Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Trojan horse Generic18.BZEH (Logs Attached)


  • This topic is locked This topic is locked
4 replies to this topic

#1 tferrari

tferrari

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:33 AM

Posted 12 February 2013 - 06:07 PM

AVG found the file on startup and appeared to handle the situation; however, I'd like to make sure it's removed and there are no other concerns with other viruses/malware.

 

FYI - the file that AVG found was located as c:\Windows\AutoKMS.exe

 

[DDS.TXT LOG]

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 

Internet Explorer: 8.0.7600.16385  BrowserJavaVersion: 10.10.2
Run by Tyler Baby at 15:58:18 on 2013-02-12
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.2.1033.18.16338.13398 [GMT -7:00]
.
AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\efsui.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Google\Google Pinyin 2\GooglePinyinDaemon.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files (x86)\Google\Google Pinyin 2\GooglePinyinService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Logitech Gaming Software\LCore.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Users\Tyler Baby\Downloads\uTorrent.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Vivox\C3\c3.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Windows Sidebar\sidebar.exe
C:\Users\Tyler Baby\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\splwow64.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTShellHlp.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Microsoft Office\Office15\WINWORD.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/webhp?client=aff-ime
mWinlogon: Userinit = userinit.exe
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [uTorrent] "C:\Users\Tyler Baby\Downloads\uTorrent.exe"  /MINIMIZED
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [C3] C:\Program Files (x86)\Vivox\C3\c3.exe
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe /autoRun
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mRun: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
StartupFolder: C:\Users\TYLERB~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Tyler Baby\AppData\Roaming\Dropbox\bin\Dropbox.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office15\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 64.59.135.133 64.59.128.120
TCP: Interfaces\{6C276072-7F1F-4739-98F5-308845D1B5E3} : DHCPNameServer = 64.59.135.133 64.59.128.120
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe /minimized
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Tyler Baby\AppData\Roaming\Mozilla\Firefox\Profiles\3xvltn4g.default\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Common Files\Tencent\NPQSCALL\npqscall.dll
FF - plugin: C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.1.38\Bin\npSSOAxCtrlForPTLogin.dll
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2012-12-29 17:37; bytubed@cs213.cse.iitk.ac.in; C:\Users\Tyler Baby\AppData\Roaming\Mozilla\Firefox\Profiles\3xvltn4g.default\extensions\bytubed@cs213.cse.iitk.ac.in
FF - ExtSQL: 2012-12-29 17:39; {DDC359D1-844A-42a7-9AA1-88A850A938A8}; C:\Users\Tyler Baby\AppData\Roaming\Mozilla\Firefox\Profiles\3xvltn4g.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 asahci64;asahci64;C:\Windows\System32\drivers\asahci64.sys [2012-1-6 49760]
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-10-15 63328]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-11-15 111968]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-11-24 16152]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-1-30 283200]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-15 5814904]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-11-24 13592]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-2 628448]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2012-11-24 178344]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-11-24 161560]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-2 382824]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-11-24 363800]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-11-3 130536]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-11-3 395752]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-11-24 355096]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-11-24 786200]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-23 22408]
R3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;C:\Windows\System32\drivers\LGSHidFilt.Sys [2012-10-2 66360]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-23 16008]
R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2013-2-12 1038088]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2012-10-1 178824]
S3 RTCore64;RTCore64;C:\Program Files (x86)\EVGA Precision X\RTCore64.sys [2012-10-17 15176]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-11-26 1255736]
.
=============== Created Last 30 ================
.
2013-02-12 22:37:56    --------    d-----w-    C:\Users\Tyler Baby\AppData\Local\Adobe
2013-02-12 22:37:37    --------    d-----w-    C:\Program Files\Common Files\Macrovision Shared
2013-02-12 22:37:36    --------    d-----w-    C:\Program Files (x86)\Common Files\Macrovision Shared
2013-02-03 22:07:41    --------    d-----w-    C:\Windows\System32\appmgmt
2013-02-01 03:01:20    --------    d-----w-    C:\Users\Tyler Baby\AppData\Local\stellarium
2013-02-01 03:01:19    --------    d-----w-    C:\Users\Tyler Baby\AppData\Roaming\Stellarium
2013-02-01 03:01:15    --------    d-----w-    C:\Program Files (x86)\Stellarium
2013-02-01 02:19:01    --------    d-----w-    C:\Users\Tyler Baby\AppData\Roaming\EQMOD_SIM
2013-01-31 02:45:26    --------    d-----w-    C:\Program Files (x86)\Microsoft SQL Server
2013-01-31 02:45:24    --------    d-----w-    C:\ProgramData\regid.1991-06.com.microsoft
2013-01-31 02:45:17    --------    d-----w-    C:\Windows\PCHEALTH
2013-01-31 02:45:17    --------    d-----w-    C:\Program Files\Microsoft SQL Server
2013-01-31 02:44:51    --------    d-----w-    C:\Program Files\Microsoft Analysis Services
2013-01-31 02:44:51    --------    d-----w-    C:\Program Files (x86)\Microsoft Analysis Services
2013-01-31 02:44:49    --------    d-----w-    C:\Users\Tyler Baby\AppData\Local\Microsoft Help
2013-01-31 02:43:12    283200    ----a-w-    C:\Windows\System32\drivers\dtsoftbus01.sys
2013-01-31 02:43:10    --------    d-----w-    C:\Users\Tyler Baby\AppData\Roaming\DAEMON Tools Lite
2013-01-31 02:43:09    --------    d-----w-    C:\Program Files (x86)\DAEMON Tools Lite
2013-01-30 00:32:43    --------    d-----w-    C:\Users\Tyler Baby\AppData\Roaming\EQMOD
2013-01-30 00:32:29    --------    d-----w-    C:\Program Files (x86)\EQMOD
2013-01-30 00:31:27    --------    d-----w-    C:\Program Files\Common Files\ASCOM
2013-01-30 00:31:27    --------    d-----w-    C:\Program Files (x86)\Common Files\ASCOM
2013-01-30 00:31:27    --------    d-----w-    C:\Program Files (x86)\ASCOM
2013-01-30 00:31:19    --------    dc-h--w-    C:\ProgramData\{837CB0A9-9884-466D-9635-5A01DF8FDF87}
2013-01-30 00:31:05    --------    d-----w-    C:\Users\Tyler Baby\AppData\Local\PackageAware
2013-01-30 00:30:58    --------    d-----w-    C:\Windows\SysWow64\BestPractices
2013-01-30 00:30:58    --------    d-----w-    C:\Windows\System32\BestPractices
2013-01-30 00:30:58    --------    d-----w-    C:\inetpub
2013-01-24 00:55:18    61440    ----a-r-    C:\Users\Tyler Baby\AppData\Roaming\Microsoft\Installer\{3CA54984-A14B-42FE-9FF1-7EA90151D725}\NewShortcut2_E88611396FF84AFCB2EE5C1594058E02.exe
2013-01-24 00:55:18    61440    ----a-r-    C:\Users\Tyler Baby\AppData\Roaming\Microsoft\Installer\{3CA54984-A14B-42FE-9FF1-7EA90151D725}\ARPPRODUCTICON.exe
2013-01-24 00:55:18    106496    ----a-r-    C:\Users\Tyler Baby\AppData\Roaming\Microsoft\Installer\{3CA54984-A14B-42FE-9FF1-7EA90151D725}\NewShortcut311_0951773981FA4AB2BC21B7DCEC95892A.exe
2013-01-24 00:55:18    106496    ----a-r-    C:\Users\Tyler Baby\AppData\Roaming\Microsoft\Installer\{3CA54984-A14B-42FE-9FF1-7EA90151D725}\NewShortcut31_2F252077BA3F4362913955273A708467.exe
2013-01-24 00:55:18    106496    ----a-r-    C:\Users\Tyler Baby\AppData\Roaming\Microsoft\Installer\{3CA54984-A14B-42FE-9FF1-7EA90151D725}\NewShortcut1_EDD4ABB1C1B34A9D84CE33FBFB5D3639.exe
2013-01-24 00:55:14    --------    d-----w-    C:\Program Files (x86)\Tencent
2013-01-24 00:55:14    --------    d-----w-    C:\Program Files (x86)\Common Files\Tencent
2013-01-24 00:55:06    --------    d-----w-    C:\Users\Tyler Baby\AppData\Roaming\Tencent
2013-01-24 00:55:05    18760    ----a-w-    C:\Windows\SysWow64\QQVistaHelper.dll
2013-01-23 02:32:43    --------    d-----w-    C:\Users\Tyler Baby\AppData\Roaming\NVIDIA
2013-01-23 02:32:43    --------    d-----w-    C:\Users\Tyler Baby\AppData\Local\Logitech
2013-01-23 02:32:36    18960    ----a-w-    C:\Windows\System32\drivers\LNonPnP.sys
2013-01-23 02:32:33    --------    d-----w-    C:\Program Files\Logitech Gaming Software
2013-01-23 02:32:17    --------    d-----w-    C:\Users\Tyler Baby\AppData\Roaming\Logishrd
2013-01-20 16:55:05    --------    d-----w-    C:\ProgramData\AVG January 2013 Campaign
2013-01-15 00:04:51    --------    d-----r-    C:\Users\Tyler Baby\Dropbox
2013-01-15 00:02:52    --------    d-----w-    C:\Users\Tyler Baby\AppData\Roaming\Dropbox
.
==================== Find3M  ====================
.
2012-12-30 03:40:21    95184    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-12-30 03:40:21    859072    ----a-w-    C:\Windows\SysWow64\npDeployJava1.dll
2012-12-30 03:40:21    779704    ----a-w-    C:\Windows\SysWow64\deployJava1.dll
2012-12-05 18:18:27    5191704    ----a-w-    C:\Windows\System32\GooglePinyin2.ime
2012-12-05 18:18:27    3460120    ----a-w-    C:\Windows\SysWow64\GooglePinyin2.ime
2012-11-28 03:37:40    73656    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-28 03:37:40    697272    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2012-11-26 22:50:31    833024    ----a-w-    C:\Windows\SysWow64\user32.dll
2012-11-26 22:50:31    419840    ----a-w-    C:\Windows\System32\systemcpl.dll
2012-11-26 22:50:31    14848    ----a-w-    C:\Windows\System32\slwga.dll
2012-11-26 22:50:31    13824    ----a-w-    C:\Windows\SysWow64\slwga.dll
2012-11-26 22:50:31    1008640    ----a-w-    C:\Windows\System32\user32.dll
2012-11-25 05:49:21    16896    ----a-w-    C:\Windows\AsTaskSched.dll
2012-11-16 06:33:24    111968    ----a-w-    C:\Windows\System32\drivers\avgmfx64.sys
.
============= FINISH: 15:58:24.20 ===============
 
----------------------------------------------------------------------------------------------------------------------
 
[ATTACH.TXT LOG]
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate 
Boot Device: \Device\HarddiskVolume1
Install Date: 24/11/2012 10:47:11 PM
System Uptime: 12/02/2013 3:45:37 PM (0 hours ago)
.
Motherboard: ASUSTeK COMPUTER INC. |  | SABERTOOTH Z77
Processor: Intel® Core™ i7-3770K CPU @ 3.50GHz | LGA1155 | 3080/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 223 GiB total, 131.994 GiB free.
D: is CDROM (CDFS)
E: is CDROM (UDF)
F: is FIXED (NTFS) - 931 GiB total, 926.481 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP27: 23/01/2013 8:59:17 PM - Scheduled Checkpoint
RP28: 29/01/2013 5:30:45 PM - Windows Modules Installer
RP29: 30/01/2013 7:43:12 PM - Device Driver Package Install: DT Soft Ltd System devices
RP30: 30/01/2013 7:44:32 PM - Installed Microsoft Office Professional Plus 2013
RP31: 30/01/2013 7:44:35 PM - PROPLUS
RP32: 03/02/2013 3:07:13 PM - Removed Skype Click to Call
RP33: 11/02/2013 - Scheduled Checkpoint
RP34: 12/02/2013 3:40:51 PM - Installed Microsoft Visio Premium 2010
.
==== Installed Programs ======================
.
??????? 2.7
Acoustica Mixcraft 6
Adobe AIR
Adobe Anchor Service CS4
Adobe Anchor Service x64 CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe CSI CS4
Adobe CSI CS4 x64
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Drive CS4 x64
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 11 ActiveX
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
applicationupdater
ASCOM Platform 6 - SP1
Asmedia ASM104x USB 3.0 Host Controller Driver
Asmedia ASM106x SATA Host Controller Driver
µTorrent
Audacity 2.0.2
AVG 2013
C3
Canon Easy-WebPrint EX
Canon MP Navigator EX 5.1
Canon MX510 series MP Drivers
Canon Solution Menu EX
Connect
Counter-Strike: Global Offensive
DAEMON Tools Lite
Dropbox
EQMOD EQASCOM Telescope Driver V1.24g
EVGA Precision X 3.0.4
Foxit Reader
gamelauncher-ps2-live
GIMP 2.8.2
Google Chrome
Google Update Helper
Intel® Control Center
Intel® Management Engine Components
Intel® Network Connections 16.6.126.0
Intel® Rapid Storage Technology
Intel® USB 3.0 eXtensible Host Controller Driver
Intel® Trusted Connect Service Client
Java 7 Update 10
Java Auto Updater
kuler
Logitech Gaming Software
Logitech Gaming Software 8.40
Microsoft .NET Framework 4 Client Profile
Microsoft Access MUI (English) 2013
Microsoft Access Setup Metadata MUI (English) 2013
Microsoft DCF MUI (English) 2013
Microsoft Excel MUI (English) 2013
Microsoft Groove MUI (English) 2013
Microsoft InfoPath MUI (English) 2013
Microsoft Lync MUI (English) 2013
Microsoft Office 32-bit Components 2013
Microsoft Office Office 64-bit Components 2010
Microsoft Office OSM MUI (English) 2013
Microsoft Office OSM UX MUI (English) 2013
Microsoft Office Professional Plus 2013
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Proofing (English) 2013
Microsoft Office Proofing Tools 2013 - English
Microsoft Office Proofing Tools 2013 - Español
Microsoft Office Shared 32-bit MUI (English) 2013
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared MUI (English) 2013
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2013
Microsoft Office Visio 2010
Microsoft Office Visio MUI (English) 2010
Microsoft OneNote MUI (English) 2013
Microsoft Outlook MUI (English) 2013
Microsoft PowerPoint MUI (English) 2013
Microsoft Publisher MUI (English) 2013
Microsoft Visio Premium 2010
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Word MUI (English) 2013
Mozilla Firefox 18.0.1 (x86 en-US)
Mozilla Maintenance Service
NVIDIA 3D Vision Controller Driver 305.27
NVIDIA 3D Vision Driver 306.97
NVIDIA Control Panel 306.97
NVIDIA Graphics Driver 306.97
NVIDIA HD Audio Driver 1.3.18.0
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.0613
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.10.8
NVIDIA Update Components
Outils de vérification linguistique 2013 de Microsoft Office - Français
PlanetSide 2
PokerStars
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Skype™ 6.0
Steam
Stellarium 0.12.0
Suite Shared Configuration CS4
Tencent QQ
TuneLab Pro
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Visual Studio 2010 x64 Redistributables
VLC media player 2.0.4
WinRAR 4.20 (64-bit)
.
==== Event Viewer Messages From Past Week ========
.
12/02/2013 3:45:50 PM, Error: Service Control Manager [7006]  - The ScRegSetValueExW call failed for FailureActions with the following error:  Access is denied.
12/02/2013 3:45:08 PM, Error: Service Control Manager [7043]  - The Windows Update service did not shut down properly after receiving a preshutdown control.
.
==== End Of File ===========================
------------------------------------------------------------------------------------------------------------------
 
[MBRCheck LOG]
 
MBRCheck, version 1.2.3
© 2010, AD
 
Command-line:            
Windows Version:        Windows 7 Ultimate Edition
Windows Information:         (build 7600), 64-bit
Base Board Manufacturer:    ASUSTeK COMPUTER INC.
BIOS Manufacturer:        American Megatrends Inc.
System Manufacturer:        System manufacturer
System Product Name:        System Product Name
Logical Drives Mask:        0x0000003c
 
Kernel Drivers (total 162):
  0x02E03000 \SystemRoot\system32\ntoskrnl.exe
  0x033E0000 \SystemRoot\system32\hal.dll
  0x00BCB000 \SystemRoot\system32\kdcom.dll
  0x00CFE000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
  0x00D42000 \SystemRoot\system32\PSHED.dll
  0x00D56000 \SystemRoot\system32\CLFS.SYS
  0x00C00000 \SystemRoot\system32\CI.dll
  0x00E11000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x00EB5000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x00EC4000 \SystemRoot\system32\DRIVERS\ACPI.sys
  0x00F1B000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
  0x00F24000 \SystemRoot\system32\DRIVERS\msisadrv.sys
  0x00F2E000 \SystemRoot\system32\DRIVERS\pci.sys
  0x00F61000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
  0x00F6E000 \SystemRoot\System32\drivers\partmgr.sys
  0x00F83000 \SystemRoot\system32\DRIVERS\volmgr.sys
  0x00F98000 \SystemRoot\System32\drivers\volmgrx.sys
  0x00CC0000 \SystemRoot\System32\drivers\mountmgr.sys
  0x01005000 \SystemRoot\system32\DRIVERS\iaStor.sys
  0x013A9000 \SystemRoot\system32\DRIVERS\atapi.sys
  0x013B2000 \SystemRoot\system32\DRIVERS\ataport.SYS
  0x013DC000 \SystemRoot\system32\DRIVERS\msahci.sys
  0x013E7000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
  0x00E00000 \SystemRoot\system32\DRIVERS\asahci64.sys
  0x00FF4000 \SystemRoot\system32\DRIVERS\amdxata.sys
  0x00DB4000 \SystemRoot\system32\drivers\fltmgr.sys
  0x00CDA000 \SystemRoot\system32\drivers\fileinfo.sys
  0x0143C000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x01675000 \SystemRoot\System32\Drivers\msrpc.sys
  0x016D3000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x016ED000 \SystemRoot\System32\Drivers\cng.sys
  0x01760000 \SystemRoot\System32\drivers\pcw.sys
  0x01771000 \SystemRoot\System32\Drivers\Fs_Rec.sys
  0x0182E000 \SystemRoot\system32\drivers\ndis.sys
  0x01920000 \SystemRoot\system32\drivers\NETIO.SYS
  0x01980000 \SystemRoot\System32\Drivers\ksecpkg.sys
  0x01A03000 \SystemRoot\System32\drivers\tcpip.sys
  0x019AB000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x01800000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
  0x0177B000 \SystemRoot\system32\DRIVERS\volsnap.sys
  0x01810000 \SystemRoot\System32\Drivers\spldr.sys
  0x01600000 \SystemRoot\System32\drivers\rdyboost.sys
  0x01818000 \SystemRoot\System32\Drivers\mup.sys
  0x019F5000 \SystemRoot\system32\DRIVERS\iusb3hcs.sys
  0x0163A000 \SystemRoot\System32\drivers\hwpolicy.sys
  0x01400000 \SystemRoot\System32\DRIVERS\fvevol.sys
  0x01643000 \SystemRoot\system32\DRIVERS\disk.sys
  0x017C7000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
  0x01659000 \SystemRoot\system32\DRIVERS\avgrkx64.sys
  0x01CEC000 \SystemRoot\system32\DRIVERS\avgloga.sys
  0x01D24000 \SystemRoot\system32\DRIVERS\avgmfx64.sys
  0x01D43000 \SystemRoot\system32\DRIVERS\avgidsha.sys
  0x01D92000 \SystemRoot\system32\DRIVERS\dtsoftbus01.sys
  0x01C00000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0x01C2A000 \SystemRoot\System32\Drivers\Null.SYS
  0x01C33000 \SystemRoot\System32\Drivers\Beep.SYS
  0x01C3A000 \SystemRoot\System32\drivers\vga.sys
  0x01C48000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x01C6D000 \SystemRoot\System32\drivers\watchdog.sys
  0x01C7D000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x01C86000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x01C8F000 \SystemRoot\system32\drivers\rdprefmp.sys
  0x01C98000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x01CA3000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x01CB4000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x01CD2000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x06E84000 \SystemRoot\system32\DRIVERS\avgtdia.sys
  0x06EB8000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x06EFD000 \SystemRoot\system32\drivers\afd.sys
  0x06F87000 \SystemRoot\system32\DRIVERS\wfplwf.sys
  0x06F90000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x06FB6000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x06FC5000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x06FE0000 \SystemRoot\system32\DRIVERS\termdd.sys
  0x06E00000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x06E51000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x06E5D000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0x06E68000 \SystemRoot\System32\drivers\discache.sys
  0x07019000 \SystemRoot\system32\drivers\csc.sys
  0x0709C000 \SystemRoot\System32\Drivers\dfsc.sys
  0x070BA000 \SystemRoot\system32\DRIVERS\blbdrive.sys
  0x070CB000 \SystemRoot\system32\DRIVERS\avgldx64.sys
  0x070FC000 \SystemRoot\system32\DRIVERS\avgidsdrivera.sys
  0x07130000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x10220000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
  0x0727F000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x07373000 \SystemRoot\System32\drivers\dxgmms1.sys
  0x073B9000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0x10F14000 \SystemRoot\system32\DRIVERS\iusb3xhc.sys
  0x073DD000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x073DF000 \SystemRoot\system32\DRIVERS\HECIx64.sys
  0x07200000 \SystemRoot\system32\DRIVERS\e1c62x64.sys
  0x07257000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x07156000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x07679000 \SystemRoot\system32\DRIVERS\asmtxhci.sys
  0x076DD000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
  0x076E6000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0x076FC000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
  0x0770C000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
  0x07722000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x07746000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x07752000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x07781000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x0779C000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x077BD000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x077D7000 \SystemRoot\system32\DRIVERS\rdpbus.sys
  0x077E2000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x077F1000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x07600000 \SystemRoot\system32\DRIVERS\swenum.sys
  0x07602000 \SystemRoot\system32\DRIVERS\ks.sys
  0x07645000 \SystemRoot\system32\drivers\LGBusEnum.sys
  0x07649000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x07896000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x078F0000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x07905000 \SystemRoot\system32\drivers\nvhda64v.sys
  0x07937000 \SystemRoot\system32\drivers\portcls.sys
  0x07974000 \SystemRoot\system32\drivers\drmk.sys
  0x07996000 \SystemRoot\system32\drivers\ksthunk.sys
  0x0799C000 \SystemRoot\system32\DRIVERS\iusb3hub.sys
  0x07C0A000 \SystemRoot\system32\drivers\RTKVHD64.sys
  0x0808F000 \SystemRoot\system32\DRIVERS\asmthub3.sys
  0x080B3000 \SystemRoot\system32\DRIVERS\cdfs.sys
  0x000A0000 \SystemRoot\System32\win32k.sys
  0x080D0000 \SystemRoot\System32\drivers\Dxapi.sys
  0x080DC000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
  0x080F7000 \SystemRoot\system32\DRIVERS\wdcsam64.sys
  0x080FB000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x08109000 \SystemRoot\system32\DRIVERS\usbccgp.sys
  0x08126000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0x08134000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0x0814D000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0x08156000 \SystemRoot\system32\DRIVERS\LGSHidFilt.Sys
  0x0816B000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0x08178000 \SystemRoot\system32\DRIVERS\kbdhid.sys
  0x08186000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x08194000 \SystemRoot\System32\Drivers\dump_dumpata.sys
  0x081A0000 \SystemRoot\System32\Drivers\dump_asahci64.sys
  0x081AF000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
  0x00570000 \SystemRoot\System32\TSDDD.dll
  0x00660000 \SystemRoot\System32\cdd.dll
  0x081C2000 \SystemRoot\system32\drivers\luafv.sys
  0x07800000 \SystemRoot\system32\drivers\WudfPf.sys
  0x081E5000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0x07821000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0x074DE000 \SystemRoot\system32\drivers\HTTP.sys
  0x075A6000 \SystemRoot\system32\DRIVERS\bowser.sys
  0x075C4000 \SystemRoot\System32\drivers\mpsdrv.sys
  0x07400000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0x0742C000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0x07479000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0x0749C000 \SystemRoot\System32\Drivers\adfs.SYS
  0x0A6CA000 \SystemRoot\system32\drivers\peauth.sys
  0x0A770000 \SystemRoot\System32\Drivers\secdrv.SYS
  0x0A77B000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0x0A7A8000 \SystemRoot\System32\drivers\tcpipreg.sys
  0x0A600000 \SystemRoot\System32\DRIVERS\srv2.sys
  0x0AA7A000 \SystemRoot\System32\DRIVERS\srv.sys
  0x0AB12000 \SystemRoot\system32\drivers\LGVirHid.sys
  0x0AB15000 \SystemRoot\system32\DRIVERS\udfs.sys
  0x775D0000 \Windows\System32\ntdll.dll
  0x47FB0000 \Windows\System32\smss.exe
  0xFF8F0000 \Windows\System32\apisetschema.dll
 
Processes (total 86):
       0 System Idle Process
       4 System
     396 C:\Windows\System32\smss.exe
     572 C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
     620 avgcsrva.exe
     196 csrss.exe
     976 C:\Windows\System32\wininit.exe
     984 csrss.exe
    1036 C:\Windows\System32\services.exe
    1064 C:\Windows\System32\lsass.exe
    1072 C:\Windows\System32\lsm.exe
    1140 C:\Windows\System32\winlogon.exe
    1212 C:\Windows\System32\svchost.exe
    1268 C:\Windows\System32\nvvsvc.exe
    1296 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    1340 C:\Windows\System32\svchost.exe
    1424 C:\Windows\System32\svchost.exe
    1480 C:\Windows\System32\svchost.exe
    1516 C:\Windows\System32\svchost.exe
    1624 C:\Windows\System32\audiodg.exe
    1684 C:\Windows\System32\svchost.exe
    1836 C:\Windows\System32\svchost.exe
    1976 C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    1988 C:\Windows\System32\nvvsvc.exe
    1600 C:\Windows\System32\spoolsv.exe
    2036 C:\Windows\System32\svchost.exe
    2156 C:\Windows\System32\svchost.exe
    2180 C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
    2332 C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
    2420 C:\Program Files\Intel\iCLS Client\HeciServer.exe
    2460 C:\Windows\System32\IPROSetMonitor.exe
    2496 C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
    2524 C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    2624 C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
    2640 C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
    2924 C:\Windows\System32\svchost.exe
    2972 C:\Windows\System32\svchost.exe
    3456 C:\Windows\System32\svchost.exe
    3608 WmiPrvSE.exe
    3880 C:\Windows\System32\efsui.exe
    3916 C:\Windows\System32\taskeng.exe
    3968 C:\Windows\System32\dwm.exe
    4008 C:\Windows\explorer.exe
    3536 C:\Program Files (x86)\Google\Google Pinyin 2\GooglePinyinDaemon.exe
    3704 C:\Windows\System32\taskhost.exe
    3592 C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    3516 C:\Program Files (x86)\Google\Google Pinyin 2\GooglePinyinService.exe
    3484 C:\Windows\System32\SearchIndexer.exe
    3424 C:\Windows\System32\SearchProtocolHost.exe
    4224 C:\Program Files\Logitech Gaming Software\LCore.exe
    4528 C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    4576 C:\Users\Tyler Baby\Downloads\uTorrent.exe
    4584 C:\Program Files (x86)\Steam\Steam.exe
    4592 C:\Program Files (x86)\Vivox\C3\c3.exe
    4608 C:\Program Files (x86)\Skype\Phone\Skype.exe
    4628 C:\Program Files (x86)\Windows Sidebar\sidebar.exe
    4648 C:\Users\Tyler Baby\AppData\Roaming\Dropbox\bin\Dropbox.exe
    4676 C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
    4688 C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
    4708 C:\Program Files (x86)\AVG\AVG2013\avgui.exe
    4732 C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
    4788 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    4944 C:\Windows\SysWOW64\dllhost.exe
    2836 C:\Windows\System32\svchost.exe
    4932 C:\Windows\splwow64.exe
    4292 C:\Program Files (x86)\DAEMON Tools Lite\DTShellHlp.exe
    5180 C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    6116 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    4460 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    3988 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    6052 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    1776 C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
     328 C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
    3452 C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    6152 C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
    6568 C:\Program Files\Microsoft Office\Office15\WINWORD.EXE
    6688 C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    6804 C:\Windows\System32\wuauclt.exe
    6212 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    7400 C:\Windows\System32\VSSVC.exe
    7396 C:\Windows\System32\svchost.exe
    7812 C:\Windows\System32\SearchFilterHost.exe
    7624 dllhost.exe
    7464 dllhost.exe
    7760 C:\Users\Tyler Baby\Desktop\MBRCheck.exe
    7772 C:\Windows\System32\conhost.exe
 
\\.\C: --> \\.\PhysicalDrive1 at offset 0x00000000`06500000  (NTFS)
\\.\F: --> \\.\PhysicalDrive2 at offset 0x00000000`00100000  (NTFS)
 
PhysicalDrive1 Model Number: KINGSTONSH103S3240G
PhysicalDrive2 Model Number: WDMy Passport 0740, Rev: 1003
 
      Size  Device Name          MBR Status
  --------------------------------------------
    223 GB  \\.\PhysicalDrive1   Windows 7 MBR code detected
            SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
    931 GB  \\.\PhysicalDrive2   RE: Windows XP MBR code detected
            SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
 
-------------------------------------------------------------------------------------------------------

 

Attached Files



BC AdBot (Login to Remove)

 


#2 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:33 AM

Posted 13 February 2013 - 10:20 PM

Hello and welcome.  Please follow these guidelines while we work on your PC:

  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.”  Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.

  Download TDSSKiller.zip and extract TDSSKiller.exe to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
  • If Malicious objects are found then ensure Cure is selected.  Important - If there is no option to "Cure" it is critical that you select "Skip"
  • Then click Continue > Reboot now
  • Once complete, a log will be produced in c:\. It will be named for example, TDSSKiller.2.7.1.0_19.01.2012_17.24.26_log.txt
  • Post that log, please.

  Download Combofix from the following link, and save it to your desktop.  

Link 1
Link 2

**Note:  It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • If you have trouble, stop and post back.  Do not try to repeatedly run comboFix!
  • When finished, it will produce a report for you.
.
Note: If after running ComboFix you receive a message stating, "Illegal Operation Attempted on a registry key that has been marked for deletion" rebooting your computer will resolve the problem.

Please include the following in your next post:
  • TDSSKiller log
  • ComboFix log


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#3 tferrari

tferrari
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:33 AM

Posted 14 February 2013 - 12:17 AM

Thanks SO much for helping me.

 

Here is the information you requested.

 

TDSKiller log

 

22:06:18.0085 6040  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42

22:06:18.0530 6040  ============================================================
22:06:18.0530 6040  Current date / time: 2013/02/13 22:06:18.0530
22:06:18.0530 6040  SystemInfo:
22:06:18.0530 6040  
22:06:18.0530 6040  OS Version: 6.1.7600 ServicePack: 0.0
22:06:18.0530 6040  Product type: Workstation
22:06:18.0530 6040  ComputerName: TYLERBABY-PC
22:06:18.0530 6040  UserName: Tyler Baby
22:06:18.0530 6040  Windows directory: C:\Windows
22:06:18.0530 6040  System windows directory: C:\Windows
22:06:18.0530 6040  Running under WOW64
22:06:18.0530 6040  Processor architecture: Intel x64
22:06:18.0530 6040  Number of processors: 8
22:06:18.0530 6040  Page size: 0x1000
22:06:18.0530 6040  Boot type: Normal boot
22:06:18.0530 6040  ============================================================
22:06:24.0645 6040  Drive \Device\Harddisk1\DR1 - Size: 0x37E4896000 (223.57 Gb), SectorSize: 0x200, Cylinders: 0x7201, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:06:24.0700 6040  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:06:24.0705 6040  Drive \Device\Harddisk2\DR2 - Size: 0xE8DED00000 (931.48 Gb), SectorSize: 0x200, Cylinders: 0x1DAFD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
22:06:29.0880 6040  ============================================================
22:06:29.0880 6040  \Device\Harddisk1\DR1:
22:06:29.0882 6040  MBR partitions:
22:06:29.0882 6040  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
22:06:29.0882 6040  \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1BEF1000
22:06:29.0882 6040  \Device\Harddisk0\DR0:
22:06:29.0902 6040  Invalid mbr signature
22:06:29.0902 6040  \Device\Harddisk2\DR2:
22:06:29.0902 6040  MBR partitions:
22:06:29.0902 6040  \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x746F6000
22:06:29.0902 6040  ============================================================
22:06:29.0904 6040  C: <-> \Device\Harddisk1\DR1\Partition2
22:06:29.0947 6040  F: <-> \Device\Harddisk2\DR2\Partition1
22:06:29.0947 6040  ============================================================
22:06:29.0948 6040  Initialize success
22:06:29.0948 6040  ============================================================
22:06:45.0290 8124  ============================================================
22:06:45.0290 8124  Scan started
22:06:45.0290 8124  Mode: Manual; TDLFS; 
22:06:45.0290 8124  ============================================================
22:06:45.0609 8124  ================ Scan system memory ========================
22:06:45.0609 8124  System memory - ok
22:06:45.0609 8124  ================ Scan services =============================
22:06:45.0635 8124  [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
22:06:45.0637 8124  1394ohci - ok
22:06:45.0640 8124  [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI            C:\Windows\system32\DRIVERS\ACPI.sys
22:06:45.0642 8124  ACPI - ok
22:06:45.0644 8124  [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi         C:\Windows\system32\DRIVERS\acpipmi.sys
22:06:45.0644 8124  AcpiPmi - ok
22:06:45.0647 8124  [ 2F0683FD2DF1D92E891CACA14B45A8C1 ] adfs            C:\Windows\system32\drivers\adfs.sys
22:06:45.0648 8124  adfs - ok
22:06:45.0668 8124  [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:06:45.0669 8124  AdobeFlashPlayerUpdateSvc - ok
22:06:45.0674 8124  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
22:06:45.0678 8124  adp94xx - ok
22:06:45.0682 8124  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
22:06:45.0684 8124  adpahci - ok
22:06:45.0687 8124  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
22:06:45.0688 8124  adpu320 - ok
22:06:45.0697 8124  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
22:06:45.0698 8124  AeLookupSvc - ok
22:06:45.0703 8124  [ B9384E03479D2506BC924C16A3DB87BC ] AFD             C:\Windows\system32\drivers\afd.sys
22:06:45.0706 8124  AFD - ok
22:06:45.0708 8124  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\DRIVERS\agp440.sys
22:06:45.0709 8124  agp440 - ok
22:06:45.0711 8124  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
22:06:45.0711 8124  ALG - ok
22:06:45.0713 8124  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\DRIVERS\aliide.sys
22:06:45.0713 8124  aliide - ok
22:06:45.0715 8124  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\DRIVERS\amdide.sys
22:06:45.0716 8124  amdide - ok
22:06:45.0717 8124  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
22:06:45.0718 8124  AmdK8 - ok
22:06:45.0720 8124  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
22:06:45.0721 8124  AmdPPM - ok
22:06:45.0723 8124  [ 7A4B413614C055935567CF88A9734D38 ] amdsata         C:\Windows\system32\DRIVERS\amdsata.sys
22:06:45.0724 8124  amdsata - ok
22:06:45.0727 8124  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
22:06:45.0728 8124  amdsbs - ok
22:06:45.0730 8124  [ B4AD0CACBAB298671DD6F6EF7E20679D ] amdxata         C:\Windows\system32\DRIVERS\amdxata.sys
22:06:45.0730 8124  amdxata - ok
22:06:45.0733 8124  [ 03FBB7C5EA4EF153F10282614B9771CB ] AppHostSvc      C:\Windows\system32\inetsrv\apphostsvc.dll
22:06:45.0734 8124  AppHostSvc - ok
22:06:45.0736 8124  [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID           C:\Windows\system32\drivers\appid.sys
22:06:45.0737 8124  AppID - ok
22:06:45.0739 8124  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
22:06:45.0739 8124  AppIDSvc - ok
22:06:45.0741 8124  [ D065BE66822847B7F127D1F90158376E ] Appinfo         C:\Windows\System32\appinfo.dll
22:06:45.0742 8124  Appinfo - ok
22:06:45.0745 8124  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt         C:\Windows\System32\appmgmts.dll
22:06:45.0746 8124  AppMgmt - ok
22:06:45.0748 8124  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
22:06:45.0749 8124  arc - ok
22:06:45.0750 8124  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
22:06:45.0751 8124  arcsas - ok
22:06:45.0757 8124  [ EB6DC008A1F36DFD7999EB57E97EAACE ] asahci64        C:\Windows\system32\DRIVERS\asahci64.sys
22:06:45.0757 8124  asahci64 - ok
22:06:45.0760 8124  [ 22842362DF890F5492F85AA60916A697 ] asmthub3        C:\Windows\system32\DRIVERS\asmthub3.sys
22:06:45.0761 8124  asmthub3 - ok
22:06:45.0765 8124  [ 08E2D77766CC05E75A0707207D9FC684 ] asmtxhci        C:\Windows\system32\DRIVERS\asmtxhci.sys
22:06:45.0768 8124  asmtxhci - ok
22:06:45.0772 8124  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
22:06:45.0773 8124  AsyncMac - ok
22:06:45.0775 8124  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\DRIVERS\atapi.sys
22:06:45.0775 8124  atapi - ok
22:06:45.0781 8124  [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:06:45.0785 8124  AudioEndpointBuilder - ok
22:06:45.0790 8124  [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv        C:\Windows\System32\Audiosrv.dll
22:06:45.0793 8124  AudioSrv - ok
22:06:45.0835 8124  [ 4AFC14AFA58878FAA1D249E7E90EA54B ] AVGIDSAgent     C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
22:06:45.0867 8124  AVGIDSAgent - ok
22:06:45.0870 8124  [ 388056EBD5FE6718FE669078DBE37897 ] AVGIDSDriver    C:\Windows\system32\DRIVERS\avgidsdrivera.sys
22:06:45.0872 8124  AVGIDSDriver - ok
22:06:45.0876 8124  [ 550E981747D6A6C55078C77346FFC2C6 ] AVGIDSHA        C:\Windows\system32\DRIVERS\avgidsha.sys
22:06:45.0877 8124  AVGIDSHA - ok
22:06:45.0880 8124  [ 5989592A91A17587799792A81E1541D4 ] Avgldx64        C:\Windows\system32\DRIVERS\avgldx64.sys
22:06:45.0882 8124  Avgldx64 - ok
22:06:45.0885 8124  [ 3FC43AA02545FCDDC22817829114DEC8 ] Avgloga         C:\Windows\system32\DRIVERS\avgloga.sys
22:06:45.0886 8124  Avgloga - ok
22:06:45.0889 8124  [ 841C40C193889730848849AC220D9242 ] Avgmfx64        C:\Windows\system32\DRIVERS\avgmfx64.sys
22:06:45.0889 8124  Avgmfx64 - ok
22:06:45.0891 8124  [ FE4F444DBE4BBBDFD8FECF49398DEFC7 ] Avgrkx64        C:\Windows\system32\DRIVERS\avgrkx64.sys
22:06:45.0892 8124  Avgrkx64 - ok
22:06:45.0895 8124  [ 6E634525613D48A1D1657FB21F21F3B2 ] Avgtdia         C:\Windows\system32\DRIVERS\avgtdia.sys
22:06:45.0896 8124  Avgtdia - ok
22:06:45.0899 8124  [ 6B72E1E329C4E98C6B6FDD2D265E3BA3 ] avgwd           C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
22:06:45.0900 8124  avgwd - ok
22:06:45.0902 8124  [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
22:06:45.0903 8124  AxInstSV - ok
22:06:45.0908 8124  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
22:06:45.0911 8124  b06bdrv - ok
22:06:45.0914 8124  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
22:06:45.0916 8124  b57nd60a - ok
22:06:45.0920 8124  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
22:06:45.0920 8124  BDESVC - ok
22:06:45.0922 8124  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
22:06:45.0922 8124  Beep - ok
22:06:45.0929 8124  [ 4992C609A6315671463E30F6512BC022 ] BFE             C:\Windows\System32\bfe.dll
22:06:45.0933 8124  BFE - ok
22:06:45.0940 8124  [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS            C:\Windows\System32\qmgr.dll
22:06:45.0945 8124  BITS - ok
22:06:45.0947 8124  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
22:06:45.0948 8124  blbdrive - ok
22:06:45.0950 8124  [ 91CE0D3DC57DD377E690A2D324022B08 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
22:06:45.0950 8124  bowser - ok
22:06:45.0952 8124  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:06:45.0953 8124  BrFiltLo - ok
22:06:45.0954 8124  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:06:45.0955 8124  BrFiltUp - ok
22:06:45.0958 8124  [ 94FBC06F294D58D02361918418F996E3 ] Browser         C:\Windows\System32\browser.dll
22:06:45.0959 8124  Browser - ok
22:06:45.0962 8124  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
22:06:45.0964 8124  Brserid - ok
22:06:45.0966 8124  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
22:06:45.0966 8124  BrSerWdm - ok
22:06:45.0968 8124  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
22:06:45.0969 8124  BrUsbMdm - ok
22:06:45.0970 8124  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
22:06:45.0971 8124  BrUsbSer - ok
22:06:45.0973 8124  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
22:06:45.0973 8124  BTHMODEM - ok
22:06:45.0976 8124  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
22:06:45.0977 8124  bthserv - ok
22:06:45.0979 8124  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
22:06:45.0979 8124  cdfs - ok
22:06:45.0982 8124  [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
22:06:45.0983 8124  cdrom - ok
22:06:45.0985 8124  [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc     C:\Windows\System32\certprop.dll
22:06:45.0986 8124  CertPropSvc - ok
22:06:45.0988 8124  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
22:06:45.0988 8124  circlass - ok
22:06:45.0992 8124  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
22:06:45.0995 8124  CLFS - ok
22:06:45.0999 8124  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:06:46.0000 8124  clr_optimization_v2.0.50727_32 - ok
22:06:46.0006 8124  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:06:46.0007 8124  clr_optimization_v2.0.50727_64 - ok
22:06:46.0011 8124  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:06:46.0012 8124  clr_optimization_v4.0.30319_32 - ok
22:06:46.0016 8124  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:06:46.0017 8124  clr_optimization_v4.0.30319_64 - ok
22:06:46.0019 8124  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
22:06:46.0020 8124  CmBatt - ok
22:06:46.0021 8124  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\DRIVERS\cmdide.sys
22:06:46.0022 8124  cmdide - ok
22:06:46.0027 8124  [ F95FD4CB7DA00BA2A63CE9F6B5C053E1 ] CNG             C:\Windows\system32\Drivers\cng.sys
22:06:46.0030 8124  CNG - ok
22:06:46.0031 8124  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
22:06:46.0032 8124  Compbatt - ok
22:06:46.0034 8124  [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
22:06:46.0035 8124  CompositeBus - ok
22:06:46.0036 8124  COMSysApp - ok
22:06:46.0038 8124  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
22:06:46.0039 8124  crcdisk - ok
22:06:46.0042 8124  [ 8C57411B66282C01533CB776F98AD384 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
22:06:46.0043 8124  CryptSvc - ok
22:06:46.0048 8124  [ 4A6173C2279B498CD8F57CAE504564CB ] CSC             C:\Windows\system32\drivers\csc.sys
22:06:46.0051 8124  CSC - ok
22:06:46.0057 8124  [ 873FBF927C06E5CEE04DEC617502F8FD ] CscService      C:\Windows\System32\cscsvc.dll
22:06:46.0061 8124  CscService - ok
22:06:46.0070 8124  [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch      C:\Windows\system32\rpcss.dll
22:06:46.0073 8124  DcomLaunch - ok
22:06:46.0077 8124  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
22:06:46.0079 8124  defragsvc - ok
22:06:46.0081 8124  [ 3F1DC527070ACB87E40AFE46EF6DA749 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
22:06:46.0082 8124  DfsC - ok
22:06:46.0085 8124  [ CE3B9562D997F69B330D181A8875960F ] Dhcp            C:\Windows\system32\dhcpcore.dll
22:06:46.0088 8124  Dhcp - ok
22:06:46.0089 8124  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
22:06:46.0090 8124  discache - ok
22:06:46.0092 8124  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
22:06:46.0092 8124  Disk - ok
22:06:46.0095 8124  [ 676108C4E3AA6F6B34633748BD0BEBD9 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
22:06:46.0096 8124  Dnscache - ok
22:06:46.0100 8124  [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc         C:\Windows\System32\dot3svc.dll
22:06:46.0101 8124  dot3svc - ok
22:06:46.0104 8124  [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS             C:\Windows\system32\dps.dll
22:06:46.0105 8124  DPS - ok
22:06:46.0107 8124  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
22:06:46.0108 8124  drmkaud - ok
22:06:46.0111 8124  [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01     C:\Windows\system32\DRIVERS\dtsoftbus01.sys
22:06:46.0113 8124  dtsoftbus01 - ok
22:06:46.0120 8124  [ 7CB7D2B73813CE05C7BC0F5F95D27CEC ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
22:06:46.0126 8124  DXGKrnl - ok
22:06:46.0131 8124  [ EAFCB4551836FF44EE775CEDDFA7A77E ] e1cexpress      C:\Windows\system32\DRIVERS\e1c62x64.sys
22:06:46.0133 8124  e1cexpress - ok
22:06:46.0135 8124  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
22:06:46.0136 8124  EapHost - ok
22:06:46.0160 8124  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
22:06:46.0179 8124  ebdrv - ok
22:06:46.0181 8124  [ 0793F40B9B8A1BDD266296409DBD91EA ] EFS             C:\Windows\System32\lsass.exe
22:06:46.0182 8124  EFS - ok
22:06:46.0189 8124  [ B91D81B3B54A54CCAFC03733DBC2E29E ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
22:06:46.0192 8124  ehRecvr - ok
22:06:46.0194 8124  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
22:06:46.0195 8124  ehSched - ok
22:06:46.0200 8124  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
22:06:46.0204 8124  elxstor - ok
22:06:46.0205 8124  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\DRIVERS\errdev.sys
22:06:46.0206 8124  ErrDev - ok
22:06:46.0212 8124  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
22:06:46.0214 8124  EventSystem - ok
22:06:46.0217 8124  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
22:06:46.0219 8124  exfat - ok
22:06:46.0221 8124  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
22:06:46.0223 8124  fastfat - ok
22:06:46.0229 8124  [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax             C:\Windows\system32\fxssvc.exe
22:06:46.0232 8124  Fax - ok
22:06:46.0235 8124  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
22:06:46.0235 8124  fdc - ok
22:06:46.0237 8124  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
22:06:46.0237 8124  fdPHost - ok
22:06:46.0239 8124  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
22:06:46.0240 8124  FDResPub - ok
22:06:46.0241 8124  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
22:06:46.0242 8124  FileInfo - ok
22:06:46.0244 8124  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
22:06:46.0244 8124  Filetrace - ok
22:06:46.0250 8124  [ 1F63900E2EB00101B9ACA2B7A870704E ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
22:06:46.0253 8124  FLEXnet Licensing Service - ok
22:06:46.0262 8124  [ 1C3FB052A0BB72EDAED90785C34D6EED ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
22:06:46.0268 8124  FLEXnet Licensing Service 64 - ok
22:06:46.0270 8124  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
22:06:46.0270 8124  flpydisk - ok
22:06:46.0273 8124  [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
22:06:46.0275 8124  FltMgr - ok
22:06:46.0283 8124  [ 8AC4CB4EA61E41009FAE9AE7B2B5DA3A ] FontCache       C:\Windows\system32\FntCache.dll
22:06:46.0290 8124  FontCache - ok
22:06:46.0292 8124  [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:06:46.0293 8124  FontCache3.0.0.0 - ok
22:06:46.0294 8124  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
22:06:46.0295 8124  FsDepends - ok
22:06:46.0297 8124  [ E95EF8547DE20CF0603557C0CF7A9462 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
22:06:46.0297 8124  Fs_Rec - ok
22:06:46.0300 8124  [ B8B2A6E1558F8F5DE5CE431C5B2C7B09 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
22:06:46.0301 8124  fvevol - ok
22:06:46.0303 8124  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
22:06:46.0304 8124  gagp30kx - ok
22:06:46.0310 8124  [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc           C:\Windows\System32\gpsvc.dll
22:06:46.0314 8124  gpsvc - ok
22:06:46.0317 8124  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:06:46.0318 8124  gupdate - ok
22:06:46.0319 8124  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:06:46.0320 8124  gupdatem - ok
22:06:46.0321 8124  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
22:06:46.0322 8124  hcw85cir - ok
22:06:46.0326 8124  [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:06:46.0328 8124  HdAudAddService - ok
22:06:46.0330 8124  [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
22:06:46.0331 8124  HDAudBus - ok
22:06:46.0333 8124  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
22:06:46.0333 8124  HidBatt - ok
22:06:46.0335 8124  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
22:06:46.0336 8124  HidBth - ok
22:06:46.0338 8124  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
22:06:46.0339 8124  HidIr - ok
22:06:46.0340 8124  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
22:06:46.0341 8124  hidserv - ok
22:06:46.0343 8124  [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
22:06:46.0343 8124  HidUsb - ok
22:06:46.0345 8124  [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc          C:\Windows\system32\kmsvc.dll
22:06:46.0346 8124  hkmsvc - ok
22:06:46.0349 8124  [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:06:46.0350 8124  HomeGroupListener - ok
22:06:46.0353 8124  [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:06:46.0355 8124  HomeGroupProvider - ok
22:06:46.0356 8124  [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD          C:\Windows\system32\DRIVERS\HpSAMD.sys
22:06:46.0357 8124  HpSAMD - ok
22:06:46.0363 8124  [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
22:06:46.0368 8124  HTTP - ok
22:06:46.0369 8124  [ F17766A19145F111856378DF337A5D79 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
22:06:46.0369 8124  hwpolicy - ok
22:06:46.0372 8124  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
22:06:46.0373 8124  i8042prt - ok
22:06:46.0380 8124  [ C224331A54571C8C9162F7714400BBBD ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
22:06:46.0382 8124  iaStor - ok
22:06:46.0384 8124  [ 7D4B9A48430ED57ACA6373B71D5904CA ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
22:06:46.0385 8124  IAStorDataMgrSvc - ok
22:06:46.0389 8124  [ D83EFB6FD45DF9D55E9A1AFC63640D50 ] iaStorV         C:\Windows\system32\DRIVERS\iaStorV.sys
22:06:46.0391 8124  iaStorV - ok
22:06:46.0398 8124  [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:06:46.0403 8124  idsvc - ok
22:06:46.0405 8124  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
22:06:46.0406 8124  iirsp - ok
22:06:46.0413 8124  [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT          C:\Windows\System32\ikeext.dll
22:06:46.0418 8124  IKEEXT - ok
22:06:46.0450 8124  [ E83BB47C3446F0497019DE7FD6C6A86F ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
22:06:46.0476 8124  IntcAzAudAddService - ok
22:06:46.0483 8124  [ 832CE330DD987227B7DEA8C03F22AEFA ] Intel® Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
22:06:46.0486 8124  Intel® Capability Licensing Service Interface - ok
22:06:46.0489 8124  [ D0E680E2F30FE6611895F2F34324A67C ] Intel® PROSet Monitoring Service C:\Windows\system32\IProsetMonitor.exe
22:06:46.0490 8124  Intel® PROSet Monitoring Service - ok
22:06:46.0492 8124  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\DRIVERS\intelide.sys
22:06:46.0492 8124  intelide - ok
22:06:46.0494 8124  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
22:06:46.0495 8124  intelppm - ok
22:06:46.0497 8124  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
22:06:46.0498 8124  IPBusEnum - ok
22:06:46.0502 8124  [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:06:46.0502 8124  IpFilterDriver - ok
22:06:46.0507 8124  [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
22:06:46.0511 8124  iphlpsvc - ok
22:06:46.0513 8124  [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV         C:\Windows\system32\DRIVERS\IPMIDrv.sys
22:06:46.0513 8124  IPMIDRV - ok
22:06:46.0516 8124  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
22:06:46.0517 8124  IPNAT - ok
22:06:46.0518 8124  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
22:06:46.0518 8124  IRENUM - ok
22:06:46.0520 8124  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\DRIVERS\isapnp.sys
22:06:46.0520 8124  isapnp - ok
22:06:46.0523 8124  [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
22:06:46.0525 8124  iScsiPrt - ok
22:06:46.0527 8124  [ 8E4577C6E0D3114170509159DE658907 ] iusb3hcs        C:\Windows\system32\DRIVERS\iusb3hcs.sys
22:06:46.0527 8124  iusb3hcs - ok
22:06:46.0530 8124  [ FE76346E9B57DA575BD1B3BD0CCAD7FF ] iusb3hub        C:\Windows\system32\DRIVERS\iusb3hub.sys
22:06:46.0533 8124  iusb3hub - ok
22:06:46.0539 8124  [ 1008CD90DA2198FFD250298DEB9DF160 ] iusb3xhc        C:\Windows\system32\DRIVERS\iusb3xhc.sys
22:06:46.0544 8124  iusb3xhc - ok
22:06:46.0547 8124  [ C44B44E24B929631D9D7368F5B2B40CF ] jhi_service     C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
22:06:46.0548 8124  jhi_service - ok
22:06:46.0550 8124  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
22:06:46.0551 8124  kbdclass - ok
22:06:46.0552 8124  [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
22:06:46.0553 8124  kbdhid - ok
22:06:46.0554 8124  [ 0793F40B9B8A1BDD266296409DBD91EA ] KeyIso          C:\Windows\system32\lsass.exe
22:06:46.0555 8124  KeyIso - ok
22:06:46.0557 8124  [ E8B6FCC9C83535C67F835D407620BD27 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
22:06:46.0558 8124  KSecDD - ok
22:06:46.0560 8124  [ BBE1BF6D9B661C354D4857D5FADB943B ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
22:06:46.0561 8124  KSecPkg - ok
22:06:46.0565 8124  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
22:06:46.0566 8124  ksthunk - ok
22:06:46.0569 8124  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
22:06:46.0572 8124  KtmRm - ok
22:06:46.0575 8124  [ C926920B8978DE6ACFE9E15C709E9B57 ] LanmanServer    C:\Windows\system32\srvsvc.dll
22:06:46.0577 8124  LanmanServer - ok
22:06:46.0579 8124  [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:06:46.0581 8124  LanmanWorkstation - ok
22:06:46.0583 8124  [ FA529FB35694C24BF98A9EF67C1CD9D0 ] LGBusEnum       C:\Windows\system32\drivers\LGBusEnum.sys
22:06:46.0584 8124  LGBusEnum - ok
22:06:46.0586 8124  [ F7205E939F50B1C8D16F895916BE6756 ] LGSHidFilt      C:\Windows\system32\DRIVERS\LGSHidFilt.Sys
22:06:46.0586 8124  LGSHidFilt - ok
22:06:46.0588 8124  [ 94B29CE153765E768F004FB3440BE2B0 ] LGVirHid        C:\Windows\system32\drivers\LGVirHid.sys
22:06:46.0588 8124  LGVirHid - ok
22:06:46.0590 8124  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
22:06:46.0591 8124  lltdio - ok
22:06:46.0594 8124  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
22:06:46.0597 8124  lltdsvc - ok
22:06:46.0598 8124  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
22:06:46.0599 8124  lmhosts - ok
22:06:46.0602 8124  [ 75F29D77B0540FCF47EE3BE000BBABDA ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
22:06:46.0604 8124  LMS - ok
22:06:46.0606 8124  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
22:06:46.0607 8124  LSI_FC - ok
22:06:46.0609 8124  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
22:06:46.0611 8124  LSI_SAS - ok
22:06:46.0612 8124  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:06:46.0613 8124  LSI_SAS2 - ok
22:06:46.0615 8124  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:06:46.0616 8124  LSI_SCSI - ok
22:06:46.0618 8124  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
22:06:46.0619 8124  luafv - ok
22:06:46.0621 8124  [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
22:06:46.0622 8124  Mcx2Svc - ok
22:06:46.0627 8124  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
22:06:46.0628 8124  megasas - ok
22:06:46.0631 8124  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
22:06:46.0633 8124  MegaSR - ok
22:06:46.0634 8124  [ 6B01B7414A105B9E51652089A03027CF ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
22:06:46.0635 8124  MEIx64 - ok
22:06:46.0637 8124  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
22:06:46.0638 8124  MMCSS - ok
22:06:46.0639 8124  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
22:06:46.0640 8124  Modem - ok
22:06:46.0641 8124  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
22:06:46.0642 8124  monitor - ok
22:06:46.0643 8124  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
22:06:46.0644 8124  mouclass - ok
22:06:46.0646 8124  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
22:06:46.0646 8124  mouhid - ok
22:06:46.0648 8124  [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
22:06:46.0648 8124  mountmgr - ok
22:06:46.0651 8124  [ 9C3758018DED02F4AE53CCA1C5F084A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:06:46.0651 8124  MozillaMaintenance - ok
22:06:46.0654 8124  [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio            C:\Windows\system32\DRIVERS\mpio.sys
22:06:46.0655 8124  mpio - ok
22:06:46.0657 8124  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
22:06:46.0657 8124  mpsdrv - ok
22:06:46.0664 8124  [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc          C:\Windows\system32\mpssvc.dll
22:06:46.0669 8124  MpsSvc - ok
22:06:46.0672 8124  [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
22:06:46.0673 8124  MRxDAV - ok
22:06:46.0676 8124  [ CFDCD8CA87C2A657DEBC150AC35B5E08 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
22:06:46.0677 8124  mrxsmb - ok
22:06:46.0680 8124  [ 1BEE517B220B7F024F411AEC1571DD5A ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:06:46.0681 8124  mrxsmb10 - ok
22:06:46.0683 8124  [ 6B2D5FEF385828B6E485C1C90AFB8195 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:06:46.0684 8124  mrxsmb20 - ok
22:06:46.0689 8124  [ 5C37497276E3B3A5488B23A326A754B7 ] msahci          C:\Windows\system32\DRIVERS\msahci.sys
22:06:46.0690 8124  msahci - ok
22:06:46.0692 8124  [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm           C:\Windows\system32\DRIVERS\msdsm.sys
22:06:46.0693 8124  msdsm - ok
22:06:46.0695 8124  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
22:06:46.0697 8124  MSDTC - ok
22:06:46.0700 8124  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
22:06:46.0700 8124  Msfs - ok
22:06:46.0702 8124  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
22:06:46.0702 8124  mshidkmdf - ok
22:06:46.0704 8124  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\DRIVERS\msisadrv.sys
22:06:46.0704 8124  msisadrv - ok
22:06:46.0707 8124  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
22:06:46.0708 8124  MSiSCSI - ok
22:06:46.0710 8124  msiserver - ok
22:06:46.0712 8124  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
22:06:46.0712 8124  MSKSSRV - ok
22:06:46.0714 8124  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
22:06:46.0714 8124  MSPCLOCK - ok
22:06:46.0716 8124  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
22:06:46.0716 8124  MSPQM - ok
22:06:46.0720 8124  [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
22:06:46.0722 8124  MsRPC - ok
22:06:46.0725 8124  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
22:06:46.0725 8124  mssmbios - ok
22:06:46.0726 8124  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
22:06:46.0727 8124  MSTEE - ok
22:06:46.0729 8124  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
22:06:46.0729 8124  MTConfig - ok
22:06:46.0731 8124  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
22:06:46.0731 8124  Mup - ok
22:06:46.0736 8124  [ 4987E079A4530FA737A128BE54B63B12 ] napagent        C:\Windows\system32\qagentRT.dll
22:06:46.0739 8124  napagent - ok
22:06:46.0743 8124  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
22:06:46.0745 8124  NativeWifiP - ok
22:06:46.0757 8124  [ CAD515DBD07D082BB317D9928CE8962C ] NDIS            C:\Windows\system32\drivers\ndis.sys
22:06:46.0762 8124  NDIS - ok
22:06:46.0764 8124  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
22:06:46.0765 8124  NdisCap - ok
22:06:46.0767 8124  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
22:06:46.0767 8124  NdisTapi - ok
22:06:46.0769 8124  [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
22:06:46.0770 8124  Ndisuio - ok
22:06:46.0772 8124  [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
22:06:46.0774 8124  NdisWan - ok
22:06:46.0775 8124  [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
22:06:46.0776 8124  NDProxy - ok
22:06:46.0778 8124  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
22:06:46.0778 8124  NetBIOS - ok
22:06:46.0781 8124  [ 9162B273A44AB9DCE5B44362731D062A ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
22:06:46.0783 8124  NetBT - ok
22:06:46.0785 8124  [ 0793F40B9B8A1BDD266296409DBD91EA ] Netlogon        C:\Windows\system32\lsass.exe
22:06:46.0785 8124  Netlogon - ok
22:06:46.0789 8124  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
22:06:46.0792 8124  Netman - ok
22:06:46.0794 8124  [ 3E5A36127E201DDF663176B66828FAFE ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:06:46.0795 8124  NetMsmqActivator - ok
22:06:46.0797 8124  [ 3E5A36127E201DDF663176B66828FAFE ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:06:46.0797 8124  NetPipeActivator - ok
22:06:46.0802 8124  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
22:06:46.0805 8124  netprofm - ok
22:06:46.0807 8124  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:06:46.0808 8124  NetTcpActivator - ok
22:06:46.0813 8124  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:06:46.0814 8124  NetTcpPortSharing - ok
22:06:46.0816 8124  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
22:06:46.0817 8124  nfrd960 - ok
22:06:46.0820 8124  [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc          C:\Windows\System32\nlasvc.dll
22:06:46.0823 8124  NlaSvc - ok
22:06:46.0824 8124  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
22:06:46.0825 8124  Npfs - ok
22:06:46.0827 8124  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
22:06:46.0827 8124  nsi - ok
22:06:46.0829 8124  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
22:06:46.0829 8124  nsiproxy - ok
22:06:46.0843 8124  [ 356698A13C4630D5B31C37378D469196 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
22:06:46.0849 8124  Ntfs - ok
22:06:46.0851 8124  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
22:06:46.0852 8124  Null - ok
22:06:46.0855 8124  [ 1F07B814C0BB5AABA703ABFF1F31F2E8 ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
22:06:46.0856 8124  NVHDA - ok
22:06:46.0973 8124  [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:06:47.0047 8124  nvlddmkm - ok
22:06:47.0051 8124  [ 3E38712941E9BB4DDBEE00AFFE3FED3D ] nvraid          C:\Windows\system32\DRIVERS\nvraid.sys
22:06:47.0052 8124  nvraid - ok
22:06:47.0054 8124  [ 477DC4D6DEB99BE37084C9AC6D013DA1 ] nvstor          C:\Windows\system32\DRIVERS\nvstor.sys
22:06:47.0056 8124  nvstor - ok
22:06:47.0063 8124  [ DDFAFCE89A5C93D04712B86F94E9FCBA ] nvsvc           C:\Windows\system32\nvvsvc.exe
22:06:47.0068 8124  nvsvc - ok
22:06:47.0078 8124  [ 0C87FC80AFFB58E5C609CE1014CE44CA ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
22:06:47.0084 8124  nvUpdatusService - ok
22:06:47.0087 8124  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\DRIVERS\nv_agp.sys
22:06:47.0088 8124  nv_agp - ok
22:06:47.0090 8124  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
22:06:47.0091 8124  ohci1394 - ok
22:06:47.0093 8124  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:06:47.0095 8124  ose - ok
22:06:47.0098 8124  [ B9C125314A025127FE562C116D614AA3 ] ose64           C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:06:47.0099 8124  ose64 - ok
22:06:47.0133 8124  [ FE9C0029E1AF26350D9985D00520E5C8 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:06:47.0161 8124  osppsvc - ok
22:06:47.0166 8124  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
22:06:47.0168 8124  p2pimsvc - ok
22:06:47.0173 8124  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
22:06:47.0175 8124  p2psvc - ok
22:06:47.0178 8124  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
22:06:47.0179 8124  Parport - ok
22:06:47.0180 8124  [ 7DAA117143316C4A1537E074A5A9EAF0 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
22:06:47.0181 8124  partmgr - ok
22:06:47.0183 8124  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
22:06:47.0185 8124  PcaSvc - ok
22:06:47.0189 8124  [ F36F6504009F2FB0DFD1B17A116AD74B ] pci             C:\Windows\system32\DRIVERS\pci.sys
22:06:47.0191 8124  pci - ok
22:06:47.0192 8124  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\DRIVERS\pciide.sys
22:06:47.0193 8124  pciide - ok
22:06:47.0195 8124  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
22:06:47.0197 8124  pcmcia - ok
22:06:47.0199 8124  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
22:06:47.0199 8124  pcw - ok
22:06:47.0204 8124  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
22:06:47.0208 8124  PEAUTH - ok
22:06:47.0218 8124  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
22:06:47.0226 8124  PeerDistSvc - ok
22:06:47.0242 8124  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
22:06:47.0243 8124  PerfHost - ok
22:06:47.0258 8124  [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla             C:\Windows\system32\pla.dll
22:06:47.0267 8124  pla - ok
22:06:47.0271 8124  [ 23157D583244400E1D7FBAEE2E4B31B7 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
22:06:47.0274 8124  PlugPlay - ok
22:06:47.0276 8124  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
22:06:47.0277 8124  PNRPAutoReg - ok
22:06:47.0281 8124  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
22:06:47.0282 8124  PNRPsvc - ok
22:06:47.0287 8124  [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
22:06:47.0290 8124  PolicyAgent - ok
22:06:47.0294 8124  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
22:06:47.0296 8124  Power - ok
22:06:47.0298 8124  [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
22:06:47.0299 8124  PptpMiniport - ok
22:06:47.0301 8124  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
22:06:47.0302 8124  Processor - ok
22:06:47.0305 8124  [ F381975E1F4346DE875CB07339CE8D3A ] ProfSvc         C:\Windows\system32\profsvc.dll
22:06:47.0307 8124  ProfSvc - ok
22:06:47.0312 8124  [ 0793F40B9B8A1BDD266296409DBD91EA ] ProtectedStorage C:\Windows\system32\lsass.exe
22:06:47.0313 8124  ProtectedStorage - ok
22:06:47.0315 8124  [ EE992183BD8EAEFD9973F352E587A299 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
22:06:47.0316 8124  Psched - ok
22:06:47.0328 8124  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
22:06:47.0336 8124  ql2300 - ok
22:06:47.0339 8124  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
22:06:47.0340 8124  ql40xx - ok
22:06:47.0343 8124  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
22:06:47.0345 8124  QWAVE - ok
22:06:47.0347 8124  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
22:06:47.0348 8124  QWAVEdrv - ok
22:06:47.0349 8124  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
22:06:47.0350 8124  RasAcd - ok
22:06:47.0352 8124  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
22:06:47.0353 8124  RasAgileVpn - ok
22:06:47.0355 8124  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
22:06:47.0356 8124  RasAuto - ok
22:06:47.0358 8124  [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
22:06:47.0360 8124  Rasl2tp - ok
22:06:47.0363 8124  [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan          C:\Windows\System32\rasmans.dll
22:06:47.0366 8124  RasMan - ok
22:06:47.0368 8124  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
22:06:47.0369 8124  RasPppoe - ok
22:06:47.0371 8124  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
22:06:47.0372 8124  RasSstp - ok
22:06:47.0379 8124  [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
22:06:47.0381 8124  rdbss - ok
22:06:47.0382 8124  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
22:06:47.0383 8124  rdpbus - ok
22:06:47.0385 8124  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
22:06:47.0385 8124  RDPCDD - ok
22:06:47.0388 8124  [ 9706B84DBABFC4B4CA46C5A82B14DFA3 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
22:06:47.0390 8124  RDPDR - ok
22:06:47.0391 8124  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
22:06:47.0392 8124  RDPENCDD - ok
22:06:47.0394 8124  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
22:06:47.0394 8124  RDPREFMP - ok
22:06:47.0397 8124  [ 8A3E6BEA1C53EA6177FE2B6EBA2C80D7 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
22:06:47.0398 8124  RDPWD - ok
22:06:47.0401 8124  [ 634B9A2181D98F15941236886164EC8B ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
22:06:47.0403 8124  rdyboost - ok
22:06:47.0405 8124  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
22:06:47.0406 8124  RemoteAccess - ok
22:06:47.0409 8124  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
22:06:47.0410 8124  RemoteRegistry - ok
22:06:47.0412 8124  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
22:06:47.0413 8124  RpcEptMapper - ok
22:06:47.0415 8124  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
22:06:47.0415 8124  RpcLocator - ok
22:06:47.0420 8124  [ 7266972E86890E2B30C0C322E906B027 ] RpcSs           C:\Windows\system32\rpcss.dll
22:06:47.0422 8124  RpcSs - ok
22:06:47.0424 8124  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
22:06:47.0425 8124  rspndr - ok
22:06:47.0428 8124  [ D63C9C1A427A134461258B7B8742858F ] RTCore64        C:\Program Files (x86)\EVGA Precision X\RTCore64.sys
22:06:47.0428 8124  RTCore64 - ok
22:06:47.0430 8124  [ 88AF6E02AB19DF7FD07ECDF9C91E9AF6 ] s3cap           C:\Windows\system32\DRIVERS\vms3cap.sys
22:06:47.0430 8124  s3cap - ok
22:06:47.0432 8124  [ 0793F40B9B8A1BDD266296409DBD91EA ] SamSs           C:\Windows\system32\lsass.exe
22:06:47.0432 8124  SamSs - ok
22:06:47.0438 8124  [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port        C:\Windows\system32\DRIVERS\sbp2port.sys
22:06:47.0439 8124  sbp2port - ok
22:06:47.0442 8124  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
22:06:47.0443 8124  SCardSvr - ok
22:06:47.0445 8124  [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
22:06:47.0445 8124  scfilter - ok
22:06:47.0454 8124  [ EC56B171F85C7E855E7B0588AC503EEA ] Schedule        C:\Windows\system32\schedsvc.dll
22:06:47.0461 8124  Schedule - ok
22:06:47.0463 8124  [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc     C:\Windows\System32\certprop.dll
22:06:47.0464 8124  SCPolicySvc - ok
22:06:47.0467 8124  [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
22:06:47.0468 8124  SDRSVC - ok
22:06:47.0470 8124  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
22:06:47.0470 8124  secdrv - ok
22:06:47.0472 8124  [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon        C:\Windows\system32\seclogon.dll
22:06:47.0473 8124  seclogon - ok
22:06:47.0475 8124  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
22:06:47.0477 8124  SENS - ok
22:06:47.0478 8124  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
22:06:47.0479 8124  SensrSvc - ok
22:06:47.0481 8124  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
22:06:47.0482 8124  Serenum - ok
22:06:47.0484 8124  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
22:06:47.0485 8124  Serial - ok
22:06:47.0487 8124  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
22:06:47.0487 8124  sermouse - ok
22:06:47.0491 8124  [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv      C:\Windows\system32\sessenv.dll
22:06:47.0493 8124  SessionEnv - ok
22:06:47.0494 8124  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\DRIVERS\sffdisk.sys
22:06:47.0495 8124  sffdisk - ok
22:06:47.0496 8124  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\DRIVERS\sffp_mmc.sys
22:06:47.0497 8124  sffp_mmc - ok
22:06:47.0502 8124  [ 5588B8C6193EB1522490C122EB94DFFA ] sffp_sd         C:\Windows\system32\DRIVERS\sffp_sd.sys
22:06:47.0503 8124  sffp_sd - ok
22:06:47.0505 8124  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
22:06:47.0505 8124  sfloppy - ok
22:06:47.0509 8124  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
22:06:47.0511 8124  SharedAccess - ok
22:06:47.0515 8124  [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:06:47.0518 8124  ShellHWDetection - ok
22:06:47.0520 8124  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:06:47.0521 8124  SiSRaid2 - ok
22:06:47.0523 8124  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
22:06:47.0524 8124  SiSRaid4 - ok
22:06:47.0527 8124  [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
22:06:47.0528 8124  SkypeUpdate - ok
22:06:47.0530 8124  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
22:06:47.0532 8124  Smb - ok
22:06:47.0536 8124  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
22:06:47.0536 8124  SNMPTRAP - ok
22:06:47.0538 8124  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
22:06:47.0539 8124  spldr - ok
22:06:47.0544 8124  [ 89E8550C5862999FCF482EA562B0E98E ] Spooler         C:\Windows\System32\spoolsv.exe
22:06:47.0548 8124  Spooler - ok
22:06:47.0573 8124  [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc          C:\Windows\system32\sppsvc.exe
22:06:47.0589 8124  sppsvc - ok
22:06:47.0593 8124  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
22:06:47.0594 8124  sppuinotify - ok
22:06:47.0598 8124  [ EC8F67289105BF270498095F14963464 ] srv             C:\Windows\system32\DRIVERS\srv.sys
22:06:47.0601 8124  srv - ok
22:06:47.0605 8124  [ F773D2ED090B7BAA1C1A034F3CA476C8 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
22:06:47.0608 8124  srv2 - ok
22:06:47.0610 8124  [ 26E84D3649019C3244622E654DFCD75B ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
22:06:47.0611 8124  srvnet - ok
22:06:47.0614 8124  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
22:06:47.0616 8124  SSDPSRV - ok
22:06:47.0618 8124  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
22:06:47.0619 8124  SstpSvc - ok
22:06:47.0625 8124  Steam Client Service - ok
22:06:47.0630 8124  [ F0359F7CE712D69ACEF0886BDB4792ED ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
22:06:47.0632 8124  Stereo Service - ok
22:06:47.0634 8124  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
22:06:47.0635 8124  stexstor - ok
22:06:47.0640 8124  [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc          C:\Windows\System32\wiaservc.dll
22:06:47.0644 8124  stisvc - ok
22:06:47.0646 8124  [ FFD7A6F15B14234B5B0E5D49E7961895 ] storflt         C:\Windows\system32\DRIVERS\vmstorfl.sys
22:06:47.0647 8124  storflt - ok
22:06:47.0649 8124  [ 8FCCBEFC5C440B3C23454656E551B09A ] storvsc         C:\Windows\system32\DRIVERS\storvsc.sys
22:06:47.0650 8124  storvsc - ok
22:06:47.0651 8124  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
22:06:47.0652 8124  swenum - ok
22:06:47.0657 8124  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
22:06:47.0660 8124  swprv - ok
22:06:47.0674 8124  [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain         C:\Windows\system32\sysmain.dll
22:06:47.0684 8124  SysMain - ok
22:06:47.0689 8124  [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:06:47.0690 8124  TabletInputService - ok
22:06:47.0694 8124  [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv         C:\Windows\System32\tapisrv.dll
22:06:47.0696 8124  TapiSrv - ok
22:06:47.0698 8124  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
22:06:47.0699 8124  TBS - ok
22:06:47.0714 8124  [ 912107716BAB424C7870E8E6AF5E07E1 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
22:06:47.0723 8124  Tcpip - ok
22:06:47.0737 8124  [ 912107716BAB424C7870E8E6AF5E07E1 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
22:06:47.0742 8124  TCPIP6 - ok
22:06:47.0745 8124  [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
22:06:47.0746 8124  tcpipreg - ok
22:06:47.0750 8124  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
22:06:47.0751 8124  TDPIPE - ok
22:06:47.0753 8124  [ E4245BDA3190A582D55ED09E137401A9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
22:06:47.0753 8124  TDTCP - ok
22:06:47.0755 8124  [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
22:06:47.0756 8124  tdx - ok
22:06:47.0758 8124  [ C448651339196C0E869A355171875522 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
22:06:47.0759 8124  TermDD - ok
22:06:47.0765 8124  [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService     C:\Windows\System32\termsrv.dll
22:06:47.0769 8124  TermService - ok
22:06:47.0771 8124  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
22:06:47.0772 8124  Themes - ok
22:06:47.0774 8124  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
22:06:47.0775 8124  THREADORDER - ok
22:06:47.0777 8124  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
22:06:47.0778 8124  TrkWks - ok
22:06:47.0781 8124  [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:06:47.0783 8124  TrustedInstaller - ok
22:06:47.0785 8124  [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
22:06:47.0786 8124  tssecsrv - ok
22:06:47.0788 8124  [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
22:06:47.0789 8124  tunnel - ok
22:06:47.0791 8124  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
22:06:47.0792 8124  uagp35 - ok
22:06:47.0796 8124  [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
22:06:47.0798 8124  udfs - ok
22:06:47.0801 8124  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
22:06:47.0802 8124  UI0Detect - ok
22:06:47.0804 8124  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\DRIVERS\uliagpkx.sys
22:06:47.0805 8124  uliagpkx - ok
22:06:47.0807 8124  [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
22:06:47.0807 8124  umbus - ok
22:06:47.0809 8124  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
22:06:47.0810 8124  UmPass - ok
22:06:47.0816 8124  [ AF0AC98EE5077EB844413EB54287FDE3 ] UmRdpService    C:\Windows\System32\umrdp.dll
22:06:47.0818 8124  UmRdpService - ok
22:06:47.0822 8124  [ 193AD338F2A64D17300AD640ADFA5D0A ] UNS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
22:06:47.0824 8124  UNS - ok
22:06:47.0829 8124  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
22:06:47.0831 8124  upnphost - ok
22:06:47.0834 8124  [ B26AFB54A534D634523C4FB66765B026 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
22:06:47.0834 8124  usbccgp - ok
22:06:47.0836 8124  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\DRIVERS\usbcir.sys
22:06:47.0837 8124  usbcir - ok
22:06:47.0840 8124  [ 2EA4AFF7BE7EB4632E3AA8595B0803B5 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
22:06:47.0841 8124  usbehci - ok
22:06:47.0845 8124  [ 4C9042B8DF86C1E8E6240C218B99B39B ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
22:06:47.0847 8124  usbhub - ok
22:06:47.0849 8124  [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
22:06:47.0849 8124  usbohci - ok
22:06:47.0851 8124  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
22:06:47.0852 8124  usbprint - ok
22:06:47.0854 8124  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
22:06:47.0854 8124  usbscan - ok
22:06:47.0856 8124  [ 080D3820DA6C046BE82FC8B45A893E83 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:06:47.0857 8124  USBSTOR - ok
22:06:47.0859 8124  [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
22:06:47.0860 8124  usbuhci - ok
22:06:47.0862 8124  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
22:06:47.0863 8124  UxSms - ok
22:06:47.0864 8124  [ 0793F40B9B8A1BDD266296409DBD91EA ] VaultSvc        C:\Windows\system32\lsass.exe
22:06:47.0865 8124  VaultSvc - ok
22:06:47.0867 8124  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\DRIVERS\vdrvroot.sys
22:06:47.0867 8124  vdrvroot - ok
22:06:47.0872 8124  [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds             C:\Windows\System32\vds.exe
22:06:47.0874 8124  vds - ok
22:06:47.0876 8124  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
22:06:47.0877 8124  vga - ok
22:06:47.0879 8124  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
22:06:47.0880 8124  VgaSave - ok
22:06:47.0882 8124  [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp           C:\Windows\system32\DRIVERS\vhdmp.sys
22:06:47.0884 8124  vhdmp - ok
22:06:47.0886 8124  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\DRIVERS\viaide.sys
22:06:47.0886 8124  viaide - ok
22:06:47.0889 8124  [ 1501699D7EDA984ABC4155A7DA5738D1 ] vmbus           C:\Windows\system32\DRIVERS\vmbus.sys
22:06:47.0890 8124  vmbus - ok
22:06:47.0892 8124  [ AE10C35761889E65A6F7176937C5592C ] VMBusHID        C:\Windows\system32\DRIVERS\VMBusHID.sys
22:06:47.0893 8124  VMBusHID - ok
22:06:47.0895 8124  [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr          C:\Windows\system32\DRIVERS\volmgr.sys
22:06:47.0895 8124  volmgr - ok
22:06:47.0899 8124  [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
22:06:47.0901 8124  volmgrx - ok
22:06:47.0905 8124  [ C9D0EAF58D6BA71E128E715EA43AD87D ] volsnap         C:\Windows\system32\DRIVERS\volsnap.sys
22:06:47.0907 8124  volsnap - ok
22:06:47.0909 8124  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
22:06:47.0911 8124  vsmraid - ok
22:06:47.0923 8124  [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS             C:\Windows\system32\vssvc.exe
22:06:47.0933 8124  VSS - ok
22:06:47.0937 8124  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
22:06:47.0938 8124  vwifibus - ok
22:06:47.0942 8124  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
22:06:47.0945 8124  W32Time - ok
22:06:47.0951 8124  [ 06D2B9BC146BB0F45F45FF7A296D50C4 ] W3SVC           C:\Windows\system32\inetsrv\iisw3adm.dll
22:06:47.0954 8124  W3SVC - ok
22:06:47.0956 8124  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
22:06:47.0957 8124  WacomPen - ok
22:06:47.0959 8124  [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
22:06:47.0960 8124  WANARP - ok
22:06:47.0961 8124  [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
22:06:47.0962 8124  Wanarpv6 - ok
22:06:47.0966 8124  [ 06D2B9BC146BB0F45F45FF7A296D50C4 ] WAS             C:\Windows\system32\inetsrv\iisw3adm.dll
22:06:47.0967 8124  WAS - ok
22:06:47.0978 8124  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
22:06:47.0985 8124  WatAdminSvc - ok
22:06:47.0997 8124  [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine        C:\Windows\system32\wbengine.exe
22:06:48.0006 8124  wbengine - ok
22:06:48.0009 8124  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
22:06:48.0011 8124  WbioSrvc - ok
22:06:48.0015 8124  [ 8321C2CA3B62B61B293CDA3451984468 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
22:06:48.0018 8124  wcncsvc - ok
22:06:48.0020 8124  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:06:48.0021 8124  WcsPlugInService - ok
22:06:48.0022 8124  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
22:06:48.0023 8124  Wd - ok
22:06:48.0025 8124  [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM         C:\Windows\system32\DRIVERS\wdcsam64.sys
22:06:48.0025 8124  WDC_SAM - ok
22:06:48.0031 8124  [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
22:06:48.0035 8124  Wdf01000 - ok
22:06:48.0037 8124  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
22:06:48.0038 8124  WdiServiceHost - ok
22:06:48.0040 8124  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
22:06:48.0041 8124  WdiSystemHost - ok
22:06:48.0044 8124  [ 8A438CBB8C032A0C798B0C642FFBE572 ] WebClient       C:\Windows\System32\webclnt.dll
22:06:48.0046 8124  WebClient - ok
22:06:48.0049 8124  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
22:06:48.0052 8124  Wecsvc - ok
22:06:48.0054 8124  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
22:06:48.0055 8124  wercplsupport - ok
22:06:48.0058 8124  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
22:06:48.0059 8124  WerSvc - ok
22:06:48.0063 8124  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
22:06:48.0063 8124  WfpLwf - ok
22:06:48.0065 8124  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
22:06:48.0065 8124  WIMMount - ok
22:06:48.0067 8124  WinDefend - ok
22:06:48.0068 8124  WinHttpAutoProxySvc - ok
22:06:48.0075 8124  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
22:06:48.0077 8124  Winmgmt - ok
22:06:48.0092 8124  [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM           C:\Windows\system32\WsmSvc.dll
22:06:48.0104 8124  WinRM - ok
22:06:48.0108 8124  [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
22:06:48.0109 8124  WinUsb - ok
22:06:48.0117 8124  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
22:06:48.0122 8124  Wlansvc - ok
22:06:48.0126 8124  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
22:06:48.0126 8124  WmiAcpi - ok
22:06:48.0130 8124  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
22:06:48.0131 8124  wmiApSrv - ok
22:06:48.0133 8124  WMPNetworkSvc - ok
22:06:48.0135 8124  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
22:06:48.0136 8124  WPCSvc - ok
22:06:48.0138 8124  [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
22:06:48.0139 8124  WPDBusEnum - ok
22:06:48.0141 8124  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
22:06:48.0142 8124  ws2ifsl - ok
22:06:48.0144 8124  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
22:06:48.0145 8124  wscsvc - ok
22:06:48.0147 8124  WSearch - ok
22:06:48.0165 8124  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
22:06:48.0179 8124  wuauserv - ok
22:06:48.0182 8124  [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
22:06:48.0183 8124  WudfPf - ok
22:06:48.0188 8124  [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
22:06:48.0190 8124  WUDFRd - ok
22:06:48.0192 8124  [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
22:06:48.0193 8124  wudfsvc - ok
22:06:48.0196 8124  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
22:06:48.0198 8124  WwanSvc - ok
22:06:48.0201 8124  ================ Scan global ===============================
22:06:48.0202 8124  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
22:06:48.0205 8124  [ 457B44AB6D502E55F64A867D4F35C76C ] C:\Windows\system32\winsrv.dll
22:06:48.0209 8124  [ 457B44AB6D502E55F64A867D4F35C76C ] C:\Windows\system32\winsrv.dll
22:06:48.0211 8124  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
22:06:48.0215 8124  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
22:06:48.0218 8124  [Global] - ok
22:06:48.0218 8124  ================ Scan MBR ==================================
22:06:48.0219 8124  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
22:06:48.0268 8124  \Device\Harddisk1\DR1 - ok
22:06:48.0269 8124  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
22:06:48.0323 8124  \Device\Harddisk0\DR0 - ok
22:06:48.0327 8124  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR2
22:06:48.0752 8124  \Device\Harddisk2\DR2 - ok
22:06:48.0752 8124  ================ Scan VBR ==================================
22:06:48.0756 8124  [ 38B8AA2E9BC3563C9909596573E5B3A5 ] \Device\Harddisk1\DR1\Partition1
22:06:48.0757 8124  \Device\Harddisk1\DR1\Partition1 - ok
22:06:48.0760 8124  [ 46D37DB336AB80D3AAE88F414ADBA216 ] \Device\Harddisk1\DR1\Partition2
22:06:48.0761 8124  \Device\Harddisk1\DR1\Partition2 - ok
22:06:48.0765 8124  [ E106C08C8107BE1A082A6BE8203DBEC8 ] \Device\Harddisk2\DR2\Partition1
22:06:48.0767 8124  \Device\Harddisk2\DR2\Partition1 - ok
22:06:48.0768 8124  ============================================================
22:06:48.0768 8124  Scan finished
22:06:48.0768 8124  ============================================================
22:06:48.0777 5152  Detected object count: 0
22:06:48.0777 5152  Actual detected object count: 0
22:07:27.0671 2620  Deinitialize success
 
---------------------------------------------------------------------------------------------------------------------------------------------------
 
ComboFix log
 
ComboFix 13-02-13.02 - Tyler Baby 13/02/2013  22:10:02.1.8 - x64
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.2.1033.18.16338.11468 [GMT -7:00]
Running from: c:\users\Tyler Baby\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2013-01-14 to 2013-02-14  )))))))))))))))))))))))))))))))
.
.
2013-02-12 22:38 . 2013-02-12 22:38    --------    d-----w-    c:\program files (x86)\Adobe Media Player
2013-02-12 22:38 . 2013-02-12 22:38    --------    d-----w-    c:\program files (x86)\Common Files\Adobe AIR
2013-02-12 22:37 . 2013-02-12 22:37    --------    d-----w-    c:\users\Tyler Baby\AppData\Local\Adobe
2013-02-12 22:37 . 2013-02-12 22:38    --------    d-----w-    c:\program files\Common Files\Adobe
2013-02-12 22:37 . 2013-02-12 22:37    --------    d-----w-    c:\program files\Common Files\Macrovision Shared
2013-02-12 22:37 . 2013-02-12 22:37    --------    d-----w-    c:\program files (x86)\Common Files\Macrovision Shared
2013-02-12 22:36 . 2013-02-12 22:38    --------    d-----w-    c:\program files (x86)\Common Files\Adobe
2013-02-03 22:07 . 2013-02-03 22:07    --------    d-----w-    c:\windows\system32\appmgmt
2013-02-01 03:01 . 2013-02-01 03:01    --------    d-----w-    c:\users\Tyler Baby\AppData\Local\stellarium
2013-02-01 03:01 . 2013-02-01 03:01    --------    d-----w-    c:\users\Tyler Baby\AppData\Roaming\Stellarium
2013-02-01 03:01 . 2013-02-01 03:01    --------    d-----w-    c:\program files (x86)\Stellarium
2013-01-31 02:45 . 2013-01-31 02:45    --------    d-----w-    c:\program files\Common Files\DESIGNER
2013-01-31 02:45 . 2013-01-31 02:45    --------    d-----w-    c:\program files\Microsoft.NET
2013-01-31 02:45 . 2013-01-31 02:45    --------    d-----w-    c:\program files (x86)\Microsoft SQL Server
2013-01-31 02:45 . 2013-01-31 02:45    --------    d-----w-    c:\programdata\regid.1991-06.com.microsoft
2013-01-31 02:45 . 2013-01-31 02:45    --------    d-----w-    c:\program files\Microsoft SQL Server
2013-01-31 02:45 . 2013-01-31 02:45    --------    d-----w-    c:\windows\PCHEALTH
2013-01-31 02:44 . 2013-01-31 02:44    --------    d-----w-    c:\program files\Microsoft Analysis Services
2013-01-31 02:44 . 2013-01-31 02:44    --------    d-----w-    c:\program files (x86)\Microsoft Analysis Services
2013-01-31 02:44 . 2013-01-31 02:44    --------    d-----w-    c:\users\Tyler Baby\AppData\Local\Microsoft Help
2013-01-31 02:44 . 2013-02-12 22:41    --------    d-----w-    c:\program files\Microsoft Office
2013-01-31 02:44 . 2013-02-12 22:41    --------    d-----w-    c:\programdata\Microsoft Help
2013-01-31 02:44 . 2013-01-31 02:44    --------    d-----r-    C:\MSOCache
2013-01-31 02:43 . 2013-01-31 02:43    283200    ----a-w-    c:\windows\system32\drivers\dtsoftbus01.sys
2013-01-31 02:43 . 2013-01-31 02:43    --------    d-----w-    c:\users\Tyler Baby\AppData\Roaming\DAEMON Tools Lite
2013-01-31 02:43 . 2013-01-31 02:43    --------    d-----w-    c:\program files (x86)\DAEMON Tools Lite
2013-01-30 00:32 . 2013-01-30 00:32    --------    d-----w-    c:\users\Tyler Baby\AppData\Roaming\EQMOD
2013-01-30 00:32 . 2013-01-30 00:32    --------    d-----w-    c:\program files (x86)\EQMOD
2013-01-30 00:31 . 2013-01-30 00:32    --------    d-----w-    c:\program files (x86)\Common Files\ASCOM
2013-01-30 00:31 . 2013-01-30 00:31    --------    d-----w-    c:\windows\Symbols
2013-01-30 00:31 . 2013-01-30 00:31    --------    d-----w-    c:\program files\Common Files\ASCOM
2013-01-30 00:31 . 2013-01-30 00:31    --------    d-----w-    c:\program files (x86)\ASCOM
2013-01-30 00:31 . 2013-01-30 00:31    --------    dc-h--w-    c:\programdata\{837CB0A9-9884-466D-9635-5A01DF8FDF87}
2013-01-30 00:31 . 2013-01-30 00:31    --------    d-----w-    c:\users\Tyler Baby\AppData\Local\PackageAware
2013-01-30 00:30 . 2013-01-30 00:30    --------    d-----w-    c:\windows\SysWow64\BestPractices
2013-01-30 00:30 . 2013-01-30 00:30    --------    d-----w-    c:\windows\system32\BestPractices
2013-01-30 00:30 . 2013-01-30 00:30    --------    d-----w-    C:\inetpub
2013-01-24 00:55 . 2013-01-24 00:55    61440    ----a-r-    c:\users\Tyler Baby\AppData\Roaming\Microsoft\Installer\{3CA54984-A14B-42FE-9FF1-7EA90151D725}\NewShortcut2_E88611396FF84AFCB2EE5C1594058E02.exe
2013-01-24 00:55 . 2013-01-24 00:55    61440    ----a-r-    c:\users\Tyler Baby\AppData\Roaming\Microsoft\Installer\{3CA54984-A14B-42FE-9FF1-7EA90151D725}\ARPPRODUCTICON.exe
2013-01-24 00:55 . 2013-01-24 00:55    106496    ----a-r-    c:\users\Tyler Baby\AppData\Roaming\Microsoft\Installer\{3CA54984-A14B-42FE-9FF1-7EA90151D725}\NewShortcut311_0951773981FA4AB2BC21B7DCEC95892A.exe
2013-01-24 00:55 . 2013-01-24 00:55    106496    ----a-r-    c:\users\Tyler Baby\AppData\Roaming\Microsoft\Installer\{3CA54984-A14B-42FE-9FF1-7EA90151D725}\NewShortcut31_2F252077BA3F4362913955273A708467.exe
2013-01-24 00:55 . 2013-01-24 00:55    106496    ----a-r-    c:\users\Tyler Baby\AppData\Roaming\Microsoft\Installer\{3CA54984-A14B-42FE-9FF1-7EA90151D725}\NewShortcut1_EDD4ABB1C1B34A9D84CE33FBFB5D3639.exe
2013-01-24 00:55 . 2013-01-24 00:55    --------    d-----w-    c:\program files (x86)\Common Files\Tencent
2013-01-24 00:55 . 2013-01-24 00:55    --------    d-----w-    c:\program files (x86)\Tencent
2013-01-24 00:55 . 2013-01-24 00:55    --------    d-----w-    c:\users\Tyler Baby\AppData\Roaming\Tencent
2013-01-24 00:55 . 2013-01-24 00:55    18760    ----a-w-    c:\windows\SysWow64\QQVistaHelper.dll
2013-01-23 02:32 . 2013-01-23 02:32    --------    d-----w-    c:\users\Tyler Baby\AppData\Roaming\NVIDIA
2013-01-23 02:32 . 2013-01-23 02:32    --------    d-----w-    c:\users\Tyler Baby\AppData\Roaming\Leadertech
2013-01-23 02:32 . 2013-01-23 02:32    --------    d-----w-    c:\users\Tyler Baby\AppData\Local\Logitech
2013-01-23 02:32 . 2013-02-04 03:10    18960    ----a-w-    c:\windows\system32\drivers\LNonPnP.sys
2013-01-23 02:32 . 2013-01-23 02:32    --------    d-----w-    c:\programdata\LogiShrd
2013-01-23 02:32 . 2013-01-23 02:32    --------    d-----w-    c:\program files\Logitech Gaming Software
2013-01-23 02:32 . 2013-01-23 02:32    --------    d-----w-    c:\users\Tyler Baby\AppData\Roaming\Logitech
2013-01-23 02:32 . 2013-01-23 02:32    --------    d-----w-    c:\users\Tyler Baby\AppData\Roaming\Logishrd
2013-01-20 16:55 . 2013-01-20 16:57    --------    d-----w-    c:\programdata\AVG January 2013 Campaign
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-30 03:40 . 2012-12-30 03:40    859072    ----a-w-    c:\windows\SysWow64\npDeployJava1.dll
2012-12-30 03:40 . 2012-12-30 03:40    779704    ----a-w-    c:\windows\SysWow64\deployJava1.dll
2012-12-30 03:40 . 2012-12-30 03:40    95184    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-12-05 18:18 . 2012-12-05 18:18    5191704    ----a-w-    c:\windows\system32\GooglePinyin2.ime
2012-12-05 18:18 . 2012-12-05 18:18    3460120    ----a-w-    c:\windows\SysWow64\GooglePinyin2.ime
2012-11-30 03:35 . 2012-11-30 03:35    2848312    ----a-r-    c:\users\Tyler Baby\AppData\Roaming\Microsoft\Installer\{EAB5AC2D-BDD5-4864-8380-904B3EB4B1E7}\Icon_2.exe
2012-11-30 03:35 . 2012-11-30 03:35    2848312    ----a-r-    c:\users\Tyler Baby\AppData\Roaming\Microsoft\Installer\{EAB5AC2D-BDD5-4864-8380-904B3EB4B1E7}\Icon_1.exe
2012-11-28 03:37 . 2012-11-28 03:37    73656    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-28 03:37 . 2012-11-28 03:37    697272    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-26 22:50 . 2009-07-13 23:56    419840    ----a-w-    c:\windows\system32\systemcpl.dll
2012-11-26 22:50 . 2009-07-13 23:52    14848    ----a-w-    c:\windows\system32\slwga.dll
2012-11-26 22:50 . 2009-07-13 23:38    1008640    ----a-w-    c:\windows\system32\user32.dll
2012-11-26 22:50 . 2009-07-13 23:36    13824    ----a-w-    c:\windows\SysWow64\slwga.dll
2012-11-26 22:50 . 2009-07-13 23:24    833024    ----a-w-    c:\windows\SysWow64\user32.dll
2012-11-25 05:49 . 2012-11-25 05:49    16896    ----a-w-    c:\windows\AsTaskSched.dll
2012-11-19 08:01 . 2012-11-25 06:11    9125352    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{76B77DEC-17A8-42A5-B880-0D814FBCCEEB}\mpengine.dll
2012-11-16 06:33 . 2012-11-16 06:33    111968    ----a-w-    c:\windows\system32\drivers\avgmfx64.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[-] 2012-11-26 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7600.16385] .. c:\windows\system32\user32.dll
.
[-] 2012-11-26 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7600.16385] .. c:\windows\SysWOW64\user32.dll
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2012-10-02 03:38    1720976    ----a-w-    c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2012-10-02 03:38    1720976    ----a-w-    c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2012-10-02 03:38    1720976    ----a-w-    c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    129272    ----a-w-    c:\users\Tyler Baby\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    129272    ----a-w-    c:\users\Tyler Baby\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    129272    ----a-w-    c:\users\Tyler Baby\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\users\Tyler Baby\Downloads\uTorrent.exe" [2013-01-31 969104]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-12-04 1354736]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-11-09 17877168]
"Sidebar"="c:\program files (x86)\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-04 291608]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-11-30 284440]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-12-11 3147384]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2011-08-04 1637496]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
.
c:\users\Tyler Baby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Tyler Baby\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200804]
   Ime File    REG_SZ             GOOGLEPINYIN2.IME
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-16 5814904]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2013-02-12 1038088]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2012-10-02 178824]
R3 RTCore64;RTCore64;c:\program files (x86)\EVGA Precision X\RTCore64.sys [2012-10-17 15176]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-11-26 1255736]
S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asahci64.sys [2012-01-06 49760]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-10-15 63328]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-11-16 111968]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-09-14 40800]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-01-04 16152]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-10-22 154464]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-10-02 185696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-21 200032]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2013-01-31 283200]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-30 13592]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-02-03 628448]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2011-08-16 178344]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [2012-02-08 161560]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-02-08 363800]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-11-03 130536]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-11-03 395752]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-01-04 355096]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-01-04 786200]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-24 22408]
S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys [2012-10-02 66360]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-24 16008]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 43877123
*NewlyCreated* - ADFS
*NewlyCreated* - RDPDR
*NewlyCreated* - RDPWD
*NewlyCreated* - TDTCP
*NewlyCreated* - TSSECSRV
*Deregistered* - 43877123
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs    REG_MULTI_SZ       w3svc was
apphost    REG_MULTI_SZ       apphostsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-02 07:33    1607120    ----a-w-    c:\program files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-28 03:37]
.
2013-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-25 06:28]
.
2013-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-25 06:28]
.
2013-01-23 c:\windows\Tasks\ROC_REG_JAN_DELETE.job
- c:\programdata\AVG January 2013 Campaign\ROC.exe [2013-01-20 16:07]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2012-10-02 03:37    2322576    ----a-w-    c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2012-10-02 03:37    2322576    ----a-w-    c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2012-10-02 03:37    2322576    ----a-w-    c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    162552    ----a-w-    c:\users\Tyler Baby\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    162552    ----a-w-    c:\users\Tyler Baby\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    162552    ----a-w-    c:\users\Tyler Baby\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    162552    ----a-w-    c:\users\Tyler Baby\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-02-10 6463592]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2012-11-29 7406392]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/webhp?client=aff-ime
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office15\ONBttnIE.dll/105
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 64.59.135.133 64.59.128.120
FF - ProfilePath - c:\users\Tyler Baby\AppData\Roaming\Mozilla\Firefox\Profiles\3xvltn4g.default\
FF - ExtSQL: 2012-12-29 17:37; bytubed@cs213.cse.iitk.ac.in; c:\users\Tyler Baby\AppData\Roaming\Mozilla\Firefox\Profiles\3xvltn4g.default\extensions\bytubed@cs213.cse.iitk.ac.in
FF - ExtSQL: 2012-12-29 17:39; {DDC359D1-844A-42a7-9AA1-88A850A938A8}; c:\users\Tyler Baby\AppData\Roaming\Mozilla\Firefox\Profiles\3xvltn4g.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-02-13  22:13:13
ComboFix-quarantined-files.txt  2013-02-14 05:13
.
Pre-Run: 142,598,930,432 bytes free
Post-Run: 142,783,029,248 bytes free
.
- - End Of File - - FC78334996EF9989DE692504675B9EDF
 

 

Attached Files



#4 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:33 AM

Posted 14 February 2013 - 04:09 PM

Please do this next:

  Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Uncheck any entries from C:\System Volume Information or C:\Qoobox
  • Be sure that everything else is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please post the results.

   Download AdwCleaner from  here and save it to your desktop.
  • Run AdwCleaner and select Delete
  • Once done it will ask to reboot, allow the reboot
  • On reboot a log will be produced, please attach the content of the log to your next reply

Please include the following in your next post:
  • MBAM log
  • AdwCleaner log


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#5 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:33 AM

Posted 24 February 2013 - 09:48 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users