Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

DDS logs


  • Please log in to reply
18 replies to this topic

#1 saberleo456

saberleo456

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:23 PM

Posted 03 October 2012 - 09:13 PM

Here's the logs from DDS:Attached File  Attach.zip   4.25KB   1 downloads

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2
Run by Tony at 19:05:14 on 2012-10-03
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5611.3950 [GMT -7:00]
.
AV: AVG Internet Security Business Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security Business Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Internet Security Business Edition 2012 *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\SysWOW64\ezSharedSvcHost.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe
C:\Windows\SysWOW64\NLSSRV32.EXE
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe
C:\Program Files (x86)\ooVoo\ooVoo.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Program Files (x86)\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Opera\opera.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe
C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Windows\system32\notepad.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: Shareaza Web Download Hook: {0eedb912-c5fa-486f-8334-57288578c627} - C:\Program Files (x86)\Shareaza\RazaWebHook32.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: TrueSuite Website Log On: {8590886e-ec8c-43c1-a32c-e4c2b0b6395b} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
uRun: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [ManyCam] "C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe" /silent
uRun: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe /minimized
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [YouCam Service] "C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe" /s
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: HideFastUserSwitching = 0 (0x0)
IE: Download with &Shareaza - C:\Program Files (x86)\Shareaza\RazaWebHook32.dll/3000
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{4D3C7E4D-7AAF-4A84-8B25-BBFEB52FA772} : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{E2E6F1EA-8F8D-45E2-B1E7-EF842048F3A4} : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{E2E6F1EA-8F8D-45E2-B1E7-EF842048F3A4}\14E64627F69646455647865627 : DhcpNameServer = 192.168.2.254
TCP: Interfaces\{E2E6F1EA-8F8D-45E2-B1E7-EF842048F3A4}\2383856543 : DhcpNameServer = 192.168.1.1 68.238.64.12
TCP: Interfaces\{E2E6F1EA-8F8D-45E2-B1E7-EF842048F3A4}\24B4432505 : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{E2E6F1EA-8F8D-45E2-B1E7-EF842048F3A4}\24B4432505 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{E2E6F1EA-8F8D-45E2-B1E7-EF842048F3A4}\8324557433 : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: EasyBits ShellExecute Hook: {e54729e8-bb3d-4270-9d49-7389ea579090} - C:\Windows\SysWow64\EZUPBH~1.DLL
SEH: UPB:{B5A7F190-DDA6-4420-B3BA-52453494E6CD} - No File
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: Shareaza Web Download Hook: {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files (x86)\Shareaza\RazaWebHook32.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO-X64: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
BHO-X64: TSBHO Class - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun-x64: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [YouCam Service] "C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe" /s
mRun-x64: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
SEH-X64: EasyBits ShellExecute Hook: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWow64\EZUPBH~1.DLL
SEH-X64: UPB:{B5A7F190-DDA6-4420-B3BA-52453494E6CD} - No File
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\4kdxr6jf.default\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
---- FIREFOX POLICIES ----
# Mozilla User Preferences
/* Do not edit this file.
*
* If you make changes to this file while the application is running,
* the changes will be overwritten when the application exits.
*
* To make a manual change to preferences, you can visit the URL about:config
* For more information, see hxxp://www.mozilla.org/unix/customizing.html#prefs
*/
FF - user.js: app.update.lastUpdateTime.addon-background-update-timer - 1329857255
FF - user.js: app.update.lastUpdateTime.background-update-timer - 1329857255
FF - user.js: app.update.lastUpdateTime.blocklist-background-update-timer - 1329857255
FF - user.js: app.update.lastUpdateTime.search-engine-update-timer - 1329857255
FF - user.js: browser.bookmarks.restore_default_bookmarks - false
FF - user.js: browser.cache.disk.capacity - 1048576
FF - user.js: browser.cache.disk.smart_size.first_run - false
FF - user.js: browser.cache.disk.smart_size_cached_value - 1048576
FF - user.js: browser.migration.version - 5
FF - user.js: browser.places.smartBookmarksVersion - 2
FF - user.js: browser.rights.3.shown - true
FF - user.js: browser.shell.checkDefaultBrowser - false
FF - user.js: browser.startup.homepage_override.buildID - 20120215223356
FF - user.js: browser.startup.homepage_override.mstone - rv:10.0.2
FF - user.js: browser.syncPromoViewsLeft - 4
FF - user.js: browser.tabs.warnOnClose - false
FF - user.js: browser.taskbar.lastgroupid - E7CF176E110C211B
FF - user.js: extensions.blocklist.pingCountVersion - 0
FF - user.js: extensions.bootstrappedAddons - {}
FF - user.js: extensions.cacaoweb.firstRun - 0
FF - user.js: extensions.databaseSchema - 11
FF - user.js: extensions.enabledAddons - {ab91efd4-6975-4081-8552-1b3922ed79e2}:1.0.15.0,cacaoweb@cacaoweb.org:1.0.26,{972ce4c6-7e08-4474-a285-3208198ce6fd}:10.0.2
FF - user.js: extensions.installCache - [{\name\:\winreg-app-global\,\addons\:{\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}\:{\descriptor\:\C:\\\\Program Files (x86)\\\\AVG\\\\AVG2012\\\\Firefox4\,\mtime\:1328032850299},\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}\:{\descriptor\:\C:\\\\Program Files (x86)\\\\DivX\\\\DivX Plus Web Player\\\\firefox\\\\DivXHTML5\,\mtime\:1329181534411}}},{\name\:\app-global\,\addons\:{\websitelogon@truesuite.com\:{\descriptor\:\C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\extensions\\\\websitelogon@truesuite.com\,\mtime\:1329857636918},\{972ce4c6-7e08-4474-a285-3208198ce6fd}\:{\descriptor\:\C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\,\mtime\:1329857073809}}},{\name\:\app-profile\,\addons\:{\cacaoweb@cacaoweb.org\:{\descriptor\:\C:\\\\Users\\\\Tony\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\4kdxr6jf.default\\\\extensions\\\\cacaoweb@cacaoweb.org\,\mtime\:1329857719125},\{ab91efd4-6975-4081-8552-1b3922ed79e2}\:{\descriptor\:\C:\\\\Users\\\\Tony\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\4kdxr6jf.default\\\\extensions\\\\{ab91efd4-6975-4081-8552-1b3922ed79e2}\,\mtime\:1329857134822}}}]
FF - user.js: extensions.lastAppVersion - 10.0.2
FF - user.js: extensions.lastPlatformVersion - 10.0.2
FF - user.js: extensions.pendingOperations - false
FF - user.js: extensions.shownSelectionUI - true
FF - user.js: gfx.blacklist.layers.opengl - 4
FF - user.js: gfx.blacklist.webgl.opengl - 4
FF - user.js: intl.charsetmenu.browser.cache - ISO-8859-1, UTF-8
FF - user.js: network.cookie.prefsMigrated - true
FF - user.js: places.history.expiration.transient_current_max_pages - 104858
FF - user.js: privacy.sanitize.migrateFx3Prefs - true
FF - user.js: toolkit.telemetry.prompted - 2
FF - user.js: toolkit.telemetry.rejected - true
FF - user.js: urlclassifier.keyupdatetime.hxxps://sb-ssl.google.com/safebrowsing/newkey - 1332449091
FF - user.js: xpinstall.whitelist.add -
FF - user.js: xpinstall.whitelist.add.36 -
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\system32\DRIVERS\amd_sata.sys --> C:\Windows\system32\DRIVERS\amd_sata.sys [?]
R0 amd_xata;amd_xata;C:\Windows\system32\DRIVERS\amd_xata.sys --> C:\Windows\system32\DRIVERS\amd_xata.sys [?]
R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 Avgfwfd;AVG network filter service;C:\Windows\system32\DRIVERS\avgfwd6a.sys --> C:\Windows\system32\DRIVERS\avgfwd6a.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-11 140672]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-1-27 913792]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-9-5 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-8-6 361984]
R2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]
R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2012\avgfws.exe [2012-6-13 2321560]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-8-13 5167736]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe [2011-4-28 514232]
R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-2-17 265544]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-8-29 2369960]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-9-1 227896]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-7-11 26680]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-12-12 2375168]
R2 NitroDriverReadSpool2;NitroPDFDriverCreatorReadSpool2;C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [2012-2-8 343032]
R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\NLSSRV32.EXE [2012-2-8 70136]
R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
R3 amdhub30;AMD USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\amdhub30.sys --> C:\Windows\system32\DRIVERS\amdhub30.sys [?]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 amdxhc;AMD USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\amdxhc.sys --> C:\Windows\system32\DRIVERS\amdxhc.sys [?]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\system32\Drivers\ssadadb.sys --> C:\Windows\system32\Drivers\ssadadb.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]
R3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;C:\Windows\system32\DRIVERS\BazisVirtualCDBus.sys --> C:\Windows\system32\DRIVERS\BazisVirtualCDBus.sys [?]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
R3 hpCMSrv;HP Connection Manager 4 Service;C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-5-23 1098296]
R3 ManyCam;ManyCam Virtual Webcam;C:\Windows\system32\DRIVERS\mcvidrv_x64.sys --> C:\Windows\system32\DRIVERS\mcvidrv_x64.sys [?]
R3 mcaudrv_simple;ManyCam Virtual Microphone;C:\Windows\system32\drivers\mcaudrv_x64.sys --> C:\Windows\system32\drivers\mcaudrv_x64.sys [?]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2012-3-22 163480]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\system32\DRIVERS\ssadbus.sys --> C:\Windows\system32\DRIVERS\ssadbus.sys [?]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\system32\DRIVERS\ssadmdfl.sys --> C:\Windows\system32\DRIVERS\ssadmdfl.sys [?]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\system32\DRIVERS\ssadmdm.sys --> C:\Windows\system32\DRIVERS\ssadmdm.sys [?]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\system32\DRIVERS\ssadserd.sys --> C:\Windows\system32\DRIVERS\ssadserd.sys [?]
S2 CLKMSVC10_38F51D56;CyberLink Product - 2012/03/07 12:46:20;C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2011-2-24 241648]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-7 160944]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-1 183560]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
S3 LVUVC64;Logitech HD Webcam C310(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 30963576]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-24 113120]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-09-30 05:41:35 -------- d-----w- C:\Users\Tony\AppData\Roaming\JGsoft
2012-09-30 05:41:30 559992 ----a-w- C:\Windows\UnDeploy64.exe
2012-09-30 05:41:30 -------- d-----w- C:\Program Files\Just Great Software
2012-09-28 06:13:50 -------- d-----w- C:\ProgramData\REVOLT
2012-09-28 05:52:49 -------- d-----w- C:\Users\Tony\AppData\Roaming\gd.sos.McPixel
2012-09-28 05:52:35 -------- d-----w- C:\Program Files (x86)\McPixel
2012-09-28 04:45:29 -------- d-----w- C:\Program Files (x86)\FTL
2012-09-26 06:41:22 -------- d-----w- C:\Users\Tony\AppData\Roaming\SUPERAntiSpyware.com
2012-09-26 06:40:56 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-09-26 06:40:56 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-09-26 05:49:48 -------- d-sh--w- C:\$RECYCLE.BIN
2012-09-26 05:13:19 98816 ----a-w- C:\Windows\sed.exe
2012-09-26 05:13:19 518144 ----a-w- C:\Windows\SWREG.exe
2012-09-26 05:13:19 256000 ----a-w- C:\Windows\PEV.exe
2012-09-26 05:13:19 208896 ----a-w- C:\Windows\MBR.exe
2012-09-22 06:57:02 -------- d-----w- C:\Users\Tony\AppData\Roaming\AccurateRip
2012-09-22 06:56:53 4022504 ----a-w- C:\Windows\SysWow64\SpoonUninstall.exe
2012-09-22 06:56:48 -------- d-----w- C:\Program Files (x86)\Illustrate
2012-09-16 21:02:48 -------- d-----w- C:\Users\Tony\AppData\Roaming\Malwarebytes
2012-09-16 21:02:44 -------- d-----w- C:\ProgramData\Malwarebytes
2012-09-16 21:02:43 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-09-16 21:02:43 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-09-16 20:32:38 -------- d-----w- C:\Program Files (x86)\NirSoft
2012-09-15 06:17:29 -------- d-----w- C:\Program Files (x86)\Medieval Software
2012-09-12 18:22:58 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-09-12 18:22:57 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys
2012-09-12 18:22:37 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
2012-09-12 18:22:37 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2012-09-12 18:22:36 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-09-12 18:22:36 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-09-12 18:22:36 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-09-11 21:06:47 -------- d-----w- C:\Program Files (x86)\SDA
2012-09-11 03:25:30 -------- d-----w- C:\Users\Tony\AppData\Roaming\ooVoo Details
2012-09-11 03:24:50 -------- d-----w- C:\Program Files (x86)\ooVoo
2012-09-08 01:14:07 -------- d-----w- C:\Program Files (x86)\Wiimm
2012-09-06 05:34:08 654336 ------w- C:\Windows\System32\stapi64.dll
2012-09-06 05:08:03 -------- d-----w- C:\Program Files\IDT
2012-09-04 18:34:47 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
.
==================== Find3M ====================
.
2012-09-04 18:34:37 821736 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-09-04 18:34:37 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-08-26 19:44:44 73416 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-26 19:44:44 696520 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-08-24 22:43:16 384352 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2012-08-18 03:07:17 955888 ----a-w- C:\Windows\System32\npDeployJava1.dll
2012-08-18 03:07:17 839152 ----a-w- C:\Windows\System32\deployJava1.dll
2012-08-17 03:21:19 0 ----a-w- C:\Windows\ativpsrm.bin
2012-08-02 22:13:08 119296 ----a-w- C:\Windows\SysWow64\zlib.dll
2012-07-28 05:47:40 187392 ----a-w- C:\Windows\System32\clinfo.exe
2012-07-28 05:47:24 75776 ----a-w- C:\Windows\System32\OpenVideo64.dll
2012-07-28 05:47:16 65024 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2012-07-28 05:47:10 63488 ----a-w- C:\Windows\System32\OVDecode64.dll
2012-07-28 05:47:06 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2012-07-28 05:46:56 16464896 ----a-w- C:\Windows\System32\amdocl64.dll
2012-07-28 05:46:06 13013504 ----a-w- C:\Windows\SysWow64\amdocl.dll
2012-07-28 03:43:12 70144 ----a-w- C:\Windows\System32\coinst_8.982.dll
2012-07-26 10:21:28 291680 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-11 18:00:00 79872 ----a-w- C:\Windows\SysWow64\ff_vfw.dll
.
============= FINISH: 19:05:45.52 ===============

BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:23 PM

Posted 05 October 2012 - 09:18 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===


Your DDS log is clean.

Since I do not have a crystal ball please let me know what issues you are having with this computer.

#3 saberleo456

saberleo456
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:23 PM

Posted 05 October 2012 - 12:10 PM

Thank you, sorry I've been having quite a few problems. Windows just cannot find windir when anything tries to access it, e.g. troubleshooter, video and sound drivers do not have managers anymore and explorer occasionally just disappears from the taskbar or the file browser refuses to start. The weirdest part is the nongenuine warning despite the fact that this is an OEM Windows 7 64bit installation.

#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:23 PM

Posted 05 October 2012 - 01:19 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Lets start with these scans for now

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please post the logs for my review.

#5 saberleo456

saberleo456
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:23 PM

Posted 05 October 2012 - 07:33 PM

Sorry my idiot best friend bluescreened me by pressing the power button multiple times.........during the scan.........I only have the TDSS log for now. I'll post the other one when the scan is finished:
11:46:02.0992 6184 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
11:46:04.0996 6184 ============================================================
11:46:04.0996 6184 Current date / time: 2012/10/05 11:46:04.0996
11:46:04.0996 6184 SystemInfo:
11:46:04.0996 6184
11:46:04.0996 6184 OS Version: 6.1.7601 ServicePack: 1.0
11:46:04.0996 6184 Product type: Workstation
11:46:04.0997 6184 ComputerName: TONY-HP
11:46:04.0997 6184 UserName: Tony
11:46:04.0997 6184 Windows directory: C:\Windows
11:46:04.0997 6184 System windows directory: C:\Windows
11:46:04.0997 6184 Running under WOW64
11:46:04.0997 6184 Processor architecture: Intel x64
11:46:04.0997 6184 Number of processors: 4
11:46:04.0997 6184 Page size: 0x1000
11:46:04.0997 6184 Boot type: Normal boot
11:46:04.0997 6184 ============================================================
11:46:05.0717 6184 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:46:05.0749 6184 ============================================================
11:46:05.0749 6184 \Device\Harddisk0\DR0:
11:46:05.0749 6184 MBR partitions:
11:46:05.0749 6184 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
11:46:05.0749 6184 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x48A95800
11:46:05.0749 6184 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x48AF9800, BlocksNum 0x1D2A800
11:46:05.0749 6184 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x4A824000, BlocksNum 0x33AB0
11:46:05.0749 6184 ============================================================
11:46:05.0799 6184 C: <-> \Device\Harddisk0\DR0\Partition2
11:46:05.0836 6184 D: <-> \Device\Harddisk0\DR0\Partition3
11:46:05.0847 6184 F: <-> \Device\Harddisk0\DR0\Partition4
11:46:05.0847 6184 ============================================================
11:46:05.0847 6184 Initialize success
11:46:05.0847 6184 ============================================================
11:46:23.0949 5868 ============================================================
11:46:23.0950 5868 Scan started
11:46:23.0950 5868 Mode: Manual;
11:46:23.0950 5868 ============================================================
11:46:24.0245 5868 ================ Scan system memory ========================
11:46:24.0245 5868 System memory - ok
11:46:24.0245 5868 ================ Scan services =============================
11:46:24.0336 5868 [ 581D88B25C4D4121824FED2CA38E562F ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
11:46:24.0339 5868 !SASCORE - ok
11:46:24.0548 5868 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
11:46:24.0553 5868 1394ohci - ok
11:46:24.0582 5868 [ 5C368F4B04ED2A923E6AFCA2D37BAFF5 ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys
11:46:24.0583 5868 Accelerometer - ok
11:46:24.0608 5868 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
11:46:24.0613 5868 ACPI - ok
11:46:24.0634 5868 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
11:46:24.0636 5868 AcpiPmi - ok
11:46:24.0764 5868 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
11:46:24.0830 5868 AdobeARMservice - ok
11:46:24.0871 5868 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
11:46:24.0878 5868 adp94xx - ok
11:46:24.0910 5868 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
11:46:24.0916 5868 adpahci - ok
11:46:24.0937 5868 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
11:46:24.0941 5868 adpu320 - ok
11:46:25.0301 5868 [ 96D6CDD0B32846E8CFBE592F4F32E608 ] AdvancedSystemCareService5 C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
11:46:25.0309 5868 AdvancedSystemCareService5 - ok
11:46:25.0339 5868 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
11:46:25.0341 5868 AeLookupSvc - ok
11:46:25.0462 5868 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Program Files\IDT\WDM\AESTSr64.exe
11:46:25.0464 5868 AESTFilters - ok
11:46:25.0507 5868 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
11:46:25.0516 5868 AFD - ok
11:46:25.0551 5868 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
11:46:25.0553 5868 agp440 - ok
11:46:25.0575 5868 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
11:46:25.0578 5868 ALG - ok
11:46:25.0585 5868 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
11:46:25.0587 5868 aliide - ok
11:46:25.0622 5868 [ 3DE8DC285540733818588CC94E7FC96E ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
11:46:25.0808 5868 AMD External Events Utility - ok
11:46:25.0900 5868 AMD FUEL Service - ok
11:46:25.0925 5868 [ 30BFEEE0DFFD5BD79D29157CF080DEED ] amdhub30 C:\Windows\system32\DRIVERS\amdhub30.sys
11:46:25.0927 5868 amdhub30 - ok
11:46:25.0940 5868 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
11:46:25.0942 5868 amdide - ok
11:46:25.0963 5868 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys
11:46:25.0964 5868 amdiox64 - ok
11:46:25.0986 5868 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
11:46:25.0988 5868 AmdK8 - ok
11:46:26.0436 5868 [ 42D53DAF85F948C39CE1351A8F5B5808 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
11:46:26.0841 5868 amdkmdag - ok
11:46:26.0893 5868 [ 75182B5784015B271932088551616A96 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
11:46:26.0908 5868 amdkmdap - ok
11:46:26.0925 5868 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
11:46:26.0926 5868 AmdPPM - ok
11:46:26.0959 5868 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
11:46:26.0961 5868 amdsata - ok
11:46:26.0992 5868 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
11:46:26.0996 5868 amdsbs - ok
11:46:27.0032 5868 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
11:46:27.0033 5868 amdxata - ok
11:46:27.0053 5868 [ 321533578132C811EC834A1B741C994C ] amdxhc C:\Windows\system32\DRIVERS\amdxhc.sys
11:46:27.0056 5868 amdxhc - ok
11:46:27.0076 5868 [ 2FBB00A7616106B95104574C6CD640C2 ] amd_sata C:\Windows\system32\DRIVERS\amd_sata.sys
11:46:27.0077 5868 amd_sata - ok
11:46:27.0101 5868 [ 87D0D7645CB0D53220649BD5FE15D93E ] amd_xata C:\Windows\system32\DRIVERS\amd_xata.sys
11:46:27.0103 5868 amd_xata - ok
11:46:27.0136 5868 [ 4DE0D5D747A73797C95A97DCCE5018B5 ] androidusb C:\Windows\system32\Drivers\ssadadb.sys
11:46:27.0138 5868 androidusb - ok
11:46:27.0174 5868 [ 5B25D1A753CC3A3EDB909BB759AC1098 ] AODDriver4.1 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
11:46:27.0176 5868 AODDriver4.1 - ok
11:46:27.0209 5868 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
11:46:27.0211 5868 AppID - ok
11:46:27.0248 5868 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
11:46:27.0250 5868 AppIDSvc - ok
11:46:27.0258 5868 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
11:46:27.0260 5868 Appinfo - ok
11:46:27.0315 5868 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:46:27.0317 5868 Apple Mobile Device - ok
11:46:27.0378 5868 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
11:46:27.0380 5868 arc - ok
11:46:27.0405 5868 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
11:46:27.0408 5868 arcsas - ok
11:46:27.0514 5868 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
11:46:27.0516 5868 aspnet_state - ok
11:46:27.0559 5868 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
11:46:27.0561 5868 AsyncMac - ok
11:46:27.0584 5868 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
11:46:27.0585 5868 atapi - ok
11:46:27.0630 5868 [ B0790FF0E25B7A2674296052F2162C1A ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
11:46:27.0632 5868 AtiHDAudioService - ok
11:46:27.0743 5868 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
11:46:27.0822 5868 AudioEndpointBuilder - ok
11:46:27.0899 5868 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
11:46:27.0906 5868 AudioSrv - ok
11:46:27.0948 5868 [ 96B4456F1DCA4EDA506ED31C7D2D6B05 ] Avgfwfd C:\Windows\system32\DRIVERS\avgfwd6a.sys
11:46:27.0950 5868 Avgfwfd - ok
11:46:28.0059 5868 [ BD5D11CEDBCDE4FA97D2387E7069B1FF ] avgfws C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
11:46:28.0079 5868 avgfws - ok
11:46:28.0260 5868 [ F6A528DE535396C2FB1A4E3C6F00CEC4 ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
11:46:28.0307 5868 AVGIDSAgent - ok
11:46:28.0347 5868 [ 1B2E9FCDC26DC7C81D4131430E2DC936 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
11:46:28.0349 5868 AVGIDSDriver - ok
11:46:28.0395 5868 [ 0F293406F64B48D5D2F0D3A1117F3A83 ] AVGIDSFilter C:\Windows\system32\DRIVERS\avgidsfiltera.sys
11:46:28.0397 5868 AVGIDSFilter - ok
11:46:28.0436 5868 [ CFFC3A4A638F462E0561CB368B9A7A3A ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
11:46:28.0437 5868 AVGIDSHA - ok
11:46:28.0467 5868 [ 221FEBAB02D6C97C95558348CC354A85 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
11:46:28.0471 5868 Avgldx64 - ok
11:46:28.0506 5868 [ A6AEC362AAE5E2DDA7445E7690CB0F33 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
11:46:28.0508 5868 Avgmfx64 - ok
11:46:28.0538 5868 [ 645C7F0A0E39758A0024A9B1748273C0 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
11:46:28.0539 5868 Avgrkx64 - ok
11:46:28.0620 5868 [ F8C3C7ED612A41B05C66358FC9786BFD ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
11:46:28.0624 5868 Avgtdia - ok
11:46:28.0679 5868 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
11:46:28.0682 5868 avgwd - ok
11:46:28.0720 5868 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
11:46:28.0723 5868 AxInstSV - ok
11:46:28.0756 5868 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
11:46:28.0763 5868 b06bdrv - ok
11:46:28.0826 5868 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
11:46:28.0831 5868 b57nd60a - ok
11:46:28.0869 5868 [ 326E77EA6E9BF27C7CD2837D65DB96C7 ] BazisVirtualCDBus C:\Windows\system32\DRIVERS\BazisVirtualCDBus.sys
11:46:28.0885 5868 BazisVirtualCDBus - ok
11:46:28.0933 5868 [ 93EE7D9C35AE7E9FFDA148D7805F1421 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
11:46:28.0936 5868 BBSvc - ok
11:46:28.0989 5868 [ 9E84A931DBEE0292E38ED672F6293A99 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
11:46:29.0080 5868 BCM43XX - ok
11:46:29.0112 5868 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
11:46:29.0115 5868 BDESVC - ok
11:46:29.0137 5868 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
11:46:29.0138 5868 Beep - ok
11:46:29.0224 5868 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
11:46:29.0303 5868 BFE - ok
11:46:29.0343 5868 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
11:46:29.0421 5868 BITS - ok
11:46:29.0437 5868 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
11:46:29.0439 5868 blbdrive - ok
11:46:29.0492 5868 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
11:46:29.0497 5868 Bonjour Service - ok
11:46:29.0525 5868 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
11:46:29.0528 5868 bowser - ok
11:46:29.0549 5868 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
11:46:29.0552 5868 BrFiltLo - ok
11:46:29.0558 5868 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
11:46:29.0560 5868 BrFiltUp - ok
11:46:29.0591 5868 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
11:46:29.0595 5868 BridgeMP - ok
11:46:29.0627 5868 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
11:46:29.0630 5868 Browser - ok
11:46:29.0717 5868 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
11:46:29.0722 5868 Brserid - ok
11:46:29.0728 5868 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
11:46:29.0731 5868 BrSerWdm - ok
11:46:29.0738 5868 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
11:46:29.0740 5868 BrUsbMdm - ok
11:46:29.0747 5868 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
11:46:29.0749 5868 BrUsbSer - ok
11:46:29.0756 5868 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
11:46:29.0759 5868 BTHMODEM - ok
11:46:29.0787 5868 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
11:46:29.0790 5868 bthserv - ok
11:46:29.0801 5868 catchme - ok
11:46:29.0825 5868 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
11:46:29.0828 5868 cdfs - ok
11:46:29.0853 5868 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
11:46:29.0857 5868 cdrom - ok
11:46:29.0882 5868 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
11:46:29.0885 5868 CertPropSvc - ok
11:46:29.0905 5868 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
11:46:29.0907 5868 circlass - ok
11:46:29.0937 5868 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
11:46:29.0943 5868 CLFS - ok
11:46:30.0010 5868 [ 524DC3807CB1746225F9D26ADD19C319 ] CLKMSVC10_38F51D56 C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe
11:46:30.0013 5868 CLKMSVC10_38F51D56 - ok
11:46:30.0092 5868 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:46:30.0095 5868 clr_optimization_v2.0.50727_32 - ok
11:46:30.0154 5868 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:46:30.0157 5868 clr_optimization_v2.0.50727_64 - ok
11:46:30.0222 5868 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:46:30.0224 5868 clr_optimization_v4.0.30319_32 - ok
11:46:30.0307 5868 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:46:30.0309 5868 clr_optimization_v4.0.30319_64 - ok
11:46:30.0334 5868 [ E13A438F9E51DD034730678E33B73290 ] clwvd C:\Windows\system32\DRIVERS\clwvd.sys
11:46:30.0336 5868 clwvd - ok
11:46:30.0366 5868 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
11:46:30.0368 5868 CmBatt - ok
11:46:30.0383 5868 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
11:46:30.0385 5868 cmdide - ok
11:46:30.0429 5868 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
11:46:30.0437 5868 CNG - ok
11:46:30.0456 5868 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
11:46:30.0458 5868 Compbatt - ok
11:46:30.0471 5868 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
11:46:30.0473 5868 CompositeBus - ok
11:46:30.0478 5868 COMSysApp - ok
11:46:30.0510 5868 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
11:46:30.0512 5868 crcdisk - ok
11:46:30.0546 5868 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
11:46:30.0551 5868 CryptSvc - ok
11:46:30.0588 5868 [ C7259495924D21F1AFA26467D9F4DAE0 ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
11:46:30.0589 5868 dc3d - ok
11:46:30.0640 5868 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
11:46:30.0648 5868 DcomLaunch - ok
11:46:30.0672 5868 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
11:46:30.0678 5868 defragsvc - ok
11:46:30.0701 5868 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
11:46:30.0705 5868 DfsC - ok
11:46:30.0784 5868 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
11:46:30.0790 5868 Dhcp - ok
11:46:30.0822 5868 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
11:46:30.0824 5868 discache - ok
11:46:30.0854 5868 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
11:46:30.0856 5868 Disk - ok
11:46:30.0884 5868 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
11:46:30.0889 5868 Dnscache - ok
11:46:30.0923 5868 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
11:46:30.0927 5868 dot3svc - ok
11:46:31.0003 5868 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
11:46:31.0006 5868 DPS - ok
11:46:31.0029 5868 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
11:46:31.0031 5868 drmkaud - ok
11:46:31.0131 5868 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
11:46:31.0140 5868 DXGKrnl - ok
11:46:31.0179 5868 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
11:46:31.0182 5868 EapHost - ok
11:46:31.0324 5868 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
11:46:31.0439 5868 ebdrv - ok
11:46:31.0466 5868 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
11:46:31.0469 5868 EFS - ok
11:46:31.0528 5868 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
11:46:31.0552 5868 ehRecvr - ok
11:46:31.0559 5868 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
11:46:31.0562 5868 ehSched - ok
11:46:31.0591 5868 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
11:46:31.0669 5868 elxstor - ok
11:46:31.0677 5868 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
11:46:31.0679 5868 ErrDev - ok
11:46:31.0726 5868 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
11:46:31.0732 5868 EventSystem - ok
11:46:31.0803 5868 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
11:46:31.0807 5868 exfat - ok
11:46:31.0851 5868 ezSharedSvc - ok
11:46:31.0877 5868 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
11:46:31.0881 5868 fastfat - ok
11:46:32.0002 5868 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
11:46:32.0026 5868 Fax - ok
11:46:32.0053 5868 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
11:46:32.0056 5868 fdc - ok
11:46:32.0083 5868 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
11:46:32.0085 5868 fdPHost - ok
11:46:32.0108 5868 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
11:46:32.0110 5868 FDResPub - ok
11:46:32.0135 5868 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
11:46:32.0137 5868 FileInfo - ok
11:46:32.0145 5868 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
11:46:32.0147 5868 Filetrace - ok
11:46:32.0154 5868 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
11:46:32.0156 5868 flpydisk - ok
11:46:32.0182 5868 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
11:46:32.0186 5868 FltMgr - ok
11:46:32.0236 5868 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
11:46:32.0327 5868 FontCache - ok
11:46:32.0367 5868 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:46:32.0369 5868 FontCache3.0.0.0 - ok
11:46:32.0429 5868 [ 2074A85A6B8F84A5A9C60B915B465FAF ] FPLService C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
11:46:32.0433 5868 FPLService - ok
11:46:32.0463 5868 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
11:46:32.0465 5868 FsDepends - ok
11:46:32.0489 5868 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
11:46:32.0491 5868 Fs_Rec - ok
11:46:32.0573 5868 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
11:46:32.0577 5868 fvevol - ok
11:46:32.0591 5868 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
11:46:32.0593 5868 gagp30kx - ok
11:46:32.0643 5868 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
11:46:32.0647 5868 GamesAppService - ok
11:46:32.0681 5868 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:46:32.0682 5868 GEARAspiWDM - ok
11:46:32.0747 5868 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
11:46:32.0826 5868 gpsvc - ok
11:46:32.0850 5868 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
11:46:32.0852 5868 hamachi - ok
11:46:32.0931 5868 [ F10C3F2E002100BF8B797DCF283FEA7D ] Hamachi2Svc C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
11:46:32.0953 5868 Hamachi2Svc - ok
11:46:32.0983 5868 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
11:46:32.0985 5868 hcw85cir - ok
11:46:33.0064 5868 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
11:46:33.0070 5868 HdAudAddService - ok
11:46:33.0090 5868 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
11:46:33.0093 5868 HDAudBus - ok
11:46:33.0099 5868 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
11:46:33.0101 5868 HidBatt - ok
11:46:33.0109 5868 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
11:46:33.0113 5868 HidBth - ok
11:46:33.0119 5868 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
11:46:33.0122 5868 HidIr - ok
11:46:33.0140 5868 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
11:46:33.0143 5868 hidserv - ok
11:46:33.0165 5868 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
11:46:33.0167 5868 HidUsb - ok
11:46:33.0196 5868 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
11:46:33.0199 5868 hkmsvc - ok
11:46:33.0272 5868 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
11:46:33.0277 5868 HomeGroupListener - ok
11:46:33.0309 5868 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
11:46:33.0314 5868 HomeGroupProvider - ok
11:46:33.0381 5868 [ 13BB1114451C63BFB41BA7DAA4D70A29 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
11:46:33.0383 5868 HP Support Assistant Service - ok
11:46:33.0475 5868 [ 6A181452D4E240B8ECC7614B9A19BDE9 ] HPClientSvc C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
11:46:33.0479 5868 HPClientSvc - ok
11:46:33.0543 5868 [ C5D2F308E1C12A5C328EF549696DBC05 ] hpCMSrv C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
11:46:33.0553 5868 hpCMSrv - ok
11:46:33.0598 5868 [ B19FF523B533A3F198B9239E1749C940 ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
11:46:33.0601 5868 HPDrvMntSvc.exe - ok
11:46:33.0629 5868 [ 4E0BEC0F78096FFD6D3314B497FC49D3 ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys
11:46:33.0631 5868 hpdskflt - ok
11:46:33.0668 5868 [ 01091B900E15878B4434F9C726C4541D ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
11:46:33.0678 5868 hpqwmiex - ok
11:46:33.0704 5868 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
11:46:33.0706 5868 HpSAMD - ok
11:46:33.0744 5868 [ FC7C13B5A9E9BE23B7AE72BBC7FDB278 ] hpsrv C:\Windows\system32\Hpservice.exe
11:46:33.0746 5868 hpsrv - ok
11:46:33.0794 5868 [ 491CE9B6321FB74E4B37AF2C47F98434 ] HPWMISVC C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
11:46:33.0795 5868 HPWMISVC - ok
11:46:33.0883 5868 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
11:46:33.0962 5868 HTTP - ok
11:46:33.0983 5868 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
11:46:33.0985 5868 hwpolicy - ok
11:46:34.0006 5868 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
11:46:34.0009 5868 i8042prt - ok
11:46:34.0041 5868 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
11:46:34.0048 5868 iaStorV - ok
11:46:34.0174 5868 [ 3A0FF117B4ADC5ABE4D968E26A337158 ] IconMan_R C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
11:46:34.0225 5868 IconMan_R - ok
11:46:34.0278 5868 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:46:34.0368 5868 idsvc - ok
11:46:34.0394 5868 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
11:46:34.0396 5868 iirsp - ok
11:46:34.0439 5868 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
11:46:34.0518 5868 IKEEXT - ok
11:46:34.0528 5868 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
11:46:34.0530 5868 intelide - ok
11:46:34.0537 5868 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys
11:46:34.0539 5868 intelppm - ok
11:46:34.0554 5868 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
11:46:34.0558 5868 IPBusEnum - ok
11:46:34.0566 5868 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:46:34.0568 5868 IpFilterDriver - ok
11:46:34.0644 5868 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
11:46:34.0652 5868 iphlpsvc - ok
11:46:34.0701 5868 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
11:46:34.0703 5868 IPMIDRV - ok
11:46:34.0711 5868 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
11:46:34.0714 5868 IPNAT - ok
11:46:34.0759 5868 [ 755E4BA6DCE627A2683BB7640553C8D6 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
11:46:34.0849 5868 iPod Service - ok
11:46:34.0870 5868 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
11:46:34.0872 5868 IRENUM - ok
11:46:34.0892 5868 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
11:46:34.0894 5868 isapnp - ok
11:46:34.0922 5868 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
11:46:34.0928 5868 iScsiPrt - ok
11:46:34.0940 5868 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
11:46:34.0942 5868 kbdclass - ok
11:46:34.0955 5868 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
11:46:34.0957 5868 kbdhid - ok
11:46:34.0966 5868 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
11:46:34.0968 5868 KeyIso - ok
11:46:34.0999 5868 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
11:46:35.0001 5868 KSecDD - ok
11:46:35.0067 5868 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
11:46:35.0070 5868 KSecPkg - ok
11:46:35.0092 5868 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
11:46:35.0094 5868 ksthunk - ok
11:46:35.0128 5868 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
11:46:35.0135 5868 KtmRm - ok
11:46:35.0186 5868 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
11:46:35.0192 5868 LanmanServer - ok
11:46:35.0229 5868 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
11:46:35.0234 5868 LanmanWorkstation - ok
11:46:35.0247 5868 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
11:46:35.0249 5868 lltdio - ok
11:46:35.0277 5868 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
11:46:35.0283 5868 lltdsvc - ok
11:46:35.0304 5868 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
11:46:35.0307 5868 lmhosts - ok
11:46:35.0345 5868 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
11:46:35.0348 5868 LSI_FC - ok
11:46:35.0355 5868 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
11:46:35.0358 5868 LSI_SAS - ok
11:46:35.0368 5868 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
11:46:35.0371 5868 LSI_SAS2 - ok
11:46:35.0383 5868 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
11:46:35.0386 5868 LSI_SCSI - ok
11:46:35.0409 5868 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
11:46:35.0412 5868 luafv - ok
11:46:35.0453 5868 [ 0C85B2B6FB74B36A251792D45E0EF860 ] LVRS64 C:\Windows\system32\DRIVERS\lvrs64.sys
11:46:35.0459 5868 LVRS64 - ok
11:46:35.0636 5868 [ FF3A488924B0032B1A9CA6948C1FA9E8 ] LVUVC64 C:\Windows\system32\DRIVERS\lvuvc64.sys
11:46:35.0826 5868 LVUVC64 - ok
11:46:35.0875 5868 [ 922CBAC7B992B9614CAB7122F4BF9406 ] ManyCam C:\Windows\system32\DRIVERS\mcvidrv_x64.sys
11:46:35.0877 5868 ManyCam - ok
11:46:35.0897 5868 [ 34A42DD7CF525D0D2C5232916496E4B8 ] mcaudrv_simple C:\Windows\system32\drivers\mcaudrv_x64.sys
11:46:35.0900 5868 mcaudrv_simple - ok
11:46:35.0935 5868 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
11:46:35.0939 5868 Mcx2Svc - ok
11:46:35.0956 5868 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
11:46:35.0958 5868 megasas - ok
11:46:35.0999 5868 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
11:46:36.0004 5868 MegaSR - ok
11:46:36.0057 5868 Microsoft SharePoint Workspace Audit Service - ok
11:46:36.0086 5868 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
11:46:36.0088 5868 MMCSS - ok
11:46:36.0096 5868 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
11:46:36.0099 5868 Modem - ok
11:46:36.0118 5868 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
11:46:36.0119 5868 monitor - ok
11:46:36.0143 5868 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
11:46:36.0145 5868 mouclass - ok
11:46:36.0191 5868 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
11:46:36.0193 5868 mouhid - ok
11:46:36.0213 5868 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
11:46:36.0216 5868 mountmgr - ok
11:46:36.0319 5868 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
11:46:36.0322 5868 MozillaMaintenance - ok
11:46:36.0396 5868 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
11:46:36.0399 5868 mpio - ok
11:46:36.0419 5868 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
11:46:36.0421 5868 mpsdrv - ok
11:46:36.0466 5868 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
11:46:36.0555 5868 MpsSvc - ok
11:46:36.0593 5868 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
11:46:36.0596 5868 MRxDAV - ok
11:46:36.0626 5868 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
11:46:36.0630 5868 mrxsmb - ok
11:46:36.0706 5868 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:46:36.0711 5868 mrxsmb10 - ok
11:46:36.0726 5868 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:46:36.0729 5868 mrxsmb20 - ok
11:46:36.0748 5868 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
11:46:36.0749 5868 msahci - ok
11:46:36.0827 5868 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
11:46:36.0830 5868 msdsm - ok
11:46:36.0855 5868 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
11:46:36.0860 5868 MSDTC - ok
11:46:36.0911 5868 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
11:46:36.0913 5868 Msfs - ok
11:46:36.0955 5868 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
11:46:36.0957 5868 mshidkmdf - ok
11:46:37.0007 5868 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
11:46:37.0009 5868 msisadrv - ok
11:46:37.0056 5868 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
11:46:37.0061 5868 MSiSCSI - ok
11:46:37.0069 5868 msiserver - ok
11:46:37.0111 5868 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
11:46:37.0113 5868 MSKSSRV - ok
11:46:37.0121 5868 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
11:46:37.0124 5868 MSPCLOCK - ok
11:46:37.0145 5868 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
11:46:37.0147 5868 MSPQM - ok
11:46:37.0232 5868 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
11:46:37.0238 5868 MsRPC - ok
11:46:37.0257 5868 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
11:46:37.0259 5868 mssmbios - ok
11:46:37.0288 5868 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
11:46:37.0289 5868 MSTEE - ok
11:46:37.0299 5868 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
11:46:37.0301 5868 MTConfig - ok
11:46:37.0324 5868 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
11:46:37.0326 5868 Mup - ok
11:46:37.0364 5868 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
11:46:37.0372 5868 napagent - ok
11:46:37.0439 5868 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
11:46:37.0445 5868 NativeWifiP - ok
11:46:37.0489 5868 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
11:46:37.0569 5868 NDIS - ok
11:46:37.0590 5868 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
11:46:37.0592 5868 NdisCap - ok
11:46:37.0619 5868 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
11:46:37.0621 5868 NdisTapi - ok
11:46:37.0634 5868 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
11:46:37.0636 5868 Ndisuio - ok
11:46:37.0713 5868 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
11:46:37.0716 5868 NdisWan - ok
11:46:37.0731 5868 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
11:46:37.0733 5868 NDProxy - ok
11:46:37.0753 5868 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
11:46:37.0755 5868 NetBIOS - ok
11:46:37.0830 5868 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
11:46:37.0834 5868 NetBT - ok
11:46:37.0845 5868 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
11:46:37.0847 5868 Netlogon - ok
11:46:37.0880 5868 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
11:46:37.0887 5868 Netman - ok
11:46:37.0919 5868 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:46:37.0922 5868 NetMsmqActivator - ok
11:46:37.0929 5868 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:46:37.0932 5868 NetPipeActivator - ok
11:46:38.0003 5868 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
11:46:38.0011 5868 netprofm - ok
11:46:38.0062 5868 [ A98071E3E1E5E503462CC9E0DED91A36 ] netr28x C:\Windows\system32\DRIVERS\netr28x.sys
11:46:38.0152 5868 netr28x - ok
11:46:38.0174 5868 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:46:38.0177 5868 NetTcpActivator - ok
11:46:38.0183 5868 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:46:38.0185 5868 NetTcpPortSharing - ok
11:46:38.0213 5868 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
11:46:38.0215 5868 nfrd960 - ok
11:46:38.0299 5868 [ 1B57976ACCFBBCFEB101AE702C7A740A ] NitroDriverReadSpool2 C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe
11:46:38.0303 5868 NitroDriverReadSpool2 - ok
11:46:38.0339 5868 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
11:46:38.0345 5868 NlaSvc - ok
11:46:38.0427 5868 [ 60EF6771E349EB9173142AB34AFC5A4C ] nlsX86cc C:\Windows\SysWOW64\NLSSRV32.EXE
11:46:38.0429 5868 nlsX86cc - ok
11:46:38.0456 5868 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
11:46:38.0458 5868 Npfs - ok
11:46:38.0490 5868 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
11:46:38.0493 5868 nsi - ok
11:46:38.0505 5868 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
11:46:38.0507 5868 nsiproxy - ok
11:46:38.0598 5868 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
11:46:38.0691 5868 Ntfs - ok
11:46:38.0719 5868 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
11:46:38.0720 5868 Null - ok
11:46:38.0796 5868 [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x64.sys
11:46:38.0802 5868 NVENETFD - ok
11:46:38.0824 5868 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
11:46:38.0828 5868 nvraid - ok
11:46:38.0862 5868 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
11:46:38.0866 5868 nvstor - ok
11:46:38.0883 5868 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
11:46:38.0887 5868 nv_agp - ok
11:46:38.0912 5868 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
11:46:38.0916 5868 ohci1394 - ok
11:46:38.0989 5868 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:46:38.0992 5868 ose - ok
11:46:39.0201 5868 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
11:46:39.0339 5868 osppsvc - ok
11:46:39.0401 5868 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
11:46:39.0407 5868 p2pimsvc - ok
11:46:39.0484 5868 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
11:46:39.0492 5868 p2psvc - ok
11:46:39.0526 5868 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
11:46:39.0530 5868 Parport - ok
11:46:39.0567 5868 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
11:46:39.0569 5868 partmgr - ok
11:46:39.0604 5868 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
11:46:39.0609 5868 PcaSvc - ok
11:46:39.0682 5868 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
11:46:39.0685 5868 pci - ok
11:46:39.0700 5868 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
11:46:39.0702 5868 pciide - ok
11:46:39.0740 5868 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
11:46:39.0744 5868 pcmcia - ok
11:46:39.0762 5868 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
11:46:39.0764 5868 pcw - ok
11:46:39.0848 5868 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
11:46:39.0871 5868 PEAUTH - ok
11:46:39.0906 5868 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
11:46:39.0909 5868 PerfHost - ok
11:46:39.0984 5868 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
11:46:40.0075 5868 pla - ok
11:46:40.0120 5868 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
11:46:40.0129 5868 PlugPlay - ok
11:46:40.0153 5868 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
11:46:40.0156 5868 PNRPAutoReg - ok
11:46:40.0179 5868 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
11:46:40.0185 5868 PNRPsvc - ok
11:46:40.0211 5868 [ 4F0878FD62D5F7444C5F1C4C66D9D293 ] Point64 C:\Windows\system32\DRIVERS\point64.sys
11:46:40.0213 5868 Point64 - ok
11:46:40.0258 5868 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
11:46:40.0266 5868 PolicyAgent - ok
11:46:40.0306 5868 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
11:46:40.0310 5868 Power - ok
11:46:40.0342 5868 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
11:46:40.0345 5868 PptpMiniport - ok
11:46:40.0376 5868 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
11:46:40.0378 5868 Processor - ok
11:46:40.0397 5868 PROCEXP151 - ok
11:46:40.0440 5868 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
11:46:40.0445 5868 ProfSvc - ok
11:46:40.0467 5868 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
11:46:40.0469 5868 ProtectedStorage - ok
11:46:40.0542 5868 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
11:46:40.0545 5868 Psched - ok
11:46:40.0605 5868 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
11:46:40.0650 5868 ql2300 - ok
11:46:40.0675 5868 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
11:46:40.0678 5868 ql40xx - ok
11:46:40.0686 5868 QWAVE - ok
11:46:40.0703 5868 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
11:46:40.0705 5868 QWAVEdrv - ok
11:46:40.0723 5868 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
11:46:40.0725 5868 RasAcd - ok
11:46:40.0752 5868 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
11:46:40.0754 5868 RasAgileVpn - ok
11:46:40.0779 5868 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
11:46:40.0783 5868 RasAuto - ok
11:46:40.0797 5868 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
11:46:40.0801 5868 Rasl2tp - ok
11:46:40.0880 5868 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
11:46:40.0887 5868 RasMan - ok
11:46:40.0906 5868 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
11:46:40.0908 5868 RasPppoe - ok
11:46:40.0933 5868 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
11:46:40.0935 5868 RasSstp - ok
11:46:41.0015 5868 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
11:46:41.0020 5868 rdbss - ok
11:46:41.0041 5868 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
11:46:41.0043 5868 rdpbus - ok
11:46:41.0061 5868 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
11:46:41.0063 5868 RDPCDD - ok
11:46:41.0078 5868 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
11:46:41.0079 5868 RDPENCDD - ok
11:46:41.0093 5868 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
11:46:41.0095 5868 RDPREFMP - ok
11:46:41.0141 5868 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
11:46:41.0146 5868 RDPWD - ok
11:46:41.0156 5868 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
11:46:41.0159 5868 rdyboost - ok
11:46:41.0195 5868 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
11:46:41.0199 5868 RemoteAccess - ok
11:46:41.0233 5868 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
11:46:41.0237 5868 RemoteRegistry - ok
11:46:41.0290 5868 [ 085D18C71AB2611A3D61528132B6501E ] RoxioNow Service C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
11:46:41.0295 5868 RoxioNow Service - ok
11:46:41.0310 5868 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
11:46:41.0314 5868 RpcEptMapper - ok
11:46:41.0335 5868 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
11:46:41.0338 5868 RpcLocator - ok
11:46:41.0419 5868 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
11:46:41.0425 5868 RpcSs - ok
11:46:41.0463 5868 [ 9D21618E7A3B2C75CF1A2ECBBE723730 ] RSPCIESTOR C:\Windows\system32\DRIVERS\RtsPStor.sys
11:46:41.0467 5868 RSPCIESTOR - ok
11:46:41.0501 5868 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
11:46:41.0504 5868 rspndr - ok
11:46:41.0546 5868 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
11:46:41.0552 5868 RTL8167 - ok
11:46:41.0567 5868 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
11:46:41.0570 5868 SamSs - ok
11:46:41.0649 5868 [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
11:46:41.0650 5868 SASDIFSV - ok
11:46:41.0666 5868 [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
11:46:41.0667 5868 SASKUTIL - ok
11:46:41.0721 5868 [ 687CDADD7B13529E6D6EDA30B3F67051 ] SbieDrv C:\Program Files\Sandboxie\SbieDrv.sys
11:46:41.0737 5868 SbieDrv - ok
11:46:41.0756 5868 [ 4CDB30762D89264FF570D2C64BA9B8A6 ] SbieSvc C:\Program Files\Sandboxie\SbieSvc.exe
11:46:41.0772 5868 SbieSvc - ok
11:46:41.0799 5868 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
11:46:41.0802 5868 sbp2port - ok
11:46:41.0834 5868 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
11:46:41.0839 5868 SCardSvr - ok
11:46:41.0847 5868 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
11:46:41.0850 5868 scfilter - ok
11:46:41.0886 5868 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
11:46:41.0977 5868 Schedule - ok
11:46:42.0017 5868 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
11:46:42.0019 5868 SCPolicySvc - ok
11:46:42.0062 5868 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
11:46:42.0065 5868 sdbus - ok
11:46:42.0101 5868 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
11:46:42.0106 5868 SDRSVC - ok
11:46:42.0165 5868 [ CC781378E7EDA615D2CDCA3B17829FA4 ] SeaPort C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
11:46:42.0168 5868 SeaPort - ok
11:46:42.0197 5868 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
11:46:42.0199 5868 secdrv - ok
11:46:42.0206 5868 seclogon - ok
11:46:42.0230 5868 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
11:46:42.0235 5868 SENS - ok
11:46:42.0275 5868 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
11:46:42.0278 5868 SensrSvc - ok
11:46:42.0296 5868 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
11:46:42.0298 5868 Serenum - ok
11:46:42.0307 5868 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
11:46:42.0311 5868 Serial - ok
11:46:42.0319 5868 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
11:46:42.0322 5868 sermouse - ok
11:46:42.0358 5868 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
11:46:42.0362 5868 SessionEnv - ok
11:46:42.0390 5868 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
11:46:42.0393 5868 sffdisk - ok
11:46:42.0402 5868 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
11:46:42.0405 5868 sffp_mmc - ok
11:46:42.0413 5868 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
11:46:42.0417 5868 sffp_sd - ok
11:46:42.0426 5868 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
11:46:42.0428 5868 sfloppy - ok
11:46:42.0536 5868 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
11:46:42.0542 5868 SharedAccess - ok
11:46:42.0594 5868 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
11:46:42.0601 5868 ShellHWDetection - ok
11:46:42.0634 5868 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
11:46:42.0637 5868 SiSRaid2 - ok
11:46:42.0646 5868 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
11:46:42.0649 5868 SiSRaid4 - ok
11:46:42.0699 5868 [ DDAA5F4A6B958FC313EBD02DD925752F ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
11:46:42.0701 5868 SkypeUpdate - ok
11:46:42.0710 5868 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
11:46:42.0714 5868 Smb - ok
11:46:42.0757 5868 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
11:46:42.0760 5868 SNMPTRAP - ok
11:46:42.0816 5868 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
11:46:42.0818 5868 spldr - ok
11:46:42.0855 5868 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
11:46:42.0863 5868 Spooler - ok
11:46:43.0029 5868 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
11:46:43.0061 5868 sppsvc - ok
11:46:43.0101 5868 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
11:46:43.0105 5868 sppuinotify - ok
11:46:43.0141 5868 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
11:46:43.0148 5868 srv - ok
11:46:43.0219 5868 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
11:46:43.0226 5868 srv2 - ok
11:46:43.0260 5868 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
11:46:43.0266 5868 SrvHsfHDA - ok
11:46:43.0363 5868 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
11:46:43.0454 5868 SrvHsfV92 - ok
11:46:43.0502 5868 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
11:46:43.0580 5868 SrvHsfWinac - ok
11:46:43.0639 5868 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
11:46:43.0642 5868 srvnet - ok
11:46:43.0687 5868 [ 8F8324ED1DE63FFC7B1A02CD2D963C72 ] ssadbus C:\Windows\system32\DRIVERS\ssadbus.sys
11:46:43.0690 5868 ssadbus - ok
11:46:43.0731 5868 [ 58221EFCB74167B73667F0024C661CE0 ] ssadmdfl C:\Windows\system32\DRIVERS\ssadmdfl.sys
11:46:43.0733 5868 ssadmdfl - ok
11:46:43.0822 5868 [ 4DA7C71BFAC5AD71255B7E4CAB980163 ] ssadmdm C:\Windows\system32\DRIVERS\ssadmdm.sys
11:46:43.0826 5868 ssadmdm - ok
11:46:43.0878 5868 [ D33D1BD3EC0E766211A234F56A12726D ] ssadserd C:\Windows\system32\DRIVERS\ssadserd.sys
11:46:43.0881 5868 ssadserd - ok
11:46:43.0919 5868 [ ED161B91FDF7EAA39469D72D463D5F4E ] sscdbus C:\Windows\system32\DRIVERS\sscdbus.sys
11:46:43.0923 5868 sscdbus - ok
11:46:43.0952 5868 [ 4CB09E77593DBD8D7AF33B37375CA715 ] sscdmdfl C:\Windows\system32\DRIVERS\sscdmdfl.sys
11:46:43.0954 5868 sscdmdfl - ok
11:46:44.0037 5868 [ C7B4CF53497A6E5363F3439427663882 ] sscdmdm C:\Windows\system32\DRIVERS\sscdmdm.sys
11:46:44.0041 5868 sscdmdm - ok
11:46:44.0099 5868 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
11:46:44.0104 5868 SSDPSRV - ok
11:46:44.0132 5868 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
11:46:44.0136 5868 SstpSvc - ok
11:46:44.0293 5868 [ 20E27AA5BCC01C2149830C05FE22F675 ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe
11:46:44.0297 5868 STacSV - ok
11:46:44.0328 5868 Steam Client Service - ok
11:46:44.0361 5868 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
11:46:44.0363 5868 stexstor - ok
11:46:44.0428 5868 [ BEB37CE4E7456F5EFA52D783D1E06D8C ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
11:46:44.0452 5868 STHDA - ok
11:46:44.0501 5868 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
11:46:44.0580 5868 stisvc - ok
11:46:44.0616 5868 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
11:46:44.0617 5868 swenum - ok
11:46:44.0664 5868 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
11:46:44.0673 5868 swprv - ok
11:46:44.0715 5868 [ AC3CC98B1BDB6540021D3FFB105AC2B9 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
11:46:44.0720 5868 SynTP - ok
11:46:44.0795 5868 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
11:46:44.0886 5868 SysMain - ok
11:46:44.0931 5868 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
11:46:44.0935 5868 TabletInputService - ok
11:46:45.0006 5868 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
11:46:45.0013 5868 TapiSrv - ok
11:46:45.0036 5868 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
11:46:45.0039 5868 TBS - ok
11:46:45.0121 5868 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
11:46:45.0139 5868 Tcpip - ok
11:46:45.0220 5868 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
11:46:45.0239 5868 TCPIP6 - ok
11:46:45.0277 5868 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
11:46:45.0279 5868 tcpipreg - ok
11:46:45.0299 5868 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
11:46:45.0301 5868 TDPIPE - ok
11:46:45.0337 5868 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
11:46:45.0340 5868 TDTCP - ok
11:46:45.0364 5868 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
11:46:45.0367 5868 tdx - ok
11:46:45.0392 5868 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
11:46:45.0394 5868 TermDD - ok
11:46:45.0428 5868 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
11:46:45.0451 5868 TermService - ok
11:46:45.0472 5868 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
11:46:45.0476 5868 Themes - ok
11:46:45.0508 5868 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
11:46:45.0510 5868 THREADORDER - ok
11:46:45.0543 5868 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
11:46:45.0548 5868 TrkWks - ok
11:46:45.0603 5868 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
11:46:45.0606 5868 TrustedInstaller - ok
11:46:45.0637 5868 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
11:46:45.0639 5868 tssecsrv - ok
11:46:45.0649 5868 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
11:46:45.0652 5868 TsUsbFlt - ok
11:46:45.0669 5868 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
11:46:45.0672 5868 TsUsbGD - ok
11:46:45.0698 5868 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
11:46:45.0701 5868 tunnel - ok
11:46:45.0712 5868 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
11:46:45.0714 5868 uagp35 - ok
11:46:45.0779 5868 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
11:46:45.0785 5868 udfs - ok
11:46:45.0833 5868 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
11:46:45.0836 5868 UI0Detect - ok
11:46:45.0862 5868 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
11:46:45.0865 5868 uliagpkx - ok
11:46:45.0881 5868 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
11:46:45.0883 5868 umbus - ok
11:46:45.0902 5868 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
11:46:45.0905 5868 UmPass - ok
11:46:45.0947 5868 [ 67A95B9D129ED5399E7965CD09CF30E7 ] UMVPFSrv C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
11:46:45.0952 5868 UMVPFSrv - ok
11:46:45.0992 5868 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
11:46:46.0000 5868 upnphost - ok
11:46:46.0029 5868 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
11:46:46.0032 5868 usbaudio - ok
11:46:46.0072 5868 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
11:46:46.0075 5868 usbccgp - ok
11:46:46.0115 5868 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
11:46:46.0117 5868 usbcir - ok
11:46:46.0142 5868 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
11:46:46.0144 5868 usbehci - ok
11:46:46.0181 5868 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
11:46:46.0187 5868 usbhub - ok
11:46:46.0206 5868 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
11:46:46.0208 5868 usbohci - ok
11:46:46.0225 5868 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
11:46:46.0228 5868 usbprint - ok
11:46:46.0258 5868 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
11:46:46.0260 5868 usbscan - ok
11:46:46.0285 5868 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:46:46.0289 5868 USBSTOR - ok
11:46:46.0317 5868 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
11:46:46.0320 5868 usbuhci - ok
11:46:46.0346 5868 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
11:46:46.0350 5868 usbvideo - ok
11:46:46.0379 5868 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
11:46:46.0382 5868 UxSms - ok
11:46:46.0401 5868 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
11:46:46.0403 5868 VaultSvc - ok
11:46:46.0425 5868 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
11:46:46.0426 5868 vdrvroot - ok
11:46:46.0511 5868 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
11:46:46.0557 5868 vds - ok
11:46:46.0589 5868 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
11:46:46.0591 5868 vga - ok
11:46:46.0609 5868 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
11:46:46.0611 5868 VgaSave - ok
11:46:46.0625 5868 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
11:46:46.0629 5868 vhdmp - ok
11:46:46.0641 5868 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
11:46:46.0643 5868 viaide - ok
11:46:46.0668 5868 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
11:46:46.0670 5868 volmgr - ok
11:46:46.0744 5868 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
11:46:46.0750 5868 volmgrx - ok
11:46:46.0765 5868 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
11:46:46.0771 5868 volsnap - ok
11:46:46.0843 5868 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
11:46:46.0847 5868 vsmraid - ok
11:46:46.0971 5868 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
11:46:47.0062 5868 VSS - ok
11:46:47.0080 5868 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
11:46:47.0082 5868 vwifibus - ok
11:46:47.0110 5868 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
11:46:47.0113 5868 vwififlt - ok
11:46:47.0187 5868 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
11:46:47.0195 5868 W32Time - ok
11:46:47.0224 5868 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
11:46:47.0227 5868 WacomPen - ok
11:46:47.0249 5868 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
11:46:47.0252 5868 WANARP - ok
11:46:47.0261 5868 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
11:46:47.0263 5868 Wanarpv6 - ok
11:46:47.0315 5868 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
11:46:47.0406 5868 WatAdminSvc - ok
11:46:47.0475 5868 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
11:46:47.0565 5868 wbengine - ok
11:46:47.0603 5868 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
11:46:47.0609 5868 WbioSrvc - ok
11:46:47.0691 5868 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
11:46:47.0698 5868 wcncsvc - ok
11:46:47.0727 5868 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
11:46:47.0731 5868 WcsPlugInService - ok
11:46:47.0763 5868 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
11:46:47.0765 5868 Wd - ok
11:46:47.0849 5868 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
11:46:47.0928 5868 Wdf01000 - ok
11:46:47.0945 5868 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
11:46:47.0949 5868 WdiServiceHost - ok
11:46:47.0961 5868 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
11:46:47.0964 5868 WdiSystemHost - ok
11:46:48.0008 5868 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
11:46:48.0014 5868 WebClient - ok
11:46:48.0088 5868 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
11:46:48.0094 5868 Wecsvc - ok
11:46:48.0126 5868 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
11:46:48.0130 5868 wercplsupport - ok
11:46:48.0150 5868 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
11:46:48.0154 5868 WerSvc - ok
11:46:48.0180 5868 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
11:46:48.0182 5868 WfpLwf - ok
11:46:48.0203 5868 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
11:46:48.0206 5868 WIMMount - ok
11:46:48.0234 5868 WinDefend - ok
11:46:48.0280 5868 WinHttpAutoProxySvc - ok
11:46:48.0376 5868 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
11:46:48.0380 5868 Winmgmt - ok
11:46:48.0455 5868 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
11:46:48.0558 5868 WinRM - ok
11:46:48.0610 5868 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUSB.sys
11:46:48.0612 5868 WinUsb - ok
11:46:48.0665 5868 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
11:46:48.0755 5868 Wlansvc - ok
11:46:48.0801 5868 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
11:46:48.0803 5868 wlcrasvc - ok
11:46:48.0912 5868 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:46:48.0934 5868 wlidsvc - ok
11:46:48.0969 5868 [ 680A7846370000D20D7E74917D5B7936 ] WmBEnum C:\Windows\system32\drivers\WmBEnum.sys
11:46:48.0971 5868 WmBEnum - ok
11:46:48.0994 5868 [ 14C35BA8189C6F65D839163AA285E954 ] WmFilter C:\Windows\system32\drivers\WmFilter.sys
11:46:48.0997 5868 WmFilter - ok
11:46:49.0014 5868 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
11:46:49.0015 5868 WmiAcpi - ok
11:46:49.0057 5868 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
11:46:49.0061 5868 wmiApSrv - ok
11:46:49.0090 5868 WMPNetworkSvc - ok
11:46:49.0131 5868 [ 8488DD91A3EE54A8E29F02AD7BB8201E ] WmVirHid C:\Windows\system32\drivers\WmVirHid.sys
11:46:49.0133 5868 WmVirHid - ok
11:46:49.0150 5868 [ 14802B3A30AA849C97CB968CCC813BF3 ] WmXlCore C:\Windows\system32\drivers\WmXlCore.sys
11:46:49.0153 5868 WmXlCore - ok
11:46:49.0195 5868 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
11:46:49.0199 5868 WPCSvc - ok
11:46:49.0217 5868 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
11:46:49.0222 5868 WPDBusEnum - ok
11:46:49.0260 5868 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
11:46:49.0262 5868 ws2ifsl - ok
11:46:49.0280 5868 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
11:46:49.0285 5868 wscsvc - ok
11:46:49.0295 5868 WSearch - ok
11:46:49.0376 5868 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
11:46:49.0479 5868 wuauserv - ok
11:46:49.0519 5868 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
11:46:49.0522 5868 WudfPf - ok
11:46:49.0594 5868 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
11:46:49.0598 5868 WUDFRd - ok
11:46:49.0627 5868 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
11:46:49.0632 5868 wudfsvc - ok
11:46:49.0712 5868 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
11:46:49.0717 5868 WwanSvc - ok
11:46:49.0727 5868 X6va006 - ok
11:46:49.0779 5868 [ 38F55D07B1D3391065C40EC065F984E2 ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys
11:46:49.0783 5868 xusb21 - ok
11:46:49.0861 5868 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
11:46:49.0867 5868 YahooAUService - ok
11:46:49.0898 5868 ================ Scan global ===============================
11:46:49.0956 5868 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
11:46:49.0984 5868 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
11:46:49.0997 5868 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
11:46:50.0031 5868 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
11:46:50.0068 5868 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
11:46:50.0073 5868 [Global] - ok
11:46:50.0073 5868 ================ Scan MBR ==================================
11:46:50.0088 5868 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
11:46:50.0336 5868 \Device\Harddisk0\DR0 - ok
11:46:50.0337 5868 ================ Scan VBR ==================================
11:46:50.0342 5868 [ D03A20C2F52C735684860DBB35ED2645 ] \Device\Harddisk0\DR0\Partition1
11:46:50.0344 5868 \Device\Harddisk0\DR0\Partition1 - ok
11:46:50.0356 5868 [ FC8C46FA8943904F2AA72DDA9DFC7624 ] \Device\Harddisk0\DR0\Partition2
11:46:50.0357 5868 \Device\Harddisk0\DR0\Partition2 - ok
11:46:50.0392 5868 [ 252A36EBEFF2E325D4CE13A22B87FAAA ] \Device\Harddisk0\DR0\Partition3
11:46:50.0394 5868 \Device\Harddisk0\DR0\Partition3 - ok
11:46:50.0406 5868 [ 15C1A71C423831B5897BC2B0183C9F91 ] \Device\Harddisk0\DR0\Partition4
11:46:50.0408 5868 \Device\Harddisk0\DR0\Partition4 - ok
11:46:50.0409 5868 ============================================================
11:46:50.0409 5868 Scan finished
11:46:50.0409 5868 ============================================================
11:46:50.0426 3856 Detected object count: 0
11:46:50.0426 3856 Actual detected object count: 0

#6 saberleo456

saberleo456
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:23 PM

Posted 05 October 2012 - 11:01 PM

Here is the other log, again sorry for the delay.

Attached Files



#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:23 PM

Posted 06 October 2012 - 08:03 AM

Logs are clean. Now run these tools.

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall
<- Important

Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html


Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please download AdwCleaner by Xplode onto your Desktop.

  • Please close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

Please post the logs for my review.

#8 saberleo456

saberleo456
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:23 PM

Posted 06 October 2012 - 04:34 PM

Took a while, but here are the Combofix, Security Check, and adwcleaner logs:

ComboFix 12-10-04.02 - Tony 10/06/2012 12:28:27.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5611.4063 [GMT -7:00]
Running from: c:\users\Tony\Desktop\ComboFix.exe
AV: AVG Internet Security Business Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Internet Security Business Edition 2012 *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security Business Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Tony\AppData\Local\Temp\XTMP1MC3VE\DEM9368.tmp
c:\users\Tony\AppData\Local\Temp\XTMP1MC3VE\DEM937A.tmp
c:\users\Tony\AppData\Local\Temp\XTMP1MC3VE\DEM937C.tmp
c:\users\Tony\AppData\Local\Temp\XTMP1MC3VE\DEM938D.tmp
c:\users\Tony\AppData\Local\Temp\XTMP1MC3VE\DEM939F.tmp
c:\users\Tony\AppData\Local\Temp\XTMP1MC3VE\DEM93A1.tmp
c:\users\Tony\AppData\Local\Temp\XTMP1MC3VE\DEM93B3.tmp
c:\users\Tony\AppData\Local\Temp\XTMP1MC3VE\DEM953B.tmp
c:\users\Tony\AppData\Local\Temp\XTMP1MC3VE\DEM9675.tmp
c:\users\Tony\AppData\Local\Temp\XTMP1MC3VE\DEM9686.tmp
c:\users\Tony\AppData\Local\Temp\XTMP1MC3VE\DEM9688.tmp
c:\users\Tony\AppData\Local\Temp\XTMP1MC3VE\DEM96B9.tmp
c:\users\Tony\AppData\Local\Temp\XTMP1MC3VE\DEM96CB.tmp
c:\users\Tony\AppData\Local\Temp\XTMP1MC3VE\DEM96CD.tmp
c:\users\Tony\AppData\Local\Temp\XTMP1MC3VE\DEM96DE.tmp
c:\users\Tony\AppData\Local\Temp\XTMP1MC3VE\DEM96F0.tmp
c:\users\Tony\AppData\Local\Temp\XTMP1MC3VE\DEM96F2.tmp
c:\users\Tony\AppData\Local\Temp\XTMP1MC3VE\DEM9703.tmp
c:\users\Tony\AppData\Local\Temp\XTMP1MC3VE\DEM9956.tmp
c:\users\Tony\AppData\Local\Temp\XTMP1MC3VE\DEM9968.tmp
c:\users\Tony\AppData\Local\Temp\XTMP1MC3VE\DEM9B5D.tmp
c:\users\Tony\AppData\Local\Temp\XTMP1MC3VE\DEM9B6F.tmp
c:\users\Tony\AppData\Local\Temp\XTMP1MC3VE\DEM9C2C.tmp
c:\users\Tony\AppData\Local\Temp\XTMP1MC3VE\DEM9EBE.tmp
c:\users\Tony\AppData\Local\Temp\XTMP1MC3VE\DEM9F2D.tmp
c:\users\Tony\AppData\Local\Temp\XTMP1MC3VE\DEMA0D4.tmp
c:\users\Tony\AppData\Local\Temp\XTMP1MC3VE\DEMA1EF.tmp
c:\users\Tony\AppData\Local\Temp\XTMP1MC3VE\DEMA3A6.tmp
c:\users\Tony\AppData\Local\Temp\XTMP1MC3VE\DEMA7B0.tmp
c:\users\Tony\AppData\Local\Temp\XTMP1MC3VE\DEMA8AB.tmp
c:\users\Tony\AppData\Local\Temp\XTMP1MC3VE\DEMAB4C.tmp
c:\users\Tony\AppData\Local\Temp\XTMP1MC3VE\DEMABDA.tmp
c:\users\Tony\AppData\Local\Temp\XTMP1MC3VE\DEMAE0E.tmp
c:\users\Tony\AppData\Local\Temp\XTMP1MC3VE\DEMAF19.tmp
c:\users\Tony\AppData\Local\Temp\XTMP1MC3VE\DEMAFF6.tmp
c:\users\Tony\AppData\Local\Temp\XTMP1MC3VE\DEMB1BC.tmp
c:\users\Tony\AppData\Local\Temp\XTMP1MC3VE\DEMB45D.tmp
c:\users\Tony\AppData\Local\Temp\XTMP1MC3VE\DEMB49D.tmp
c:\users\Tony\AppData\Local\Temp\XTMP1MC3VE\DEMB4ED.tmp
c:\users\Tony\AppData\Local\Temp\XTMP1MC3VE\DEMB618.tmp
c:\users\Tony\AppData\Local\Temp\XTMP1MC3VE\DEMB6C5.tmp
c:\users\Tony\AppData\Local\Temp\XTMP1MC3VE\DEMB763.tmp
c:\users\Tony\AppData\Local\Temp\XTMP1MC3VE\DEMB8EC.tmp
c:\users\Tony\AppData\Local\Temp\XTMP1MC3VE\DEMB90D.tmp
c:\users\Tony\AppData\Local\Temp\XTMP1MC3VE\DEMB93E.tmp
c:\users\Tony\AppData\Local\Temp\XTMP1MC3VE\DEMBA69.tmp
c:\users\Tony\AppData\Local\Temp\YTMP7MC8AA\TAAA50F.tmp
c:\windows\system32\config\systemprofile\avg-06566e35-32d7-4276-b007-e7073e75160b.tmp
c:\windows\system32\config\systemprofile\avg-0aa8d77a-a65e-4f11-957a-1b063fa23e01.tmp
c:\windows\system32\config\systemprofile\avg-0cd5fc33-f582-4228-ae0b-2b7d216bbb33.tmp
c:\windows\system32\config\systemprofile\avg-0e8cb669-c835-4c16-a336-a479ddcdbe0d.tmp
c:\windows\system32\config\systemprofile\avg-14837262-44a5-4b77-853a-4f3bf75fe012.tmp
c:\windows\system32\config\systemprofile\avg-1df69f65-62ef-4129-947e-474c4970b942.tmp
c:\windows\system32\config\systemprofile\avg-1e8e5764-85b7-4313-ad26-01797d7acd64.tmp
c:\windows\system32\config\systemprofile\avg-2f502550-3022-4931-a207-d439701d502e.tmp
c:\windows\system32\config\systemprofile\avg-49fdbf47-6f49-437f-b089-bb4dd5c9465b.tmp
c:\windows\system32\config\systemprofile\avg-4eeec530-f597-4977-80a7-957bbce51410.tmp
c:\windows\system32\config\systemprofile\avg-6fbdc03a-2a0c-4020-a43c-783e09a15727.tmp
c:\windows\system32\config\systemprofile\avg-724bc718-d1d5-4b11-b093-6d3e67841462.tmp
c:\windows\system32\config\systemprofile\avg-79af8f35-f9e6-4405-9d2e-d322d212e63f.tmp
c:\windows\system32\config\systemprofile\avg-7e990b44-7ae6-4c4c-8fb2-4c68e277ab33.tmp
c:\windows\system32\config\systemprofile\avg-7f7e4b0e-80a7-496b-9ea9-2836245b7b61.tmp
c:\windows\system32\config\systemprofile\avg-856cc016-68a5-4d4e-9f69-de4271dddc22.tmp
c:\windows\system32\config\systemprofile\avg-935b8964-0eaa-4a1c-a846-6a2c065fe638.tmp
c:\windows\system32\config\systemprofile\avg-a36da012-f532-4420-b152-4c5ba7cfa908.tmp
c:\windows\system32\config\systemprofile\avg-cf876226-2a3b-4f43-9464-4072bdeabc7a.tmp
c:\windows\system32\config\systemprofile\avg-d26fe47b-a22a-470a-9c66-3f5ba414ef30.tmp
c:\windows\system32\config\systemprofile\avg-d737d617-3d4d-4c3d-a354-1d0fbeb9cf05.tmp
c:\windows\system32\config\systemprofile\avg-dbd66e7d-e7df-4722-b318-d94e4c490b17.tmp
c:\windows\system32\config\systemprofile\avg-de810144-0adc-4f54-83d6-af75a3cf5a20.tmp
c:\windows\system32\config\systemprofile\avg-e18f3e62-e5a4-4343-9dfd-c611cd308907.tmp
c:\windows\system32\config\systemprofile\avg-ed682219-696f-4117-bdb3-83569411554b.tmp
c:\windows\system32\config\systemprofile\avg-f54c6b1f-155c-4926-b77b-aa747cfb6106.tmp
c:\windows\system32\config\systemprofile\avg-f5c3d829-3529-4e57-92ce-b5078e86454b.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-09-06 to 2012-10-06 )))))))))))))))))))))))))))))))
.
.
2012-10-06 20:01 . 2012-10-06 20:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-05 22:38 . 2012-10-05 22:38 -------- d-----w- c:\program files\ATI
2012-10-05 06:44 . 2012-10-05 06:44 -------- d-----w- c:\program files (x86)\Common Files\Microsoft Games
2012-10-05 06:37 . 2012-10-05 06:37 -------- d-----w- c:\program files (x86)\Microsoft Games
2012-09-30 05:41 . 2012-09-30 05:41 -------- d-----w- c:\users\Tony\AppData\Roaming\JGsoft
2012-09-30 05:41 . 2012-09-30 05:41 -------- d-----w- c:\program files\Just Great Software
2012-09-30 05:41 . 2012-05-31 16:21 559992 ----a-w- c:\windows\UnDeploy64.exe
2012-09-28 06:13 . 2012-09-28 06:13 -------- d-----w- c:\programdata\REVOLT
2012-09-28 05:52 . 2012-09-28 05:52 -------- d-----w- c:\users\Tony\AppData\Roaming\gd.sos.McPixel
2012-09-28 05:52 . 2012-09-28 05:52 -------- d-----w- c:\program files (x86)\McPixel
2012-09-28 04:45 . 2012-10-04 21:43 -------- d-----w- c:\program files (x86)\FTL
2012-09-26 06:41 . 2012-09-26 06:41 -------- d-----w- c:\users\Tony\AppData\Roaming\SUPERAntiSpyware.com
2012-09-26 06:40 . 2012-09-26 06:41 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-09-26 06:40 . 2012-09-26 06:40 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-09-22 06:57 . 2012-09-22 06:57 -------- d-----w- c:\users\Tony\AppData\Roaming\AccurateRip
2012-09-22 06:56 . 2012-09-22 06:56 4022504 ----a-w- c:\windows\SysWow64\SpoonUninstall.exe
2012-09-22 06:56 . 2012-09-22 06:56 -------- d-----w- c:\program files (x86)\Illustrate
2012-09-16 21:02 . 2012-09-16 21:02 -------- d-----w- c:\users\Tony\AppData\Roaming\Malwarebytes
2012-09-16 21:02 . 2012-09-16 21:02 -------- d-----w- c:\programdata\Malwarebytes
2012-09-16 21:02 . 2012-09-16 21:02 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-09-16 21:02 . 2012-09-08 00:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-16 20:32 . 2012-09-16 20:32 -------- d-----w- c:\program files (x86)\NirSoft
2012-09-15 06:17 . 2012-09-15 06:17 -------- d-----w- c:\program files (x86)\Medieval Software
2012-09-12 18:22 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-12 18:22 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 18:22 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-12 18:22 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-09-12 18:22 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-12 18:22 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 18:22 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-11 21:06 . 2012-09-11 21:06 -------- d-----w- c:\program files (x86)\SDA
2012-09-11 03:25 . 2012-09-11 03:26 -------- d-----w- c:\users\Tony\AppData\Roaming\ooVoo Details
2012-09-11 03:24 . 2012-09-11 03:24 -------- d-----w- c:\program files (x86)\ooVoo
2012-09-08 01:14 . 2012-09-08 01:14 -------- d-----w- c:\program files (x86)\Wiimm
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-13 07:56 . 2012-01-28 22:14 64462936 ----a-w- c:\windows\system32\MRT.exe
2012-09-04 18:34 . 2012-09-04 18:34 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-04 18:34 . 2012-06-16 19:15 821736 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-09-04 18:34 . 2011-04-29 00:39 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-26 19:44 . 2012-03-31 17:08 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-26 19:44 . 2012-01-28 01:03 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-24 22:43 . 2012-08-24 22:43 384352 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2012-08-18 03:07 . 2012-08-18 03:07 268784 ----a-w- c:\windows\system32\javaws.exe
2012-08-18 03:07 . 2012-08-18 03:07 189424 ----a-w- c:\windows\system32\javaw.exe
2012-08-18 03:07 . 2012-08-18 03:07 188912 ----a-w- c:\windows\system32\java.exe
2012-08-18 03:07 . 2012-08-05 05:46 955888 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-08-18 03:07 . 2011-04-29 00:39 839152 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-02 22:13 . 2012-08-02 22:07 119296 ----a-w- c:\windows\SysWow64\zlib.dll
2012-07-28 05:47 . 2012-07-28 05:47 187392 ----a-w- c:\windows\system32\clinfo.exe
2012-07-28 05:47 . 2012-07-28 05:47 75776 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-07-28 05:47 . 2012-07-28 05:47 65024 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-07-28 05:47 . 2012-07-28 05:47 63488 ----a-w- c:\windows\system32\OVDecode64.dll
2012-07-28 05:47 . 2012-07-28 05:47 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-07-28 05:46 . 2012-07-28 05:46 16464896 ----a-w- c:\windows\system32\amdocl64.dll
2012-07-28 05:46 . 2012-07-28 05:46 13013504 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-07-28 03:43 . 2012-07-28 03:43 70144 ----a-w- c:\windows\system32\coinst_8.982.dll
2012-07-26 10:21 . 2012-07-26 10:21 291680 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2012-07-18 18:15 . 2012-08-14 19:00 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 18:00 . 2012-07-12 06:14 79872 ----a-w- c:\windows\SysWow64\ff_vfw.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-01-27 395640]
"Advanced SystemCare 5"="c:\program files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-05-28 288128]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"ManyCam"="c:\program files (x86)\ManyCam\Bin\ManyCam.exe" [2012-06-28 2160024]
"ooVoo.exe"="c:\program files (x86)\ooVoo\oovoo.exe" [2012-08-20 27040888]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-09-21 5664640]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-07-27 35768]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-22 91520]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2011-07-11 574008]
"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-05-23 103992]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"YouCam Service"="c:\program files (x86)\CyberLink\YouCam\YouCamService.exe" [2011-11-29 255208]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-12-09 74752]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 642216]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-08-29 1996200]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 CLKMSVC10_38F51D56;CyberLink Product - 2012/03/07 12:46;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2011-02-25 241648]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-10 86072]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-08 160944]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2010-12-21 36328]
R3 AtiDCM;AtiDCM;c:\users\Tony\AppData\Local\Temp\atdcm64a.sys [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 hpCMSrv;HP Connection Manager 4 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-05-23 1098296]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]
R3 LVUVC64;Logitech HD Webcam C310(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-22 30963576]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-08-17 113120]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 PROCEXP151;PROCEXP151; [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-06-02 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-06-02 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-06-02 177640]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-06-02 146920]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-28 1255736]
R3 X6va006;X6va006; [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2011-03-04 78976]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2011-03-04 38528]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [2011-05-23 48992]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-07-26 291680]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-08-24 384352]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-05-26 913792]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2012-03-07 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-09-16 204288]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-08-06 361984]
S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2012\avgfws.exe [2012-06-13 2321560]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-08-13 5167736]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe [x]
S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-02-18 265544]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-08-29 2369960]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-09-02 227896]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-14 30520]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-07-11 26680]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-03-08 2375168]
S2 NitroDriverReadSpool2;NitroPDFDriverCreatorReadSpool2;c:\program files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [2012-02-09 343032]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\NLSSRV32.EXE [2012-02-09 70136]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\amdhub30.sys [2011-03-18 87168]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-09-16 10206208]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-09-16 317952]
S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\amdxhc.sys [2011-03-18 188544]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;c:\windows\system32\DRIVERS\BazisVirtualCDBus.sys [2011-08-08 198480]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2011-04-14 31216]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2012-06-25 52320]
S3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys [2012-01-11 34304]
S3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys [2012-02-22 28160]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2011-07-19 1492992]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-03-25 337512]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - CLKMDRV10_38F51D56
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-06 c:\windows\Tasks\HPCeeScheduleForTony.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-03-07 1128448]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Download with &Shareaza - c:\program files (x86)\Shareaza\RazaWebHook32.dll/3000
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: Interfaces\{4D3C7E4D-7AAF-4A84-8B25-BBFEB52FA772}: NameServer = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\4kdxr6jf.default\
# Mozilla User Preferences
/* Do not edit this file.
*
* If you make changes to this file while the application is running,
* the changes will be overwritten when the application exits.
*
* To make a manual change to preferences, you can visit the URL about:config
* For more information, see hxxp://www.mozilla.org/unix/customizing.html#prefs
*/
FF - user.js: app.update.lastUpdateTime.addon-background-update-timer - 1329857255
FF - user.js: app.update.lastUpdateTime.background-update-timer - 1329857255
FF - user.js: app.update.lastUpdateTime.blocklist-background-update-timer - 1329857255
FF - user.js: app.update.lastUpdateTime.search-engine-update-timer - 1329857255
FF - user.js: browser.bookmarks.restore_default_bookmarks - false
FF - user.js: browser.cache.disk.capacity - 1048576
FF - user.js: browser.cache.disk.smart_size.first_run - false
FF - user.js: browser.cache.disk.smart_size_cached_value - 1048576
FF - user.js: browser.migration.version - 5
FF - user.js: browser.places.smartBookmarksVersion - 2
FF - user.js: browser.rights.3.shown - true
FF - user.js: browser.shell.checkDefaultBrowser - false
FF - user.js: browser.startup.homepage_override.buildID - 20120215223356
FF - user.js: browser.startup.homepage_override.mstone - rv:10.0.2
FF - user.js: browser.syncPromoViewsLeft - 4
FF - user.js: browser.tabs.warnOnClose - false
FF - user.js: browser.taskbar.lastgroupid - E7CF176E110C211B
FF - user.js: extensions.blocklist.pingCountVersion - 0
FF - user.js: extensions.bootstrappedAddons - {}
FF - user.js: extensions.cacaoweb.firstRun - 0
FF - user.js: extensions.databaseSchema - 11
FF - user.js: extensions.enabledAddons - {ab91efd4-6975-4081-8552-1b3922ed79e2}:1.0.15.0,cacaoweb@cacaoweb.org:1.0.26,{972ce4c6-7e08-4474-a285-3208198ce6fd}:10.0.2
FF - user.js: extensions.installCache - [{\name\:\winreg-app-global\,\addons\:{\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}\:{\descriptor\:\c:\\\\Program Files (x86)\\\\AVG\\\\AVG2012\\\\Firefox4\,\mtime\:1328032850299},\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}\:{\descriptor\:\c:\\\\Program Files (x86)\\\\DivX\\\\DivX Plus Web Player\\\\firefox\\\\DivXHTML5\,\mtime\:1329181534411}}},{\name\:\app-global\,\addons\:{\websitelogon@truesuite.com\:{\descriptor\:\c:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\extensions\\\\websitelogon@truesuite.com\,\mtime\:1329857636918},\{972ce4c6-7e08-4474-a285-3208198ce6fd}\:{\descriptor\:\c:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\,\mtime\:1329857073809}}},{\name\:\app-profile\,\addons\:{\cacaoweb@cacaoweb.org\:{\descriptor\:\c:\\\\Users\\\\Tony\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\4kdxr6jf.default\\\\extensions\\\\cacaoweb@cacaoweb.org\,\mtime\:1329857719125},\{ab91efd4-6975-4081-8552-1b3922ed79e2}\:{\descriptor\:\c:\\\\Users\\\\Tony\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\4kdxr6jf.default\\\\extensions\\\\{ab91efd4-6975-4081-8552-1b3922ed79e2}\,\mtime\:1329857134822}}}]
FF - user.js: extensions.lastAppVersion - 10.0.2
FF - user.js: extensions.lastPlatformVersion - 10.0.2
FF - user.js: extensions.pendingOperations - false
FF - user.js: extensions.shownSelectionUI - true
FF - user.js: gfx.blacklist.layers.opengl - 4
FF - user.js: gfx.blacklist.webgl.opengl - 4
FF - user.js: intl.charsetmenu.browser.cache - ISO-8859-1, UTF-8
FF - user.js: network.cookie.prefsMigrated - true
FF - user.js: places.history.expiration.transient_current_max_pages - 104858
FF - user.js: privacy.sanitize.migrateFx3Prefs - true
FF - user.js: toolkit.telemetry.prompted - 2
FF - user.js: toolkit.telemetry.rejected - true
FF - user.js: urlclassifier.keyupdatetime.hxxps://sb-ssl.google.com/safebrowsing/newkey - 1332449091
FF - user.js: xpinstall.whitelist.add -
FF - user.js: xpinstall.whitelist.add.36 -
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\ezSharedSvcHost.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files (x86)\Opera\opera.exe
.
**************************************************************************
.
Completion time: 2012-10-06 13:47:18 - machine was rebooted
ComboFix-quarantined-files.txt 2012-10-06 20:46
.
Pre-Run: 220,936,482,816 bytes free
Post-Run: 220,877,504,512 bytes free
.
- - End Of File - - B64699002F7193B0A28681CF006008E3

Results of screen317's Security Check version 0.99.51
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
AVG2012 successfully updated!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.0.1400
Java 7 Update 7
Adobe Flash Player 11.4.402.265
Adobe Reader X (10.1.4)
Mozilla Firefox 14.0.1 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
AVG avgtray.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````


# AdwCleaner v2.003 - Logfile created 10/06/2012 at 14:25:14
# Updated 23/09/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Tony - TONY-HP
# Boot Mode : Normal
# Running from : C:\Users\Tony\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\Users\Tony\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\4kdxr6jf.default\extensions\cacaoweb@cacaoweb.org

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v14.0.1 (en-US)

Profile name : default
File : C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\4kdxr6jf.default\prefs.js

C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\4kdxr6jf.default\user.js ... Deleted !

[OK] File is clean.

-\\ Opera v12.2.1578.0

File : C:\Users\Tony\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [2105 octets] - [06/10/2012 14:25:14]

########## EOF - C:\AdwCleaner[S1].txt - [2165 octets] ##########

#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:23 PM

Posted 07 October 2012 - 07:10 AM

What are the remaining issues after this clean up?

#10 saberleo456

saberleo456
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:23 PM

Posted 07 October 2012 - 02:20 PM

windir continues to not be found by the system, explorer's issues have been fixed though, the nongenuine warning continues to come up and the audio/video drivers occasionally crash and have no managers.

#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:23 PM

Posted 08 October 2012 - 08:49 AM

windir continues to not be found by the system,

In our terminology Windir refers to C:\Windows folder where the Operating system is installed.

I see that folder on all your logs. Is there an application that to do reference it and is generated an error message?
I would like to the the exact error message. It may help.

===


the nongenuine warning continues to come up

If you have the restore/recovery discs, use the "repair option" that returns the OS to install state.

and the audio/video drivers occasionally crash and have no managers.


Download and run this scan. You may be able to find out if some of your drivers are corrupted or of the wrong version.

Secunia Personal Software Inspector (PSI)
http://secunia.com/vulnerability_scanning/personal/
Secunia PSI is a security scanner which identifies programs that are insecure and need updates.

Keep me posted.

#12 saberleo456

saberleo456
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:23 PM

Posted 08 October 2012 - 12:11 PM

The windir messages always appear when trying to access the troubleshooter and they used to occur for both explorer and command prompt before we started this. I'll run the other scan now though.

#13 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:23 PM

Posted 08 October 2012 - 01:33 PM

I see. If still an issue it may be solved after you do the Repair Option which I described.

#14 saberleo456

saberleo456
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:23 PM

Posted 10 October 2012 - 12:28 AM

Sorry, I searched high and low for the recovery discs and I could not find a trace of them, if I ever had them. So is there anything left to do?

#15 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:23 PM

Posted 10 October 2012 - 09:44 AM

When you got your computer did you create a Startup disk?

If you have it place it in the CD driver and start the computer.

Let me know the options that are available to you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users