A45E88DCF0657382F277242F62 ] DpHost C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
12:04:57.0715 6584 DpHost - ok
12:04:57.0721 6584 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
12:04:57.0757 6584 DPS - ok
12:04:57.0783 6584 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
12:04:57.0796 6584 drmkaud - ok
12:04:57.0826 6584 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
12:04:57.0851 6584 DXGKrnl - ok
12:04:57.0882 6584 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
12:04:57.0916 6584 EapHost - ok
12:04:58.0026 6584 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
12:04:58.0088 6584 ebdrv - ok
12:04:58.0125 6584 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
12:04:58.0145 6584 EFS - ok
12:04:58.0209 6584 [ D7D0CB012A2F80D05010237BDD642CD0 ] egnyteBackup C:\Program Files (x86)\Egnyte Backup\EgnyteBackupService.exe
12:04:58.0212 6584 egnyteBackup ( UnsignedFile.Multi.Generic ) - warning
12:04:58.0212 6584 egnyteBackup - detected UnsignedFile.Multi.Generic (1)
12:04:58.0273 6584 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
12:04:58.0309 6584 ehRecvr - ok
12:04:58.0324 6584 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
12:04:58.0336 6584 ehSched - ok
12:04:58.0376 6584 [ A05FC7ECA0966EBB70E4D17B855A853B ] ElbyCDIO C:\Windows\system32\Drivers\ElbyCDIO.sys
12:04:58.0406 6584 ElbyCDIO - ok
12:04:58.0453 6584 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
12:04:58.0472 6584 elxstor - ok
12:04:58.0482 6584 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
12:04:58.0498 6584 ErrDev - ok
12:04:58.0532 6584 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
12:04:58.0568 6584 EventSystem - ok
12:04:58.0598 6584 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
12:04:58.0628 6584 exfat - ok
12:04:58.0648 6584 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
12:04:58.0678 6584 fastfat - ok
12:04:58.0712 6584 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
12:04:58.0740 6584 Fax - ok
12:04:58.0744 6584 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
12:04:58.0757 6584 fdc - ok
12:04:58.0769 6584 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
12:04:58.0801 6584 fdPHost - ok
12:04:58.0805 6584 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
12:04:58.0834 6584 FDResPub - ok
12:04:58.0859 6584 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
12:04:58.0869 6584 FileInfo - ok
12:04:58.0882 6584 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
12:04:58.0910 6584 Filetrace - ok
12:04:58.0953 6584 [ 3D9B36631032FDE0FFEA0DC0260E4E35 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
12:04:58.0978 6584 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
12:04:58.0978 6584 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
12:04:59.0027 6584 [ 52C0312AB35EB7187015FB6A99136BB5 ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
12:04:59.0049 6584 FLEXnet Licensing Service 64 ( UnsignedFile.Multi.Generic ) - warning
12:04:59.0049 6584 FLEXnet Licensing Service 64 - detected UnsignedFile.Multi.Generic (1)
12:04:59.0087 6584 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
12:04:59.0100 6584 flpydisk - ok
12:04:59.0122 6584 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
12:04:59.0136 6584 FltMgr - ok
12:04:59.0194 6584 [ B4447F606BB19FD8AD0BAFB59B90F5D9 ] FontCache C:\Windows\system32\FntCache.dll
12:04:59.0235 6584 FontCache - ok
12:04:59.0278 6584 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:04:59.0303 6584 FontCache3.0.0.0 - ok
12:04:59.0327 6584 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
12:04:59.0341 6584 FsDepends - ok
12:04:59.0369 6584 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
12:04:59.0381 6584 Fs_Rec - ok
12:04:59.0412 6584 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
12:04:59.0427 6584 fvevol - ok
12:04:59.0444 6584 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
12:04:59.0453 6584 gagp30kx - ok
12:04:59.0504 6584 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:04:59.0511 6584 GEARAspiWDM - ok
12:04:59.0573 6584 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
12:04:59.0624 6584 gpsvc - ok
12:04:59.0660 6584 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
12:04:59.0685 6584 hcw85cir - ok
12:04:59.0731 6584 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:04:59.0747 6584 HdAudAddService - ok
12:04:59.0770 6584 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
12:04:59.0784 6584 HDAudBus - ok
12:04:59.0796 6584 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
12:04:59.0809 6584 HidBatt - ok
12:04:59.0813 6584 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
12:04:59.0827 6584 HidBth - ok
12:04:59.0843 6584 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
12:04:59.0856 6584 HidIr - ok
12:04:59.0878 6584 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
12:04:59.0907 6584 hidserv - ok
12:04:59.0959 6584 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
12:04:59.0981 6584 HidUsb - ok
12:05:00.0014 6584 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
12:05:00.0048 6584 hkmsvc - ok
12:05:00.0070 6584 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:05:00.0094 6584 HomeGroupListener - ok
12:05:00.0130 6584 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:05:00.0144 6584 HomeGroupProvider - ok
12:05:00.0212 6584 [ 7E8DE1568CE329DEEAB294C3F78DE54D ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
12:05:00.0239 6584 HPDrvMntSvc.exe - ok
12:05:00.0264 6584 [ A4BE23C451ADEB252CD17A0532CAE220 ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys
12:05:00.0277 6584 hpdskflt - ok
12:05:00.0338 6584 [ 7D10E0F2F603A3CE65F0B9750F7ABDB2 ] hpHotkeyMonitor C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe
12:05:00.0374 6584 hpHotkeyMonitor - ok
12:05:00.0412 6584 [ B98EE5D4535A685634B90F7E04DE0DF7 ] HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
12:05:00.0430 6584 HpqKbFiltr - ok
12:05:00.0551 6584 [ BEA91412B280171463864F682A1DB46E ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
12:05:00.0574 6584 hpqwmiex - ok
12:05:00.0590 6584 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
12:05:00.0599 6584 HpSAMD - ok
12:05:00.0628 6584 [ A88A45E82BC54BFFB49C63973010226A ] hpsrv C:\Windows\system32\Hpservice.exe
12:05:00.0637 6584 hpsrv - ok
12:05:00.0688 6584 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
12:05:00.0725 6584 HTTP - ok
12:05:00.0741 6584 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
12:05:00.0749 6584 hwpolicy - ok
12:05:00.0766 6584 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
12:05:00.0777 6584 i8042prt - ok
12:05:00.0840 6584 [ D469B77687E12FE43E344806740B624D ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
12:05:00.0872 6584 iaStor - ok
12:05:00.0912 6584 [ 117FF657E0D9BBD61B5C3E71E63D3919 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
12:05:00.0922 6584 IAStorDataMgrSvc - ok
12:05:00.0973 6584 [ 3DF4395A7CF8B7A72A5F4606366B8C2D ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
12:05:00.0989 6584 iaStorV - ok
12:05:01.0036 6584 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:05:01.0055 6584 idsvc - ok
12:05:01.0335 6584 [ 795C99DC4F574C97C03D0BB39CF099EE ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
12:05:01.0458 6584 igfx - ok
12:05:01.0474 6584 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
12:05:01.0482 6584 iirsp - ok
12:05:01.0520 6584 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
12:05:01.0558 6584 IKEEXT - ok
12:05:01.0623 6584 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
12:05:01.0650 6584 IntcDAud - ok
12:05:01.0665 6584 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
12:05:01.0674 6584 intelide - ok
12:05:01.0700 6584 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
12:05:01.0715 6584 intelppm - ok
12:05:01.0733 6584 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
12:05:01.0775 6584 IPBusEnum - ok
12:05:01.0791 6584 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:05:01.0819 6584 IpFilterDriver - ok
12:05:01.0862 6584 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
12:05:01.0952 6584 iphlpsvc - ok
12:05:01.0964 6584 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
12:05:01.0977 6584 IPMIDRV - ok
12:05:01.0981 6584 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
12:05:02.0010 6584 IPNAT - ok
12:05:02.0067 6584 [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
12:05:02.0087 6584 iPod Service - ok
12:05:02.0113 6584 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
12:05:02.0127 6584 IRENUM - ok
12:05:02.0141 6584 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
12:05:02.0150 6584 isapnp - ok
12:05:02.0172 6584 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
12:05:02.0183 6584 iScsiPrt - ok
12:05:02.0256 6584 [ 0B44199365A69696109AB9A5855E0841 ] JMCR C:\Windows\system32\DRIVERS\jmcr.sys
12:05:02.0274 6584 JMCR - ok
12:05:02.0305 6584 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
12:05:02.0314 6584 kbdclass - ok
12:05:02.0340 6584 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
12:05:02.0350 6584 kbdhid - ok
12:05:02.0359 6584 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
12:05:02.0368 6584 KeyIso - ok
12:05:02.0448 6584 [ E656FE10D6D27794AFA08136685A69E8 ] KL1 C:\Windows\system32\DRIVERS\kl1.sys
12:05:02.0464 6584 KL1 - ok
12:05:02.0480 6584 [ D865DD8B0448E3F963D68C04C532858F ] kl2 C:\Windows\system32\DRIVERS\kl2.sys
12:05:02.0488 6584 kl2 - ok
12:05:02.0614 6584 [ C7D4F357C482DD37E2B05F34093B7B0C ] KLIF C:\Windows\system32\DRIVERS\klif.sys
12:05:02.0631 6584 KLIF - ok
12:05:02.0822 6584 [ 89FB5A33D7171B6D84F5EB721D5055E1 ] KLIM6 C:\Windows\system32\DRIVERS\klim6.sys
12:05:02.0847 6584 KLIM6 - ok
12:05:02.0871 6584 [ 9468D07E91BA136D82415F5DFC1FE168 ] klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys
12:05:02.0882 6584 klmouflt - ok
12:05:02.0923 6584 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
12:05:02.0932 6584 KSecDD - ok
12:05:02.0976 6584 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
12:05:02.0988 6584 KSecPkg - ok
12:05:03.0061 6584 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
12:05:03.0161 6584 ksthunk - ok
12:05:03.0270 6584 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
12:05:03.0337 6584 KtmRm - ok
12:05:03.0478 6584 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
12:05:03.0511 6584 LanmanServer - ok
12:05:03.0598 6584 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:05:03.0644 6584 LanmanWorkstation - ok
12:05:03.0735 6584 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
12:05:03.0774 6584 lltdio - ok
12:05:03.0795 6584 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
12:05:03.0846 6584 lltdsvc - ok
12:05:03.0862 6584 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
12:05:03.0909 6584 lmhosts - ok
12:05:03.0966 6584 [ 97F9EAAC985A663394CD8F54DCD3E73A ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
12:05:03.0993 6584 LMS - ok
12:05:04.0067 6584 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
12:05:04.0077 6584 LSI_FC - ok
12:05:04.0082 6584 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
12:05:04.0093 6584 LSI_SAS - ok
12:05:04.0113 6584 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
12:05:04.0122 6584 LSI_SAS2 - ok
12:05:04.0138 6584 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
12:05:04.0159 6584 LSI_SCSI - ok
12:05:04.0193 6584 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
12:05:04.0236 6584 luafv - ok
12:05:04.0308 6584 [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
12:05:04.0324 6584 MBAMProtector - ok
12:05:04.0485 6584 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
12:05:04.0523 6584 MBAMService - ok
12:05:04.0560 6584 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
12:05:04.0572 6584 Mcx2Svc - ok
12:05:04.0596 6584 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
12:05:04.0606 6584 megasas - ok
12:05:04.0626 6584 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
12:05:04.0638 6584 MegaSR - ok
12:05:04.0670 6584 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
12:05:04.0678 6584 MEIx64 - ok
12:05:04.0709 6584 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
12:05:04.0738 6584 MMCSS - ok
12:05:04.0753 6584 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
12:05:04.0781 6584 Modem - ok
12:05:04.0811 6584 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
12:05:04.0834 6584 monitor - ok
12:05:04.0883 6584 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
12:05:04.0892 6584 mouclass - ok
12:05:04.0937 6584 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
12:05:04.0950 6584 mouhid - ok
12:05:04.0976 6584 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
12:05:04.0991 6584 mountmgr - ok
12:05:05.0035 6584 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
12:05:05.0044 6584 MozillaMaintenance - ok
12:05:05.0050 6584 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
12:05:05.0060 6584 mpio - ok
12:05:05.0089 6584 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
12:05:05.0123 6584 mpsdrv - ok
12:05:05.0173 6584 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
12:05:05.0240 6584 MpsSvc - ok
12:05:05.0255 6584 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
12:05:05.0282 6584 MRxDAV - ok
12:05:05.0339 6584 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
12:05:05.0359 6584 mrxsmb - ok
12:05:05.0419 6584 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:05:05.0432 6584 mrxsmb10 - ok
12:05:05.0443 6584 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:05:05.0455 6584 mrxsmb20 - ok
12:05:05.0485 6584 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
12:05:05.0499 6584 msahci - ok
12:05:05.0543 6584 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
12:05:05.0555 6584 msdsm - ok
12:05:05.0598 6584 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
12:05:05.0631 6584 MSDTC - ok
12:05:05.0647 6584 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
12:05:05.0689 6584 Msfs - ok
12:05:05.0707 6584 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
12:05:05.0748 6584 mshidkmdf - ok
12:05:05.0760 6584 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
12:05:05.0770 6584 msisadrv - ok
12:05:05.0800 6584 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
12:05:05.0846 6584 MSiSCSI - ok
12:05:05.0852 6584 msiserver - ok
12:05:05.0892 6584 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
12:05:05.0938 6584 MSKSSRV - ok
12:05:05.0958 6584 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
12:05:05.0994 6584 MSPCLOCK - ok
12:05:06.0007 6584 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
12:05:06.0041 6584 MSPQM - ok
12:05:06.0056 6584 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
12:05:06.0071 6584 MsRPC - ok
12:05:06.0090 6584 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
12:05:06.0099 6584 mssmbios - ok
12:05:06.0142 6584 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
12:05:06.0171 6584 MSTEE - ok
12:05:06.0185 6584 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
12:05:06.0202 6584 MTConfig - ok
12:05:06.0222 6584 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
12:05:06.0232 6584 Mup - ok
12:05:06.0266 6584 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
12:05:06.0309 6584 napagent - ok
12:05:06.0353 6584 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
12:05:06.0375 6584 NativeWifiP - ok
12:05:06.0422 6584 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
12:05:06.0447 6584 NDIS - ok
12:05:06.0474 6584 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
12:05:06.0518 6584 NdisCap - ok
12:05:06.0556 6584 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
12:05:06.0587 6584 NdisTapi - ok
12:05:06.0605 6584 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
12:05:06.0645 6584 Ndisuio - ok
12:05:06.0659 6584 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
12:05:06.0718 6584 NdisWan - ok
12:05:06.0732 6584 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
12:05:06.0774 6584 NDProxy - ok
12:05:06.0815 6584 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
12:05:06.0856 6584 NetBIOS - ok
12:05:06.0871 6584 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
12:05:06.0903 6584 NetBT - ok
12:05:06.0933 6584 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
12:05:06.0947 6584 Netlogon - ok
12:05:07.0161 6584 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
12:05:07.0209 6584 Netman - ok
12:05:07.0244 6584 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:05:07.0254 6584 NetMsmqActivator - ok
12:05:07.0259 6584 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:05:07.0272 6584 NetPipeActivator - ok
12:05:07.0283 6584 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
12:05:07.0332 6584 netprofm - ok
12:05:07.0338 6584 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:05:07.0351 6584 NetTcpActivator - ok
12:05:07.0359 6584 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:05:07.0372 6584 NetTcpPortSharing - ok
12:05:07.0400 6584 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
12:05:07.0417 6584 nfrd960 - ok
12:05:07.0461 6584 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
12:05:07.0512 6584 NlaSvc - ok
12:05:07.0532 6584 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
12:05:07.0563 6584 Npfs - ok
12:05:07.0580 6584 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
12:05:07.0632 6584 nsi - ok
12:05:07.0659 6584 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
12:05:07.0722 6584 nsiproxy - ok
12:05:07.0780 6584 [ 05D78AA5CB5F3F5C31160BDB955D0B7C ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
12:05:07.0811 6584 Ntfs - ok
12:05:07.0854 6584 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
12:05:07.0886 6584 Null - ok
12:05:07.0923 6584 [ 158AD24745BD85BA9BE3C51C38F48C32 ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
12:05:07.0935 6584 nusb3hub - ok
12:05:08.0064 6584 [ D40A13B2C0891E218F9523B376955DB6 ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
12:05:08.0097 6584 nusb3xhc - ok
12:05:08.0123 6584 [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48 ] nvraid C:\Windows\system32\drivers\nvraid.sys
12:05:08.0134 6584 nvraid - ok
12:05:08.0139 6584 [ F7CD50FE7139F07E77DA8AC8033D1832 ] nvstor C:\Windows\system32\drivers\nvstor.sys
12:05:08.0153 6584 nvstor - ok
12:05:08.0184 6584 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
12:05:08.0194 6584 nv_agp - ok
12:05:08.0289 6584 [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:05:08.0304 6584 odserv - ok
12:05:08.0334 6584 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
12:05:08.0368 6584 ohci1394 - ok
12:05:08.0430 6584 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:05:08.0441 6584 ose - ok
12:05:08.0470 6584 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
12:05:08.0520 6584 p2pimsvc - ok
12:05:08.0540 6584 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
12:05:08.0559 6584 p2psvc - ok
12:05:08.0584 6584 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
12:05:08.0598 6584 Parport - ok
12:05:08.0625 6584 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
12:05:08.0640 6584 partmgr - ok
12:05:08.0697 6584 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
12:05:08.0777 6584 PcaSvc - ok
12:05:08.0946 6584 [ 3FDE033DFB0D07F8B7D5C9A3044AA121 ] pccsmcfd C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
12:05:08.0999 6584 pccsmcfd - ok
12:05:09.0053 6584 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
12:05:09.0073 6584 pci - ok
12:05:09.0087 6584 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
12:05:09.0095 6584 pciide - ok
12:05:09.0112 6584 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
12:05:09.0123 6584 pcmcia - ok
12:05:09.0135 6584 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
12:05:09.0145 6584 pcw - ok
12:05:09.0249 6584 [ FB4F06392C2B4C6428779D3C0A08FC00 ] pdfFactory4 C:\Windows\system32\spool\DRIVERS\x64\3\fppdis4.exe
12:05:09.0276 6584 pdfFactory4 - ok
12:05:09.0287 6584 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
12:05:09.0369 6584 PEAUTH - ok
12:05:09.0468 6584 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
12:05:09.0520 6584 PeerDistSvc - ok
12:05:09.0570 6584 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
12:05:09.0591 6584 PerfHost - ok
12:05:09.0674 6584 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
12:05:09.0721 6584 pla - ok
12:05:09.0764 6584 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
12:05:09.0803 6584 PlugPlay - ok
12:05:09.0818 6584 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
12:05:09.0842 6584 PNRPAutoReg - ok
12:05:09.0861 6584 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
12:05:09.0875 6584 PNRPsvc - ok
12:05:09.0915 6584 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
12:05:09.0967 6584 PolicyAgent - ok
12:05:09.0992 6584 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
12:05:10.0030 6584 Power - ok
12:05:10.0066 6584 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
12:05:10.0108 6584 PptpMiniport - ok
12:05:10.0136 6584 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
12:05:10.0156 6584 Processor - ok
12:05:10.0199 6584 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc C:\Windows\system32\profsvc.dll
12:05:10.0242 6584 ProfSvc - ok
12:05:10.0258 6584 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
12:05:10.0273 6584 ProtectedStorage - ok
12:05:10.0301 6584 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
12:05:10.0330 6584 Psched - ok
12:05:10.0428 6584 [ 291E76C02C0994E4E6F1F97A4BCF6C0E ] QBCFMonitorService C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
12:05:10.0453 6584 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - warning
12:05:10.0453 6584 QBCFMonitorService - detected UnsignedFile.Multi.Generic (1)
12:05:10.0494 6584 [ 6BEE1814470DC12FA20C53DFC3C97EBB ] QBFCService C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
12:05:10.0520 6584 QBFCService ( UnsignedFile.Multi.Generic ) - warning
12:05:10.0520 6584 QBFCService - detected UnsignedFile.Multi.Generic (1)
12:05:10.0612 6584 [ 556EF21A96D296357D7BA075095E0A0A ] QBVSS C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
12:05:10.0641 6584 QBVSS ( UnsignedFile.Multi.Generic ) - warning
12:05:10.0641 6584 QBVSS - detected UnsignedFile.Multi.Generic (1)
12:05:10.0725 6584 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
12:05:10.0770 6584 ql2300 - ok
12:05:10.0787 6584 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
12:05:10.0797 6584 ql40xx - ok
12:05:10.0831 6584 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
12:05:10.0850 6584 QWAVE - ok
12:05:10.0859 6584 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
12:05:10.0894 6584 QWAVEdrv - ok
12:05:10.0910 6584 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
12:05:10.0953 6584 RasAcd - ok
12:05:11.0006 6584 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
12:05:11.0088 6584 RasAgileVpn - ok
12:05:11.0133 6584 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
12:05:11.0253 6584 RasAuto - ok
12:05:11.0304 6584 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
12:05:11.0347 6584 Rasl2tp - ok
12:05:11.0408 6584 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
12:05:11.0464 6584 RasMan - ok
12:05:11.0480 6584 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
12:05:11.0517 6584 RasPppoe - ok
12:05:11.0619 6584 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
12:05:11.0686 6584 RasSstp - ok
12:05:11.0766 6584 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
12:05:11.0902 6584 rdbss - ok
12:05:11.0922 6584 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
12:05:11.0944 6584 rdpbus - ok
12:05:11.0956 6584 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
12:05:11.0994 6584 RDPCDD - ok
12:05:12.0020 6584 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
12:05:12.0072 6584 RDPDR - ok
12:05:12.0093 6584 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
12:05:12.0140 6584 RDPENCDD - ok
12:05:12.0150 6584 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
12:05:12.0180 6584 RDPREFMP - ok
12:05:12.0225 6584 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
12:05:12.0271 6584 RdpVideoMiniport - ok
12:05:12.0301 6584 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
12:05:12.0325 6584 RDPWD - ok
12:05:12.0339 6584 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
12:05:12.0352 6584 rdyboost - ok
12:05:12.0385 6584 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
12:05:12.0428 6584 RemoteAccess - ok
12:05:12.0456 6584 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
12:05:12.0496 6584 RemoteRegistry - ok
12:05:12.0521 6584 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
12:05:12.0552 6584 RFCOMM - ok
12:05:12.0568 6584 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
12:05:12.0608 6584 RpcEptMapper - ok
12:05:12.0635 6584 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
12:05:12.0645 6584 RpcLocator - ok
12:05:12.0674 6584 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\System32\rpcss.dll
12:05:12.0708 6584 RpcSs - ok
12:05:12.0738 6584 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
12:05:12.0776 6584 rspndr - ok
12:05:12.0810 6584 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
12:05:12.0825 6584 RTL8167 - ok
12:05:12.0879 6584 [ F33E70E48A54A7A1BFBEEB4F3B273E4A ] RTL8192Ce C:\Windows\system32\DRIVERS\rtl8192Ce.sys
12:05:12.0904 6584 RTL8192Ce - ok
12:05:12.0929 6584 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
12:05:12.0948 6584 s3cap - ok
12:05:12.0967 6584 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
12:05:12.0977 6584 SamSs - ok
12:05:12.0990 6584 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
12:05:13.0000 6584 sbp2port - ok
12:05:13.0051 6584 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
12:05:13.0110 6584 SCardSvr - ok
12:05:13.0133 6584 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
12:05:13.0176 6584 scfilter - ok
12:05:13.0215 6584 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
12:05:13.0257 6584 Schedule - ok
12:05:13.0283 6584 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
12:05:13.0310 6584 SCPolicySvc - ok
12:05:13.0358 6584 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
12:05:13.0403 6584 sdbus - ok
12:05:13.0425 6584 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
12:05:13.0455 6584 SDRSVC - ok
12:05:13.0495 6584 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
12:05:13.0530 6584 secdrv - ok
12:05:13.0548 6584 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
12:05:13.0576 6584 seclogon - ok
12:05:13.0598 6584 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
12:05:13.0649 6584 SENS - ok
12:05:13.0657 6584 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
12:05:13.0684 6584 SensrSvc - ok
12:05:13.0715 6584 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
12:05:13.0735 6584 Serenum - ok
12:05:13.0774 6584 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
12:05:13.0800 6584 Serial - ok
12:05:13.0819 6584 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
12:05:13.0829 6584 sermouse - ok
12:05:13.0909 6584 [ C3BB6CF8F9EE199005A2AAE2815AD756 ] ServiceLayer C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
12:05:13.0926 6584 ServiceLayer - ok
12:05:13.0949 6584 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
12:05:14.0008 6584 SessionEnv - ok
12:05:14.0025 6584 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
12:05:14.0042 6584 sffdisk - ok
12:05:14.0054 6584 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
12:05:14.0080 6584 sffp_mmc - ok
12:05:14.0083 6584 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
12:05:14.0106 6584 sffp_sd - ok
12:05:14.0112 6584 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
12:05:14.0131 6584 sfloppy - ok
12:05:14.0173 6584 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
12:05:14.0210 6584 SharedAccess - ok
12:05:14.0247 6584 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:05:14.0329 6584 ShellHWDetection - ok
12:05:14.0348 6584 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
12:05:14.0357 6584 SiSRaid2 - ok
12:05:14.0373 6584 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
12:05:14.0383 6584 SiSRaid4 - ok
12:05:14.0398 6584 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
12:05:14.0445 6584 Smb - ok
12:05:14.0465 6584 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
12:05:14.0490 6584 SNMPTRAP - ok
12:05:14.0511 6584 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
12:05:14.0520 6584 spldr - ok
12:05:14.0554 6584 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
12:05:14.0588 6584 Spooler - ok
12:05:14.0701 6584 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
12:05:14.0778 6584 sppsvc - ok
12:05:14.0797 6584 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
12:05:14.0836 6584 sppuinotify - ok
12:05:14.0936 6584 [ 201DD8F0F943584A857DA0AE93ADF2DD ] SPUVCbv C:\Windows\system32\Drivers\SPUVCbv_x64.sys
12:05:14.0994 6584 SPUVCbv - ok
12:05:15.0044 6584 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
12:05:15.0072 6584 srv - ok
12:05:15.0090 6584 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
12:05:15.0114 6584 srv2 - ok
12:05:15.0129 6584 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
12:05:15.0161 6584 srvnet - ok
12:05:15.0190 6584 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
12:05:15.0234 6584 SSDPSRV - ok
12:05:15.0238 6584 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
12:05:15.0269 6584 SstpSvc - ok
12:05:15.0365 6584 [ 0CDEA5ACBB69C45F642E96D81E906CCD ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe
12:05:15.0391 6584 STacSV - ok
12:05:15.0420 6584 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
12:05:15.0428 6584 stexstor - ok
12:05:15.0447 6584 [ 5C8D6072D1D09F11789C6A014688048A ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
12:05:15.0476 6584 STHDA - ok
12:05:15.0514 6584 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
12:05:15.0538 6584 stisvc - ok
12:05:15.0565 6584 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
12:05:15.0574 6584 storflt - ok
12:05:15.0597 6584 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
12:05:15.0606 6584 storvsc - ok
12:05:15.0628 6584 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
12:05:15.0640 6584 swenum - ok
12:05:15.0703 6584 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
12:05:15.0749 6584 swprv - ok
12:05:15.0771 6584 [ C3A39C4079305480972D29C44B868C78 ] Synth3dVsc C:\Windows\system32\drivers\synth3dvsc.sys
12:05:15.0782 6584 Synth3dVsc - ok
12:05:15.0885 6584 [ F5B46DF59FEAA48A442AED7EEB754D4B ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
12:05:15.0925 6584 SynTP - ok
12:05:15.0989 6584 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
12:05:16.0033 6584 SysMain - ok
12:05:16.0114 6584 [ 62D66F053FEB1DFA876E7833A89A6DC5 ] SystemExplorerHelpService C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe
12:05:16.0135 6584 SystemExplorerHelpService - ok
12:05:16.0149 6584 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:05:16.0167 6584 TabletInputService - ok
12:05:16.0186 6584 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
12:05:16.0238 6584 TapiSrv - ok
12:05:16.0267 6584 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
12:05:16.0302 6584 TBS - ok
12:05:16.0372 6584 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
12:05:16.0410 6584 Tcpip - ok
12:05:16.0442 6584 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
12:05:16.0473 6584 TCPIP6 - ok
12:05:16.0502 6584 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
12:05:16.0538 6584 tcpipreg - ok
12:05:16.0553 6584 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
12:05:16.0590 6584 TDPIPE - ok
12:05:16.0623 6584 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
12:05:16.0653 6584 TDTCP - ok
12:05:16.0679 6584 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
12:05:16.0711 6584 tdx - ok
12:05:16.0825 6584 [ B357451A6958E2B7B506FB1D08271BE6 ] TeamViewer6 C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
12:05:16.0870 6584 TeamViewer6 - ok
12:05:16.0883 6584 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
12:05:16.0893 6584 TermDD - ok
12:05:16.0922 6584 [ 2B5BDFF688EC9871D7EC5837833374E9 ] terminpt C:\Windows\system32\drivers\terminpt.sys
12:05:16.0952 6584 terminpt - ok
12:05:16.0983 6584 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
12:05:17.0024 6584 TermService - ok
12:05:17.0034 6584 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
12:05:17.0049 6584 Themes - ok
12:05:17.0068 6584 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
12:05:17.0101 6584 THREADORDER - ok
12:05:17.0120 6584 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
12:05:17.0162 6584 TrkWks - ok
12:05:17.0203 6584 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:05:17.0247 6584 TrustedInstaller - ok
12:05:17.0273 6584 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
12:05:17.0308 6584 tssecsrv - ok
12:05:17.0342 6584 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
12:05:17.0368 6584 TsUsbFlt - ok
12:05:17.0384 6584 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
12:05:17.0397 6584 TsUsbGD - ok
12:05:17.0428 6584 [ E1748D04AE40118B62BC18AC86032192 ] tsusbhub C:\Windows\system32\drivers\tsusbhub.sys
12:05:17.0449 6584 tsusbhub - ok
12:05:17.0487 6584 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
12:05:17.0524 6584 tunnel - ok
12:05:17.0531 6584 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
12:05:17.0542 6584 uagp35 - ok
12:05:17.0629 6584 [ D5994AB5C2B2D72D6320A7004D52617C ] uArcCapture C:\Windows\SysWow64\ArcVCapRender\uArcCapture.exe
12:05:17.0643 6584 uArcCapture - ok
12:05:17.0682 6584 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
12:05:17.0727 6584 udfs - ok
12:05:17.0758 6584 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
12:05:17.0770 6584 UI0Detect - ok
12:05:17.0812 6584 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
12:05:17.0839 6584 uliagpkx - ok
12:05:17.0878 6584 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
12:05:17.0898 6584 umbus - ok
12:05:17.0901 6584 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
12:05:17.0923 6584 UmPass - ok
12:05:17.0949 6584 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
12:05:17.0976 6584 UmRdpService - ok
12:05:18.0297 6584 [ A69CD6BDB82872999D2E46F9324ADA83 ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
12:05:18.0336 6584 UNS - ok
12:05:18.0419 6584 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
12:05:18.0509 6584 upnphost - ok
12:05:18.0534 6584 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
12:05:18.0566 6584 USBAAPL64 - ok
12:05:18.0605 6584 [ 481DFF26B4DCA8F4CBAC1F7DCE1D6829 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
12:05:18.0615 6584 usbccgp - ok
12:05:18.0642 6584 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
12:05:18.0656 6584 usbcir - ok
12:05:18.0671 6584 [ 74EE782B1D9C241EFE425565854C661C ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
12:05:18.0682 6584 usbehci - ok
12:05:18.0727 6584 [ DC96BD9CCB8403251BCF25047573558E ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
12:05:18.0753 6584 usbhub - ok
12:05:18.0771 6584 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\drivers\usbohci.sys
12:05:18.0783 6584 usbohci - ok
12:05:18.0788 6584 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
12:05:18.0817 6584 usbprint - ok
12:05:18.0880 6584 [ 4ACEE387FA8FD39F83564FCD2FC234F2 ] usbser C:\Windows\system32\drivers\usbser.sys
12:05:18.0919 6584 usbser - ok
12:05:18.0951 6584 [ D76510CFA0FC09023077F22C2F979D86 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:05:18.0979 6584 USBSTOR - ok
12:05:18.0997 6584 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
12:05:19.0017 6584 usbuhci - ok
12:05:19.0072 6584 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
12:05:19.0104 6584 usbvideo - ok
12:05:19.0136 6584 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
12:05:19.0193 6584 UxSms - ok
12:05:19.0209 6584 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
12:05:19.0220 6584 VaultSvc - ok
12:05:19.0255 6584 [ FD911873C0BB6945FA38C16E9A2B58F9 ] VClone C:\Windows\system32\DRIVERS\VClone.sys
12:05:19.0264 6584 VClone - ok
12:05:19.0352 6584 [ 832EFBAC3205B1468E537476BA1EBD52 ] vcsFPService C:\Windows\system32\vcsFPService.exe
12:05:19.0412 6584 vcsFPService - ok
12:05:19.0433 6584 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
12:05:19.0443 6584 vdrvroot - ok
12:05:19.0484 6584 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
12:05:19.0530 6584 vds - ok
12:05:19.0541 6584 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
12:05:19.0553 6584 vga - ok
12:05:19.0566 6584 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
12:05:19.0604 6584 VgaSave - ok
12:05:19.0608 6584 VGPU - ok
12:05:19.0615 6584 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
12:05:19.0626 6584 vhdmp - ok
12:05:19.0666 6584 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
12:05:19.0675 6584 viaide - ok
12:05:19.0699 6584 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
12:05:19.0710 6584 vmbus - ok
12:05:19.0721 6584 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
12:05:19.0740 6584 VMBusHID - ok
12:05:19.0753 6584 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
12:05:19.0764 6584 volmgr - ok
12:05:19.0778 6584 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
12:05:19.0796 6584 volmgrx - ok
12:05:19.0802 6584 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
12:05:19.0816 6584 volsnap - ok
12:05:19.0820 6584 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
12:05:19.0831 6584 vsmraid - ok
12:05:19.0944 6584 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
12:05:20.0015 6584 VSS - ok
12:05:20.0035 6584 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
12:05:20.0057 6584 vwifibus - ok
12:05:20.0081 6584 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
12:05:20.0096 6584 vwififlt - ok
12:05:20.0120 6584 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
12:05:20.0137 6584 vwifimp - ok
12:05:20.0177 6584 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
12:05:20.0210 6584 W32Time - ok
12:05:20.0224 6584 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
12:05:20.0260 6584 WacomPen - ok
12:05:20.0293 6584 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
12:05:20.0331 6584 WANARP - ok
12:05:20.0334 6584 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
12:05:20.0363 6584 Wanarpv6 - ok
12:05:20.0428 6584 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
12:05:20.0451 6584 WatAdminSvc - ok
12:05:20.0490 6584 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
12:05:20.0524 6584 wbengine - ok
12:05:20.0551 6584 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
12:05:20.0569 6584 WbioSrvc - ok
12:05:20.0593 6584 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
12:05:20.0622 6584 wcncsvc - ok
12:05:20.0646 6584 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:05:20.0659 6584 WcsPlugInService - ok
12:05:20.0690 6584 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
12:05:20.0700 6584 Wd - ok
12:05:20.0751 6584 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
12:05:20.0767 6584 Wdf01000 - ok
12:05:20.0783 6584 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
12:05:20.0799 6584 WdiServiceHost - ok
12:05:20.0802 6584 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
12:05:20.0818 6584 WdiSystemHost - ok
12:05:20.0832 6584 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
12:05:20.0861 6584 WebClient - ok
12:05:20.0887 6584 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
12:05:20.0920 6584 Wecsvc - ok
12:05:20.0938 6584 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
12:05:20.0969 6584 wercplsupport - ok
12:05:20.0981 6584 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
12:05:21.0040 6584 WerSvc - ok
12:05:21.0066 6584 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
12:05:21.0094 6584 WfpLwf - ok
12:05:21.0109 6584 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
12:05:21.0117 6584 WIMMount - ok
12:05:21.0129 6584 WinDefend - ok
12:05:21.0135 6584 WinHttpAutoProxySvc - ok
12:05:21.0178 6584 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
12:05:21.0264 6584 Winmgmt - ok
12:05:21.0321 6584 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
12:05:21.0389 6584 WinRM - ok
12:05:21.0436 6584 [ FE88B288356E7B47B74B13372ADD906D ] WinUSB C:\Windows\system32\DRIVERS\WinUSB.sys
12:05:21.0461 6584 WinUSB - ok
12:05:21.0511 6584 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
12:05:21.0548 6584 Wlansvc - ok
12:05:21.0558 6584 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
12:05:21.0570 6584 WmiAcpi - ok
12:05:21.0604 6584 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
12:05:21.0635 6584 wmiApSrv - ok
12:05:21.0653 6584 WMPNetworkSvc - ok
12:05:21.0665 6584 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
12:05:21.0683 6584 WPCSvc - ok
12:05:21.0703 6584 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
12:05:21.0718 6584 WPDBusEnum - ok
12:05:21.0741 6584 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
12:05:21.0769 6584 ws2ifsl - ok
12:05:21.0812 6584 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
12:05:21.0849 6584 wscsvc - ok
12:05:21.0853 6584 WSearch - ok
12:05:21.0975 6584 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
12:05:22.0017 6584 wuauserv - ok
12:05:22.0038 6584 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
12:05:22.0066 6584 WudfPf - ok
12:05:22.0091 6584 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
12:05:22.0131 6584 WUDFRd - ok
12:05:22.0149 6584 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
12:05:22.0177 6584 wudfsvc - ok
12:05:22.0198 6584 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
12:05:22.0215 6584 WwanSvc - ok
12:05:22.0265 6584 ================ Scan global ===============================
12:05:22.0291 6584 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
12:05:22.0339 6584 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
12:05:22.0345 6584 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
12:05:22.0373 6584 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
12:05:22.0398 6584 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
12:05:22.0402 6584 [Global] - ok
12:05:22.0402 6584 ================ Scan MBR ==================================
12:05:22.0411 6584 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
12:05:23.0032 6584 \Device\Harddisk0\DR0 - ok
12:05:23.0033 6584 ================ Scan VBR ==================================
12:05:23.0036 6584 [ B7440009B9AB596630E2EAEFB5AD0AEC ] \Device\Harddisk0\DR0\Partition1
12:05:23.0039 6584 \Device\Harddisk0\DR0\Partition1 - ok
12:05:23.0043 6584 [ 0830C7045069DCC4EBB605D35C5C291B ] \Device\Harddisk0\DR0\Partition2
12:05:23.0045 6584 \Device\Harddisk0\DR0\Partition2 - ok
12:05:23.0046 6584 ============================================================
12:05:23.0046 6584 Scan finished
12:05:23.0046 6584 ============================================================
12:05:23.0057 7132 Detected object count: 7
12:05:23.0057 7132 Actual detected object count: 7
12:05:25.0338 7132 Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user
12:05:25.0338 7132 Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:05:25.0339 7132 egnyteBackup ( UnsignedFile.Multi.Generic ) - skipped by user
12:05:25.0339 7132 egnyteBackup ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:05:25.0341 7132 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
12:05:25.0341 7132 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:05:25.0343 7132 FLEXnet Licensing Service 64 ( UnsignedFile.Multi.Generic ) - skipped by user
12:05:25.0343 7132 FLEXnet Licensing Service 64 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:05:25.0344 7132 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - skipped by user
12:05:25.0344 7132 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:05:25.0346 7132 QBFCService ( UnsignedFile.Multi.Generic ) - skipped by user
12:05:25.0346 7132 QBFCService ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:05:25.0347 7132 QBVSS ( UnsignedFile.Multi.Generic ) - skipped by user
12:05:25.0347 7132 QBVSS ( UnsignedFile.Multi.Generic ) - User select action: Skip



and following is my aswMBR log:


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-28 11:40:45
-----------------------------
11:40:45.949 OS Version: Windows x64 6.1.7601 Service Pack 1
11:40:45.949 Number of processors: 4 586 0x2A07
11:40:45.950 ComputerName: IMAN-PC UserName:
11:40:48.272 Initialize success
11:41:12.281 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
11:41:12.286 Disk 0 Vendor: TOSHIBA_ MH00 Size: 476940MB BusType: 3
11:41:12.305 Disk 0 MBR read successfully
11:41:12.311 Disk 0 MBR scan
11:41:12.317 Disk 0 Windows 7 default MBR code
11:41:12.323 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 117738 MB offset 63
11:41:12.329 Disk 0 Partition - 00 0F Extended LBA 348943 MB offset 262132605
11:41:12.354 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 348943 MB offset 262132668
11:41:12.380 Disk 0 scanning C:\Windows\system32\drivers
11:41:24.829 Service scanning
11:41:35.135 Service KL1 C:\Windows\system32\DRIVERS\kl1.sys **LOCKED** 5
11:41:35.158 Service kl2 C:\Windows\system32\DRIVERS\kl2.sys **LOCKED** 5
11:41:35.259 Service KLIM6 C:\Windows\system32\DRIVERS\klim6.sys **LOCKED** 5
11:41:35.322 Service klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys **LOCKED** 5
11:41:45.385 Modules scanning
11:41:45.397 Disk 0 trace - called modules:
11:41:45.414 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ACPI.sys iaStor.sys hal.dll
11:41:45.418 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80066d1060]
11:41:45.421 3 CLASSPNP.SYS[fffff8800205143f] -> nt!IofCallDriver -> [0xfffffa8004ca39e0]
11:41:45.425 5 hpdskflt.sys[fffff880023d8361] -> nt!IofCallDriver -> [0xfffffa8003c41c30]
11:41:45.428 7 ACPI.sys[fffff88000d537a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800477d050]
11:41:45.431 Scan finished successfully
11:41:57.732 Disk 0 MBR has been saved successfully to "C:\Users\Administrator\Desktop\MBR.dat"
11:41:57.737 The log file has been saved successfully to "C:\Users\Administrator\Desktop\aswMBR.txt"

Cheers

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:01 PM

Posted 28 September 2012 - 03:19 PM

Hello

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Zer0_C00l

Zer0_C00l
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:01 PM

Posted 28 September 2012 - 05:11 PM

This is my comboFix report :


ComboFix 12-09-27.03 - Administrator 09/28/2012 14:58:37.3.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1256.981.1033.18.4030.2640 [GMT -7:00]
Running from: c:\users\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\users\Administrator\Desktop\CFScript.txt
AV: Kaspersky Internet Security *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-08-28 to 2012-09-28 )))))))))))))))))))))))))))))))
.
.
2012-09-28 22:03 . 2012-09-28 22:03 -------- d-----w- c:\users\Iman\AppData\Local\temp
2012-09-28 22:03 . 2012-09-28 22:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-27 07:14 . 2012-09-27 07:14 -------- d-----w- c:\users\Administrator\AppData\Local\Babylon
2012-09-27 07:14 . 2012-09-27 07:14 -------- d-----w- c:\users\Administrator\AppData\Roaming\Babylon
2012-09-27 07:14 . 2012-09-27 07:14 -------- d-----w- c:\programdata\Babylon
2012-09-26 18:40 . 2009-03-17 19:58 145920 ----a-w- c:\program files (x86)\Mozilla Firefox\BabyFox.dll
2012-09-26 18:40 . 2012-09-26 18:40 -------- d-----w- c:\program files (x86)\Babylon4
2012-09-24 17:22 . 2012-09-24 17:22 -------- d-----w- c:\program files (x86)\Babylon2
2012-09-23 22:32 . 2012-09-08 00:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-23 22:24 . 2012-09-23 22:24 -------- d-----w- C:\TDSSKiller_Quarantine
2012-09-23 21:39 . 2012-09-23 21:39 -------- d-----w- c:\program files (x86)\TCPEye
2012-09-23 18:32 . 2012-09-23 18:34 -------- d-----w- c:\program files\FrontDoorSoftware
2012-09-18 20:20 . 2012-09-18 20:20 -------- d-----w- c:\program files (x86)\Zone Labs
2012-09-18 20:20 . 2012-09-18 20:20 -------- d-----w- c:\windows\Internet Logs
2012-09-18 19:42 . 2012-09-28 17:48 -------- d-----w- c:\users\Administrator\AppData\Roaming\BitComet
2012-09-18 19:42 . 2012-09-18 19:42 -------- d-----w- c:\program files\BitComet
2012-09-18 19:24 . 2012-09-18 19:24 -------- d-----w- c:\users\Administrator\AppData\Local\DDMSettings
2012-09-18 19:22 . 2012-09-18 19:22 -------- d-----w- c:\program files (x86)\Common Files\DivX Shared
2012-09-18 18:13 . 2012-09-23 19:08 -------- dc-h--w- c:\programdata\{90FF8911-FC06-4E49-8959-C3CF1CA226BB}
2012-09-18 18:12 . 2012-09-18 18:12 -------- d-----w- c:\program files (x86)\Lavasoft
2012-09-18 08:27 . 2012-09-18 08:27 -------- d-----w- c:\users\Administrator\AppData\Local\Sunbelt Software
2012-09-18 08:26 . 2012-09-23 19:06 -------- d-----w- c:\programdata\Lavasoft
2012-09-13 19:15 . 2012-09-13 19:15 -------- d-----w- c:\users\Administrator\AppData\Local\Macromedia
2012-09-13 19:13 . 2012-09-13 19:13 -------- d-----w- c:\windows\Sun
2012-09-13 19:12 . 2012-09-13 19:11 916456 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-13 19:12 . 2012-09-13 19:11 289768 ----a-w- c:\windows\system32\javaws.exe
2012-09-13 19:12 . 2012-09-13 19:11 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-13 19:12 . 2012-09-13 19:11 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2012-09-13 19:12 . 2012-09-13 19:11 189416 ----a-w- c:\windows\system32\javaw.exe
2012-09-13 19:12 . 2012-09-13 19:11 188904 ----a-w- c:\windows\system32\java.exe
2012-09-13 19:11 . 2012-09-26 18:05 -------- d-----w- c:\program files\Java
2012-09-13 00:47 . 2012-09-13 00:47 -------- d-----w- c:\users\Administrator\AppData\Roaming\Malwarebytes
2012-09-13 00:45 . 2012-09-13 00:45 -------- d-----w- c:\programdata\Malwarebytes
2012-09-13 00:45 . 2012-09-23 22:32 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-09-08 06:49 . 2012-09-08 06:49 -------- d-----w- c:\program files (x86)\Microsoft Works
2012-09-08 06:48 . 2012-09-08 06:48 -------- d-----w- c:\windows\PCHEALTH
2012-09-08 06:46 . 2012-09-08 06:46 -------- d-----w- c:\program files\Microsoft Office
2012-09-08 06:44 . 2012-09-08 06:44 -------- d-----r- C:\MSOCache
2012-09-07 20:46 . 2012-09-07 20:46 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{30EF6B9E-7045-4FF6-B694-BAA4C42BCCEC}\offreg.dll
2012-09-07 17:26 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{30EF6B9E-7045-4FF6-B694-BAA4C42BCCEC}\mpengine.dll
2012-09-03 19:19 . 2012-09-11 06:26 -------- d-----w- c:\users\Administrator\AppData\Local\ElevatedDiagnostics
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-13 05:23 . 2012-07-19 07:33 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-13 05:23 . 2012-07-19 07:33 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-25 21:22 . 2012-07-20 17:22 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-07-20 17:30 . 2012-07-20 17:30 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-07-20 17:30 . 2012-07-20 17:30 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-07-20 17:30 . 2012-07-20 17:30 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-07-20 17:30 . 2012-07-20 17:30 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-07-20 17:30 . 2012-07-20 17:30 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-07-20 17:30 . 2012-07-20 17:30 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-07-20 17:30 . 2012-07-20 17:30 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-07-20 17:30 . 2012-07-20 17:30 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-07-20 17:30 . 2012-07-20 17:30 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-07-20 17:30 . 2012-07-20 17:30 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-07-20 17:30 . 2012-07-20 17:30 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-07-20 17:30 . 2012-07-20 17:30 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-07-20 17:30 . 2012-07-20 17:30 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-07-20 17:30 . 2012-07-20 17:30 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-07-20 17:30 . 2012-07-20 17:30 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-07-20 17:30 . 2012-07-20 17:30 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-07-20 17:30 . 2012-07-20 17:30 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-07-20 17:30 . 2012-07-20 17:30 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-07-20 17:30 . 2012-07-20 17:30 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-07-20 17:30 . 2012-07-20 17:30 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-07-20 17:30 . 2012-07-20 17:30 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-07-20 17:30 . 2012-07-20 17:30 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-07-20 17:30 . 2012-07-20 17:30 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-07-20 17:30 . 2012-07-20 17:30 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-07-20 17:30 . 2012-07-20 17:30 89088 ----a-w- c:\windows\system32\ie4uinit.exe
2012-07-20 17:30 . 2012-07-20 17:30 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-07-20 17:30 . 2012-07-20 17:30 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-07-20 17:30 . 2012-07-20 17:30 82432 ----a-w- c:\windows\system32\icardie.dll
2012-07-20 17:30 . 2012-07-20 17:30 818688 ----a-w- c:\windows\system32\jscript.dll
2012-07-20 17:30 . 2012-07-20 17:30 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-07-20 17:30 . 2012-07-20 17:30 65024 ----a-w- c:\windows\system32\pngfilt.dll
2012-07-20 17:30 . 2012-07-20 17:30 55296 ----a-w- c:\windows\system32\msfeedsbs.dll
2012-07-20 17:30 . 2012-07-20 17:30 534528 ----a-w- c:\windows\system32\ieapfltr.dll
2012-07-20 17:30 . 2012-07-20 17:30 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-07-20 17:30 . 2012-07-20 17:30 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-07-20 17:30 . 2012-07-20 17:30 452608 ----a-w- c:\windows\system32\dxtmsft.dll
2012-07-20 17:30 . 2012-07-20 17:30 448512 ----a-w- c:\windows\system32\html.iec
2012-07-20 17:30 . 2012-07-20 17:30 403248 ----a-w- c:\windows\system32\iedkcs32.dll
2012-07-20 17:30 . 2012-07-20 17:30 39936 ----a-w- c:\windows\system32\iernonce.dll
2012-07-20 17:30 . 2012-07-20 17:30 3695416 ----a-w- c:\windows\system32\ieapfltr.dat
2012-07-20 17:30 . 2012-07-20 17:30 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-07-20 17:30 . 2012-07-20 17:30 282112 ----a-w- c:\windows\system32\dxtrans.dll
2012-07-20 17:30 . 2012-07-20 17:30 267776 ----a-w- c:\windows\system32\ieaksie.dll
2012-07-20 17:30 . 2012-07-20 17:30 249344 ----a-w- c:\windows\system32\webcheck.dll
2012-07-20 17:30 . 2012-07-20 17:30 248320 ----a-w- c:\windows\system32\ieui.dll
2012-07-20 17:30 . 2012-07-20 17:30 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-07-20 17:30 . 2012-07-20 17:30 237056 ----a-w- c:\windows\system32\url.dll
2012-07-20 17:30 . 2012-07-20 17:30 2311680 ----a-w- c:\windows\system32\jscript9.dll
2012-07-20 17:30 . 2012-07-20 17:30 222208 ----a-w- c:\windows\system32\msls31.dll
2012-07-20 17:30 . 2012-07-20 17:30 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-07-20 17:30 . 2012-07-20 17:30 197120 ----a-w- c:\windows\system32\msrating.dll
2012-07-20 17:30 . 2012-07-20 17:30 17807360 ----a-w- c:\windows\system32\mshtml.dll
2012-07-20 17:30 . 2012-07-20 17:30 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-07-20 17:30 . 2012-07-20 17:30 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-07-20 17:30 . 2012-07-20 17:30 163840 ----a-w- c:\windows\system32\ieakui.dll
2012-07-20 17:30 . 2012-07-20 17:30 160256 ----a-w- c:\windows\system32\wextract.exe
2012-07-20 17:30 . 2012-07-20 17:30 160256 ----a-w- c:\windows\system32\ieakeng.dll
2012-07-20 17:30 . 2012-07-20 17:30 149504 ----a-w- c:\windows\system32\occache.dll
2012-07-20 17:30 . 2012-07-20 17:30 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-07-20 17:30 . 2012-07-20 17:30 145920 ----a-w- c:\windows\system32\iepeers.dll
2012-07-20 17:30 . 2012-07-20 17:30 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-07-20 17:30 . 2012-07-20 17:30 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-07-20 17:30 . 2012-07-20 17:30 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-07-20 17:30 . 2012-07-20 17:30 12288 ----a-w- c:\windows\system32\mshta.exe
2012-07-20 17:30 . 2012-07-20 17:30 114176 ----a-w- c:\windows\system32\admparse.dll
2012-07-20 17:30 . 2012-07-20 17:30 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-07-20 17:30 . 2012-07-20 17:30 10924032 ----a-w- c:\windows\system32\ieframe.dll
2012-07-20 17:30 . 2012-07-20 17:30 10752 ----a-w- c:\windows\system32\msfeedssync.exe
2012-07-20 17:30 . 2012-07-20 17:30 103936 ----a-w- c:\windows\system32\inseng.dll
2012-07-20 17:30 . 2012-07-20 17:30 697344 ----a-w- c:\windows\system32\msfeeds.dll
2012-07-20 17:30 . 2012-07-20 17:30 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-07-18 16:10 . 2012-07-27 15:59 274720 ------w- c:\windows\system32\fppr4-x64.dll
2012-07-18 16:10 . 2012-07-27 15:59 248096 ------w- c:\windows\system32\fppmon4.dll
2012-07-18 16:10 . 2012-07-27 15:59 75552 ------w- c:\windows\system32\fppent4a.dll
2012-07-17 07:26 . 2012-07-17 07:26 411368 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-07-15 23:06 . 2012-07-15 23:06 615728 ----a-w- c:\windows\system32\drivers\klif.sys
2012-07-15 22:53 . 2012-07-15 22:53 3120 ----a-w- c:\windows\SysWow64\drivers\wdhih.sys
2012-07-15 20:50 . 2012-07-15 20:50 81920 ---ha-w- c:\windows\SysWow64\v3shrtkgn.dll
2012-07-04 22:16 . 2012-08-15 01:27 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-07-04 22:13 . 2012-08-15 01:27 59392 ----a-w- c:\windows\system32\browcli.dll
2012-07-04 22:13 . 2012-08-15 01:27 136704 ----a-w- c:\windows\system32\browser.dll
2012-07-04 21:14 . 2012-08-15 01:27 41984 ----a-w- c:\windows\SysWow64\browcli.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"SystemExplorerAutoStart"="c:\program files (x86)\System Explorer\SystemExplorer.exe" [2012-09-11 2750936]
"ShowBatteryBar"="c:\program files\BatteryBar\ShowBatteryBar.exe" [2009-05-28 89600]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-01-26 283160]
"Everything"="c:\program files (x86)\Everything\Everything.exe" [2009-03-13 602624]
"QLBController"="c:\program files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe" [2011-07-07 323128]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2011-04-25 202296]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2010-10-11 16856968]
.
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-7-2 26868192]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\SystemExplorerDisabled
FileBox eXtender.lnk - c:\program files\FileBX\FileBX.exe [2011-2-23 614400]
Intuit Data Protect.lnk - c:\program files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe [2012-6-5 5982040]
QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2012-6-5 1176464]
QuickBooks_Standard_21.lnk - c:\program files (x86)\Intuit\QuickBooks 2012\QBW32.EXE [2012-6-5 1181584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-08 676936]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-13 257224]
R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files\BitComet\tools\BitCometService.exe [2010-12-28 1296728]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files\Motorola\Bluetooth\audiosrv.exe [2011-02-28 1189968]
R3 BTMCOM;Bluetooth Serial Port;c:\windows\system32\Drivers\btmcom.sys [2010-06-30 52736]
R3 BTMNET;Motorola Bluetooth Network Adapter Service;c:\windows\system32\DRIVERS\btmnet.sys [2010-07-16 30208]
R3 BTMUSB;Motorola Bluetooth Radio Service;c:\windows\system32\Drivers\btmusb.sys [2011-02-09 486144]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 egnyteBackup;Egnyte Backup Service;c:\program files (x86)\Egnyte Backup\EgnyteBackupService.exe [2011-08-19 23552]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-14 113120]
R3 QBVSS;QBIDPService;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2012-06-05 1248256]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-07-20 1255736]
R4 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-08-16 227896]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2011-03-04 11864]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2011-03-11 29488]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files\Motorola\Bluetooth\obexsrv.exe [2011-02-16 680016]
S2 hpHotkeyMonitor;hpHotkeyMonitor;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [2011-07-07 1698360]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-01-26 30520]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-26 13336]
S2 pdfFactory4;pdfFactory Pro 4;c:\windows\system32\spool\DRIVERS\x64\3\fppdis4.exe [2012-07-18 686368]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-08-17 2358656]
S2 uArcCapture;ArcCapture;c:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [2010-11-11 502464]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-01-17 2656280]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2011-08-23 3175728]
S3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver;c:\windows\system32\DRIVERS\ArcSoftVCapture.sys [2010-11-11 32192]
S3 Bluetooth Device Manager;Bluetooth Device Manager;c:\program files\Motorola\Bluetooth\devmgrsrv.exe [2011-02-09 4151376]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-07-15 1028096]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2011-01-31 174168]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-03 22544]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-08 25928]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2011-07-19 1145448]
S3 SPUVCbv;SPUVCb Driver Service;c:\windows\system32\Drivers\SPUVCbv_x64.sys [2011-02-12 2612728]
S3 SystemExplorerHelpService;System Explorer Service;c:\program files (x86)\System Explorer\service\SystemExplorerService64.exe [2012-08-21 821720]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 31862135
*NewlyCreated* - 42374053
*NewlyCreated* - 42457599
*NewlyCreated* - ASWMBR
*Deregistered* - 31862135
*Deregistered* - 42374053
*Deregistered* - 42457599
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-19 05:23]
.
2012-09-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3667813626-3408889946-819685109-500Core.job
- c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-16 06:20]
.
2012-09-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3667813626-3408889946-819685109-500UA.job
- c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-16 06:20]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-31 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-31 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-31 418840]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-01-27 835072]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files (x86)\Stardock\Fences\FencesMenu64.dll" [2010-06-22 253288]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Add to Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
IE: Download All by FlashGet - c:\program files (x86)\FlashGet\jc_all.htm
IE: Download using FlashGet - c:\program files (x86)\FlashGet\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Translate with &Babylon - c:\program files (x86)\Babylon4\Babylon-Pro4\Utils\BabylonIEPI.dll/Translate.htm
IE: {{bd707fe6-39f6-4bda-9265-86a76719bdc5} - c:\program files\Motorola\Bluetooth\btmiesend.htm
LSP: %SystemRoot%\system32\PrxerDrv.dll
Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - c:\program files (x86)\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\a4e622py.default\
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-42374053.sys
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,3b,1b,f1,07,40,
35,c6,00,0b,08,b2,aa,8b,e9,64,69,07,85
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,3b,1b,21,83,11,
e0,6a,97,40,00,a5,32,d2,a9,2a,91,10,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,3b,1b,6f,c3,fe,
a2,55,99,be,5f,a6,e4,44,e0,ca,4d,f0,1b
"{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}"=hex:51,66,7a,6c,4c,1d,3b,1b,a4,27,33,
46,e3,bc,97,0e,bb,a1,2b,e9,cf,e6,c3,38
"{C08DF07A-3E49-4E25-9AB0-D3882835F153}"=hex:51,66,7a,6c,4c,1d,3b,1b,6a,ed,99,
df,79,65,4b,00,80,b9,97,c8,2b,72,b4,47
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,3b,1b,54,1d,dc,
c4,75,ff,35,0d,a6,7d,d8,65,c2,82,cd,bd
"{E33CF602-D945-461A-83F0-819F76A199F8}"=hex:51,66,7a,6c,4c,1d,3b,1b,12,eb,28,
fc,75,82,74,08,99,f9,c5,df,75,e6,dc,ec
"{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,3b,1b,9d,6b,7a,
2d,b2,1a,93,08,86,1f,50,09,a7,d0,d0,e0
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (Administrator)
"Timestamp"=hex:b2,60,e2,45,d2,66,cd,01
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,48,98,65,64,ee,12,2a,4a,ba,22,b4,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,48,98,65,64,ee,12,2a,4a,ba,22,b4,\
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.032"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AAC\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.abr"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADT\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.ani"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.apd"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.arw"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="jetAudio.ASSOC.Video"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.bay"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.bmp"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.bw"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.CDA"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.cr2"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.crw"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.cs1"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.cur"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.dcr"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.dcx"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.dib"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.div\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_div_file"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.divx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_divx_file"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.djv"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.djvu"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.dng"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.emf"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.eps"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.erf"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.fff"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.fpx"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.gif"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.hdr"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromePlusHTML"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromePlusHTML"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.icl"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.icn"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.iff"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.ilbm"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.int"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.inta"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iso\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\VCDMount.exe"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.iw4"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.j2c"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.j2k"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.jbr"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.jfif"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.jif"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.jp2"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.jpc"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.jpe"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.jpeg"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.jpg"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.jpk"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.jpx"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.kdc"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.lbm"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.m3u"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M4A"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.mef"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mkv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="jetAudio.ASSOC.Video"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.mos"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (Administrator)
"Progid"="jetAudio.ASSOC.Video"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.mrw"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.nef"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nfo\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\notepad.exe"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.nrw"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.orf"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pbm"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pbr"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pcd"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pct"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pcx"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="pdf_auto_file"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pef"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pgm"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pic"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pict"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pix"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.png"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.ppm"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.psd"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.psp"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pspbrush"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pspimage"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.raf"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.ras"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.raw"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.rgb"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.rgba"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.rle"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.rsb"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.rw2"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.rwl"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.sgi"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromePlusHTML"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.sr2"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.srf"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.tga"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.thm"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.tif"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.tiff"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tix\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_tix_file"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.ttc"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.ttf"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30po\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.v30po"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30pp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.v30pp"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30ppf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.v30ppf"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAV"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAX"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.wbm"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.wbmp"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMA"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMD"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.wmf"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMS"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="jetAudio.ASSOC.Video"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMZ"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WPL"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WVX"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.xbm"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromePlusHTML"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromePlusHTML"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.xif"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.xmp"
.
[HKEY_USERS\S-1-5-21-3667813626-3408889946-819685109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.xpm"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-09-28 15:04:47
ComboFix-quarantined-files.txt 2012-09-28 22:04
ComboFix2.txt 2012-09-28 06:38
.
Pre-Run: 46,959,738,880 bytes free
Post-Run: 46,898,712,576 bytes free
.
- - End Of File - - AC47471CD94A21C17C5024B82B774A1D

let me have 2-3 days then I can tell you how my computer works. Can you let me know please what kind of problem java cache may cause?

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:01 PM

Posted 28 September 2012 - 06:41 PM

Hello

I clear it as it is a common place for malware to get downloaded to and it is files that are not needed and will make future scans that much faster as they do not have to be scanned

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo

Edited by gringo_pr, 28 September 2012 - 06:41 PM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Zer0_C00l

Zer0_C00l
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:01 PM

Posted 28 September 2012 - 07:31 PM

Greetings Gringo,

Following is my programs list:


ACDSee Photo Manager 12
Adobe Common File Installer
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop CS2
Adobe Reader 9.3 Lite
Adobe Shockwave Player 11.6
Apple Application Support
Apple Software Update
ArcSoft TotalMedia
ArcSoft Webcam Sharing Manager
BitComet 1.34 64-bit
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
CoolNovo
COWON Media Center - jetAudio Plus VX
DivX Setup
Dropbox
Egnyte Map Drive v6.5
Everything 1.2.1.371
Fences
FileBox eXtender
FlashGet(JetCar)
Garmin Lifetime Updater
Google Chrome
Google Talk Plugin
HP ESU for Microsoft Windows 7
HP HD Webcam [Fixed]
HP Software Framework
HP System Default Settings
IDT Audio
Intel® Management Engine Components
Intel® Processor Graphics
Intel® Rapid Storage Technology
Java Auto Updater
Java™ 6 Update 20
JMicron Flash Media Controller Driver
K-Lite Codec Pack 9.0.2 (Full)
Kaspersky Internet Security 2012
Kies Air Discovery Service
Lizardtech DjVu Control
Longman Dictionary of Contemporary English 5th Edition
Malwarebytes Anti-Malware version 1.65.0.1400
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual Studio 2005 Tools for Office Runtime
Mozilla Firefox 14.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVC90_x86
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
OfficeTab 1.22
PC Connectivity Solution
Proxifier version 3.0
QuickBooks
QuickBooks Premier: Accountant Edition 2012
QUICKfind server v1.1
Realtek Ethernet Controller All-In-One Windows Driver
REALTEK Wireless LAN Driver
Renesas Electronics USB 3.0 Host Controller Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Skype™ 5.0
swMSM
System Explorer 3.9.1
System Explorer 3.9.5
TCPEye 1.0
TeamViewer 6
VC80CRTRedist - 8.0.50727.6195
VirtualCloneDrive
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Yahoo! Messenger
Your Uninstaller! 7

Cheers

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:01 PM

Posted 28 September 2012 - 07:44 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Java™ 6 Update 20 [/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Zer0_C00l

Zer0_C00l
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:01 PM

Posted 30 September 2012 - 05:47 PM

Greeting Gringo,

Following is my MBAM log:


Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.23.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Administrator :: IMAN-PC [administrator]

9/30/2012 3:36:10 PM
mbam-log-2012-09-30 (15-36-10).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 223454
Time elapsed: 3 minute(s), 44 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

This is my Hijack log:


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:41:48 PM, on 9/30/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\System Explorer\SystemExplorer.exe
C:\Users\Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Everything\Everything.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Users\Administrator\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
C:\Users\Administrator\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
C:\Users\Administrator\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
C:\Users\Administrator\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
C:\Users\Administrator\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
C:\Users\Administrator\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
C:\Users\Administrator\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
C:\Users\Administrator\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
C:\Users\Administrator\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
C:\Users\Administrator\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
C:\Users\Administrator\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
C:\Users\Administrator\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
C:\Users\Administrator\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
C:\Users\Administrator\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
C:\Users\Administrator\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
C:\Users\Administrator\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
C:\Users\Administrator\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
C:\Users\Administrator\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Users\Administrator\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
C:\Program Files (x86)\Babylon33\Babylon-Pro33\Babylon.exe
C:\Users\Administrator\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
C:\Users\Administrator\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
C:\Users\Administrator\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
C:\Users\Administrator\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
C:\Users\Administrator\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Users\Administrator\Downloads\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~2\FlashGet\jccatch.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~2\IDM\QUICKF~1\PlugIns\IEHelp.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~2\FlashGet\getflash.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~2\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [Everything] "C:\Program Files (x86)\Everything\Everything.exe" -startup
O4 - HKLM\..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe /start
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"
O4 - HKLM\..\Run: [Babylon Client] C:\Program Files (x86)\Babylon33\Babylon-Pro33\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SystemExplorerAutoStart] "C:\Program Files (x86)\System Explorer\SystemExplorer.exe" /TRAY
O4 - HKCU\..\Run: [ShowBatteryBar] "C:\Program Files\BatteryBar\ShowBatteryBar.exe" show
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_Plugin.exe -update plugin
O4 - HKUS\S-1-5-18\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized (User 'Default user')
O4 - Startup: Dropbox.lnk = C:\Users\Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: SystemExplorerDisabled
O4 - Global Startup: SystemExplorerDisabled
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files (x86)\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files (x86)\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files (x86)\Babylon33\Babylon-Pro33\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-247 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-247 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll/206 (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~2\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~2\FlashGet\flashget.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\prxernsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\prxerdrv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\prxerdrv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\prxerdrv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\prxerdrv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\prxerdrv.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: intu-help-qb5 - {867FCB77-9823-4CD6-8210-D85F968D466F} - C:\Program Files (x86)\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
O23 - Service: BitComet Disk Boost Service (BITCOMET_HELPER_SERVICE) - www.BitComet.com - C:\Program Files\BitComet\tools\BitCometService.exe
O23 - Service: Bluetooth Device Manager - Motorola Solutions, Inc. - C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe
O23 - Service: Bluetooth Media Service - Motorola Solutions, Inc. - C:\Program Files\Motorola\Bluetooth\audiosrv.exe
O23 - Service: Bluetooth OBEX Service - Motorola Solutions, Inc. - C:\Program Files\Motorola\Bluetooth\obexsrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Egnyte Backup Service (egnyteBackup) - Unknown owner - C:\Program Files (x86)\Egnyte Backup\EgnyteBackupService.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: hpHotkeyMonitor - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: pdfFactory Pro 4 (pdfFactory4) - FinePrint Software, LLC - C:\Windows\system32\spool\DRIVERS\x64\3\fppdis4.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: QBIDPService (QBVSS) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: System Explorer Service (SystemExplorerHelpService) - Mister Group - C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: ArcCapture (uArcCapture) - ArcSoft, Inc. - C:\Windows\SysWow64\ArcVCapRender\uArcCapture.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vcsFPService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 16739 bytes

My computer is almost good but I still have the connection lost problem sometimes. The svchost process occasionally goes up, For example sometimes when I am watching youtube video it goes up..I think it's related to shockwave and flash player somehow. What do you think?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users