Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google links are redirecting me to ad sites


  • This topic is locked This topic is locked
14 replies to this topic

#1 PJRamaglia

PJRamaglia

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:19 AM

Posted 04 December 2012 - 05:59 PM

Using Firefox 16.0.2, I noticed that clicking on links in Google would redirect me to ad sites. I noticed that it was only happening on the first click. After jumping back to the initial Google results page, clicking on the same link again would then properly send me to the correct URL. I am not sure how to remove whatever is causing this. A MSE full scan unfortunately did not fix the problem either.

Here is the DDS log as requested:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.9.2
Run by Peter J. Ramaglia at 17:50:06 on 2012-12-04
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.12248.7508 [GMT -5:00]
.
AV: McAfee VirusScan Enterprise *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee VirusScan Enterprise Antispyware Module *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\Explorer.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe
C:\Program Files (x86)\Google\Update\1.3.21.124\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.21.124\GoogleCrashHandler64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\system32\AMBSpiE.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
C:\Program Files (x86)\Creative\ShareDLL\CADI\NotiMan.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Users\Peter J. Ramaglia\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Windows\system32\CISVC.EXE
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k ftpsvc
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\system32\inetsrv\inetinfo.exe
C:\Windows\System32\svchost.exe -k ipripsvc
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\System32\svchost.exe -k LPDService
C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Logitech\G35\G35.exe
C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\system32\mqsvc.exe
C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\mfeann.exe
C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\Program Files (x86)\McAfee\Common Framework\McTray.exe
C:\Program Files\Logitech\SetPointG\SetPointII.exe
C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\SysWOW64\rpcnet.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\System32\tcpsvcs.exe
C:\Windows\System32\snmp.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\syswow64\snmp.exe
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\mqtgsvc.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe
C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\NVIDIA Corporation\Display\NvTray.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\ProgramData\Rpcnet\Bin\rpcld.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
c:\windows\system32\inetsrv\w3wp.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = Preserve
mWinlogon: Userinit = userinit.exe
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20120912184910.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: &RoboForm Toolbar: {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Wowhead_Client] "C:\Users\Peter J. Ramaglia\Desktop\Wowhead_Client.exe"
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
uRun: [com.apple.dav.bookmarks.daemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
uRun: [SkyDrive] "C:\Users\Peter J. Ramaglia\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
uRunOnce: [Uninstall C:\Users\Peter J. Ramaglia\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] C:\Windows\System32\cmd.exe /q /c rmdir /s /q "C:\Users\Peter J. Ramaglia\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"
uRunOnce: [Uninstall C:\Users\Peter J. Ramaglia\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910] C:\Windows\System32\cmd.exe /q /c rmdir /s /q "C:\Users\Peter J. Ramaglia\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910"
mRun: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Absolute Notifier] "C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [Logitech G35] C:\Program Files (x86)\Logitech\G35\G35.exe
mRun: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey
mRun: [NACAgentUI] C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe
mRun: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
mRun: [ShStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Cisco AnyConnect Secure Mobility Agent for Windows] "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
StartupFolder: C:\Users\PETERJ~1.RAM\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Show RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxps://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
TCP: NameServer = 10.12.1.64
TCP: Interfaces\{142ECCAC-4F8C-413B-AB1F-6FD3AA203706} : NameServer = 0.0.0.0
TCP: Interfaces\{28742AA1-6FAC-4BF9-8367-9B853D81EFAE} : NameServer = 10.12.1.11,10.12.1.12
TCP: Interfaces\{2AE375E6-C3EB-4E9D-AD57-C15F037F982D} : DHCPNameServer = 10.12.1.11 10.12.1.12
TCP: Interfaces\{79D9F974-4D7A-4DFB-B082-6316B412F119} : DHCPNameServer = 10.12.1.64
TCP: Interfaces\{79D9F974-4D7A-4DFB-B082-6316B412F119}\16474777966696 : DHCPNameServer = 10.128.208.129 64.134.255.2 64.134.255.10
TCP: Interfaces\{79D9F974-4D7A-4DFB-B082-6316B412F119}\16962766F6873556475707 : DHCPNameServer = 10.12.1.11 10.12.1.12
TCP: Interfaces\{79D9F974-4D7A-4DFB-B082-6316B412F119}\232444345393 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{79D9F974-4D7A-4DFB-B082-6316B412F119}\2456C6B696E6E243342453E2765756374737 : DHCPNameServer = 192.168.169.1
TCP: Interfaces\{79D9F974-4D7A-4DFB-B082-6316B412F119}\4456E6 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{79D9F974-4D7A-4DFB-B082-6316B412F119}\A5 : DHCPNameServer = 192.168.1.1 68.237.161.12
TCP: Interfaces\{79D9F974-4D7A-4DFB-B082-6316B412F119}\C696E6B6379737F5750535F523736393 : DHCPNameServer = 167.206.251.129 167.206.251.130
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120912184910.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX3
x64-Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
x64-Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
x64-Run: [IntelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray
x64-Run: [QuickSet] c:\Program Files\Dell\QuickSet\QuickSet.exe
x64-Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
x64-Run: [RunDLLEntry] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\AmbRunE.dll,RunDLLEntry
x64-Run: [MsmqIntCert] regsvr32 /s mqrt.dll
x64-Run: [CTMasterOnOffMonitor] Rundll32.exe CTMWatch.dll StartCTMasterOnOffWatch
x64-Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Peter J. Ramaglia\AppData\Roaming\Mozilla\Firefox\Profiles\qiu8lcgu.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\9\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll
FF - plugin: C:\Users\Peter J. Ramaglia\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Peter J. Ramaglia\AppData\Roaming\Mozilla\Firefox\Profiles\qiu8lcgu.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npAclmPlugin.dll
FF - plugin: C:\Users\Peter J. Ramaglia\AppData\Roaming\Mozilla\Firefox\Profiles\qiu8lcgu.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npProductDetectPlugin.dll
FF - plugin: C:\Users\Peter J. Ramaglia\AppData\Roaming\Mozilla\Firefox\Profiles\qiu8lcgu.default\extensions\DeviceDetection@logitech.com\plugins\npLogitechDeviceDetection.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2012-10-29 21:44; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - ExtSQL: !HIDDEN! 2012-10-29 21:44; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.brc -
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2012-9-12 642952]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2012-9-12 283744]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-12-27 55856]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\System32\drivers\stdcfltn.sys [2011-12-27 21616]
R2 AbsoluteNotifier;Absolute Notifier;C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe [2011-5-10 10920]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-12-27 98208]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-9-15 1166848]
R2 BingDesktopUpdate;Bing Desktop Update service;C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2012-3-30 151656]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-10-18 936272]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-10-18 1001808]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-6-3 134928]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 ftpsvc;Microsoft FTP Service;C:\Windows\System32\svchost.exe -k ftpsvc [2009-7-13 27136]
R2 iprip;RIP Listener;C:\Windows\System32\svchost.exe -k ipripsvc [2009-7-13 27136]
R2 McAfeeFramework;McAfee Framework Service;C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [2011-11-15 132672]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2012-9-12 199008]
R2 McTaskManager;McAfee Task Manager;C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe [2011-9-14 209760]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2012-9-12 158832]
R2 NACAgent;Cisco NAC Agent;C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe [2012-5-24 1259480]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-3-20 128456]
R2 rpcld;Remote Procedure Call (RPC) LD;C:\ProgramData\Rpcnet\Bin\rpcld.exe --> C:\ProgramData\Rpcnet\Bin\rpcld.exe [?]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-11-30 382824]
R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-8-31 2848168]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-11-29 16120]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-12-27 2656280]
R2 vpnagent;Cisco AnyConnect Secure Mobility Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2012-8-3 537592]
R3 Acceler;Accelerometer Service;C:\Windows\System32\drivers\Accelern.sys [2011-12-27 27760]
R3 acsock;acsock;C:\Windows\System32\drivers\acsock64.sys [2012-8-3 107432]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2011-9-15 299008]
R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-10-18 1354064]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\drivers\btmaux.sys [2011-8-29 53760]
R3 btmhsf;btmhsf;C:\Windows\System32\drivers\btmhsf.sys [2011-11-15 327168]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2012-8-11 176000]
R3 iBtFltCoex;iBtFltCoex;C:\Windows\System32\drivers\iBtFltCoex.sys [2011-12-9 60416]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2012-9-12 228752]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-12-27 82432]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-12-27 181760]
R3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;C:\Windows\System32\drivers\nvstusb.sys [2012-12-4 446312]
R3 qicflt;upper Device Filter Driver;C:\Windows\System32\drivers\qicflt.sys [2011-12-27 29288]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-12-27 565352]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2011-9-15 299008]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-12-27 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-12-27 79360]
S3 FACAP;facap, FastAccess Video Capture;C:\Windows\System32\drivers\facap.sys [2008-9-24 238848]
S3 FlyUsb;FLY Fusion;C:\Windows\System32\drivers\FlyUsb.sys [2011-11-12 24576]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2011-12-27 173656]
S3 LADF_DHP2;G35 DHP2 Filter Driver;C:\Windows\System32\drivers\ladfDHP2amd64.sys [2010-9-29 62168]
S3 LADF_SBVM;G35 SBVM Filter Driver;C:\Windows\System32\drivers\ladfSBVMamd64.sys [2010-9-29 377176]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2012-9-12 100904]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-9-15 340240]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-14 19456]
S3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2011-12-27 79360]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-14 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-11-14 30208]
S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-1-12 1255736]
S3 WMSVC;Web Management Service;C:\Windows\System32\inetsrv\WMSvc.exe [2009-7-13 10752]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-12-04 22:19:27 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3C9384E6-F8F5-48A0-9730-C2E3A385F8B0}\mpengine.dll
2012-12-04 16:51:37 -------- d-----w- C:\ProgramData\InstallMate
2012-12-04 16:32:05 446312 ----a-w- C:\Windows\System32\drivers\nvstusb.sys
2012-12-04 16:32:02 26811240 ----a-w- C:\Windows\System32\nvoglv64.dll
2012-12-04 16:32:01 9271352 ----a-w- C:\Windows\System32\nvcuda.dll
2012-12-04 16:32:01 7819016 ----a-w- C:\Windows\SysWow64\nvcuda.dll
2012-12-04 16:32:01 20335976 ----a-w- C:\Windows\SysWow64\nvoglv32.dll
2012-12-04 16:32:01 17559912 ----a-w- C:\Windows\SysWow64\nvcompiler.dll
2012-12-04 16:32:00 25256296 ----a-w- C:\Windows\System32\nvcompiler.dll
2012-12-04 16:32:00 18045968 ----a-w- C:\Windows\System32\nvd3dumx.dll
2012-12-04 16:31:59 7446192 ----a-w- C:\Windows\System32\nvopencl.dll
2012-12-04 16:31:59 6149904 ----a-w- C:\Windows\SysWow64\nvopencl.dll
2012-12-04 16:31:59 2784104 ----a-w- C:\Windows\System32\nvcuvid.dll
2012-12-04 16:31:59 2226024 ----a-w- C:\Windows\System32\nvcuvenc.dll
2012-12-04 16:31:59 1874280 ----a-w- C:\Windows\SysWow64\nvcuvenc.dll
2012-12-04 16:31:57 2606440 ----a-w- C:\Windows\SysWow64\nvcuvid.dll
2012-12-04 16:31:57 11532648 ----a-w- C:\Windows\System32\drivers\nvlddmkm.sys
2012-12-03 17:49:38 9125352 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-12-01 03:43:52 438632 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2012-11-28 17:37:36 15122280 ----a-w- C:\Windows\SysWow64\SETFEB6.tmp
2012-11-28 17:37:36 15122280 ----a-w- C:\Windows\SysWow64\nvd3dum.dll
2012-11-28 17:37:34 2496976 ----a-w- C:\Windows\SysWow64\SETEB5F.tmp
2012-11-28 17:37:34 2496976 ----a-w- C:\Windows\SysWow64\nvapi.dll
2012-11-28 07:22:29 108008 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2012-11-28 07:19:30 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-11-28 03:37:55 972264 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E6657527-A149-4EC7-9CF5-EA05087163A1}\gapaengine.dll
2012-11-27 02:01:53 -------- d-----w- C:\Program Files (x86)\Origin Games
2012-11-26 04:43:53 -------- d-----w- C:\Users\Peter J. Ramaglia\AppData\Roaming\NVIDIA
2012-11-26 04:16:23 -------- d-----w- C:\Program Files (x86)\NVIDIA 3D Vision driver
2012-11-26 04:16:01 890216 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-11-26 04:16:01 63336 ----a-w- C:\Windows\System32\nvshext.dll
2012-11-26 04:16:01 3311464 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-11-26 04:16:00 6223208 ----a-w- C:\Windows\System32\nvcpl.dll
2012-11-26 04:16:00 2557800 ----a-w- C:\Windows\System32\nvsvcr.dll
2012-11-26 04:16:00 118120 ----a-w- C:\Windows\System32\nvmctray.dll
2012-11-26 04:15:31 60776 ----a-w- C:\Windows\System32\OpenCL.dll
2012-11-26 04:15:31 52584 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2012-11-26 04:15:22 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2012-11-26 04:06:15 -------- d-----w- C:\NVIDIA
2012-11-16 08:55:31 -------- d-----w- C:\Users\Peter J. Ramaglia\AppData\Local\DinsCurse
2012-11-16 08:55:05 -------- d-----w- C:\ProgramData\DinsCurse
2012-11-15 00:43:06 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-11-15 00:40:03 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2012-11-15 00:40:03 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2012-11-15 00:40:03 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2012-11-15 00:40:03 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2012-11-15 00:40:02 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2012-11-15 00:40:02 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2012-11-15 00:40:02 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2012-11-15 00:38:38 458712 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-11-15 00:38:38 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-11-15 00:38:38 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-11-15 00:38:38 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-11-15 00:38:38 154480 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-11-15 00:38:37 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-11-15 00:38:37 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-11-15 00:38:37 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-11-15 00:38:37 1448448 ----a-w- C:\Windows\System32\lsasrv.dll
2012-11-14 22:09:04 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
2012-11-14 22:09:04 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
2012-11-14 22:09:04 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
2012-11-14 22:09:03 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
2012-11-14 22:07:58 95744 ----a-w- C:\Windows\System32\synceng.dll
2012-11-14 22:07:58 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
2012-11-10 05:12:55 54200 ----a-w- C:\Windows\System32\drivers\dsiarhwprog_x64.sys
2012-11-10 05:12:55 -------- d-----w- C:\Program Files (x86)\Datel
2012-11-08 23:32:27 -------- d-----w- C:\Users\Peter J. Ramaglia\AppData\Roaming\Origin
2012-11-08 23:32:23 -------- d-----w- C:\Users\Peter J. Ramaglia\AppData\Local\Origin
2012-11-08 23:31:26 -------- d-----w- C:\ProgramData\Origin
2012-11-08 23:31:25 -------- d-----w- C:\ProgramData\Electronic Arts
2012-11-08 23:31:23 -------- d-----w- C:\Program Files (x86)\Origin
2012-11-05 13:24:38 -------- d-----w- C:\Program Files\Caminova
2012-11-05 13:24:38 -------- d-----w- C:\Program Files (x86)\Caminova
.
==================== Find3M ====================
.
2012-12-04 22:08:51 17920 ----a-w- C:\Windows\System32\rpcnetp.exe
2012-12-03 15:47:14 2816824 ----a-w- C:\Windows\System32\nvapi64.dll
2012-12-03 15:47:14 1805672 ----a-w- C:\Windows\System32\nvdispco64.dll
2012-12-03 15:47:14 1504104 ----a-w- C:\Windows\System32\nvdispgenco64.dll
2012-12-03 15:47:14 15016256 ----a-w- C:\Windows\System32\nvwgf2umx.dll
2012-12-03 15:47:14 12603960 ----a-w- C:\Windows\SysWow64\nvwgf2um.dll
2012-12-01 17:39:16 58288 ----a-w- C:\Windows\SysWow64\rpcnet.dll
2012-12-01 12:41:38 1509736 ----a-w- C:\Windows\System32\nvir3dgenco6420152.dll
2012-11-28 07:22:20 916456 ----a-w- C:\Windows\System32\deployJava1.dll
2012-11-28 07:22:20 1034216 ----a-w- C:\Windows\System32\npdeployJava1.dll
2012-11-28 07:19:18 821736 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-11-28 07:19:18 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-11-22 09:13:59 2816824 ----a-w- C:\Windows\System32\SETBC86.tmp
2012-11-22 09:13:59 1805672 ----a-w- C:\Windows\System32\SETA9E.tmp
2012-11-22 09:13:59 1504104 ----a-w- C:\Windows\System32\SETF13.tmp
2012-11-22 09:13:59 14990512 ----a-w- C:\Windows\System32\SETE9B7.tmp
2012-11-22 09:13:59 12578728 ----a-w- C:\Windows\SysWow64\SET954.tmp
2012-11-22 06:49:18 1509736 ----a-w- C:\Windows\System32\SET197.tmp
2012-11-07 18:48:22 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2012-11-07 13:31:10 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-07 13:31:10 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-10-26 00:28:16 280976 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-10-25 20:38:01 189248 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-10-25 08:12:26 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2012-10-25 08:12:26 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2012-10-18 18:25:58 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll
2012-10-08 11:31:03 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-10-08 11:23:52 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-10-08 11:22:55 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-10-08 11:18:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-10-08 11:17:35 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-10-08 07:56:24 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-10-08 07:48:03 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-10-08 07:47:44 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-10-08 07:44:05 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-10-08 07:43:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-10-08 07:40:56 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll
2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll
2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll
2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll
2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll
2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll
2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll
2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll
2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys
2012-09-30 22:45:14 255352 ----a-w- C:\Windows\SysWow64\awrdscdc.ax
2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-09-12 22:48:35 283744 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys
2012-09-12 22:48:35 158832 ----a-w- C:\Windows\System32\mfevtps.exe
2012-09-12 22:48:34 99056 ----a-w- C:\Windows\System32\MfeOtlkAddin.dll
2012-09-12 22:48:34 100904 ----a-w- C:\Windows\System32\drivers\mferkdet.sys
2012-09-12 22:48:33 642952 ----a-w- C:\Windows\System32\drivers\mfehidk.sys
2012-09-12 22:48:32 9984 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys
2012-09-12 22:48:32 228752 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
2012-09-12 22:48:31 158712 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys
2012-09-12 22:48:24 74848 ----a-w- C:\Windows\SysWow64\MfeOtlkAddin.dll
2012-09-12 22:48:24 22816 ----a-w- C:\Windows\SysWow64\MFEOtlk.dll
.
============= FINISH: 17:50:46.04 ===============

Edit #1
oh jeez....when I opened Firefox's "About" menu option to get the version number, i noticed Firefox wasn't up to date. No sooner had I posted this did Firefox update to v17.0.1

Is this going to require me to completely rescan my computer using DDS? and subsequently repost the DDS.txt and reattach the Attach.txt file?

Edited by PJRamaglia, 04 December 2012 - 06:02 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:19 AM

Posted 04 December 2012 - 11:25 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 PJRamaglia

PJRamaglia
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:19 AM

Posted 05 December 2012 - 01:01 AM

Security Check's "checkup.txt"
------------------------------

Results of screen317's Security Check version 0.99.56
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!
McAfee VirusScan Enterprise
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
JavaFX 2.1.0
JavaFX 2.1.0 SDK
Java 7 Update 9
Java SE Development Kit 7 Update 4
Java SE Development Kit 7 Update 7
Java SE Development Kit 7 Update 9
Adobe Flash Player 11.5.502.110
Adobe Reader 10.1.4 Adobe Reader out of Date!
Mozilla Firefox (17.0.1)
Mozilla Thunderbird 16.0.2 Thunderbird out of Date!
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
McAfee VirusScan Enterprise VsTskMgr.exe
McAfee VirusScan Enterprise mfeann.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````




AdwCleaner's "C:\AdwCleaner[S1].txt"
------------------------------------

# AdwCleaner v2.011 - Logfile created 12/05/2012 at 00:43:04
# Updated 02/12/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Peter J. Ramaglia - PETERJRAMAGLIA
# Boot Mode : Normal
# Running from : C:\Users\Peter J. Ramaglia\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\ProgramData\InstallMate

***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16455

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0.1 (en-US)

Profile name : default
File : C:\Users\Peter J. Ramaglia\AppData\Roaming\Mozilla\Firefox\Profiles\qiu8lcgu.default\prefs.js

C:\Users\Peter J. Ramaglia\AppData\Roaming\Mozilla\Firefox\Profiles\qiu8lcgu.default\user.js ... Deleted !

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [891 octets] - [05/12/2012 00:43:04]

########## EOF - C:\AdwCleaner[S1].txt - [950 octets] ##########




RogueKiller's "RKreport[2].txt"
-------------------------------

RogueKiller V8.3.1 [Dec 2 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Peter J. Ramaglia [Admin rights]
Mode : Remove -- Date : 12/05/2012 00:53:26

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] rpcld.exe -- C:\ProgramData\Rpcnet\Bin\rpcld.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 8 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : Wowhead_Client ("C:\Users\Peter J. Ramaglia\Desktop\Wowhead_Client.exe") -> DELETED
[RUN][NOTFOUND] HKLM\[...]\Run : RunDLLEntry (C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry) -> DELETED
[RUN][NOTFOUND] HKLM\[...]\Run : CTMasterOnOffMonitor (Rundll32.exe CTMWatch.dll StartCTMasterOnOffWatch) -> DELETED
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\Run : UpdReg (C:\Windows\Updreg.EXE) -> DELETED
[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{142ECCAC-4F8C-413B-AB1F-6FD3AA203706} : NameServer (0.0.0.0) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{142ECCAC-4F8C-413B-AB1F-6FD3AA203706} : NameServer (0.0.0.0) -> NOT REMOVED, USE DNSFIX
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9500420AS +++++
--- User ---
[MBR] 9d490dd7e6adfb6a473e12293cc8b6b4
[BSP] dea9defa67a18cc486b8c709b2ee22f0 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 101 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 212992 | Size: 20000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 41172992 | Size: 456835 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: ST9500420AS +++++
--- User ---
[MBR] ed8d0a02a8c0da023ad64db4abcbb634
[BSP] 56ff44d647cb8f1f830f79298186db9b : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476938 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_12052012_02d0053.txt >>
RKreport[1]_S_12052012_02d0052.txt ; RKreport[2]_D_12052012_02d0053.txt




In terms of providing feedback about my experience as I go . . . I just did a test search with Google on my Firefox browser and I got redirected again. I also noticed Wowhead Client was deleted for some reason? This level of troubleshooting is pretty new to me lol


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:19 AM

Posted 05 December 2012 - 05:40 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 PJRamaglia

PJRamaglia
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:19 AM

Posted 05 December 2012 - 11:00 PM

I ran ComboFix and it finished all of its tests, but it never generated a report for me. ComboFix was just sitting there with the "Generating report . . . " message (I don't really remember the exact message though). After waiting wait seemed like 30-45 minutes I closed ComboFix and attempted to rerun the program again. It was then that I received the "Illegal operation attempted on a registery key that has been marked for deletion" message. I then restarted my laptop and now I am here posting this message. I do not see a report/log text file from ComboFix anywhere on my desktop.

Redirect issue is unfortunately still present. Any thoughts as to what might have went wrong? Should I run ComboFix again or wait for a different set of instructions this time?

Pete


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:19 AM

Posted 06 December 2012 - 05:24 PM

Hello

Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 PJRamaglia

PJRamaglia
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:19 AM

Posted 07 December 2012 - 09:51 PM

I had to uninstall McAfee and MSE, but I was finally able to get ComboFix to run in safe mode.

Here are the results:

ComboFix 12-12-04.01 - Peter J. Ramaglia 12/07/2012 21:29:03.2.8 - x64 MINIMAL
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.12248.10558 [GMT -5:00]
Running from: c:\users\Peter J. Ramaglia\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\6032\AddOnDownloaded\016060e8-e1de-4d82-bd11-b667007b1f12.dll
c:\programdata\PCDr\6032\AddOnDownloaded\111e1115-314f-4404-be4a-ad58e8e2423d.dll
c:\programdata\PCDr\6032\AddOnDownloaded\1b075935-6b9c-41c2-8914-643bfe886db8.dll
c:\programdata\PCDr\6032\AddOnDownloaded\1d151f53-1500-414d-85b4-ab85d24f0785.dll
c:\programdata\PCDr\6032\AddOnDownloaded\21eb1c2f-b0d8-40e6-96dd-163437759b68.dll
c:\programdata\PCDr\6032\AddOnDownloaded\2390e056-e2db-44ed-91a5-5ca43aefea83.dll
c:\programdata\PCDr\6032\AddOnDownloaded\2f733848-355c-4a6f-89a5-08a4dcc89c5c.dll
c:\programdata\PCDr\6032\AddOnDownloaded\35445406-e7ed-4a0e-9922-45505e71594b.dll
c:\programdata\PCDr\6032\AddOnDownloaded\358ba71b-117f-40d5-95aa-57de622719b7.dll
c:\programdata\PCDr\6032\AddOnDownloaded\3d656744-60b2-4576-8124-a39729f8b522.dll
c:\programdata\PCDr\6032\AddOnDownloaded\406007ac-5ba8-43e6-97b6-0c6ed58bb6e8.dll
c:\programdata\PCDr\6032\AddOnDownloaded\468d25c7-baa8-4db4-a17f-ceac895a9bc8.dll
c:\programdata\PCDr\6032\AddOnDownloaded\489f121a-4538-4839-9d1d-3c48e590be59.dll
c:\programdata\PCDr\6032\AddOnDownloaded\4cfdf1e7-d0b2-449c-bd2d-084cd975e5d8.dll
c:\programdata\PCDr\6032\AddOnDownloaded\4f1c58d6-ca02-4906-b156-709481baca61.dll
c:\programdata\PCDr\6032\AddOnDownloaded\4f64943e-d62a-4f2e-a3cd-98fb91e30469.dll
c:\programdata\PCDr\6032\AddOnDownloaded\59bb1a7b-2122-4c71-82b0-30bee96f063e.dll
c:\programdata\PCDr\6032\AddOnDownloaded\7119bf4b-d404-4b31-8779-44fac71761fa.dll
c:\programdata\PCDr\6032\AddOnDownloaded\72f0dc20-5af7-4221-9657-442597ce030b.dll
c:\programdata\PCDr\6032\AddOnDownloaded\73a14ca6-4567-413f-a60f-d04159cb72eb.dll
c:\programdata\PCDr\6032\AddOnDownloaded\75c8751b-fcad-4846-80ce-3a2efec60612.dll
c:\programdata\PCDr\6032\AddOnDownloaded\7779c9df-2dc0-4fd5-92bb-c64027285f8b.dll
c:\programdata\PCDr\6032\AddOnDownloaded\7873d595-5f4a-443e-b464-7a2503a87d74.dll
c:\programdata\PCDr\6032\AddOnDownloaded\788ad19e-7745-402f-a5a5-20d2ab8b5f1b.dll
c:\programdata\PCDr\6032\AddOnDownloaded\8a7e779d-1e14-4f91-a1b0-82dc746441b1.dll
c:\programdata\PCDr\6032\AddOnDownloaded\9881c561-a45a-4c53-9d45-de93a99e2898.dll
c:\programdata\PCDr\6032\AddOnDownloaded\b72409f9-df97-4592-bbfd-fff1ce0a9559.dll
c:\programdata\PCDr\6032\AddOnDownloaded\ba58cab8-833c-4868-95e2-cff538a852a7.dll
c:\programdata\PCDr\6032\AddOnDownloaded\bbd4d2b0-9dc6-46d0-a352-dbcd92f63c4d.dll
c:\programdata\PCDr\6032\AddOnDownloaded\cb7af81b-44d9-4f99-b223-18a71e8c85b6.dll
c:\programdata\PCDr\6032\AddOnDownloaded\d220b53c-6a3c-4b5d-8797-965d39e82fff.dll
c:\programdata\PCDr\6032\AddOnDownloaded\d3ef65ec-842a-4640-b428-aca2f4a966e6.dll
c:\programdata\PCDr\6032\AddOnDownloaded\d78fa15b-2d61-4303-adaa-edec9ebbb2b3.dll
c:\programdata\PCDr\6032\AddOnDownloaded\dbecb802-efe1-453f-828f-29af4ab73508.dll
c:\programdata\PCDr\6032\AddOnDownloaded\e16f2788-babe-4a60-93d0-d507a5228753.dll
c:\programdata\PCDr\6032\AddOnDownloaded\ff24953d-0c6e-4af9-a727-84ce58c99035.dll
.
---- Previous Run -------
.
c:\programdata\ism_0_llatsni.pad
c:\programdata\PCDr\6032\AddOnDownloaded\016060e8-e1de-4d82-bd11-b667007b1f12.dll
c:\programdata\PCDr\6032\AddOnDownloaded\111e1115-314f-4404-be4a-ad58e8e2423d.dll
c:\programdata\PCDr\6032\AddOnDownloaded\1b075935-6b9c-41c2-8914-643bfe886db8.dll
c:\programdata\PCDr\6032\AddOnDownloaded\1d151f53-1500-414d-85b4-ab85d24f0785.dll
c:\programdata\PCDr\6032\AddOnDownloaded\21eb1c2f-b0d8-40e6-96dd-163437759b68.dll
c:\programdata\PCDr\6032\AddOnDownloaded\2390e056-e2db-44ed-91a5-5ca43aefea83.dll
c:\programdata\PCDr\6032\AddOnDownloaded\2f733848-355c-4a6f-89a5-08a4dcc89c5c.dll
c:\programdata\PCDr\6032\AddOnDownloaded\35445406-e7ed-4a0e-9922-45505e71594b.dll
c:\programdata\PCDr\6032\AddOnDownloaded\358ba71b-117f-40d5-95aa-57de622719b7.dll
c:\programdata\PCDr\6032\AddOnDownloaded\3d656744-60b2-4576-8124-a39729f8b522.dll
c:\programdata\PCDr\6032\AddOnDownloaded\406007ac-5ba8-43e6-97b6-0c6ed58bb6e8.dll
c:\programdata\PCDr\6032\AddOnDownloaded\468d25c7-baa8-4db4-a17f-ceac895a9bc8.dll
c:\programdata\PCDr\6032\AddOnDownloaded\489f121a-4538-4839-9d1d-3c48e590be59.dll
c:\programdata\PCDr\6032\AddOnDownloaded\4cfdf1e7-d0b2-449c-bd2d-084cd975e5d8.dll
c:\programdata\PCDr\6032\AddOnDownloaded\4f1c58d6-ca02-4906-b156-709481baca61.dll
c:\programdata\PCDr\6032\AddOnDownloaded\4f64943e-d62a-4f2e-a3cd-98fb91e30469.dll
c:\programdata\PCDr\6032\AddOnDownloaded\59bb1a7b-2122-4c71-82b0-30bee96f063e.dll
c:\programdata\PCDr\6032\AddOnDownloaded\7119bf4b-d404-4b31-8779-44fac71761fa.dll
c:\programdata\PCDr\6032\AddOnDownloaded\72f0dc20-5af7-4221-9657-442597ce030b.dll
c:\programdata\PCDr\6032\AddOnDownloaded\73a14ca6-4567-413f-a60f-d04159cb72eb.dll
c:\programdata\PCDr\6032\AddOnDownloaded\75c8751b-fcad-4846-80ce-3a2efec60612.dll
c:\programdata\PCDr\6032\AddOnDownloaded\7779c9df-2dc0-4fd5-92bb-c64027285f8b.dll
c:\programdata\PCDr\6032\AddOnDownloaded\7873d595-5f4a-443e-b464-7a2503a87d74.dll
c:\programdata\PCDr\6032\AddOnDownloaded\788ad19e-7745-402f-a5a5-20d2ab8b5f1b.dll
c:\programdata\PCDr\6032\AddOnDownloaded\8a7e779d-1e14-4f91-a1b0-82dc746441b1.dll
c:\programdata\PCDr\6032\AddOnDownloaded\9881c561-a45a-4c53-9d45-de93a99e2898.dll
c:\programdata\PCDr\6032\AddOnDownloaded\b72409f9-df97-4592-bbfd-fff1ce0a9559.dll
c:\programdata\PCDr\6032\AddOnDownloaded\ba58cab8-833c-4868-95e2-cff538a852a7.dll
c:\programdata\PCDr\6032\AddOnDownloaded\cb7af81b-44d9-4f99-b223-18a71e8c85b6.dll
c:\programdata\PCDr\6032\AddOnDownloaded\d220b53c-6a3c-4b5d-8797-965d39e82fff.dll
c:\programdata\PCDr\6032\AddOnDownloaded\d3ef65ec-842a-4640-b428-aca2f4a966e6.dll
c:\programdata\PCDr\6032\AddOnDownloaded\d78fa15b-2d61-4303-adaa-edec9ebbb2b3.dll
c:\programdata\PCDr\6032\AddOnDownloaded\dbecb802-efe1-453f-828f-29af4ab73508.dll
c:\programdata\PCDr\6032\AddOnDownloaded\e16f2788-babe-4a60-93d0-d507a5228753.dll
c:\programdata\PCDr\6032\AddOnDownloaded\ff24953d-0c6e-4af9-a727-84ce58c99035.dll
c:\users\Peter J. Ramaglia\AppData\Local\.#\MBX@25D4@1FF1B58.###
c:\users\Peter J. Ramaglia\AppData\Local\Temp\_MEI17762\_ctypes.pyd
c:\users\Peter J. Ramaglia\AppData\Local\Temp\_MEI17762\_elementtree.pyd
c:\users\Peter J. Ramaglia\AppData\Local\Temp\_MEI17762\_hashlib.pyd
c:\users\Peter J. Ramaglia\AppData\Local\Temp\_MEI17762\_socket.pyd
c:\users\Peter J. Ramaglia\AppData\Local\Temp\_MEI17762\_ssl.pyd
c:\users\Peter J. Ramaglia\AppData\Local\Temp\_MEI17762\pyexpat.pyd
c:\users\Peter J. Ramaglia\AppData\Local\Temp\_MEI17762\pysqlite2._sqlite.pyd
c:\users\Peter J. Ramaglia\AppData\Local\Temp\_MEI17762\python26.dll
c:\users\Peter J. Ramaglia\AppData\Local\Temp\_MEI17762\pythoncom26.dll
c:\users\Peter J. Ramaglia\AppData\Local\Temp\_MEI17762\PyWinTypes26.dll
c:\users\Peter J. Ramaglia\AppData\Local\Temp\_MEI17762\select.pyd
c:\users\Peter J. Ramaglia\AppData\Local\Temp\_MEI17762\unicodedata.pyd
c:\users\Peter J. Ramaglia\AppData\Local\Temp\_MEI17762\win32api.pyd
c:\users\Peter J. Ramaglia\AppData\Local\Temp\_MEI17762\win32com.shell.shell.pyd
c:\users\Peter J. Ramaglia\AppData\Local\Temp\_MEI17762\win32crypt.pyd
c:\users\Peter J. Ramaglia\AppData\Local\Temp\_MEI17762\win32event.pyd
c:\users\Peter J. Ramaglia\AppData\Local\Temp\_MEI17762\win32file.pyd
c:\users\Peter J. Ramaglia\AppData\Local\Temp\_MEI17762\win32inet.pyd
c:\users\Peter J. Ramaglia\AppData\Local\Temp\_MEI17762\win32pdh.pyd
c:\users\Peter J. Ramaglia\AppData\Local\Temp\_MEI17762\win32process.pyd
c:\users\Peter J. Ramaglia\AppData\Local\Temp\_MEI17762\win32profile.pyd
c:\users\Peter J. Ramaglia\AppData\Local\Temp\_MEI17762\win32security.pyd
c:\users\Peter J. Ramaglia\AppData\Local\Temp\_MEI17762\win32ts.pyd
c:\users\Peter J. Ramaglia\AppData\Local\Temp\_MEI17762\windows._cacheinvalidation.pyd
c:\users\Peter J. Ramaglia\AppData\Local\Temp\_MEI17762\wx._controls_.pyd
c:\users\Peter J. Ramaglia\AppData\Local\Temp\_MEI17762\wx._core_.pyd
c:\users\Peter J. Ramaglia\AppData\Local\Temp\_MEI17762\wx._gdi_.pyd
c:\users\Peter J. Ramaglia\AppData\Local\Temp\_MEI17762\wx._html2.pyd
c:\users\Peter J. Ramaglia\AppData\Local\Temp\_MEI17762\wx._misc_.pyd
c:\users\Peter J. Ramaglia\AppData\Local\Temp\_MEI17762\wx._windows_.pyd
c:\users\Peter J. Ramaglia\AppData\Local\Temp\_MEI17762\wx._wizard.pyd
c:\users\Peter J. Ramaglia\AppData\Local\Temp\_MEI17762\wxbase293u_net_vc.dll
c:\users\Peter J. Ramaglia\AppData\Local\Temp\_MEI17762\wxbase293u_vc.dll
c:\users\Peter J. Ramaglia\AppData\Local\Temp\_MEI17762\wxmsw293u_adv_vc.dll
c:\users\Peter J. Ramaglia\AppData\Local\Temp\_MEI17762\wxmsw293u_core_vc.dll
c:\users\Peter J. Ramaglia\AppData\Local\Temp\_MEI17762\wxmsw293u_html_vc.dll
c:\users\Peter J. Ramaglia\AppData\Local\Temp\_MEI17762\wxmsw293u_webview_vc.dll
c:\users\PETERJ~1.RAM\AppData\Local\Temp\_MEI17762\_ctypes.pyd
c:\users\PETERJ~1.RAM\AppData\Local\Temp\_MEI17762\_elementtree.pyd
c:\users\PETERJ~1.RAM\AppData\Local\Temp\_MEI17762\_hashlib.pyd
c:\users\PETERJ~1.RAM\AppData\Local\Temp\_MEI17762\_socket.pyd
c:\users\PETERJ~1.RAM\AppData\Local\Temp\_MEI17762\_ssl.pyd
c:\users\PETERJ~1.RAM\AppData\Local\Temp\_MEI17762\pyexpat.pyd
c:\users\PETERJ~1.RAM\AppData\Local\Temp\_MEI17762\pysqlite2._sqlite.pyd
c:\users\PETERJ~1.RAM\AppData\Local\Temp\_MEI17762\python26.dll
c:\users\PETERJ~1.RAM\AppData\Local\Temp\_MEI17762\pythoncom26.dll
c:\users\PETERJ~1.RAM\AppData\Local\Temp\_MEI17762\PyWinTypes26.dll
c:\users\PETERJ~1.RAM\AppData\Local\Temp\_MEI17762\select.pyd
c:\users\PETERJ~1.RAM\AppData\Local\Temp\_MEI17762\unicodedata.pyd
c:\users\PETERJ~1.RAM\AppData\Local\Temp\_MEI17762\win32api.pyd
c:\users\PETERJ~1.RAM\AppData\Local\Temp\_MEI17762\win32com.shell.shell.pyd
c:\users\PETERJ~1.RAM\AppData\Local\Temp\_MEI17762\win32crypt.pyd
c:\users\PETERJ~1.RAM\AppData\Local\Temp\_MEI17762\win32event.pyd
c:\users\PETERJ~1.RAM\AppData\Local\Temp\_MEI17762\win32file.pyd
c:\users\PETERJ~1.RAM\AppData\Local\Temp\_MEI17762\win32inet.pyd
c:\users\PETERJ~1.RAM\AppData\Local\Temp\_MEI17762\win32pdh.pyd
c:\users\PETERJ~1.RAM\AppData\Local\Temp\_MEI17762\win32process.pyd
c:\users\PETERJ~1.RAM\AppData\Local\Temp\_MEI17762\win32profile.pyd
c:\users\PETERJ~1.RAM\AppData\Local\Temp\_MEI17762\win32security.pyd
c:\users\PETERJ~1.RAM\AppData\Local\Temp\_MEI17762\win32ts.pyd
c:\users\PETERJ~1.RAM\AppData\Local\Temp\_MEI17762\windows._cacheinvalidation.pyd
c:\users\PETERJ~1.RAM\AppData\Local\Temp\_MEI17762\wx._controls_.pyd
c:\users\PETERJ~1.RAM\AppData\Local\Temp\_MEI17762\wx._core_.pyd
c:\users\PETERJ~1.RAM\AppData\Local\Temp\_MEI17762\wx._gdi_.pyd
c:\users\PETERJ~1.RAM\AppData\Local\Temp\_MEI17762\wx._html2.pyd
c:\users\PETERJ~1.RAM\AppData\Local\Temp\_MEI17762\wx._misc_.pyd
c:\users\PETERJ~1.RAM\AppData\Local\Temp\_MEI17762\wx._windows_.pyd
c:\users\PETERJ~1.RAM\AppData\Local\Temp\_MEI17762\wx._wizard.pyd
c:\users\PETERJ~1.RAM\AppData\Local\Temp\_MEI17762\wxbase293u_net_vc.dll
c:\users\PETERJ~1.RAM\AppData\Local\Temp\_MEI17762\wxbase293u_vc.dll
c:\users\PETERJ~1.RAM\AppData\Local\Temp\_MEI17762\wxmsw293u_adv_vc.dll
c:\users\PETERJ~1.RAM\AppData\Local\Temp\_MEI17762\wxmsw293u_core_vc.dll
c:\users\PETERJ~1.RAM\AppData\Local\Temp\_MEI17762\wxmsw293u_html_vc.dll
c:\users\PETERJ~1.RAM\AppData\Local\Temp\_MEI17762\wxmsw293u_webview_vc.dll
c:\windows\SysWow64\URTTemp\regtlib.exe
D:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-11-08 to 2012-12-08 )))))))))))))))))))))))))))))))
.
.
2012-12-08 02:41 . 2012-12-08 02:41 -------- d-----w- c:\users\PETERJ~1~RAM\AppData\Local\temp
2012-12-08 02:41 . 2012-12-08 02:41 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
2012-12-08 02:41 . 2012-12-08 02:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-08 02:41 . 2012-12-08 02:41 -------- d-----w- c:\users\Classic .NET AppPool\AppData\Local\temp
2012-12-08 02:36 . 2012-12-08 02:36 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{64901780-2B30-45B1-95D5-912C3CC4889E}\offreg.dll
2012-12-07 07:12 . 2012-12-07 07:13 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
2012-12-05 01:02 . 2012-12-05 01:02 -------- d-----w- c:\program files\iPod
2012-12-05 01:02 . 2012-12-05 01:03 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-12-05 01:02 . 2012-12-05 01:03 -------- d-----w- c:\program files\iTunes
2012-12-05 01:02 . 2012-12-05 01:03 -------- d-----w- c:\program files (x86)\iTunes
2012-12-04 16:32 . 2012-12-01 12:41 446312 ----a-w- c:\windows\system32\drivers\nvstusb.sys
2012-12-04 16:32 . 2012-12-03 15:47 26811240 ----a-w- c:\windows\system32\nvoglv64.dll
2012-12-04 16:32 . 2012-12-03 15:47 9271352 ----a-w- c:\windows\system32\nvcuda.dll
2012-12-04 16:32 . 2012-12-03 15:47 7819016 ----a-w- c:\windows\SysWow64\nvcuda.dll
2012-12-04 16:32 . 2012-12-03 15:47 20335976 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2012-12-04 16:32 . 2012-12-03 15:47 17559912 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2012-12-04 16:32 . 2012-12-03 15:47 25256296 ----a-w- c:\windows\system32\nvcompiler.dll
2012-12-04 16:32 . 2012-12-03 15:47 18045968 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-12-04 16:31 . 2012-12-03 15:47 7446192 ----a-w- c:\windows\system32\nvopencl.dll
2012-12-04 16:31 . 2012-12-03 15:47 6149904 ----a-w- c:\windows\SysWow64\nvopencl.dll
2012-12-04 16:31 . 2012-12-03 15:47 2784104 ----a-w- c:\windows\system32\nvcuvid.dll
2012-12-04 16:31 . 2012-12-03 15:47 2226024 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-12-04 16:31 . 2012-12-03 15:47 1874280 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-12-04 16:31 . 2012-12-03 15:47 2606440 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2012-12-04 16:31 . 2012-12-03 15:47 11532648 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-12-01 03:43 . 2012-12-01 03:43 438632 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-11-28 17:37 . 2012-12-03 15:47 15122280 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-11-28 17:37 . 2012-12-03 15:47 2496976 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-11-28 07:22 . 2012-11-28 07:22 289768 ----a-w- c:\windows\system32\javaws.exe
2012-11-28 07:22 . 2012-11-28 07:22 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2012-11-28 07:22 . 2012-11-28 07:22 189416 ----a-w- c:\windows\system32\javaw.exe
2012-11-28 07:22 . 2012-11-28 07:22 188904 ----a-w- c:\windows\system32\java.exe
2012-11-28 07:19 . 2012-11-28 07:19 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-11-27 02:01 . 2012-11-27 02:01 -------- d-----w- c:\program files (x86)\Origin Games
2012-11-26 04:43 . 2012-11-29 04:38 -------- d-----w- c:\users\Peter J. Ramaglia\AppData\Roaming\NVIDIA
2012-11-26 04:17 . 2012-12-04 16:35 -------- d-----w- c:\users\UpdatusUser
2012-11-26 04:17 . 2012-11-26 04:17 -------- d-----w- c:\program files (x86)\AGEIA Technologies
2012-11-26 04:16 . 2012-11-28 17:41 -------- d-----w- c:\program files (x86)\NVIDIA 3D Vision driver
2012-11-26 04:16 . 2012-12-01 05:49 63336 ----a-w- c:\windows\system32\nvshext.dll
2012-11-26 04:16 . 2012-12-01 05:49 890216 ----a-w- c:\windows\system32\nvvsvc.exe
2012-11-26 04:16 . 2012-12-01 05:48 3311464 ----a-w- c:\windows\system32\nvsvc64.dll
2012-11-26 04:16 . 2012-12-01 05:49 2557800 ----a-w- c:\windows\system32\nvsvcr.dll
2012-11-26 04:16 . 2012-12-01 05:49 118120 ----a-w- c:\windows\system32\nvmctray.dll
2012-11-26 04:16 . 2012-12-01 05:48 6223208 ----a-w- c:\windows\system32\nvcpl.dll
2012-11-26 04:15 . 2012-11-18 16:26 60776 ----a-w- c:\windows\system32\OpenCL.dll
2012-11-26 04:15 . 2012-11-18 16:26 52584 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-11-26 04:15 . 2012-11-26 04:15 -------- d-----w- c:\programdata\NVIDIA Corporation
2012-11-26 04:07 . 2012-12-01 12:41 1509736 ----a-w- c:\windows\system32\nvir3dgenco6420152.dll
2012-11-26 04:07 . 2012-07-03 15:25 31080 ----a-w- c:\windows\system32\nvhdap64.dll
2012-11-26 04:07 . 2012-07-03 15:25 189288 ----a-w- c:\windows\system32\drivers\nvhda64v.sys
2012-11-26 04:07 . 2012-07-03 07:37 1472360 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
2012-11-26 04:07 . 2012-12-03 15:47 1805672 ----a-w- c:\windows\system32\nvdispco64.dll
2012-11-26 04:07 . 2012-12-03 15:47 1504104 ----a-w- c:\windows\system32\nvdispgenco64.dll
2012-11-26 04:07 . 2012-12-03 15:47 12603960 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-11-26 04:07 . 2012-12-03 15:47 2816824 ----a-w- c:\windows\system32\nvapi64.dll
2012-11-26 04:07 . 2012-12-03 15:47 15016256 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-11-26 04:06 . 2012-11-26 04:06 -------- d-----w- C:\NVIDIA
2012-11-16 08:55 . 2012-11-16 08:55 -------- d-----w- c:\users\Peter J. Ramaglia\AppData\Local\DinsCurse
2012-11-16 08:55 . 2012-11-16 08:55 -------- d-----w- c:\programdata\DinsCurse
2012-11-15 01:53 . 2012-11-15 01:53 -------- d-----w- c:\windows\Sun
2012-11-15 00:43 . 2012-10-08 11:13 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-15 00:42 . 2012-10-08 11:42 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-11-15 00:40 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-15 00:40 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-15 00:40 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-15 00:40 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-15 00:40 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-15 00:40 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-15 00:40 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-15 00:38 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-11-15 00:38 . 2012-08-24 18:09 458712 ----a-w- c:\windows\system32\drivers\cng.sys
2012-11-15 00:38 . 2012-08-24 18:05 340992 ----a-w- c:\windows\system32\schannel.dll
2012-11-15 00:38 . 2012-08-24 18:04 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-11-15 00:38 . 2012-08-24 16:57 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2012-11-15 00:38 . 2012-08-24 18:03 1448448 ----a-w- c:\windows\system32\lsasrv.dll
2012-11-15 00:38 . 2012-08-24 16:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-11-15 00:38 . 2012-08-24 16:57 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-11-15 00:38 . 2012-08-24 16:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-11-14 22:09 . 2012-10-09 18:17 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-11-14 22:09 . 2012-10-09 18:17 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-11-14 22:09 . 2012-10-09 17:40 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
2012-11-14 22:09 . 2012-10-09 17:40 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2012-11-14 22:07 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2012-11-14 22:07 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll
2012-11-14 01:23 . 2012-11-14 01:23 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-11-14 01:23 . 2012-11-14 01:23 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-11-14 01:23 . 2012-11-14 01:23 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-11-14 01:23 . 2012-11-14 01:23 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-11-14 01:23 . 2012-11-14 01:23 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-11-14 01:23 . 2012-11-14 01:23 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-11-14 01:23 . 2012-11-14 01:23 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-11-14 01:23 . 2012-11-14 01:23 -------- d-----w- c:\program files (x86)\QuickTime
2012-11-10 05:12 . 2012-11-10 05:22 -------- d-----w- c:\program files (x86)\Datel
2012-11-10 05:12 . 2012-09-26 20:55 54200 ----a-w- c:\windows\system32\drivers\dsiarhwprog_x64.sys
2012-11-08 23:32 . 2012-12-01 03:19 -------- d-----w- c:\users\Peter J. Ramaglia\AppData\Roaming\Origin
2012-11-08 23:32 . 2012-11-08 23:32 -------- d-----w- c:\users\Peter J. Ramaglia\AppData\Local\Origin
2012-11-08 23:31 . 2012-12-01 03:19 -------- d-----w- c:\programdata\Origin
2012-11-08 23:31 . 2012-11-08 23:31 -------- d-----w- c:\programdata\Electronic Arts
2012-11-08 23:31 . 2012-12-01 03:19 -------- d-----w- c:\program files (x86)\Origin
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-08 02:25 . 2012-01-12 20:16 393216 ----a-w- c:\windows\ServiceProfiles\NetworkService\msmqlog.bin
2012-12-08 02:22 . 2012-01-25 22:02 17920 ----a-w- c:\windows\system32\rpcnetp.exe
2012-12-08 02:22 . 2012-01-24 02:38 58288 ----a-w- c:\windows\SysWow64\rpcnet.dll
2012-12-08 01:53 . 2012-01-25 22:03 17920 ----a-w- c:\windows\SysWow64\rpcnetp.dll
2012-12-08 01:53 . 2012-01-25 22:02 17920 ----a-w- c:\windows\SysWow64\rpcnetp.exe
2012-11-28 07:22 . 2012-03-27 01:09 1034216 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-11-28 07:22 . 2011-12-27 11:31 916456 ----a-w- c:\windows\system32\deployJava1.dll
2012-11-28 07:19 . 2012-03-27 01:06 821736 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-11-28 07:19 . 2011-12-27 11:30 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-11-15 00:40 . 2012-01-12 20:26 66395536 ----a-w- c:\windows\system32\MRT.exe
2012-11-07 18:48 . 2012-09-26 15:53 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-11-07 13:31 . 2012-04-02 22:04 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-07 13:31 . 2011-12-27 11:16 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-26 00:28 . 2012-10-26 00:28 280976 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-10-25 20:38 . 2012-10-25 20:38 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-10-25 08:12 . 2012-10-25 08:12 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-10-25 08:12 . 2012-10-25 08:12 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2012-10-16 08:38 . 2012-11-28 04:29 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 04:29 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 04:29 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-09-30 22:45 . 2012-09-30 22:45 255352 ----a-w- c:\windows\SysWow64\awrdscdc.ax
2012-09-28 15:32 . 2012-09-28 15:32 5989776 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-09-28 15:32 . 2012-09-28 15:32 53760 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2012-09-26 15:53 . 2012-09-26 15:53 53248 ----a-r- c:\users\Peter J. Ramaglia\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-09-14 19:19 . 2012-10-10 21:18 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-10 21:18 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-09-12 22:48 . 2012-09-12 22:49 99056 ----a-w- c:\windows\system32\MfeOtlkAddin.dll
2012-09-12 22:48 . 2012-09-12 22:49 74848 ----a-w- c:\windows\SysWow64\MfeOtlkAddin.dll
2012-09-12 22:48 . 2012-09-12 22:49 22816 ----a-w- c:\windows\SysWow64\MFEOtlk.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-11-16 19:15 222712 ----a-w- c:\users\Peter J. Ramaglia\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-11-16 19:15 222712 ----a-w- c:\users\Peter J. Ramaglia\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-11-16 19:15 222712 ----a-w- c:\users\Peter J. Ramaglia\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [BU]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-11-28 59280]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2012-11-08 16070136]
"SkyDrive"="c:\users\Peter J. Ramaglia\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" [2012-11-16 255992]
"RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2012-11-28 109336]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"VolPanel"="c:\program files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" [2009-05-05 241789]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-07-27 35768]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"Absolute Notifier"="c:\program files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe" [2011-05-10 85672]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"Monitor"="c:\program files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [2011-11-12 268640]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2012-05-09 577536]
"Logitech G35"="c:\program files (x86)\Logitech\G35\G35.exe" [2010-10-05 1811800]
"BingDesktop"="c:\program files (x86)\Microsoft\BingDesktop\BingDesktop.exe" [2012-03-30 1858152]
"NACAgentUI"="c:\program files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe" [2012-05-24 593880]
"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2012-08-03 685048]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-11-29 151952]
.
c:\users\Peter J. Ramaglia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 AbsoluteNotifier;Absolute Notifier;c:\program files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe [2011-05-10 10920]
R2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-09-15 1166848]
R2 BingDesktopUpdate;Bing Desktop Update service;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2012-03-30 151656]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-10-18 936272]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-10-18 1001808]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-06-03 134928]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
R2 ftpsvc;Microsoft FTP Service;c:\windows\system32\svchost.exe [2009-07-14 27136]
R2 iprip;RIP Listener;c:\windows\System32\svchost.exe [2009-07-14 27136]
R2 NACAgent;Cisco NAC Agent;c:\program files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe [2012-05-24 1259480]
R2 rpcld;Remote Procedure Call (RPC) LD;c:\programdata\Rpcnet\Bin\rpcld.exe [x]
R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-12-01 382824]
R2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-10-23 2848168]
R2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]
R2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2012-08-03 537592]
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys [2012-08-03 107432]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-09-15 299008]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2011-09-15 299008]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-10-18 1354064]
R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2011-08-29 53760]
R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-11-15 327168]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2012-01-16 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-12-27 79360]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2011-06-16 176000]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2012-05-28 52320]
R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [2008-09-25 238848]
R3 FlyUsb;FLY Fusion;c:\windows\system32\DRIVERS\FlyUsb.sys [2011-11-12 24576]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-12-10 60416]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2011-08-25 173656]
R3 LADF_DHP2;G35 DHP2 Filter Driver;c:\windows\system32\DRIVERS\ladfDHP2amd64.sys [2010-09-29 62168]
R3 LADF_SBVM;G35 SBVM Filter Driver;c:\windows\system32\DRIVERS\ladfSBVMamd64.sys [2010-09-29 377176]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-09-16 340240]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2012-06-27 46176]
R3 qicflt;upper Device Filter Driver;c:\windows\system32\DRIVERS\qicflt.sys [2010-07-13 29288]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-08-24 565352]
R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
R3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
R3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2011-12-27 79360]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-12 1255736]
R3 WMSVC;Web Management Service;c:\windows\system32\inetsrv\wmsvc.exe [2009-07-14 10752]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2010-08-20 21616]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2010-12-13 27760]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-02-10 82432]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-02-10 181760]
S3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\system32\DRIVERS\nvstusb.sys [2012-12-01 446312]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 13:31]
.
2012-12-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-13 19:46]
.
2012-12-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-13 19:46]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-11-16 19:15 261624 ----a-w- c:\users\Peter J. Ramaglia\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-11-16 19:15 261624 ----a-w- c:\users\Peter J. Ramaglia\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-11-16 19:15 261624 ----a-w- c:\users\Peter J. Ramaglia\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-11-08 21:58 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-11-08 21:58 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-11-08 21:58 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-11-08 21:58 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-08-30 7284328]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-08-16 2277480]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-12-17 686704]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-10-18 10357008]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-09-16 1935120]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"MsmqIntCert"="mqrt.dll" [2010-11-21 247808]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Customize Menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Show RoboForm Toolbar - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
TCP: DhcpNameServer = 167.206.251.129 167.206.251.130
TCP: Interfaces\{142ECCAC-4F8C-413B-AB1F-6FD3AA203706}: NameServer = 0.0.0.0
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
FF - ProfilePath - c:\users\Peter J. Ramaglia\AppData\Roaming\Mozilla\Firefox\Profiles\qiu8lcgu.default\
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-10-29 21:44; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - ExtSQL: !HIDDEN! 2012-10-29 21:44; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Baldur's Gate - c:\program files (x86)\Atari\DnDMC\Baldurs Gate\Uninst.isu
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-12-07 21:44:36
ComboFix-quarantined-files.txt 2012-12-08 02:44
.
Pre-Run: 35,180,429,312 bytes free
Post-Run: 34,789,408,768 bytes free
.
- - End Of File - - A102E84A4571AA89E8DD8884514C2344

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:19 AM

Posted 07 December 2012 - 10:16 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 PJRamaglia

PJRamaglia
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:19 AM

Posted 08 December 2012 - 05:43 AM

22:21:43.0858 7028 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
22:21:44.0093 7028 ============================================================
22:21:44.0093 7028 Current date / time: 2012/12/07 22:21:44.0093
22:21:44.0093 7028 SystemInfo:
22:21:44.0093 7028
22:21:44.0093 7028 OS Version: 6.1.7601 ServicePack: 1.0
22:21:44.0093 7028 Product type: Workstation
22:21:44.0093 7028 ComputerName: PETERJRAMAGLIA
22:21:44.0093 7028 UserName: Peter J. Ramaglia
22:21:44.0093 7028 Windows directory: C:\Windows
22:21:44.0093 7028 System windows directory: C:\Windows
22:21:44.0093 7028 Running under WOW64
22:21:44.0093 7028 Processor architecture: Intel x64
22:21:44.0093 7028 Number of processors: 8
22:21:44.0093 7028 Page size: 0x1000
22:21:44.0093 7028 Boot type: Normal boot
22:21:44.0093 7028 ============================================================
22:21:44.0755 7028 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:21:44.0756 7028 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:21:44.0806 7028 ============================================================
22:21:44.0806 7028 \Device\Harddisk0\DR0:
22:21:44.0807 7028 MBR partitions:
22:21:44.0807 7028 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x34000, BlocksNum 0x2710000
22:21:44.0807 7028 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2744000, BlocksNum 0x37C41830
22:21:44.0807 7028 \Device\Harddisk1\DR1:
22:21:44.0807 7028 MBR partitions:
22:21:44.0807 7028 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A385000
22:21:44.0807 7028 ============================================================
22:21:44.0841 7028 C: <-> \Device\Harddisk0\DR0\Partition2
22:21:45.0118 7028 D: <-> \Device\Harddisk1\DR1\Partition1
22:21:45.0118 7028 ============================================================
22:21:45.0119 7028 Initialize success
22:21:45.0119 7028 ============================================================
22:21:55.0841 9032 ============================================================
22:21:55.0841 9032 Scan started
22:21:55.0841 9032 Mode: Manual;
22:21:55.0841 9032 ============================================================
22:21:56.0081 9032 ================ Scan system memory ========================
22:21:56.0081 9032 System memory - ok
22:21:56.0081 9032 ================ Scan services =============================
22:21:56.0274 9032 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
22:21:56.0275 9032 1394ohci - ok
22:21:56.0373 9032 [ 28D79AAA4E1C15577A86F930E8DA5E50 ] AbsoluteNotifier C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe
22:21:56.0383 9032 AbsoluteNotifier - ok
22:21:56.0424 9032 [ E0065CBF1A25C015C218457D2CD522B9 ] Acceler C:\Windows\system32\DRIVERS\Accelern.sys
22:21:56.0425 9032 Acceler - ok
22:21:56.0443 9032 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
22:21:56.0445 9032 ACPI - ok
22:21:56.0468 9032 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
22:21:56.0468 9032 AcpiPmi - ok
22:21:56.0548 9032 [ E5568164C070A4988BD79C896920B3C6 ] acsock C:\Windows\system32\DRIVERS\acsock64.sys
22:21:56.0549 9032 acsock - ok
22:21:56.0656 9032 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
22:21:56.0657 9032 AdobeARMservice - ok
22:21:56.0784 9032 [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:21:56.0786 9032 AdobeFlashPlayerUpdateSvc - ok
22:21:56.0825 9032 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
22:21:56.0827 9032 adp94xx - ok
22:21:56.0870 9032 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
22:21:56.0873 9032 adpahci - ok
22:21:56.0887 9032 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
22:21:56.0889 9032 adpu320 - ok
22:21:56.0913 9032 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
22:21:56.0914 9032 AeLookupSvc - ok
22:21:56.0979 9032 [ D1E343BC00136CE03C4D403194D06A80 ] AERTFilters C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
22:21:56.0979 9032 AERTFilters - ok
22:21:57.0035 9032 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
22:21:57.0039 9032 AFD - ok
22:21:57.0067 9032 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
22:21:57.0068 9032 agp440 - ok
22:21:57.0086 9032 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
22:21:57.0087 9032 ALG - ok
22:21:57.0097 9032 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
22:21:57.0098 9032 aliide - ok
22:21:57.0111 9032 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
22:21:57.0111 9032 amdide - ok
22:21:57.0119 9032 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
22:21:57.0119 9032 AmdK8 - ok
22:21:57.0133 9032 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
22:21:57.0133 9032 AmdPPM - ok
22:21:57.0144 9032 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
22:21:57.0145 9032 amdsata - ok
22:21:57.0159 9032 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
22:21:57.0160 9032 amdsbs - ok
22:21:57.0169 9032 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
22:21:57.0170 9032 amdxata - ok
22:21:57.0223 9032 [ 3BC90482A834F998C3B7A9C934A20342 ] AMPPAL C:\Windows\system32\DRIVERS\AMPPAL.sys
22:21:57.0225 9032 AMPPAL - ok
22:21:57.0239 9032 [ 3BC90482A834F998C3B7A9C934A20342 ] AMPPALP C:\Windows\system32\DRIVERS\amppal.sys
22:21:57.0240 9032 AMPPALP - ok
22:21:57.0311 9032 [ A47D7FEBD9381D34DDB4FF38B15A67FE ] AMPPALR3 C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
22:21:57.0318 9032 AMPPALR3 - ok
22:21:57.0397 9032 [ 59D01FA91962C9C1E9B4022B2D3B46DB ] AppHostSvc C:\Windows\system32\inetsrv\apphostsvc.dll
22:21:57.0422 9032 AppHostSvc - ok
22:21:57.0468 9032 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
22:21:57.0469 9032 AppID - ok
22:21:57.0493 9032 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
22:21:57.0493 9032 AppIDSvc - ok
22:21:57.0503 9032 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
22:21:57.0504 9032 Appinfo - ok
22:21:57.0589 9032 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:21:57.0591 9032 Apple Mobile Device - ok
22:21:57.0623 9032 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
22:21:57.0624 9032 arc - ok
22:21:57.0642 9032 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
22:21:57.0642 9032 arcsas - ok
22:21:57.0715 9032 aspnet_state - ok
22:21:57.0726 9032 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
22:21:57.0726 9032 AsyncMac - ok
22:21:57.0762 9032 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
22:21:57.0762 9032 atapi - ok
22:21:57.0794 9032 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:21:57.0797 9032 AudioEndpointBuilder - ok
22:21:57.0819 9032 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
22:21:57.0822 9032 AudioSrv - ok
22:21:57.0838 9032 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
22:21:57.0839 9032 AxInstSV - ok
22:21:57.0856 9032 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
22:21:57.0858 9032 b06bdrv - ok
22:21:57.0900 9032 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
22:21:57.0902 9032 b57nd60a - ok
22:21:57.0917 9032 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
22:21:57.0918 9032 BDESVC - ok
22:21:57.0926 9032 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
22:21:57.0926 9032 Beep - ok
22:21:57.0950 9032 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
22:21:57.0953 9032 BFE - ok
22:21:58.0046 9032 [ 1B63F2B7CA6B5290CC124CDD07520BC9 ] BingDesktopUpdate C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
22:21:58.0048 9032 BingDesktopUpdate - ok
22:21:58.0095 9032 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
22:21:58.0102 9032 BITS - ok
22:21:58.0137 9032 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
22:21:58.0137 9032 blbdrive - ok
22:21:58.0196 9032 [ 0F46D2845BD7DDACA52340ECC2B65DA3 ] Bluetooth Device Monitor C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
22:21:58.0201 9032 Bluetooth Device Monitor - ok
22:21:58.0230 9032 [ 3341DE556EC28252D603277609EEF8BF ] Bluetooth Media Service C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
22:21:58.0235 9032 Bluetooth Media Service - ok
22:21:58.0276 9032 [ 5D5C3EC9BE1107DEDF0FEB55B7F3BD77 ] Bluetooth OBEX Service C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
22:21:58.0280 9032 Bluetooth OBEX Service - ok
22:21:58.0320 9032 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
22:21:58.0324 9032 Bonjour Service - ok
22:21:58.0359 9032 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
22:21:58.0360 9032 bowser - ok
22:21:58.0387 9032 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
22:21:58.0388 9032 BrFiltLo - ok
22:21:58.0391 9032 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
22:21:58.0391 9032 BrFiltUp - ok
22:21:58.0407 9032 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
22:21:58.0408 9032 BridgeMP - ok
22:21:58.0449 9032 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
22:21:58.0450 9032 Browser - ok
22:21:58.0463 9032 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
22:21:58.0464 9032 Brserid - ok
22:21:58.0468 9032 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
22:21:58.0468 9032 BrSerWdm - ok
22:21:58.0471 9032 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
22:21:58.0471 9032 BrUsbMdm - ok
22:21:58.0474 9032 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
22:21:58.0474 9032 BrUsbSer - ok
22:21:58.0508 9032 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
22:21:58.0509 9032 BthEnum - ok
22:21:58.0523 9032 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
22:21:58.0524 9032 BTHMODEM - ok
22:21:58.0544 9032 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
22:21:58.0545 9032 BthPan - ok
22:21:58.0567 9032 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
22:21:58.0574 9032 BTHPORT - ok
22:21:58.0613 9032 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
22:21:58.0614 9032 bthserv - ok
22:21:58.0652 9032 [ 9E2AF97302B9F4BF97E952A865EB31AE ] BTHSSecurityMgr C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
22:21:58.0653 9032 BTHSSecurityMgr - ok
22:21:58.0667 9032 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
22:21:58.0668 9032 BTHUSB - ok
22:21:58.0692 9032 [ AB0A33001FE7EBB209D9D52CED11BE1A ] btmaux C:\Windows\system32\DRIVERS\btmaux.sys
22:21:58.0693 9032 btmaux - ok
22:21:58.0710 9032 [ 40C6FEC49D1CC4D112368A2BCD2BCBB7 ] btmhsf C:\Windows\system32\DRIVERS\btmhsf.sys
22:21:58.0712 9032 btmhsf - ok
22:21:58.0728 9032 catchme - ok
22:21:58.0763 9032 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
22:21:58.0764 9032 cdfs - ok
22:21:58.0773 9032 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
22:21:58.0774 9032 cdrom - ok
22:21:58.0813 9032 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
22:21:58.0814 9032 CertPropSvc - ok
22:21:58.0826 9032 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
22:21:58.0827 9032 circlass - ok
22:21:58.0858 9032 [ FF60401F1C659CA2ED4BAE85D3FD14DA ] CISVC C:\Windows\system32\CISVC.EXE
22:21:58.0858 9032 CISVC - ok
22:21:58.0876 9032 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
22:21:58.0877 9032 CLFS - ok
22:21:58.0900 9032 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:21:58.0901 9032 clr_optimization_v2.0.50727_32 - ok
22:21:58.0947 9032 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:21:58.0948 9032 clr_optimization_v2.0.50727_64 - ok
22:21:59.0018 9032 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:21:59.0019 9032 clr_optimization_v4.0.30319_32 - ok
22:21:59.0091 9032 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:21:59.0092 9032 clr_optimization_v4.0.30319_64 - ok
22:21:59.0148 9032 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
22:21:59.0149 9032 CmBatt - ok
22:21:59.0158 9032 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
22:21:59.0158 9032 cmdide - ok
22:21:59.0214 9032 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
22:21:59.0218 9032 CNG - ok
22:21:59.0267 9032 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
22:21:59.0268 9032 Compbatt - ok
22:21:59.0305 9032 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
22:21:59.0306 9032 CompositeBus - ok
22:21:59.0320 9032 COMSysApp - ok
22:21:59.0342 9032 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
22:21:59.0343 9032 crcdisk - ok
22:21:59.0393 9032 [ C8BD651E13895B93ED9EC5B4F1DF42BC ] Creative ALchemy AL6 Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
22:21:59.0454 9032 Creative ALchemy AL6 Licensing Service - ok
22:21:59.0482 9032 [ C0EAD9F8AB83D41FF07303C75589C2B8 ] Creative Audio Engine Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
22:21:59.0537 9032 Creative Audio Engine Licensing Service - ok
22:21:59.0565 9032 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
22:21:59.0567 9032 CryptSvc - ok
22:21:59.0608 9032 [ 23FAFEA66DA630CE81EE6ADDA20F8A60 ] CTAudSvcService C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
22:21:59.0649 9032 CTAudSvcService - ok
22:21:59.0701 9032 [ DF214BFF646880D0EB31BDC86136B29B ] CtClsFlt C:\Windows\system32\DRIVERS\CtClsFlt.sys
22:21:59.0702 9032 CtClsFlt - ok
22:21:59.0798 9032 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
22:21:59.0803 9032 cvhsvc - ok
22:21:59.0838 9032 [ C7259495924D21F1AFA26467D9F4DAE0 ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
22:21:59.0838 9032 dc3d - ok
22:21:59.0887 9032 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
22:21:59.0890 9032 DcomLaunch - ok
22:21:59.0913 9032 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
22:21:59.0915 9032 defragsvc - ok
22:21:59.0930 9032 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
22:21:59.0931 9032 DfsC - ok
22:21:59.0965 9032 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
22:21:59.0967 9032 Dhcp - ok
22:21:59.0982 9032 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
22:21:59.0983 9032 discache - ok
22:22:00.0015 9032 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
22:22:00.0016 9032 Disk - ok
22:22:00.0035 9032 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
22:22:00.0037 9032 Dnscache - ok
22:22:00.0050 9032 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
22:22:00.0051 9032 dot3svc - ok
22:22:00.0060 9032 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
22:22:00.0061 9032 DPS - ok
22:22:00.0098 9032 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
22:22:00.0099 9032 drmkaud - ok
22:22:00.0125 9032 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
22:22:00.0145 9032 DXGKrnl - ok
22:22:00.0188 9032 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
22:22:00.0189 9032 EapHost - ok
22:22:00.0246 9032 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
22:22:00.0293 9032 ebdrv - ok
22:22:00.0309 9032 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
22:22:00.0309 9032 EFS - ok
22:22:00.0371 9032 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
22:22:00.0414 9032 ehRecvr - ok
22:22:00.0445 9032 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
22:22:00.0478 9032 ehSched - ok
22:22:00.0516 9032 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
22:22:00.0523 9032 elxstor - ok
22:22:00.0525 9032 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
22:22:00.0525 9032 ErrDev - ok
22:22:00.0545 9032 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
22:22:00.0548 9032 EventSystem - ok
22:22:00.0621 9032 [ B20A788579E443F768AAB1A24F705D0A ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
22:22:00.0627 9032 EvtEng - ok
22:22:00.0641 9032 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
22:22:00.0642 9032 exfat - ok
22:22:00.0682 9032 [ 2C1D443E14F376E8331F52F135DCA9EF ] FACAP C:\Windows\system32\DRIVERS\facap.sys
22:22:00.0684 9032 FACAP - ok
22:22:00.0707 9032 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
22:22:00.0708 9032 fastfat - ok
22:22:00.0753 9032 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
22:22:00.0758 9032 Fax - ok
22:22:00.0768 9032 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
22:22:00.0769 9032 fdc - ok
22:22:00.0803 9032 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
22:22:00.0804 9032 fdPHost - ok
22:22:00.0816 9032 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
22:22:00.0817 9032 FDResPub - ok
22:22:00.0828 9032 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
22:22:00.0828 9032 FileInfo - ok
22:22:00.0836 9032 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
22:22:00.0837 9032 Filetrace - ok
22:22:00.0851 9032 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
22:22:00.0851 9032 flpydisk - ok
22:22:00.0866 9032 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
22:22:00.0867 9032 FltMgr - ok
22:22:00.0910 9032 [ 6CD6BB45BD3E0EEF6CE496BF52854FF1 ] FlyUsb C:\Windows\system32\DRIVERS\FlyUsb.sys
22:22:00.0911 9032 FlyUsb - ok
22:22:00.0950 9032 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
22:22:00.0956 9032 FontCache - ok
22:22:00.0991 9032 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:22:00.0992 9032 FontCache3.0.0.0 - ok
22:22:01.0004 9032 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
22:22:01.0005 9032 FsDepends - ok
22:22:01.0064 9032 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
22:22:01.0065 9032 Fs_Rec - ok
22:22:01.0116 9032 [ D225864F6FD96575A303A20BD42383ED ] ftpsvc C:\Windows\system32\inetsrv\ftpsvc.dll
22:22:01.0149 9032 ftpsvc - ok
22:22:01.0182 9032 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
22:22:01.0184 9032 fvevol - ok
22:22:01.0197 9032 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
22:22:01.0198 9032 gagp30kx - ok
22:22:01.0265 9032 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
22:22:01.0267 9032 GamesAppService - ok
22:22:01.0304 9032 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:22:01.0305 9032 GEARAspiWDM - ok
22:22:01.0336 9032 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
22:22:01.0340 9032 gpsvc - ok
22:22:01.0394 9032 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:22:01.0396 9032 gupdate - ok
22:22:01.0400 9032 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:22:01.0401 9032 gupdatem - ok
22:22:01.0415 9032 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
22:22:01.0416 9032 hcw85cir - ok
22:22:01.0445 9032 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
22:22:01.0447 9032 HDAudBus - ok
22:22:01.0455 9032 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
22:22:01.0456 9032 HidBatt - ok
22:22:01.0471 9032 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
22:22:01.0472 9032 HidBth - ok
22:22:01.0494 9032 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
22:22:01.0494 9032 HidIr - ok
22:22:01.0503 9032 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
22:22:01.0504 9032 hidserv - ok
22:22:01.0532 9032 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
22:22:01.0533 9032 HidUsb - ok
22:22:01.0569 9032 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
22:22:01.0570 9032 hkmsvc - ok
22:22:01.0586 9032 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:22:01.0588 9032 HomeGroupListener - ok
22:22:01.0609 9032 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:22:01.0611 9032 HomeGroupProvider - ok
22:22:01.0748 9032 [ 1DAE5C46D42B02A6D5862E1482EFB390 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
22:22:01.0752 9032 hpqcxs08 - ok
22:22:01.0837 9032 [ 99E8EEF42FE2F4AF29B08C3355DD7685 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
22:22:01.0909 9032 hpqddsvc - ok
22:22:01.0943 9032 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
22:22:01.0943 9032 HpSAMD - ok
22:22:01.0990 9032 [ F37882F128EFACEFE353E0BAE2766909 ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
22:22:02.0008 9032 HPSLPSVC - ok
22:22:02.0047 9032 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
22:22:02.0050 9032 HTTP - ok
22:22:02.0059 9032 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
22:22:02.0059 9032 hwpolicy - ok
22:22:02.0101 9032 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
22:22:02.0101 9032 i8042prt - ok
22:22:02.0127 9032 [ D469B77687E12FE43E344806740B624D ] iaStor C:\Windows\system32\drivers\iaStor.sys
22:22:02.0130 9032 iaStor - ok
22:22:02.0151 9032 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
22:22:02.0153 9032 iaStorV - ok
22:22:02.0176 9032 [ FC47F5CF561BF0FD897EFD1A9604DCCF ] iBtFltCoex C:\Windows\system32\DRIVERS\iBtFltCoex.sys
22:22:02.0177 9032 iBtFltCoex - ok
22:22:02.0220 9032 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:22:02.0225 9032 idsvc - ok
22:22:02.0238 9032 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
22:22:02.0239 9032 iirsp - ok
22:22:02.0278 9032 [ AB55B8A9B13130F638546881CE4425F8 ] IISADMIN C:\Windows\system32\inetsrv\inetinfo.exe
22:22:02.0291 9032 IISADMIN - ok
22:22:02.0318 9032 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
22:22:02.0322 9032 IKEEXT - ok
22:22:02.0396 9032 [ A5F7CEF8A939EBE270462EDEFD629F20 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
22:22:02.0441 9032 IntcAzAudAddService - ok
22:22:02.0477 9032 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
22:22:02.0477 9032 intelide - ok
22:22:02.0493 9032 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
22:22:02.0494 9032 intelppm - ok
22:22:02.0529 9032 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
22:22:02.0530 9032 IPBusEnum - ok
22:22:02.0541 9032 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:22:02.0542 9032 IpFilterDriver - ok
22:22:02.0603 9032 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
22:22:02.0607 9032 iphlpsvc - ok
22:22:02.0627 9032 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
22:22:02.0627 9032 IPMIDRV - ok
22:22:02.0630 9032 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
22:22:02.0631 9032 IPNAT - ok
22:22:02.0692 9032 [ B474C756C13960793C7583B766F904C4 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
22:22:02.0695 9032 iPod Service - ok
22:22:02.0723 9032 [ 11FE7637A49B67D9B1F895B2AD4D982F ] iprip C:\Windows\System32\iprip.dll
22:22:02.0724 9032 iprip - ok
22:22:02.0735 9032 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
22:22:02.0736 9032 IRENUM - ok
22:22:02.0749 9032 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
22:22:02.0750 9032 isapnp - ok
22:22:02.0766 9032 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
22:22:02.0768 9032 iScsiPrt - ok
22:22:02.0812 9032 [ DD931496F49CDDF4F0B440455423E162 ] JMCR C:\Windows\system32\DRIVERS\jmcr.sys
22:22:02.0813 9032 JMCR - ok
22:22:02.0833 9032 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
22:22:02.0834 9032 kbdclass - ok
22:22:02.0852 9032 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
22:22:02.0852 9032 kbdhid - ok
22:22:02.0876 9032 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
22:22:02.0876 9032 KeyIso - ok
22:22:02.0913 9032 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
22:22:02.0914 9032 KSecDD - ok
22:22:02.0957 9032 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
22:22:02.0959 9032 KSecPkg - ok
22:22:02.0978 9032 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
22:22:02.0979 9032 ksthunk - ok
22:22:03.0004 9032 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
22:22:03.0007 9032 KtmRm - ok
22:22:03.0060 9032 [ 86DCBF8A41C78561A1DA07AB5E7B1CCC ] LADF_DHP2 C:\Windows\system32\DRIVERS\ladfDHP2amd64.sys
22:22:03.0060 9032 LADF_DHP2 - ok
22:22:03.0082 9032 [ 175C04C7813CE64616B5CB046E5E1383 ] LADF_SBVM C:\Windows\system32\DRIVERS\ladfSBVMamd64.sys
22:22:03.0084 9032 LADF_SBVM - ok
22:22:03.0112 9032 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
22:22:03.0114 9032 LanmanServer - ok
22:22:03.0125 9032 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:22:03.0127 9032 LanmanWorkstation - ok
22:22:03.0276 9032 [ 7772DFAB22611050B79504E671B06E6E ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
22:22:03.0279 9032 LBTServ - ok
22:22:03.0400 9032 [ 3C879D04BB6466E2853C3155B635CC45 ] LeapFrog Connect Device Service C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
22:22:03.0460 9032 LeapFrog Connect Device Service - ok
22:22:03.0500 9032 [ 241F2648ADF090E2A10095BD6D6F5DCB ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
22:22:03.0501 9032 LHidFilt - ok
22:22:03.0536 9032 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
22:22:03.0537 9032 lltdio - ok
22:22:03.0583 9032 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
22:22:03.0587 9032 lltdsvc - ok
22:22:03.0604 9032 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
22:22:03.0605 9032 lmhosts - ok
22:22:03.0619 9032 [ 342ED5A4B3326014438F36D22D803737 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
22:22:03.0620 9032 LMouFilt - ok
22:22:03.0674 9032 [ 7F32D4C47A50E7223491E8FB9359907D ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
22:22:03.0676 9032 LMS - ok
22:22:03.0700 9032 [ 5DCD36FC4A6ECBF6E7F9B3BF7E0D0F55 ] LPDSVC C:\Windows\system32\lpdsvc.dll
22:22:03.0701 9032 LPDSVC - ok
22:22:03.0739 9032 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
22:22:03.0740 9032 LSI_FC - ok
22:22:03.0756 9032 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
22:22:03.0756 9032 LSI_SAS - ok
22:22:03.0774 9032 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
22:22:03.0775 9032 LSI_SAS2 - ok
22:22:03.0794 9032 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
22:22:03.0795 9032 LSI_SCSI - ok
22:22:03.0823 9032 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
22:22:03.0824 9032 luafv - ok
22:22:03.0859 9032 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
22:22:03.0860 9032 Mcx2Svc - ok
22:22:03.0863 9032 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
22:22:03.0864 9032 megasas - ok
22:22:03.0878 9032 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
22:22:03.0879 9032 MegaSR - ok
22:22:03.0902 9032 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
22:22:03.0902 9032 MEIx64 - ok
22:22:03.0925 9032 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
22:22:03.0927 9032 MMCSS - ok
22:22:03.0931 9032 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
22:22:03.0932 9032 Modem - ok
22:22:03.0945 9032 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
22:22:03.0945 9032 monitor - ok
22:22:03.0973 9032 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
22:22:03.0974 9032 mouclass - ok
22:22:04.0010 9032 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
22:22:04.0010 9032 mouhid - ok
22:22:04.0024 9032 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
22:22:04.0025 9032 mountmgr - ok
22:22:04.0091 9032 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:22:04.0092 9032 MozillaMaintenance - ok
22:22:04.0144 9032 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
22:22:04.0145 9032 MpFilter - ok
22:22:04.0164 9032 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
22:22:04.0165 9032 mpio - ok
22:22:04.0177 9032 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
22:22:04.0178 9032 mpsdrv - ok
22:22:04.0203 9032 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
22:22:04.0207 9032 MpsSvc - ok
22:22:04.0227 9032 [ CD22D2563039DDA6793F7624719363A7 ] MQAC C:\Windows\system32\drivers\mqac.sys
22:22:04.0228 9032 MQAC - ok
22:22:04.0238 9032 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
22:22:04.0239 9032 MRxDAV - ok
22:22:04.0266 9032 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
22:22:04.0267 9032 mrxsmb - ok
22:22:04.0281 9032 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:22:04.0283 9032 mrxsmb10 - ok
22:22:04.0294 9032 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:22:04.0295 9032 mrxsmb20 - ok
22:22:04.0316 9032 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
22:22:04.0316 9032 msahci - ok
22:22:04.0329 9032 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
22:22:04.0330 9032 msdsm - ok
22:22:04.0343 9032 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
22:22:04.0344 9032 MSDTC - ok
22:22:04.0358 9032 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
22:22:04.0358 9032 Msfs - ok
22:22:04.0377 9032 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
22:22:04.0377 9032 mshidkmdf - ok
22:22:04.0383 9032 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
22:22:04.0383 9032 msisadrv - ok
22:22:04.0408 9032 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
22:22:04.0410 9032 MSiSCSI - ok
22:22:04.0413 9032 msiserver - ok
22:22:04.0432 9032 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
22:22:04.0433 9032 MSKSSRV - ok
22:22:04.0493 9032 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
22:22:04.0494 9032 MsMpSvc - ok
22:22:04.0518 9032 [ FAAEAEF99E53561BEEE58F946CA56F0D ] MSMQ C:\Windows\system32\mqsvc.exe
22:22:04.0518 9032 MSMQ - ok
22:22:04.0532 9032 [ 59ED174FD4314B0218DC91F9BFA6CD3D ] MSMQTriggers C:\Windows\system32\mqtgsvc.exe
22:22:04.0533 9032 MSMQTriggers - ok
22:22:04.0545 9032 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
22:22:04.0545 9032 MSPCLOCK - ok
22:22:04.0557 9032 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
22:22:04.0558 9032 MSPQM - ok
22:22:04.0571 9032 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
22:22:04.0573 9032 MsRPC - ok
22:22:04.0582 9032 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
22:22:04.0582 9032 mssmbios - ok
22:22:04.0599 9032 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
22:22:04.0600 9032 MSTEE - ok
22:22:04.0611 9032 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
22:22:04.0611 9032 MTConfig - ok
22:22:04.0620 9032 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
22:22:04.0621 9032 Mup - ok
22:22:04.0658 9032 [ F217D7718FD7577AF331E89910B2D21E ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
22:22:04.0659 9032 MyWiFiDHCPDNS - ok
22:22:04.0749 9032 [ 09BDC231B40A84F6E86324D526DCF314 ] NACAgent C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe
22:22:04.0754 9032 NACAgent - ok
22:22:04.0803 9032 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
22:22:04.0807 9032 napagent - ok
22:22:04.0846 9032 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
22:22:04.0849 9032 NativeWifiP - ok
22:22:04.0921 9032 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
22:22:04.0943 9032 NDIS - ok
22:22:04.0972 9032 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
22:22:04.0972 9032 NdisCap - ok
22:22:04.0998 9032 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
22:22:04.0999 9032 NdisTapi - ok
22:22:05.0009 9032 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
22:22:05.0010 9032 Ndisuio - ok
22:22:05.0022 9032 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
22:22:05.0023 9032 NdisWan - ok
22:22:05.0034 9032 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
22:22:05.0034 9032 NDProxy - ok
22:22:05.0091 9032 [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
22:22:05.0093 9032 Net Driver HPZ12 - ok
22:22:05.0102 9032 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
22:22:05.0102 9032 NetBIOS - ok
22:22:05.0112 9032 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
22:22:05.0113 9032 NetBT - ok
22:22:05.0145 9032 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
22:22:05.0145 9032 Netlogon - ok
22:22:05.0178 9032 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
22:22:05.0180 9032 Netman - ok
22:22:05.0224 9032 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:22:05.0225 9032 NetMsmqActivator - ok
22:22:05.0230 9032 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:22:05.0230 9032 NetPipeActivator - ok
22:22:05.0263 9032 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
22:22:05.0267 9032 netprofm - ok
22:22:05.0283 9032 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:22:05.0284 9032 NetTcpActivator - ok
22:22:05.0287 9032 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:22:05.0287 9032 NetTcpPortSharing - ok
22:22:05.0445 9032 [ 9FD1BE1881446D954FF77244AE58FBCB ] NETwNs64 C:\Windows\system32\DRIVERS\NETwNs64.sys
22:22:05.0585 9032 NETwNs64 - ok
22:22:05.0615 9032 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
22:22:05.0615 9032 nfrd960 - ok
22:22:05.0644 9032 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
22:22:05.0645 9032 NisDrv - ok
22:22:05.0750 9032 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe
22:22:05.0753 9032 NisSrv - ok
22:22:05.0806 9032 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
22:22:05.0809 9032 NlaSvc - ok
22:22:05.0829 9032 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
22:22:05.0829 9032 Npfs - ok
22:22:05.0852 9032 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
22:22:05.0853 9032 nsi - ok
22:22:05.0866 9032 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
22:22:05.0867 9032 nsiproxy - ok
22:22:05.0929 9032 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
22:22:05.0958 9032 Ntfs - ok
22:22:06.0008 9032 [ A2F750E416D1C628BDCDC2075AC33BC6 ] NuidFltr C:\Windows\system32\DRIVERS\NuidFltr.sys
22:22:06.0008 9032 NuidFltr - ok
22:22:06.0015 9032 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
22:22:06.0015 9032 Null - ok
22:22:06.0055 9032 [ 0EBC9D13CD96C15B1B18D8678A609E4B ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
22:22:06.0056 9032 nusb3hub - ok
22:22:06.0087 9032 [ 7BDEC000D56D485021D9C1E63C2F81CA ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
22:22:06.0088 9032 nusb3xhc - ok
22:22:06.0132 9032 [ 1F07B814C0BB5AABA703ABFF1F31F2E8 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
22:22:06.0133 9032 NVHDA - ok
22:22:06.0371 9032 [ FE2909F7DFB12B9A20AD207FE23B7E96 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:22:06.0568 9032 nvlddmkm - ok
22:22:06.0601 9032 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
22:22:06.0602 9032 nvraid - ok
22:22:06.0621 9032 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
22:22:06.0623 9032 nvstor - ok
22:22:06.0680 9032 [ 4D54C8D56111E4B7C86CF73E1CD8B4CB ] NvStUSB C:\Windows\system32\DRIVERS\nvstusb.sys
22:22:06.0683 9032 NvStUSB - ok
22:22:06.0759 9032 [ 3341D2C91989BC87C3C0BAA97C27253B ] nvsvc C:\Windows\system32\nvvsvc.exe
22:22:06.0763 9032 nvsvc - ok
22:22:06.0859 9032 [ 551CE34DAD2DFF0A480781E68B286E4D ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
22:22:06.0866 9032 nvUpdatusService - ok
22:22:06.0910 9032 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
22:22:06.0911 9032 nv_agp - ok
22:22:06.0935 9032 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
22:22:06.0937 9032 ohci1394 - ok
22:22:06.0992 9032 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:22:06.0994 9032 ose - ok
22:22:07.0093 9032 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:22:07.0112 9032 osppsvc - ok
22:22:07.0138 9032 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
22:22:07.0142 9032 p2pimsvc - ok
22:22:07.0161 9032 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
22:22:07.0164 9032 p2psvc - ok
22:22:07.0176 9032 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
22:22:07.0177 9032 Parport - ok
22:22:07.0213 9032 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
22:22:07.0214 9032 partmgr - ok
22:22:07.0229 9032 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
22:22:07.0231 9032 PcaSvc - ok
22:22:07.0315 9032 PcdrNdisuio - ok
22:22:07.0338 9032 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
22:22:07.0339 9032 pci - ok
22:22:07.0363 9032 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
22:22:07.0363 9032 pciide - ok
22:22:07.0379 9032 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
22:22:07.0380 9032 pcmcia - ok
22:22:07.0395 9032 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
22:22:07.0396 9032 pcw - ok
22:22:07.0414 9032 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
22:22:07.0417 9032 PEAUTH - ok
22:22:07.0445 9032 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
22:22:07.0446 9032 PerfHost - ok
22:22:07.0476 9032 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
22:22:07.0504 9032 pla - ok
22:22:07.0547 9032 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
22:22:07.0552 9032 PlugPlay - ok
22:22:07.0599 9032 [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
22:22:07.0601 9032 Pml Driver HPZ12 - ok
22:22:07.0611 9032 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
22:22:07.0613 9032 PNRPAutoReg - ok
22:22:07.0625 9032 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
22:22:07.0627 9032 PNRPsvc - ok
22:22:07.0638 9032 [ 32D374C60778253B81FA76C2FE19E155 ] Point64 C:\Windows\system32\DRIVERS\point64.sys
22:22:07.0639 9032 Point64 - ok
22:22:07.0668 9032 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
22:22:07.0671 9032 PolicyAgent - ok
22:22:07.0701 9032 [ A2CCA4FB273E6050F17A0A416CFF2FCD ] Power C:\Windows\system32\umpo.dll
22:22:07.0702 9032 Power - ok
22:22:07.0737 9032 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
22:22:07.0738 9032 PptpMiniport - ok
22:22:07.0750 9032 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
22:22:07.0751 9032 Processor - ok
22:22:07.0781 9032 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
22:22:07.0784 9032 ProfSvc - ok
22:22:07.0793 9032 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:22:07.0794 9032 ProtectedStorage - ok
22:22:07.0821 9032 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
22:22:07.0822 9032 Psched - ok
22:22:07.0851 9032 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
22:22:07.0851 9032 PxHlpa64 - ok
22:22:07.0889 9032 [ 0928BD20273625622722FE1DE5BBDE57 ] qicflt C:\Windows\system32\DRIVERS\qicflt.sys
22:22:07.0890 9032 qicflt - ok
22:22:07.0933 9032 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
22:22:07.0965 9032 ql2300 - ok
22:22:07.0984 9032 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
22:22:07.0985 9032 ql40xx - ok
22:22:08.0005 9032 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
22:22:08.0008 9032 QWAVE - ok
22:22:08.0017 9032 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
22:22:08.0018 9032 QWAVEdrv - ok
22:22:08.0030 9032 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
22:22:08.0031 9032 RasAcd - ok
22:22:08.0064 9032 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
22:22:08.0064 9032 RasAgileVpn - ok
22:22:08.0078 9032 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
22:22:08.0080 9032 RasAuto - ok
22:22:08.0091 9032 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
22:22:08.0092 9032 Rasl2tp - ok
22:22:08.0122 9032 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
22:22:08.0124 9032 RasMan - ok
22:22:08.0137 9032 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
22:22:08.0137 9032 RasPppoe - ok
22:22:08.0149 9032 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
22:22:08.0150 9032 RasSstp - ok
22:22:08.0163 9032 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
22:22:08.0165 9032 rdbss - ok
22:22:08.0176 9032 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
22:22:08.0176 9032 rdpbus - ok
22:22:08.0198 9032 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
22:22:08.0199 9032 RDPCDD - ok
22:22:08.0211 9032 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
22:22:08.0211 9032 RDPENCDD - ok
22:22:08.0237 9032 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
22:22:08.0238 9032 RDPREFMP - ok
22:22:08.0316 9032 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
22:22:08.0317 9032 RdpVideoMiniport - ok
22:22:08.0352 9032 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
22:22:08.0353 9032 RDPWD - ok
22:22:08.0377 9032 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
22:22:08.0379 9032 rdyboost - ok
22:22:08.0419 9032 [ B9A0810D16EA7935B10A5499ABA61DC3 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
22:22:08.0424 9032 RegSrvc - ok
22:22:08.0461 9032 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
22:22:08.0462 9032 RemoteAccess - ok
22:22:08.0485 9032 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
22:22:08.0487 9032 RemoteRegistry - ok
22:22:08.0522 9032 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
22:22:08.0523 9032 RFCOMM - ok
22:22:08.0564 9032 [ CAF88D6573D21CD2AA27001DDBFDC74D ] RMCAST C:\Windows\system32\DRIVERS\RMCAST.sys
22:22:08.0565 9032 RMCAST - ok
22:22:08.0577 9032 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
22:22:08.0578 9032 RpcEptMapper - ok
22:22:08.0686 9032 [ B1574DCB4AE3EFACC24AA87B4AE6FC55 ] rpcld C:\ProgramData\Rpcnet\Bin\rpcld.exe
22:22:08.0687 9032 Suspicious file (NoAccess): C:\ProgramData\Rpcnet\Bin\rpcld.exe. md5: B1574DCB4AE3EFACC24AA87B4AE6FC55
22:22:08.0687 9032 rpcld ( LockedFile.Multi.Generic ) - warning
22:22:08.0687 9032 rpcld - detected LockedFile.Multi.Generic (1)
22:22:08.0704 9032 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
22:22:08.0705 9032 RpcLocator - ok
22:22:08.0761 9032 [ 6684437F3628EF237C354F77D33426D1 ] rpcnet C:\Windows\SysWOW64\rpcnet.exe
22:22:08.0763 9032 rpcnet - ok
22:22:08.0782 9032 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
22:22:08.0786 9032 RpcSs - ok
22:22:08.0821 9032 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
22:22:08.0822 9032 rspndr - ok
22:22:08.0870 9032 [ 9140DB0911DE035FED0A9A77A2D156EA ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
22:22:08.0887 9032 RTL8167 - ok
22:22:08.0899 9032 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
22:22:08.0900 9032 SamSs - ok
22:22:08.0914 9032 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
22:22:08.0915 9032 sbp2port - ok
22:22:08.0920 9032 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
22:22:08.0921 9032 SCardSvr - ok
22:22:08.0935 9032 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
22:22:08.0936 9032 scfilter - ok
22:22:08.0959 9032 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
22:22:08.0964 9032 Schedule - ok
22:22:08.0987 9032 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
22:22:08.0987 9032 SCPolicySvc - ok
22:22:09.0032 9032 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
22:22:09.0033 9032 sdbus - ok
22:22:09.0065 9032 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
22:22:09.0068 9032 SDRSVC - ok
22:22:09.0091 9032 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
22:22:09.0092 9032 secdrv - ok
22:22:09.0100 9032 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
22:22:09.0101 9032 seclogon - ok
22:22:09.0124 9032 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
22:22:09.0126 9032 SENS - ok
22:22:09.0140 9032 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
22:22:09.0141 9032 SensrSvc - ok
22:22:09.0164 9032 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
22:22:09.0165 9032 Serenum - ok
22:22:09.0177 9032 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
22:22:09.0178 9032 Serial - ok
22:22:09.0216 9032 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
22:22:09.0216 9032 sermouse - ok
22:22:09.0235 9032 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
22:22:09.0236 9032 SessionEnv - ok
22:22:09.0245 9032 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
22:22:09.0246 9032 sffdisk - ok
22:22:09.0258 9032 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
22:22:09.0259 9032 sffp_mmc - ok
22:22:09.0269 9032 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
22:22:09.0270 9032 sffp_sd - ok
22:22:09.0272 9032 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
22:22:09.0273 9032 sfloppy - ok
22:22:09.0330 9032 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
22:22:09.0335 9032 Sftfs - ok
22:22:09.0398 9032 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
22:22:09.0402 9032 sftlist - ok
22:22:09.0415 9032 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
22:22:09.0416 9032 Sftplay - ok
22:22:09.0430 9032 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
22:22:09.0431 9032 Sftredir - ok
22:22:09.0437 9032 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
22:22:09.0438 9032 Sftvol - ok
22:22:09.0454 9032 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
22:22:09.0455 9032 sftvsa - ok
22:22:09.0506 9032 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
22:22:09.0509 9032 SharedAccess - ok
22:22:09.0536 9032 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:22:09.0539 9032 ShellHWDetection - ok
22:22:09.0562 9032 [ E9E830D540EDEDED650F906628468548 ] simptcp C:\Windows\System32\tcpsvcs.exe
22:22:09.0563 9032 simptcp - ok
22:22:09.0608 9032 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
22:22:09.0609 9032 SiSRaid2 - ok
22:22:09.0629 9032 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
22:22:09.0630 9032 SiSRaid4 - ok
22:22:09.0698 9032 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
22:22:09.0700 9032 SkypeUpdate - ok
22:22:09.0730 9032 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
22:22:09.0731 9032 Smb - ok
22:22:09.0758 9032 [ CA62AE004E98374BF7F082CD765EEA02 ] SNMP C:\Windows\System32\snmp.exe
22:22:09.0759 9032 SNMP - ok
22:22:09.0768 9032 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
22:22:09.0769 9032 SNMPTRAP - ok
22:22:09.0812 9032 [ 9B24DCA429F819DB314F30EE4C6C80FD ] Sound Blaster X-Fi MB Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe
22:22:09.0870 9032 Sound Blaster X-Fi MB Licensing Service - ok
22:22:09.0880 9032 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
22:22:09.0881 9032 spldr - ok
22:22:09.0923 9032 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
22:22:09.0926 9032 Spooler - ok
22:22:09.0988 9032 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
22:22:10.0002 9032 sppsvc - ok
22:22:10.0023 9032 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
22:22:10.0024 9032 sppuinotify - ok
22:22:10.0049 9032 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
22:22:10.0053 9032 srv - ok
22:22:10.0074 9032 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
22:22:10.0076 9032 srv2 - ok
22:22:10.0086 9032 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
22:22:10.0087 9032 srvnet - ok
22:22:10.0115 9032 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
22:22:10.0116 9032 SSDPSRV - ok
22:22:10.0132 9032 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
22:22:10.0133 9032 SstpSvc - ok
22:22:10.0154 9032 [ 92E7F6666633D2DD91D527503DAA7BE0 ] stdcfltn C:\Windows\system32\DRIVERS\stdcfltn.sys
22:22:10.0154 9032 stdcfltn - ok
22:22:10.0181 9032 Steam Client Service - ok
22:22:10.0265 9032 [ 0632004181860960CF6E10DE8DDEF78B ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
22:22:10.0268 9032 Stereo Service - ok
22:22:10.0310 9032 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
22:22:10.0310 9032 stexstor - ok
22:22:10.0360 9032 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
22:22:10.0361 9032 StillCam - ok
22:22:10.0396 9032 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
22:22:10.0401 9032 stisvc - ok
22:22:10.0414 9032 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
22:22:10.0414 9032 swenum - ok
22:22:10.0429 9032 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
22:22:10.0432 9032 swprv - ok
22:22:10.0479 9032 [ C4CE3CE7E1858B25ADB16938258CD1C9 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
22:22:10.0483 9032 SynTP - ok
22:22:10.0520 9032 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
22:22:10.0527 9032 SysMain - ok
22:22:10.0538 9032 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:22:10.0540 9032 TabletInputService - ok
22:22:10.0549 9032 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
22:22:10.0552 9032 TapiSrv - ok
22:22:10.0561 9032 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
22:22:10.0562 9032 TBS - ok
22:22:10.0629 9032 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
22:22:10.0670 9032 Tcpip - ok
22:22:10.0761 9032 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
22:22:10.0769 9032 TCPIP6 - ok
22:22:10.0788 9032 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
22:22:10.0788 9032 tcpipreg - ok
22:22:10.0831 9032 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
22:22:10.0832 9032 TDPIPE - ok
22:22:10.0853 9032 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
22:22:10.0853 9032 TDTCP - ok
22:22:10.0884 9032 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
22:22:10.0886 9032 tdx - ok
22:22:11.0220 9032 [ C9B9373A0A430C11F0213E359D0772B2 ] TeamViewer7 C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
22:22:11.0232 9032 TeamViewer7 - ok
22:22:11.0249 9032 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
22:22:11.0250 9032 TermDD - ok
22:22:11.0277 9032 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
22:22:11.0282 9032 TermService - ok
22:22:11.0294 9032 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
22:22:11.0296 9032 Themes - ok
22:22:11.0318 9032 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
22:22:11.0319 9032 THREADORDER - ok
22:22:11.0344 9032 [ 519CB7D7F697F4BA47DE05845C20F158 ] TlntSvr C:\Windows\System32\tlntsvr.exe
22:22:11.0347 9032 TlntSvr - ok
22:22:11.0356 9032 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
22:22:11.0358 9032 TrkWks - ok
22:22:11.0404 9032 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:22:11.0427 9032 TrustedInstaller - ok
22:22:11.0453 9032 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
22:22:11.0453 9032 tssecsrv - ok
22:22:11.0506 9032 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
22:22:11.0507 9032 TsUsbFlt - ok
22:22:11.0573 9032 [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
22:22:11.0574 9032 TsUsbGD - ok
22:22:11.0587 9032 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
22:22:11.0589 9032 tunnel - ok
22:22:11.0624 9032 [ FD24F98D2898BE093FE926604BE7DB99 ] TurboB C:\Windows\system32\DRIVERS\TurboB.sys
22:22:11.0633 9032 TurboB - ok
22:22:11.0669 9032 [ 600B406A04D90F577FEA8A88D7379F08 ] TurboBoost C:\Program Files\Intel\TurboBoost\TurboBoost.exe
22:22:11.0683 9032 TurboBoost - ok
22:22:11.0693 9032 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
22:22:11.0694 9032 uagp35 - ok
22:22:11.0712 9032 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
22:22:11.0714 9032 udfs - ok
22:22:11.0744 9032 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
22:22:11.0746 9032 UI0Detect - ok
22:22:11.0770 9032 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
22:22:11.0771 9032 uliagpkx - ok
22:22:11.0798 9032 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
22:22:11.0799 9032 umbus - ok
22:22:11.0809 9032 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
22:22:11.0810 9032 UmPass - ok
22:22:11.0879 9032 [ 2C16648A12999AE69A9EBF41974B0BA2 ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
22:22:11.0889 9032 UNS - ok
22:22:11.0907 9032 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
22:22:11.0910 9032 upnphost - ok
22:22:11.0942 9032 [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
22:22:11.0942 9032 USBAAPL64 - ok
22:22:11.0985 9032 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
22:22:11.0986 9032 usbaudio - ok
22:22:12.0012 9032 [ 19AD7990C0B67E48DAC5B26F99628223 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
22:22:12.0013 9032 usbccgp - ok
22:22:12.0030 9032 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
22:22:12.0031 9032 usbcir - ok
22:22:12.0048 9032 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
22:22:12.0048 9032 usbehci - ok
22:22:12.0068 9032 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
22:22:12.0070 9032 usbhub - ok
22:22:12.0123 9032 [ FB8139DBDFE32979BDB64AA5D0D93504 ] usbio C:\Windows\system32\Drivers\dsiarhwprog_x64.sys
22:22:12.0132 9032 usbio - ok
22:22:12.0151 9032 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
22:22:12.0152 9032 usbohci - ok
22:22:12.0167 9032 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
22:22:12.0168 9032 usbprint - ok
22:22:12.0184 9032 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:22:12.0185 9032 USBSTOR - ok
22:22:12.0198 9032 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
22:22:12.0198 9032 usbuhci - ok
22:22:12.0210 9032 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
22:22:12.0211 9032 usbvideo - ok
22:22:12.0236 9032 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
22:22:12.0238 9032 UxSms - ok
22:22:12.0265 9032 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
22:22:12.0266 9032 VaultSvc - ok
22:22:12.0293 9032 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
22:22:12.0293 9032 vdrvroot - ok
22:22:12.0307 9032 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
22:22:12.0315 9032 vds - ok
22:22:12.0323 9032 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
22:22:12.0324 9032 vga - ok
22:22:12.0332 9032 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
22:22:12.0332 9032 VgaSave - ok
22:22:12.0346 9032 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
22:22:12.0347 9032 vhdmp - ok
22:22:12.0351 9032 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
22:22:12.0352 9032 viaide - ok
22:22:12.0379 9032 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
22:22:12.0380 9032 volmgr - ok
22:22:12.0392 9032 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
22:22:12.0394 9032 volmgrx - ok
22:22:12.0410 9032 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
22:22:12.0411 9032 volsnap - ok
22:22:12.0469 9032 [ 80E63B86C40C5E067475DC98F845A6DD ] vpnagent C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
22:22:12.0473 9032 vpnagent - ok
22:22:12.0523 9032 [ A8D4FED106B4BD337DF3DA20BA44E18E ] vpnva C:\Windows\system32\DRIVERS\vpnva64.sys
22:22:12.0524 9032 vpnva - ok
22:22:12.0556 9032 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
22:22:12.0557 9032 vsmraid - ok
22:22:12.0594 9032 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
22:22:12.0602 9032 VSS - ok
22:22:12.0610 9032 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
22:22:12.0611 9032 vwifibus - ok
22:22:12.0636 9032 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
22:22:12.0637 9032 vwififlt - ok
22:22:12.0663 9032 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
22:22:12.0663 9032 vwifimp - ok
22:22:12.0698 9032 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
22:22:12.0701 9032 W32Time - ok
22:22:12.0761 9032 [ B32009DB1972E7F2C227499289C4384A ] W3SVC C:\Windows\system32\inetsrv\iisw3adm.dll
22:22:12.0793 9032 W3SVC - ok
22:22:12.0797 9032 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
22:22:12.0798 9032 WacomPen - ok
22:22:12.0826 9032 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
22:22:12.0827 9032 WANARP - ok
22:22:12.0831 9032 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
22:22:12.0832 9032 Wanarpv6 - ok
22:22:12.0843 9032 [ B32009DB1972E7F2C227499289C4384A ] WAS C:\Windows\system32\inetsrv\iisw3adm.dll
22:22:12.0845 9032 WAS - ok
22:22:12.0887 9032 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
22:22:12.0895 9032 WatAdminSvc - ok
22:22:13.0026 9032 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
22:22:13.0067 9032 wbengine - ok
22:22:13.0083 9032 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
22:22:13.0085 9032 WbioSrvc - ok
22:22:13.0101 9032 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
22:22:13.0103 9032 wcncsvc - ok
22:22:13.0116 9032 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:22:13.0118 9032 WcsPlugInService - ok
22:22:13.0121 9032 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
22:22:13.0121 9032 Wd - ok
22:22:13.0171 9032 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
22:22:13.0194 9032 Wdf01000 - ok
22:22:13.0225 9032 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
22:22:13.0228 9032 WdiServiceHost - ok
22:22:13.0232 9032 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
22:22:13.0234 9032 WdiSystemHost - ok
22:22:13.0261 9032 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
22:22:13.0263 9032 WebClient - ok
22:22:13.0274 9032 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
22:22:13.0276 9032 Wecsvc - ok
22:22:13.0285 9032 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
22:22:13.0286 9032 wercplsupport - ok
22:22:13.0310 9032 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
22:22:13.0311 9032 WerSvc - ok
22:22:13.0337 9032 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
22:22:13.0337 9032 WfpLwf - ok
22:22:13.0381 9032 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
22:22:13.0382 9032 WimFltr - ok
22:22:13.0391 9032 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
22:22:13.0391 9032 WIMMount - ok
22:22:13.0400 9032 WinDefend - ok
22:22:13.0404 9032 WinHttpAutoProxySvc - ok
22:22:13.0462 9032 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
22:22:13.0477 9032 Winmgmt - ok
22:22:13.0527 9032 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
22:22:13.0572 9032 WinRM - ok
22:22:13.0619 9032 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
22:22:13.0620 9032 WinUsb - ok
22:22:13.0690 9032 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
22:22:13.0695 9032 Wlansvc - ok
22:22:13.0762 9032 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
22:22:13.0763 9032 wlcrasvc - ok
22:22:14.0003 9032 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:22:14.0013 9032 wlidsvc - ok
22:22:14.0072 9032 [ 680A7846370000D20D7E74917D5B7936 ] WmBEnum C:\Windows\system32\drivers\WmBEnum.sys
22:22:14.0073 9032 WmBEnum - ok
22:22:14.0129 9032 [ 14C35BA8189C6F65D839163AA285E954 ] WmFilter C:\Windows\system32\drivers\WmFilter.sys
22:22:14.0130 9032 WmFilter - ok
22:22:14.0162 9032 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
22:22:14.0163 9032 WmiAcpi - ok
22:22:14.0190 9032 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
22:22:14.0214 9032 wmiApSrv - ok
22:22:14.0244 9032 WMPNetworkSvc - ok
22:22:14.0262 9032 [ B5BD872122A2CE82D196ABF2D5D8D80A ] WMSVC C:\Windows\system32\inetsrv\wmsvc.exe
22:22:14.0277 9032 WMSVC - ok
22:22:14.0288 9032 [ 8488DD91A3EE54A8E29F02AD7BB8201E ] WmVirHid C:\Windows\system32\drivers\WmVirHid.sys
22:22:14.0288 9032 WmVirHid - ok
22:22:14.0299 9032 [ 14802B3A30AA849C97CB968CCC813BF3 ] WmXlCore C:\Windows\system32\drivers\WmXlCore.sys
22:22:14.0300 9032 WmXlCore - ok
22:22:14.0318 9032 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
22:22:14.0320 9032 WPCSvc - ok
22:22:14.0335 9032 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
22:22:14.0338 9032 WPDBusEnum - ok
22:22:14.0353 9032 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
22:22:14.0354 9032 ws2ifsl - ok
22:22:14.0367 9032 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
22:22:14.0369 9032 wscsvc - ok
22:22:14.0400 9032 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
22:22:14.0401 9032 WSDPrintDevice - ok
22:22:14.0403 9032 WSearch - ok
22:22:14.0484 9032 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
22:22:14.0494 9032 wuauserv - ok
22:22:14.0566 9032 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
22:22:14.0567 9032 WudfPf - ok
22:22:14.0596 9032 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
22:22:14.0598 9032 WUDFRd - ok
22:22:14.0641 9032 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
22:22:14.0644 9032 wudfsvc - ok
22:22:14.0678 9032 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
22:22:14.0681 9032 WwanSvc - ok
22:22:14.0713 9032 ================ Scan global ===============================
22:22:14.0732 9032 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
22:22:14.0761 9032 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
22:22:14.0767 9032 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
22:22:14.0798 9032 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
22:22:14.0814 9032 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
22:22:14.0816 9032 [Global] - ok
22:22:14.0817 9032 ================ Scan MBR ==================================
22:22:14.0830 9032 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
22:22:15.0458 9032 \Device\Harddisk0\DR0 - ok
22:22:15.0461 9032 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
22:22:15.0463 9032 \Device\Harddisk1\DR1 - ok
22:22:15.0463 9032 ================ Scan VBR ==================================
22:22:15.0465 9032 [ A8ACF33F2A813B60E2681AE362EE1B7E ] \Device\Harddisk0\DR0\Partition1
22:22:15.0467 9032 \Device\Harddisk0\DR0\Partition1 - ok
22:22:15.0477 9032 [ 1A58FCCC0A9BFE9D02DC5F88543F2D51 ] \Device\Harddisk0\DR0\Partition2
22:22:15.0479 9032 \Device\Harddisk0\DR0\Partition2 - ok
22:22:15.0481 9032 [ 4ABBCCC6E8DF29B95F8FDF81C97E57A0 ] \Device\Harddisk1\DR1\Partition1
22:22:15.0482 9032 \Device\Harddisk1\DR1\Partition1 - ok
22:22:15.0482 9032 ============================================================
22:22:15.0482 9032 Scan finished
22:22:15.0482 9032 ============================================================
22:22:15.0489 1484 Detected object count: 1
22:22:15.0489 1484 Actual detected object count: 1
22:23:19.0728 1484 rpcld ( LockedFile.Multi.Generic ) - skipped by user
22:23:19.0728 1484 rpcld ( LockedFile.Multi.Generic ) - User select action: Skip
22:23:33.0381 4252 Deinitialize success




aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-12-08 03:10:18
-----------------------------
03:10:18.543 OS Version: Windows x64 6.1.7601 Service Pack 1
03:10:18.543 Number of processors: 8 586 0x2A07
03:10:18.544 ComputerName: PETERJRAMAGLIA UserName:
03:10:20.576 Initialize success
03:10:29.493 AVAST engine defs: 12120701
03:11:17.700 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
03:11:17.703 Disk 0 Vendor: ST950042 D005 Size: 476940MB BusType: 3
03:11:17.706 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
03:11:17.709 Disk 1 Vendor: ST950042 D005 Size: 476940MB BusType: 3
03:11:17.725 Disk 0 MBR read successfully
03:11:17.727 Disk 0 MBR scan
03:11:17.733 Disk 0 Windows VISTA default MBR code
03:11:17.736 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 101 MB offset 63
03:11:17.751 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 20000 MB offset 212992
03:11:17.777 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 456835 MB offset 41172992
03:11:17.829 Disk 0 scanning C:\Windows\system32\drivers
03:11:29.863 Service scanning
03:11:59.832 Modules scanning
03:11:59.847 Disk 0 trace - called modules:
03:11:59.877 ntoskrnl.exe CLASSPNP.SYS disk.sys stdcfltn.sys ACPI.sys iaStor.sys hal.dll
03:11:59.882 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800c624790]
03:11:59.887 3 CLASSPNP.SYS[fffff8800181743f] -> nt!IofCallDriver -> [0xfffffa800c537cb0]
03:11:59.891 5 stdcfltn.sys[fffff88001b5cc52] -> nt!IofCallDriver -> [0xfffffa800ab7b640]
03:11:59.895 7 ACPI.sys[fffff88000f797a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800ab7c050]
03:12:03.988 AVAST engine scan C:\Windows
03:12:10.779 AVAST engine scan C:\Windows\system32
03:16:18.719 AVAST engine scan C:\Windows\system32\drivers
03:16:33.463 AVAST engine scan C:\Users\Peter J. Ramaglia
05:40:43.423 Disk 0 MBR has been saved successfully to "C:\Users\Peter J. Ramaglia\Desktop\MBR.dat"
05:40:43.432 The log file has been saved successfully to "C:\Users\Peter J. Ramaglia\Desktop\aswMBR.txt"




aswMBR was giving me a couple errors about corrupt files and having to run ChkDsk (spelling?)

Not too sure what that was all about to be honest.

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:19 AM

Posted 08 December 2012 - 01:53 PM

are you still being redirected?



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 PJRamaglia

PJRamaglia
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:19 AM

Posted 10 December 2012 - 01:55 AM

Sorry for the late reply. Oddly enough, I seem to not be experiencing the redirect issue when clicking on google search results from within firefox. I did a fresh reinstall for Microsoft Security Essentials as well as for Firefox and for some reason I have yet to be redirected to a malicious ad site.

Are there any tests that you can have me perform just to confirm that my computer is clean of any malware or related malicious software?

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:19 AM

Posted 10 December 2012 - 01:58 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:19 AM

Posted 13 December 2012 - 12:11 AM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:19 AM

Posted 16 December 2012 - 10:05 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:19 AM

Posted 21 December 2012 - 12:00 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users