Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible ZeroAccess rootkit infection - need help with removal


  • This topic is locked This topic is locked
18 replies to this topic

#1 chrisd1128

chrisd1128

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:25 AM

Posted 07 May 2013 - 09:17 AM

Initial problem began on my daughter's computer - started getting error message "This program is blocked by group policy" when trying to run Microsoft Security Essentials.  I followed the thread and instructions from another user attempting to use malware removal tools.  I was able to access Security Essentials via safe mode and run it, but it did not pick up an infection.  There was an old infection that I removed, but I did not jot down what it was :( So far I have run Security check, Farber (FSS), Minitoolbox, Malwarebytes: antimalware and antirootkit and finally DSS.  I have all the logs, but will start by posting the DSS.txt log here: 

DSS.txt:

DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 10.0.9200.16537  BrowserJavaVersion: 10.7.2
Run by cheis at 9:47:19 on 2013-05-07
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3838.1994 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\helppane.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\notepad.exe
C:\Windows\system32\NOTEPAD.EXE
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\System32\MsSpellCheckingFacility.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://encrypted.google.com/
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv53&r=27361209i6b6l0310z105a48l1x273
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
uURLSearchHooks: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
mWinlogon: Userinit = userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: DCA BHO: {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files (x86)\Upromise\dca-bho.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL
BHO: Updater For Simppull Toolbar: {C4B8BAB4-1667-11DF-A242-BA9455D89593} -
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\GROOVEEX.DLL
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: {E4E6BF2A-1667-11DF-A01F-1F9655D89593} - <orphaned>
BHO: Upromise TurboSaver: {EDC0F17F-F4B7-47e4-B73E-887FAEB376FA} - C:\Program Files (x86)\Upromise\upromisetoolbar.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Upromise TurboSaver: {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files (x86)\Upromise\upromisetoolbar.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB: Upromise TurboSaver: {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files (x86)\Upromise\upromisetoolbar.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Upromise Update] C:\Program Files (x86)\Upromise\dca-ua.exe
uRun: [Upromise Tray] C:\Program Files (x86)\Upromise\UpromiseTray.exe
uRun: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1
uRunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil64_11_6_602_180_ActiveX.exe -update activex
mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [VideoWebCamera] "C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe" -a
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [CLMLServer] "c:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe"
mRun: [RemoteControl8] "c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [VMM Mode Selection] C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
mRunOnce: [Z1] cmd /c "C:\Users\cheis\Documents\mbar-1.05.0.1001\mbar 5-6-13\mbar\mbar.exe" /cleanup /s
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WDDMST~1.LNK - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WDSMAR~1.LNK - C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {06E58E5E-F8CB-4049-991E-A41C03BD419E} - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files (x86)\Upromise\upromisetoolbar.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe
DPF: {3528A58B-595D-4AFD-A5F6-B914BD306DC3} - hxxp://dishconnectivity.sling.com/dpit/downloads/pc/SlingHealth.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.254.254
TCP: Interfaces\{41F5AF2D-97BB-4EE1-8B0E-B3DC63AF6ED8} : DHCPNameServer = 192.168.6.1 64.134.255.2 64.134.255.10
TCP: Interfaces\{4E7849EF-079A-40C3-A0E5-8B6B88D59426} : DHCPNameServer = 192.168.254.254
TCP: Interfaces\{4E7849EF-079A-40C3-A0E5-8B6B88D59426}\347484F5055726C69636 : DHCPNameServer = 192.168.254.254 192.168.254.254
TCP: Interfaces\{4E7849EF-079A-40C3-A0E5-8B6B88D59426}\D496649643632303C45402A45647071636B6024364443302355636572756 : DHCPNameServer = 192.168.1.1
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [Acer ePower Management] C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
x64-Run: [fssui] "C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe" -autorun
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2009-6-20 317480]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2009-11-8 34872]
S0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-11-8 203264]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 ePowerSvc;Acer ePower Service;C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe [2009-11-8 844320]
S2 FlipShareServer;FlipShare Server;C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [2011-5-6 1085440]
S2 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-10-24 48488]
S2 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S2 Greg_Service;GRegService;C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe [2009-6-4 1150496]
S2 HsfXAudioService;HsfXAudioService;C:\Windows\System32\svchost.exe -k HsfXAudioService [2009-7-13 27136]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-5-2 418376]
S2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 130008]
S2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-8-20 62720]
S2 OfficeSvc;Microsoft Office Service;C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-3-25 1871032]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S2 Updater Service;Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2009-8-15 240160]
S2 WDDMService;WD SmartWare Drive Manager Service;C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-10-14 116224]
S2 WDSmartWareBackgroundService;WD SmartWare Background Service;C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
S3 CAXHWAZL;CAXHWAZL;C:\Windows\System32\drivers\CAXHWAZL.sys [2009-11-8 292864]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;C:\Windows\System32\drivers\netr28x.sys [2009-6-10 620544]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
S3 nosGetPlusHelper;getPlus® Helper 3004;C:\Windows\System32\svchost.exe -k nosGetPlusHelper [2009-7-13 27136]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2009-11-8 225280]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-1 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-2-18 51712]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-4-7 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2009-2-13 14464]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-05-06 18:00:46 76232 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D6FB8531-7DD0-4D3F-8DAD-DB52A94427B9}\offreg.dll
2013-05-06 17:59:06 9317456 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D6FB8531-7DD0-4D3F-8DAD-DB52A94427B9}\mpengine.dll
2013-05-06 17:38:22 -------- d-----w- C:\Users\cheis\AppData\Local\{84489E9F-0C7F-4B9C-93EE-47E82885722A}
2013-05-05 20:45:27 -------- d-----w- C:\Windows\pss
2013-05-03 20:00:05 9317456 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-05-03 10:08:02 -------- d-----w- C:\Users\cheis\AppData\Local\{DDE09603-10B1-43B6-B2BE-C90908B70955}
2013-05-02 14:34:00 -------- d-----w- C:\Users\cheis\AppData\Roaming\Malwarebytes
2013-05-02 14:33:27 -------- d-----w- C:\ProgramData\Malwarebytes
2013-05-02 14:33:24 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-05-02 14:33:24 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-05-02 14:32:36 -------- d-----w- C:\Users\cheis\AppData\Local\Programs
2013-05-02 14:18:07 12872 ----a-w- C:\Windows\System32\bootdelete.exe
2013-05-02 13:58:28 -------- d-----w- C:\ProgramData\HitmanPro
2013-05-02 00:31:08 -------- d-----w- C:\Users\cheis\AppData\Local\{F6098A58-B6B1-4B3D-BBE4-B3DC892341F2}
2013-05-01 12:29:48 -------- d-----w- C:\Users\cheis\AppData\Local\{B2B750C6-C42A-47DF-BA87-00F8873B4031}
2013-04-29 23:49:17 -------- d-----w- C:\Users\cheis\AppData\Local\{103A560C-D6A0-4F4F-978F-225704CB7FEB}
2013-04-28 14:41:01 905296 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{776004B9-9C75-4BB0-99A4-00E3CD99AD50}\gapaengine.dll
2013-04-28 14:30:25 -------- d-----w- C:\Users\cheis\AppData\Local\{A80B182C-3245-4104-83AE-E6634751BE40}
2013-04-28 01:03:12 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-04-19 16:17:58 -------- d-----w- C:\Users\cheis\AppData\Local\{C764A9D0-8CA2-4357-B863-B6A4047CB049}
2013-04-15 10:54:38 -------- d-----w- C:\Users\cheis\AppData\Local\{ACCE4C83-7462-41D6-A367-7B303C2CDA73}
.
==================== Find3M  ====================
.
2013-05-02 06:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe
2013-03-12 18:17:12 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-03-12 18:17:11 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-01 03:36:04 3153408 ----a-w- C:\Windows\System32\win32k.sys
2013-02-22 02:50:16 829264 ----a-w- C:\Windows\System32\msvcr100.dll
2013-02-22 02:50:16 608080 ----a-w- C:\Windows\System32\msvcp100.dll
2013-02-21 22:28:54 773968 ----a-w- C:\Windows\SysWow64\msvcr100.dll
2013-02-21 22:28:54 421200 ----a-w- C:\Windows\SysWow64\msvcp100.dll
2013-02-15 06:08:40 44032 ----a-w- C:\Windows\System32\tsgqec.dll
2013-02-15 06:06:11 3717632 ----a-w- C:\Windows\System32\mstscax.dll
2013-02-15 06:02:26 158720 ----a-w- C:\Windows\System32\aaclient.dll
2013-02-15 04:37:10 3217408 ----a-w- C:\Windows\SysWow64\mstscax.dll
2013-02-15 04:34:10 131584 ----a-w- C:\Windows\SysWow64\aaclient.dll
2013-02-15 03:25:51 36864 ----a-w- C:\Windows\SysWow64\tsgqec.dll
2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-02-12 04:12:05 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys
.
============= FINISH:  9:48:37.16 ===============

 

I also have Dss - Attach.txt log if needed.

 

Any assistance is greatly appreciated!!!
 

 



BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:25 AM

Posted 07 May 2013 - 09:54 AM

Hi chrisd1128,

 

Welcome to the forum.

 

Let's check for ZeroAccess or any other rootkit/bootkit infection.

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 



#3 chrisd1128

chrisd1128
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:25 AM

Posted 07 May 2013 - 11:22 AM

Attached File  Addition.txt   24.11KB   6 downloadsThanks so much for your help and the speedy reply. Here is the FRST log and I attached addition.log:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-05-2013
Ran by cheis (administrator) on 07-05-2013 12:12:42
Running from C:\Users\cheis\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Safe Mode (with Networking)
==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\helppane.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Microsoft Corporation) C:\Windows\SysWOW64\NOTEPAD.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\NOTEPAD.EXE
(Farbar) C:\Users\cheis\Downloads\FRST64.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [503864 2009-07-20] (Conexant Systems, Inc.)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1808168 2009-06-19] (Synaptics Incorporated)
HKLM\...\Run: [Acer ePower Management] C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe [828960 2009-08-06] (Acer Incorporated)
HKLM\...\Run: [fssui] "C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe" -autorun [884584 2010-09-23] (Microsoft Corporation)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1281512 2013-01-27] (Microsoft Corporation)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
HKLM-x32\...\RunOnce: [Z1] cmd /c "C:\Users\cheis\Documents\mbar-1.05.0.1001\mbar 5-6-13\mbar\mbar.exe" /cleanup /s [1398856 2013-05-06] (Malwarebytes Corporation)
HKCU\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-08-15] (Google Inc.)
HKCU\...\Run: [Upromise Update] C:\Program Files (x86)\Upromise\dca-ua.exe [175800 2010-12-02] (Compete, Inc.)
HKCU\...\Run: [Upromise Tray] C:\Program Files (x86)\Upromise\UpromiseTray.exe [241360 2010-12-14] (Upromise, Inc.)
HKCU\...\Run: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1 [x]
HKCU\...\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil64_11_6_602_180_ActiveX.exe -update activex [429784 2013-03-12] (Adobe Systems Incorporated)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
HKLM-x32\...\RunOnce: [Z1] cmd /c "C:\Users\cheis\Documents\mbar-1.05.0.1001\mbar 5-6-13\mbar\mbar.exe" /cleanup /s [1398856 2013-05-06] (Malwarebytes Corporation)
MountPoints2: {9e0a4726-f3ca-11de-bf73-00262d6327a0} - "E:\WD SmartWare.exe" autoplay=true
MountPoints2: {d9aaff76-d82d-11e0-a24a-00262d6327a0} - E:\TL-Bootstrap.exe
MountPoints2: {e1e50f6b-5dcf-11e1-9e4d-00262d6327a0} - E:\LaunchU3.exe -a
MountPoints2: {e8130558-a874-11df-9bb1-00262d6327a0} - F:\LaunchU3.exe -a
HKLM-x32\...\Run: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k [244480 2009-08-20] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2009-07-02] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [VideoWebCamera] "C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe" -a [1511544 2009-08-31] (Suyin)
HKLM-x32\...\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe [1194504 2009-08-27] (Dritek System Inc.)
HKLM-x32\...\Run: [CLMLServer] "c:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe" [103720 2009-06-04] (CyberLink)
HKLM-x32\...\Run: [RemoteControl8] "c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [91432 2009-04-16] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [47904 2010-12-14] (Apple Inc.)
HKLM-x32\...\Run: [VMM Mode Selection] C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe [43520 2011-02-14] ()
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [41208 2012-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" [1561768 2012-05-04] (Ask)
HKU\Admin\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-08-15] (Google Inc.)
HKU\Admin\...\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe -update activex [706776 2013-03-12] (Adobe Systems Incorporated)
HKU\Alexandra\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-08-15] (Google Inc.)
HKU\Default\...\RunOnce: [ScrSav] C:\Program Files (x86)\Gateway\Screensaver\run_Gateway.exe /default [162336 2009-07-21] ()
HKU\Default User\...\RunOnce: [ScrSav] C:\Program Files (x86)\Gateway\Screensaver\run_Gateway.exe /default [162336 2009-07-21] ()
Startup: C:\ProgramData\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\WDDMStatus.lnk
ShortcutTarget: WDDMStatus.lnk -> C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
Startup: C:\ProgramData\Start Menu\Programs\Startup\WDSmartWare.lnk
ShortcutTarget: WDSmartWare.lnk -> C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://encrypted.google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv53&r=27361209i6b6l0310z105a48l1x273
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
URLSearchHook: (No Name) - {00000000-6E41-4FD3-8538-502F5495E5FC} - No File
URLSearchHook: (No Name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
SearchScopes: HKCU - {49960EE1-E627-47D8-9F9B-CC75D78CB635} URL = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20110313,16491,0,8,0
SearchScopes: HKCU - {93DC3DBC-5538-46C8-8BFB-0F4BD746EDC0} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=2AA019D4-026F-48C3-B4A9-08EECDB1CBC6&apn_sauid=6B2593BC-9A00-4833-9178-23F91A28F228
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: DCA BHO - {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files (x86)\Upromise\dca-bho.dll (Compete, Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Updater For Simppull Toolbar - {C4B8BAB4-1667-11DF-A242-BA9455D89593} - C:\Program Files (x86)\simppulltoolbar\auxi\simppulltoolbAu.dll No File
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: No Name - {E4E6BF2A-1667-11DF-A01F-1F9655D89593} - No File
BHO-x32: Upromise TurboSaver - {EDC0F17F-F4B7-47e4-B73E-887FAEB376FA} - C:\Program Files (x86)\Upromise\upromisetoolbar.dll (Upromise, Inc.)
BHO-x32: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
Toolbar: HKLM-x32 - Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files (x86)\Upromise\upromisetoolbar.dll (Upromise, Inc.)
Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Toolbar: HKCU - No Name - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - No File
PDF: HKLM-x32 {3528A58B-595D-4AFD-A5F6-B914BD306DC3} http://dishconnectivity.sling.com/dpit/downloads/pc/SlingHealth.cab
PDF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Handler-x32: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [65024] (Microsoft Corporation)
Winsock: Catalog5-x64 07 C:\Program Files\Bonjour\mdnsNSP.dll [193824] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.254.254

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:25 AM

Posted 07 May 2013 - 12:50 PM

You are welcome. But the FRST.txt log is not complete.  Please post the whole log.



#5 chrisd1128

chrisd1128
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:25 AM

Posted 07 May 2013 - 04:18 PM

So sorry about that!  Here is the entire log.  Thanks again!:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-05-2013
Ran by cheis (administrator) on 07-05-2013 12:12:42
Running from C:\Users\cheis\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Safe Mode (with Networking)
==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\helppane.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Microsoft Corporation) C:\Windows\SysWOW64\NOTEPAD.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\NOTEPAD.EXE
(Farbar) C:\Users\cheis\Downloads\FRST64.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [503864 2009-07-20] (Conexant Systems, Inc.)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1808168 2009-06-19] (Synaptics Incorporated)
HKLM\...\Run: [Acer ePower Management] C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe [828960 2009-08-06] (Acer Incorporated)
HKLM\...\Run: [fssui] "C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe" -autorun [884584 2010-09-23] (Microsoft Corporation)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1281512 2013-01-27] (Microsoft Corporation)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
HKLM-x32\...\RunOnce: [Z1] cmd /c "C:\Users\cheis\Documents\mbar-1.05.0.1001\mbar 5-6-13\mbar\mbar.exe" /cleanup /s [1398856 2013-05-06] (Malwarebytes Corporation)
HKCU\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-08-15] (Google Inc.)
HKCU\...\Run: [Upromise Update] C:\Program Files (x86)\Upromise\dca-ua.exe [175800 2010-12-02] (Compete, Inc.)
HKCU\...\Run: [Upromise Tray] C:\Program Files (x86)\Upromise\UpromiseTray.exe [241360 2010-12-14] (Upromise, Inc.)
HKCU\...\Run: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1 [x]
HKCU\...\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil64_11_6_602_180_ActiveX.exe -update activex [429784 2013-03-12] (Adobe Systems Incorporated)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
HKLM-x32\...\RunOnce: [Z1] cmd /c "C:\Users\cheis\Documents\mbar-1.05.0.1001\mbar 5-6-13\mbar\mbar.exe" /cleanup /s [1398856 2013-05-06] (Malwarebytes Corporation)
MountPoints2: {9e0a4726-f3ca-11de-bf73-00262d6327a0} - "E:\WD SmartWare.exe" autoplay=true
MountPoints2: {d9aaff76-d82d-11e0-a24a-00262d6327a0} - E:\TL-Bootstrap.exe
MountPoints2: {e1e50f6b-5dcf-11e1-9e4d-00262d6327a0} - E:\LaunchU3.exe -a
MountPoints2: {e8130558-a874-11df-9bb1-00262d6327a0} - F:\LaunchU3.exe -a
HKLM-x32\...\Run: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k [244480 2009-08-20] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2009-07-02] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [VideoWebCamera] "C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe" -a [1511544 2009-08-31] (Suyin)
HKLM-x32\...\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe [1194504 2009-08-27] (Dritek System Inc.)
HKLM-x32\...\Run: [CLMLServer] "c:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe" [103720 2009-06-04] (CyberLink)
HKLM-x32\...\Run: [RemoteControl8] "c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [91432 2009-04-16] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [47904 2010-12-14] (Apple Inc.)
HKLM-x32\...\Run: [VMM Mode Selection] C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe [43520 2011-02-14] ()
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [41208 2012-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: []  [x]
HKLM-x32\...\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" [1561768 2012-05-04] (Ask)
HKU\Admin\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-08-15] (Google Inc.)
HKU\Admin\...\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe -update activex [706776 2013-03-12] (Adobe Systems Incorporated)
HKU\Alexandra\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-08-15] (Google Inc.)
HKU\Default\...\RunOnce: [ScrSav] C:\Program Files (x86)\Gateway\Screensaver\run_Gateway.exe /default [162336 2009-07-21] ()
HKU\Default User\...\RunOnce: [ScrSav] C:\Program Files (x86)\Gateway\Screensaver\run_Gateway.exe /default [162336 2009-07-21] ()
Startup: C:\ProgramData\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\WDDMStatus.lnk
ShortcutTarget: WDDMStatus.lnk -> C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
Startup: C:\ProgramData\Start Menu\Programs\Startup\WDSmartWare.lnk
ShortcutTarget: WDSmartWare.lnk -> C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://encrypted.google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv53&r=27361209i6b6l0310z105a48l1x273
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
URLSearchHook: (No Name) - {00000000-6E41-4FD3-8538-502F5495E5FC} -  No File
URLSearchHook: (No Name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -  No File
SearchScopes: HKCU - {49960EE1-E627-47D8-9F9B-CC75D78CB635} URL = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20110313,16491,0,8,0
SearchScopes: HKCU - {93DC3DBC-5538-46C8-8BFB-0F4BD746EDC0} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=2AA019D4-026F-48C3-B4A9-08EECDB1CBC6&apn_sauid=6B2593BC-9A00-4833-9178-23F91A28F228
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: DCA BHO - {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files (x86)\Upromise\dca-bho.dll (Compete, Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Updater For Simppull Toolbar - {C4B8BAB4-1667-11DF-A242-BA9455D89593} - C:\Program Files (x86)\simppulltoolbar\auxi\simppulltoolbAu.dll No File
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: No Name - {E4E6BF2A-1667-11DF-A01F-1F9655D89593} -  No File
BHO-x32: Upromise TurboSaver - {EDC0F17F-F4B7-47e4-B73E-887FAEB376FA} - C:\Program Files (x86)\Upromise\upromisetoolbar.dll (Upromise, Inc.)
BHO-x32: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
Toolbar: HKLM-x32 - Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files (x86)\Upromise\upromisetoolbar.dll (Upromise, Inc.)
Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKCU - No Name - {06E58E5E-F8CB-4049-991E-A41C03BD419E} -  No File
PDF: HKLM-x32 {3528A58B-595D-4AFD-A5F6-B914BD306DC3} http://dishconnectivity.sling.com/dpit/downloads/pc/SlingHealth.cab
PDF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Handler-x32: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [65024] (Microsoft Corporation)
Winsock: Catalog5-x64 07 C:\Program Files\Bonjour\mdnsNSP.dll [193824] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.254.254

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR Extension: (Oovoo Toolbar) - C:\Users\cheis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaanijiojpcccpkjdjjmjghddcgcbfj\7.14.1.0_0

==================== Services (Whitelisted) =================

S2 FlipShare Service; C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe [460144 2011-05-06] ()
S2 FlipShareServer; C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [1085440 2011-05-06] ()
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 McciCMService; C:\Program Files (x86)\Common Files\Motive\McciCMService.exe [303104 2007-11-16] (Motive Communications, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)
S2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1871032 2013-03-15] (Microsoft Corporation)
S3 nosGetPlusHelper; C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll [x]

==================== Drivers (Whitelisted) ====================

S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
S3 MREMP50; C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [19712 2007-11-16] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [18304 2007-11-16] (Printing Communications Assoc., Inc. (PCAUSA))
S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
R3 DKbFltr; SysWOW64\Drivers\DKbFltr.sys [x]
S3 MREMP50a64; \??\C:\PROGRA~2\COMMON~1\Motive\MREMP50a64.SYS [x]
S3 MRESP50a64; \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50a64.SYS [x]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [x]
S3 USBCCID; system32\DRIVERS\usbccid.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-05-07 12:12 - 2013-05-07 12:12 - 01874784 ____A (Farbar) C:\Users\cheis\Downloads\FRST64.exe
2013-05-07 12:09 - 2013-05-07 12:09 - 00000000 ____D C:\FRST
2013-05-07 09:48 - 2013-05-07 09:48 - 00023613 ____A C:\Users\cheis\Desktop\attach.txt
2013-05-07 09:48 - 2013-05-07 09:48 - 00022253 ____A C:\Users\cheis\Desktop\dds.txt
2013-05-07 09:46 - 2013-05-07 09:46 - 00688992 ____R (Swearware) C:\Users\cheis\Downloads\dds.com
2013-05-06 18:43 - 2013-05-06 20:54 - 00000000 ____D C:\Users\cheis\Documents\mbar-1.05.0.1001
2013-05-06 18:17 - 2013-05-06 18:17 - 00033665 ____A C:\Users\cheis\Desktop\Result.txt
2013-05-06 18:12 - 2013-05-06 18:12 - 00003601 ____A C:\Users\cheis\Desktop\FSS.txt
2013-05-06 13:38 - 2013-05-06 13:38 - 00000000 ____D C:\Users\cheis\AppData\Local\{84489E9F-0C7F-4B9C-93EE-47E82885722A}
2013-05-05 16:45 - 2013-05-06 13:28 - 00000000 ____D C:\Windows\pss
2013-05-03 06:08 - 2013-05-05 16:32 - 00000000 ____D C:\Users\cheis\AppData\Local\{DDE09603-10B1-43B6-B2BE-C90908B70955}
2013-05-02 10:34 - 2013-05-02 10:34 - 00000000 ____D C:\Users\cheis\AppData\Roaming\Malwarebytes
2013-05-02 10:33 - 2013-05-06 18:24 - 00001080 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-05-02 10:33 - 2013-05-06 18:24 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-05-02 10:33 - 2013-05-02 10:33 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-05-02 10:33 - 2013-04-04 14:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-05-02 10:19 - 2013-05-02 10:19 - 00027420 ____A C:\Users\cheis\Desktop\HitmanPro_20130502_1019.log
2013-05-02 10:18 - 2013-05-02 10:18 - 00012872 ____A (SurfRight B.V.) C:\Windows\System32\bootdelete.exe
2013-05-02 09:58 - 2013-05-02 10:19 - 00000000 ____D C:\ProgramData\HitmanPro
2013-05-01 20:31 - 2013-05-02 08:31 - 00000000 ____D C:\Users\cheis\AppData\Local\{F6098A58-B6B1-4B3D-BBE4-B3DC892341F2}
2013-05-01 15:54 - 2013-04-01 19:48 - 70490256 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MRT.exe
2013-05-01 10:33 - 2013-05-01 10:33 - 00006130 ____A C:\Users\Admin\Documents\win 7 registry bkup current config.reg
2013-05-01 10:32 - 2013-05-01 10:32 - 07859310 ____A C:\Users\Admin\Documents\win 7 registry bkup users.reg
2013-05-01 10:31 - 2013-05-01 10:31 - 244737382 ____A C:\Users\Admin\Documents\win 7 registry bkup local.reg
2013-05-01 10:31 - 2013-05-01 10:31 - 03765882 ____A C:\Users\Admin\Documents\win 7 registry bkup user.reg
2013-05-01 10:30 - 2013-05-01 10:30 - 45880342 ____A C:\Users\Admin\Documents\win 7 registry bkup.reg
2013-05-01 08:29 - 2013-05-01 08:30 - 00000000 ____D C:\Users\cheis\AppData\Local\{B2B750C6-C42A-47DF-BA87-00F8873B4031}
2013-04-30 20:56 - 2013-04-30 20:56 - 00120184 ____A C:\Windows\System32\GDIPFONTCACHEV1.DAT
2013-04-30 20:54 - 2013-04-30 20:54 - 00002226 ____A C:\Users\Admin\Desktop\Google Chrome.lnk
2013-04-30 20:26 - 2013-04-30 20:26 - 19230208 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 14323200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 13761024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-04-30 20:26 - 2013-04-30 20:26 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-04-30 20:26 - 2013-04-30 20:26 - 02647040 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 02240512 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 02046464 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 01766912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-04-30 20:26 - 2013-04-30 20:26 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-04-30 20:26 - 2013-04-30 20:26 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-04-30 20:26 - 2013-04-30 20:26 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-04-30 20:26 - 2013-04-30 20:26 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 01129984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-04-30 20:26 - 2013-04-30 20:26 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-04-30 20:26 - 2013-04-30 20:26 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-04-30 20:26 - 2013-04-30 20:26 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-04-30 20:26 - 2013-04-30 20:26 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-04-30 20:26 - 2013-04-30 20:26 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-04-30 20:26 - 2013-04-30 20:26 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-04-30 20:26 - 2013-04-30 20:26 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-04-30 20:26 - 2013-04-30 20:26 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-04-30 20:26 - 2013-04-30 20:26 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-04-30 20:26 - 2013-04-30 20:26 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-04-30 20:26 - 2013-04-30 20:26 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-04-30 20:26 - 2013-04-30 20:26 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-04-30 20:26 - 2013-04-30 20:26 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-04-30 20:26 - 2013-04-30 20:26 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-04-30 20:26 - 2013-04-30 20:26 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-04-30 20:26 - 2013-04-30 20:26 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-04-30 20:26 - 2013-04-30 20:26 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-04-30 20:26 - 2013-04-30 20:26 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-04-30 20:26 - 2013-04-30 20:26 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-04-30 20:22 - 2013-04-30 20:30 - 00007815 ____A C:\Windows\IE10_main.log
2013-04-29 19:49 - 2013-04-30 20:22 - 00000000 ____D C:\Users\cheis\AppData\Local\{103A560C-D6A0-4F4F-978F-225704CB7FEB}
2013-04-28 10:30 - 2013-04-28 10:30 - 00000000 ____D C:\Users\cheis\AppData\Local\{A80B182C-3245-4104-83AE-E6634751BE40}
2013-04-27 21:03 - 2013-04-12 10:45 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2013-04-19 12:17 - 2013-04-21 08:08 - 00000000 ____D C:\Users\cheis\AppData\Local\{C764A9D0-8CA2-4357-B863-B6A4047CB049}
2013-04-15 06:54 - 2013-04-18 13:06 - 00000000 ____D C:\Users\cheis\AppData\Local\{ACCE4C83-7462-41D6-A367-7B303C2CDA73}
2013-04-10 21:03 - 2013-03-19 02:04 - 05550424 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-04-10 21:03 - 2013-03-19 01:46 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2013-04-10 21:03 - 2013-03-19 01:04 - 03968856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-04-10 21:03 - 2013-03-19 01:04 - 03913560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-04-10 21:03 - 2013-03-19 00:47 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-04-10 21:03 - 2013-03-18 23:06 - 00112640 ____A (Microsoft Corporation) C:\Windows\System32\smss.exe
2013-04-10 21:03 - 2013-02-28 23:36 - 03153408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-04-10 21:03 - 2013-02-15 02:08 - 00044032 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll
2013-04-10 21:03 - 2013-02-15 02:06 - 03717632 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2013-04-10 21:03 - 2013-02-15 02:02 - 00158720 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll
2013-04-10 21:03 - 2013-02-15 00:37 - 03217408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-04-10 21:03 - 2013-02-15 00:34 - 00131584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2013-04-10 21:03 - 2013-02-14 23:25 - 00036864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2013-04-10 21:03 - 2013-01-24 02:01 - 00223752 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fvevol.sys

==================== One Month Modified Files and Folders =======

2013-05-07 12:12 - 2013-05-07 12:12 - 01874784 ____A (Farbar) C:\Users\cheis\Downloads\FRST64.exe
2013-05-07 12:09 - 2013-05-07 12:09 - 00000000 ____D C:\FRST
2013-05-07 09:48 - 2013-05-07 09:48 - 00023613 ____A C:\Users\cheis\Desktop\attach.txt
2013-05-07 09:48 - 2013-05-07 09:48 - 00022253 ____A C:\Users\cheis\Desktop\dds.txt
2013-05-07 09:46 - 2013-05-07 09:46 - 00688992 ____R (Swearware) C:\Users\cheis\Downloads\dds.com
2013-05-07 09:19 - 2009-11-08 11:48 - 01832457 ____A C:\Windows\WindowsUpdate.log
2013-05-06 20:54 - 2013-05-06 18:43 - 00000000 ____D C:\Users\cheis\Documents\mbar-1.05.0.1001
2013-05-06 18:24 - 2013-05-02 10:33 - 00001080 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-05-06 18:24 - 2013-05-02 10:33 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-05-06 18:17 - 2013-05-06 18:17 - 00033665 ____A C:\Users\cheis\Desktop\Result.txt
2013-05-06 18:12 - 2013-05-06 18:12 - 00003601 ____A C:\Users\cheis\Desktop\FSS.txt
2013-05-06 13:38 - 2013-05-06 13:38 - 00000000 ____D C:\Users\cheis\AppData\Local\{84489E9F-0C7F-4B9C-93EE-47E82885722A}
2013-05-06 13:38 - 2010-10-23 12:58 - 00000000 ____D C:\Users\cheis\AppData\Local\Windows Live
2013-05-06 13:38 - 2010-01-17 12:33 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-05-06 13:37 - 2009-07-14 00:45 - 00017600 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-05-06 13:37 - 2009-07-14 00:45 - 00017600 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-05-06 13:30 - 2009-07-14 01:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-05-06 13:29 - 2009-07-14 00:51 - 00351124 ____A C:\Windows\setupact.log
2013-05-06 13:28 - 2013-05-05 16:45 - 00000000 ____D C:\Windows\pss
2013-05-05 16:32 - 2013-05-03 06:08 - 00000000 ____D C:\Users\cheis\AppData\Local\{DDE09603-10B1-43B6-B2BE-C90908B70955}
2013-05-05 16:32 - 2012-06-25 21:35 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-05-05 16:31 - 2010-01-17 12:33 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-05-02 12:45 - 2009-08-15 02:59 - 00262308 ____A C:\Windows\PFRO.log
2013-05-02 10:34 - 2013-05-02 10:34 - 00000000 ____D C:\Users\cheis\AppData\Roaming\Malwarebytes
2013-05-02 10:33 - 2013-05-02 10:33 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-05-02 10:19 - 2013-05-02 10:19 - 00027420 ____A C:\Users\cheis\Desktop\HitmanPro_20130502_1019.log
2013-05-02 10:19 - 2013-05-02 09:58 - 00000000 ____D C:\ProgramData\HitmanPro
2013-05-02 10:18 - 2013-05-02 10:18 - 00012872 ____A (SurfRight B.V.) C:\Windows\System32\bootdelete.exe
2013-05-02 09:55 - 2009-07-14 01:13 - 00726444 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-02 08:31 - 2013-05-01 20:31 - 00000000 ____D C:\Users\cheis\AppData\Local\{F6098A58-B6B1-4B3D-BBE4-B3DC892341F2}
2013-05-02 02:06 - 2010-11-17 13:24 - 00278800 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2013-05-01 10:50 - 2009-12-31 07:30 - 00000000 ____D C:\ProgramData\Yahoo! Companion
2013-05-01 10:33 - 2013-05-01 10:33 - 00006130 ____A C:\Users\Admin\Documents\win 7 registry bkup current config.reg
2013-05-01 10:32 - 2013-05-01 10:32 - 07859310 ____A C:\Users\Admin\Documents\win 7 registry bkup users.reg
2013-05-01 10:31 - 2013-05-01 10:31 - 244737382 ____A C:\Users\Admin\Documents\win 7 registry bkup local.reg
2013-05-01 10:31 - 2013-05-01 10:31 - 03765882 ____A C:\Users\Admin\Documents\win 7 registry bkup user.reg
2013-05-01 10:30 - 2013-05-01 10:30 - 45880342 ____A C:\Users\Admin\Documents\win 7 registry bkup.reg
2013-05-01 08:30 - 2013-05-01 08:29 - 00000000 ____D C:\Users\cheis\AppData\Local\{B2B750C6-C42A-47DF-BA87-00F8873B4031}
2013-05-01 07:05 - 2011-02-23 13:42 - 00002198 ____A C:\Windows\epplauncher.mif
2013-05-01 01:06 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2013-04-30 20:56 - 2013-04-30 20:56 - 00120184 ____A C:\Windows\System32\GDIPFONTCACHEV1.DAT
2013-04-30 20:55 - 2010-03-03 19:03 - 00000000 ____D C:\Users\Admin\AppData\Local\Google
2013-04-30 20:54 - 2013-04-30 20:54 - 00002226 ____A C:\Users\Admin\Desktop\Google Chrome.lnk
2013-04-30 20:54 - 2010-03-03 19:03 - 00120184 ____A C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2013-04-30 20:37 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-04-30 20:30 - 2013-04-30 20:22 - 00007815 ____A C:\Windows\IE10_main.log
2013-04-30 20:26 - 2013-04-30 20:26 - 19230208 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 14323200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 13761024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-04-30 20:26 - 2013-04-30 20:26 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-04-30 20:26 - 2013-04-30 20:26 - 02647040 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 02240512 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 02046464 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 01766912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-04-30 20:26 - 2013-04-30 20:26 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-04-30 20:26 - 2013-04-30 20:26 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-04-30 20:26 - 2013-04-30 20:26 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-04-30 20:26 - 2013-04-30 20:26 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 01129984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-04-30 20:26 - 2013-04-30 20:26 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-04-30 20:26 - 2013-04-30 20:26 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-04-30 20:26 - 2013-04-30 20:26 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-04-30 20:26 - 2013-04-30 20:26 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-04-30 20:26 - 2013-04-30 20:26 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-04-30 20:26 - 2013-04-30 20:26 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-04-30 20:26 - 2013-04-30 20:26 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-04-30 20:26 - 2013-04-30 20:26 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-04-30 20:26 - 2013-04-30 20:26 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-04-30 20:26 - 2013-04-30 20:26 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-04-30 20:26 - 2013-04-30 20:26 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-04-30 20:26 - 2013-04-30 20:26 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-04-30 20:26 - 2013-04-30 20:26 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-04-30 20:26 - 2013-04-30 20:26 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-04-30 20:26 - 2013-04-30 20:26 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-04-30 20:26 - 2013-04-30 20:26 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-04-30 20:26 - 2013-04-30 20:26 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-04-30 20:26 - 2013-04-30 20:26 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-04-30 20:26 - 2013-04-30 20:26 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-04-30 20:26 - 2013-04-30 20:26 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-04-30 20:22 - 2013-04-29 19:49 - 00000000 ____D C:\Users\cheis\AppData\Local\{103A560C-D6A0-4F4F-978F-225704CB7FEB}
2013-04-28 10:30 - 2013-04-28 10:30 - 00000000 ____D C:\Users\cheis\AppData\Local\{A80B182C-3245-4104-83AE-E6634751BE40}
2013-04-21 08:08 - 2013-04-19 12:17 - 00000000 ____D C:\Users\cheis\AppData\Local\{C764A9D0-8CA2-4357-B863-B6A4047CB049}
2013-04-18 13:06 - 2013-04-15 06:54 - 00000000 ____D C:\Users\cheis\AppData\Local\{ACCE4C83-7462-41D6-A367-7B303C2CDA73}
2013-04-15 07:08 - 2013-03-25 21:14 - 00000000 ____D C:\Program Files\Microsoft Office 15
2013-04-15 06:50 - 2009-07-14 00:45 - 00463288 ____A C:\Windows\System32\FNTCACHE.DAT
2013-04-15 06:45 - 2013-03-24 03:33 - 00000000 ____D C:\Users\cheis\AppData\Local\{E551BEE7-18C3-4C13-843A-D0132161DCC0}
2013-04-12 10:45 - 2013-04-27 21:03 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2013-04-07 18:39 - 2009-12-26 23:38 - 00119304 ____A C:\Users\cheis\AppData\Local\GDIPFONTCACHEV1.DAT

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

Last Boot: 2013-05-05 16:34

==================== End Of Log ============================



#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:25 AM

Posted 07 May 2013 - 05:22 PM

No sign of any serous infection. Only some minor adware stuff.
  • Please uninstall the following programs:

    Ask Toolbar
    Ask Toolbar Updater
    Upromise TurboSaver
  • Please download the attached file.
    Save it to the same directory where FRST is located.

    Run FRST and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.[*/]

FYI: It is too late here and we round off tomorrow.

Attached Files



#7 chrisd1128

chrisd1128
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:25 AM

Posted 08 May 2013 - 09:31 AM

Thanks for all your help!  It is greatly appreciated!  The fixlog is below:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 06-05-2013
Ran by cheis at 2013-05-08 10:28:57 Run:1
Running from C:\Users\cheis\Downloads
Boot Mode: Normal
==============================================

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Upromise Update => Value not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Upromise Tray => Value not found.
C:\Program Files (x86)\Upromise => File/Directory not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater => Value not found.
C:\Program Files (x86)\Ask.com => File/Directory not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{93DC3DBC-5538-46C8-8BFB-0F4BD746EDC0} => Key deleted successfully.
HKCR\CLSID\{93DC3DBC-5538-46C8-8BFB-0F4BD746EDC0} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC} => Key not found.
HKCR\Wow6432Node\CLSID\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found.
HKCR\Wow6432Node\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EDC0F17F-F4B7-47e4-B73E-887FAEB376FA} => Key not found.
HKCR\Wow6432Node\CLSID\{EDC0F17F-F4B7-47e4-B73E-887FAEB376FA} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{06E58E5E-F8CB-4049-991E-A41C03BD419E} => Value not found.
HKCR\Wow6432Node\CLSID\{06E58E5E-F8CB-4049-991E-A41C03BD419E} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} => Value not found.
HKCR\Wow6432Node\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found.
C:\Users\cheis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaanijiojpcccpkjdjjmjghddcgcbfj => Moved successfully.

==== End of Fixlog ====

 

 



#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:25 AM

Posted 08 May 2013 - 09:50 AM

That is taken care of. :thumbup2:

 

  • Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.
    You may download both x32 and x64 versions of Java from http://www.java.com/en/download/manual.jsp

    Uninstall the following older Java:

    Java 7 Update 7
    Java™ 6 Update 14
    Java™ 6 Update 21


    Then install the downloaded Java versions.

     

  • This small application you may want to keep and use to keep the computer clean.
    Download CCleaner from here http://www.ccleaner.com/
    • Run the installer to install the application.
    • When it gives you the option to install Yahoo toolbar or any other program uncheck the box next to it.
    • Run CCleaner. Under Application tab all the boxes should be checked except any option to remove saved passwords.
    • Click Run Cleaner.
    • Close CCleaner.
  • Please post the FSS log you mentioned in your first post or make a fresh log with FSS while all the options are checked and post the log.

     

     

  • Also please tell me how is the system running.

     

     

 

 

 

 



#9 chrisd1128

chrisd1128
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:25 AM

Posted 09 May 2013 - 01:05 PM

Thanks for hanging in there with me.  I've been out of my office in training, but have just completed the steps above.  I reran FSS and will post log below, but I am still getting the error "This program is blocked by group policy. For more information, contact your system administrator."  If I try to uninstall MS Essentials, I get the error "You do not have sufficient access to uninstall Microsoft Security Essentials. Please contact your system administrator."

 

If I go into Safe mode w/ networking, it will let me run MS Essentials, but without real time monitoring.

 

Here is the FSS log:

Farbar Service Scanner Version: 14-04-2013
Ran by cheis (administrator) on 09-05-2013 at 13:52:53
Running from "C:\Users\cheis\Downloads"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Attempt to access Yahoo IP returned error. Yahoo IP is offline
Attempt to access Yahoo.com returned error: Yahoo.com is offline

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

 

Thanks again for the assistance!



#10 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:25 AM

Posted 10 May 2013 - 06:00 AM

Let's run another tool to make sure then come back to MSE issue.

 

Please download TDSSKiller.zip and and extract it.

  • Run TDSSKiller.exe.
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.

 



#11 chrisd1128

chrisd1128
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:25 AM

Posted 10 May 2013 - 07:41 AM

Ran TDsskiller - no threats found and no reboot needed.  Here is the log:

 

08:35:55.0534 3236 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42

08:35:56.0314 3236 ============================================================

08:35:56.0314 3236 Current date / time: 2013/05/10 08:35:56.0314

08:35:56.0314 3236 SystemInfo:

08:35:56.0314 3236

08:35:56.0314 3236 OS Version: 6.1.7601 ServicePack: 1.0

08:35:56.0314 3236 Product type: Workstation

08:35:56.0314 3236 ComputerName: CBDAWES

08:35:56.0314 3236 UserName: cheis

08:35:56.0314 3236 Windows directory: C:\Windows

08:35:56.0314 3236 System windows directory: C:\Windows

08:35:56.0314 3236 Running under WOW64

08:35:56.0314 3236 Processor architecture: Intel x64

08:35:56.0314 3236 Number of processors: 2

08:35:56.0314 3236 Page size: 0x1000

08:35:56.0314 3236 Boot type: Normal boot

08:35:56.0314 3236 ============================================================

08:35:58.0373 3236 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

08:35:58.0436 3236 Drive \Device\Harddisk1\DR1 - Size: 0x1DD800000 (7.46 Gb), SectorSize: 0x200, Cylinders: 0x3CD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

08:35:58.0467 3236 Drive \Device\Harddisk2\DR2 - Size: 0x7A400000 (1.91 Gb), SectorSize: 0x200, Cylinders: 0xF9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

08:35:58.0467 3236 ============================================================

08:35:58.0467 3236 \Device\Harddisk0\DR0:

08:35:58.0467 3236 MBR partitions:

08:35:58.0467 3236 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1770800, BlocksNum 0x32000

08:35:58.0467 3236 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x17A2800, BlocksNum 0x23C8BAB0

08:35:58.0467 3236 \Device\Harddisk1\DR1:

08:35:58.0467 3236 MBR partitions:

08:35:58.0467 3236 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x20, BlocksNum 0xEEBFE0

08:35:58.0467 3236 \Device\Harddisk2\DR2:

08:35:58.0467 3236 MBR partitions:

08:35:58.0467 3236 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0x3BFFE0

08:35:58.0467 3236 ============================================================

08:35:58.0482 3236 C: <-> \Device\Harddisk0\DR0\Partition2

08:35:58.0482 3236 ============================================================

08:35:58.0482 3236 Initialize success

08:35:58.0482 3236 ============================================================

08:37:02.0786 6956 ============================================================

08:37:02.0786 6956 Scan started

08:37:02.0786 6956 Mode: Manual;

08:37:02.0786 6956 ============================================================

08:37:03.0004 6956 ================ Scan system memory ========================

08:37:03.0004 6956 System memory - ok

08:37:03.0004 6956 ================ Scan services =============================

08:37:03.0316 6956 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys

08:37:03.0316 6956 1394ohci - ok

08:37:03.0363 6956 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys

08:37:03.0394 6956 ACPI - ok

08:37:03.0441 6956 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys

08:37:03.0441 6956 AcpiPmi - ok

08:37:03.0706 6956 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

08:37:03.0706 6956 AdobeFlashPlayerUpdateSvc - ok

08:37:03.0753 6956 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys

08:37:03.0768 6956 adp94xx - ok

08:37:03.0815 6956 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys

08:37:03.0815 6956 adpahci - ok

08:37:03.0831 6956 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys

08:37:03.0831 6956 adpu320 - ok

08:37:03.0878 6956 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

08:37:03.0878 6956 AeLookupSvc - ok

08:37:03.0940 6956 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys

08:37:03.0956 6956 AFD - ok

08:37:04.0002 6956 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys

08:37:04.0002 6956 agp440 - ok

08:37:04.0034 6956 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe

08:37:04.0034 6956 ALG - ok

08:37:04.0080 6956 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys

08:37:04.0080 6956 aliide - ok

08:37:04.0127 6956 [ D0D8877969011D1B0ED9C3C55A9A9108 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe

08:37:04.0127 6956 AMD External Events Utility - ok

08:37:04.0143 6956 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys

08:37:04.0143 6956 amdide - ok

08:37:04.0190 6956 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys

08:37:04.0190 6956 AmdK8 - ok

08:37:04.0221 6956 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys

08:37:04.0221 6956 AmdPPM - ok

08:37:04.0236 6956 [ 12A5062C06E03FF70DB47800F91C7A13 ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys

08:37:04.0236 6956 amdsata - ok

08:37:04.0268 6956 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys

08:37:04.0268 6956 amdsbs - ok

08:37:04.0283 6956 [ 8A7F289B45CEACAC761E14D5FAC59EB9 ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys

08:37:04.0299 6956 amdxata - ok

08:37:04.0330 6956 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys

08:37:04.0346 6956 AppID - ok

08:37:04.0377 6956 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll

08:37:04.0377 6956 AppIDSvc - ok

08:37:04.0424 6956 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll

08:37:04.0424 6956 Appinfo - ok

08:37:04.0439 6956 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys

08:37:04.0439 6956 arc - ok

08:37:04.0470 6956 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys

08:37:04.0470 6956 arcsas - ok

08:37:04.0502 6956 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

08:37:04.0502 6956 AsyncMac - ok

08:37:04.0548 6956 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys

08:37:04.0548 6956 atapi - ok

08:37:04.0626 6956 [ 0ACC06FCF46F64ED4F11E57EE461C1F4 ] athr C:\Windows\system32\DRIVERS\athrx.sys

08:37:04.0673 6956 athr - ok

08:37:04.0720 6956 [ 38467FF83C2B4265D51F418812A91E3C ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys

08:37:04.0720 6956 AtiHdmiService - ok

08:37:04.0892 6956 [ C5758BF1DFD762A5B17041FF061B7750 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys

08:37:05.0032 6956 atikmdag - ok

08:37:05.0079 6956 [ 7C5D273E29DCC5505469B299C6F29163 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys

08:37:05.0079 6956 AtiPcie - ok

08:37:05.0141 6956 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

08:37:05.0172 6956 AudioEndpointBuilder - ok

08:37:05.0188 6956 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll

08:37:05.0204 6956 AudioSrv - ok

08:37:05.0266 6956 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll

08:37:05.0266 6956 AxInstSV - ok

08:37:05.0328 6956 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys

08:37:05.0360 6956 b06bdrv - ok

08:37:05.0391 6956 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys

08:37:05.0406 6956 b57nd60a - ok

08:37:05.0500 6956 [ 9E84A931DBEE0292E38ED672F6293A99 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys

08:37:05.0547 6956 BCM43XX - ok

08:37:05.0578 6956 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll

08:37:05.0578 6956 BDESVC - ok

08:37:05.0594 6956 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys

08:37:05.0594 6956 Beep - ok

08:37:05.0656 6956 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll

08:37:05.0687 6956 BFE - ok

08:37:05.0750 6956 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll

08:37:05.0781 6956 BITS - ok

08:37:05.0828 6956 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys

08:37:05.0828 6956 blbdrive - ok

08:37:05.0921 6956 [ F832F1505AD8B83474BD9A5B1B985E01 ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe

08:37:05.0937 6956 Bonjour Service - ok

08:37:05.0968 6956 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

08:37:05.0984 6956 bowser - ok

08:37:06.0015 6956 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys

08:37:06.0015 6956 BrFiltLo - ok

08:37:06.0030 6956 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys

08:37:06.0030 6956 BrFiltUp - ok

08:37:06.0077 6956 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll

08:37:06.0077 6956 Browser - ok

08:37:06.0108 6956 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys

08:37:06.0140 6956 Brserid - ok

08:37:06.0140 6956 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

08:37:06.0140 6956 BrSerWdm - ok

08:37:06.0155 6956 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

08:37:06.0155 6956 BrUsbMdm - ok

08:37:06.0171 6956 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

08:37:06.0171 6956 BrUsbSer - ok

08:37:06.0171 6956 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys

08:37:06.0186 6956 BTHMODEM - ok

08:37:06.0202 6956 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll

08:37:06.0218 6956 bthserv - ok

08:37:06.0264 6956 [ D1787E11C6A0078DDEAF8CF3EE2AB293 ] CAXHWAZL C:\Windows\system32\DRIVERS\CAXHWAZL.sys

08:37:06.0264 6956 CAXHWAZL - ok

08:37:06.0296 6956 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

08:37:06.0296 6956 cdfs - ok

08:37:06.0374 6956 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

08:37:06.0374 6956 cdrom - ok

08:37:06.0436 6956 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll

08:37:06.0436 6956 CertPropSvc - ok

08:37:06.0467 6956 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys

08:37:06.0467 6956 circlass - ok

08:37:06.0530 6956 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys

08:37:06.0545 6956 CLFS - ok

08:37:06.0732 6956 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

08:37:06.0748 6956 clr_optimization_v2.0.50727_32 - ok

08:37:06.0920 6956 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

08:37:06.0920 6956 clr_optimization_v2.0.50727_64 - ok

08:37:07.0044 6956 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

08:37:07.0044 6956 clr_optimization_v4.0.30319_32 - ok

08:37:07.0091 6956 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

08:37:07.0091 6956 clr_optimization_v4.0.30319_64 - ok

08:37:07.0107 6956 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys

08:37:07.0123 6956 CmBatt - ok

08:37:07.0154 6956 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys

08:37:07.0154 6956 cmdide - ok

08:37:07.0201 6956 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys

08:37:07.0232 6956 CNG - ok

08:37:07.0279 6956 [ 20F3F8674D7DEE5D90A352B775D5D5BA ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys

08:37:07.0294 6956 CnxtHdAudService - ok

08:37:07.0325 6956 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys

08:37:07.0325 6956 Compbatt - ok

08:37:07.0372 6956 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys

08:37:07.0372 6956 CompositeBus - ok

08:37:07.0388 6956 COMSysApp - ok

08:37:07.0419 6956 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys

08:37:07.0419 6956 crcdisk - ok

08:37:07.0466 6956 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll

08:37:07.0466 6956 CryptSvc - ok

08:37:07.0528 6956 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll

08:37:07.0559 6956 DcomLaunch - ok

08:37:07.0606 6956 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll

08:37:07.0606 6956 defragsvc - ok

08:37:07.0669 6956 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

08:37:07.0669 6956 DfsC - ok

08:37:07.0731 6956 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll

08:37:07.0731 6956 Dhcp - ok

08:37:07.0762 6956 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys

08:37:07.0762 6956 discache - ok

08:37:07.0809 6956 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys

08:37:07.0809 6956 Disk - ok

08:37:07.0887 6956 [ D5BCB77BE83CF99F508943945D46343D ] DKbFltr C:\Windows\syswow64\Drivers\DKbFltr.sys

08:37:07.0887 6956 DKbFltr - ok

08:37:07.0934 6956 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll

08:37:07.0949 6956 Dnscache - ok

08:37:08.0012 6956 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll

08:37:08.0027 6956 dot3svc - ok

08:37:08.0074 6956 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll

08:37:08.0074 6956 DPS - ok

08:37:08.0121 6956 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

08:37:08.0121 6956 drmkaud - ok

08:37:08.0199 6956 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

08:37:08.0230 6956 DXGKrnl - ok

08:37:08.0277 6956 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll

08:37:08.0277 6956 EapHost - ok

08:37:08.0402 6956 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys

08:37:08.0527 6956 ebdrv - ok

08:37:08.0558 6956 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe

08:37:08.0558 6956 EFS - ok

08:37:08.0636 6956 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe

08:37:08.0667 6956 ehRecvr - ok

08:37:08.0698 6956 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe

08:37:08.0698 6956 ehSched - ok

08:37:08.0729 6956 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys

08:37:08.0745 6956 elxstor - ok

08:37:08.0870 6956 [ 7C35C6865957289D9EFE6CC73F4AB2E1 ] ePowerSvc C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe

08:37:08.0901 6956 ePowerSvc - ok

08:37:08.0917 6956 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys

08:37:08.0932 6956 ErrDev - ok

08:37:08.0979 6956 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll

08:37:08.0995 6956 EventSystem - ok

08:37:09.0026 6956 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys

08:37:09.0026 6956 exfat - ok

08:37:09.0057 6956 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys

08:37:09.0073 6956 fastfat - ok

08:37:09.0135 6956 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe

08:37:09.0151 6956 Fax - ok

08:37:09.0166 6956 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys

08:37:09.0166 6956 fdc - ok

08:37:09.0182 6956 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll

08:37:09.0182 6956 fdPHost - ok

08:37:09.0197 6956 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll

08:37:09.0197 6956 FDResPub - ok

08:37:09.0213 6956 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

08:37:09.0229 6956 FileInfo - ok

08:37:09.0229 6956 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

08:37:09.0229 6956 Filetrace - ok

08:37:09.0353 6956 [ B8602C90D3C427D8A86CE60437615CF5 ] FlipShare Service C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe

08:37:09.0369 6956 FlipShare Service - ok

08:37:09.0447 6956 [ AC5FB7094F31534594CAE48306972CBD ] FlipShareServer C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe

08:37:09.0790 6956 FlipShareServer - ok

08:37:09.0821 6956 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys

08:37:09.0821 6956 flpydisk - ok

08:37:09.0868 6956 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

08:37:09.0868 6956 FltMgr - ok

08:37:09.0962 6956 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll

08:37:10.0009 6956 FontCache - ok

08:37:10.0055 6956 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

08:37:10.0071 6956 FontCache3.0.0.0 - ok

08:37:10.0102 6956 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

08:37:10.0102 6956 FsDepends - ok

08:37:10.0149 6956 [ 6C06701BF1DB05405804D7EB610991CE ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys

08:37:10.0165 6956 fssfltr - ok

08:37:10.0258 6956 [ 4CE9DAC1518FF7E77BD213E6394B9D77 ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe

08:37:10.0289 6956 fsssvc - ok

08:37:10.0336 6956 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

08:37:10.0336 6956 Fs_Rec - ok

08:37:10.0383 6956 [ 54891A87BA8DBFAC580A3D256F4D2CEB ] FTDIBUS C:\Windows\system32\drivers\ftdibus.sys

08:37:10.0383 6956 FTDIBUS - ok

08:37:10.0414 6956 [ 7C98F85966A11D1A4214FA8B48BE6A44 ] FTSER2K C:\Windows\system32\drivers\ftser2k.sys

08:37:10.0430 6956 FTSER2K - ok

08:37:10.0523 6956 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

08:37:10.0523 6956 fvevol - ok

08:37:10.0555 6956 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys

08:37:10.0555 6956 gagp30kx - ok

08:37:10.0664 6956 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe

08:37:10.0679 6956 GamesAppService - ok

08:37:10.0742 6956 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll

08:37:10.0773 6956 gpsvc - ok

08:37:10.0867 6956 [ 816FD5A6F3C2F3D600900096632FC60E ] Greg_Service C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe

08:37:10.0913 6956 Greg_Service - ok

08:37:10.0991 6956 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

08:37:11.0007 6956 gupdate - ok

08:37:11.0054 6956 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

08:37:11.0054 6956 gupdatem - ok

08:37:11.0116 6956 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

08:37:11.0132 6956 gusvc - ok

08:37:11.0163 6956 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

08:37:11.0163 6956 hcw85cir - ok

08:37:11.0225 6956 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

08:37:11.0225 6956 HdAudAddService - ok

08:37:11.0257 6956 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys

08:37:11.0272 6956 HDAudBus - ok

08:37:11.0288 6956 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys

08:37:11.0288 6956 HidBatt - ok

08:37:11.0288 6956 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys

08:37:11.0288 6956 HidBth - ok

08:37:11.0303 6956 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys

08:37:11.0303 6956 HidIr - ok

08:37:11.0335 6956 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll

08:37:11.0335 6956 hidserv - ok

08:37:11.0381 6956 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

08:37:11.0381 6956 HidUsb - ok

08:37:11.0413 6956 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll

08:37:11.0413 6956 hkmsvc - ok

08:37:11.0444 6956 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll

08:37:11.0444 6956 HomeGroupListener - ok

08:37:11.0491 6956 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

08:37:11.0506 6956 HomeGroupProvider - ok

08:37:11.0631 6956 [ 08457D8F8149757C70CEA59C71EC5D27 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll

08:37:11.0647 6956 hpqcxs08 - ok

08:37:11.0662 6956 [ 75CC8C5146A3FB76221A7606628778D5 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll

08:37:11.0834 6956 hpqddsvc - ok

08:37:11.0865 6956 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys

08:37:11.0865 6956 HpSAMD - ok

08:37:11.0959 6956 [ 2ADF33F93991C4E24E86FFA5F906417B ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL

08:37:12.0021 6956 HPSLPSVC - ok

08:37:12.0115 6956 [ 447256D1C026654C5CD3CC17E7B20631 ] HsfXAudioService C:\Windows\SysWOW64\XAudio64.dll

08:37:12.0161 6956 HsfXAudioService - ok

08:37:12.0239 6956 [ 26C5D00321937E49B6BC91029947D094 ] HSF_DPV C:\Windows\system32\DRIVERS\CAX_DPV.sys

08:37:12.0302 6956 HSF_DPV - ok

08:37:12.0349 6956 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys

08:37:12.0380 6956 HTTP - ok

08:37:12.0411 6956 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

08:37:12.0411 6956 hwpolicy - ok

08:37:12.0458 6956 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys

08:37:12.0458 6956 i8042prt - ok

08:37:12.0520 6956 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys

08:37:12.0536 6956 iaStorV - ok

08:37:12.0614 6956 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

08:37:12.0645 6956 idsvc - ok

08:37:12.0832 6956 [ A87261EF1546325B559374F5689CF5BC ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys

08:37:13.0004 6956 igfx - ok

08:37:13.0035 6956 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys

08:37:13.0035 6956 iirsp - ok

08:37:13.0097 6956 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll

08:37:13.0129 6956 IKEEXT - ok

08:37:13.0144 6956 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys

08:37:13.0144 6956 intelide - ok

08:37:13.0160 6956 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

08:37:13.0175 6956 intelppm - ok

08:37:13.0191 6956 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll

08:37:13.0191 6956 IPBusEnum - ok

08:37:13.0238 6956 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

08:37:13.0238 6956 IpFilterDriver - ok

08:37:13.0285 6956 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

08:37:13.0316 6956 iphlpsvc - ok

08:37:13.0347 6956 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys

08:37:13.0363 6956 IPMIDRV - ok

08:37:13.0409 6956 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys

08:37:13.0409 6956 IPNAT - ok

08:37:13.0456 6956 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys

08:37:13.0456 6956 IRENUM - ok

08:37:13.0472 6956 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys

08:37:13.0472 6956 isapnp - ok

08:37:13.0503 6956 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys

08:37:13.0519 6956 iScsiPrt - ok

08:37:13.0581 6956 [ 249EE2D26CB1530F3BEDE0AC8B9E3099 ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys

08:37:13.0597 6956 k57nd60a - ok

08:37:13.0612 6956 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

08:37:13.0612 6956 kbdclass - ok

08:37:13.0659 6956 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys

08:37:13.0659 6956 kbdhid - ok

08:37:13.0675 6956 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe

08:37:13.0675 6956 KeyIso - ok

08:37:13.0721 6956 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

08:37:13.0721 6956 KSecDD - ok

08:37:13.0753 6956 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

08:37:13.0753 6956 KSecPkg - ok

08:37:13.0799 6956 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

08:37:13.0799 6956 ksthunk - ok

08:37:13.0846 6956 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll

08:37:13.0862 6956 KtmRm - ok

08:37:13.0893 6956 [ 2AC603C3188C704CFCE353659AA7AD71 ] L1E C:\Windows\system32\DRIVERS\L1E62x64.sys

08:37:13.0893 6956 L1E - ok

08:37:13.0955 6956 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll

08:37:13.0971 6956 LanmanServer - ok

08:37:14.0018 6956 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

08:37:14.0018 6956 LanmanWorkstation - ok

08:37:14.0065 6956 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

08:37:14.0065 6956 lltdio - ok

08:37:14.0111 6956 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll

08:37:14.0111 6956 lltdsvc - ok

08:37:14.0143 6956 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll

08:37:14.0143 6956 lmhosts - ok

08:37:14.0189 6956 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys

08:37:14.0189 6956 LSI_FC - ok

08:37:14.0205 6956 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys

08:37:14.0205 6956 LSI_SAS - ok

08:37:14.0236 6956 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys

08:37:14.0236 6956 LSI_SAS2 - ok

08:37:14.0267 6956 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys

08:37:14.0267 6956 LSI_SCSI - ok

08:37:14.0299 6956 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys

08:37:14.0299 6956 luafv - ok

08:37:14.0361 6956 [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys

08:37:14.0361 6956 MBAMProtector - ok

08:37:14.0455 6956 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

08:37:14.0486 6956 MBAMScheduler - ok

08:37:14.0533 6956 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

08:37:14.0548 6956 MBAMService - ok

08:37:14.0611 6956 [ 4F74184920B2D6E33024409B4C5C57C1 ] McciCMService C:\Program Files (x86)\Common Files\Motive\McciCMService.exe

08:37:14.0626 6956 McciCMService - ok

08:37:14.0689 6956 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

08:37:14.0689 6956 Mcx2Svc - ok

08:37:14.0720 6956 [ E4F44EC214B3E381E1FC844A02926666 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys

08:37:14.0720 6956 mdmxsdk - ok

08:37:14.0751 6956 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys

08:37:14.0767 6956 megasas - ok

08:37:14.0782 6956 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys

08:37:14.0782 6956 MegaSR - ok

08:37:14.0813 6956 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll

08:37:14.0813 6956 MMCSS - ok

08:37:14.0829 6956 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys

08:37:14.0845 6956 Modem - ok

08:37:14.0860 6956 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys

08:37:14.0860 6956 monitor - ok

08:37:14.0876 6956 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

08:37:14.0876 6956 mouclass - ok

08:37:14.0891 6956 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

08:37:14.0907 6956 mouhid - ok

08:37:14.0938 6956 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

08:37:14.0938 6956 mountmgr - ok

08:37:15.0016 6956 [ F8A10560B35C66F9DE212F03DAD5BFA7 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys

08:37:15.0016 6956 MpFilter - ok

08:37:15.0032 6956 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys

08:37:15.0047 6956 mpio - ok

08:37:15.0063 6956 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

08:37:15.0063 6956 mpsdrv - ok

08:37:15.0110 6956 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll

08:37:15.0125 6956 MpsSvc - ok

08:37:15.0172 6956 [ 80B2EC735495823AE5771A5F603E73BD ] MREMP50 C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS

08:37:15.0235 6956 MREMP50 - ok

08:37:15.0250 6956 MREMP50a64 - ok

08:37:15.0281 6956 [ 37D7C22F7E26DA90E2D2D260E5D27846 ] MRESP50 C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS

08:37:15.0313 6956 MRESP50 - ok

08:37:15.0313 6956 MRESP50a64 - ok

08:37:15.0344 6956 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

08:37:15.0344 6956 MRxDAV - ok

08:37:15.0391 6956 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

08:37:15.0391 6956 mrxsmb - ok

08:37:15.0437 6956 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

08:37:15.0453 6956 mrxsmb10 - ok

08:37:15.0469 6956 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

08:37:15.0469 6956 mrxsmb20 - ok

08:37:15.0515 6956 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys

08:37:15.0515 6956 msahci - ok

08:37:15.0547 6956 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys

08:37:15.0562 6956 msdsm - ok

08:37:15.0593 6956 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe

08:37:15.0593 6956 MSDTC - ok

08:37:15.0640 6956 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys

08:37:15.0640 6956 Msfs - ok

08:37:15.0656 6956 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

08:37:15.0656 6956 mshidkmdf - ok

08:37:15.0687 6956 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

08:37:15.0687 6956 msisadrv - ok

08:37:15.0718 6956 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

08:37:15.0734 6956 MSiSCSI - ok

08:37:15.0734 6956 msiserver - ok

08:37:15.0781 6956 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

08:37:15.0781 6956 MSKSSRV - ok

08:37:15.0874 6956 [ E07DEC52FF801841BA9B6878A60304FB ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe

08:37:15.0874 6956 MsMpSvc - ok

08:37:15.0905 6956 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

08:37:15.0905 6956 MSPCLOCK - ok

08:37:15.0921 6956 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

08:37:15.0921 6956 MSPQM - ok

08:37:15.0968 6956 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

08:37:15.0983 6956 MsRPC - ok

08:37:15.0999 6956 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys

08:37:15.0999 6956 mssmbios - ok

08:37:16.0015 6956 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

08:37:16.0030 6956 MSTEE - ok

08:37:16.0030 6956 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys

08:37:16.0030 6956 MTConfig - ok

08:37:16.0046 6956 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys

08:37:16.0046 6956 Mup - ok

08:37:16.0108 6956 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll

08:37:16.0139 6956 napagent - ok

08:37:16.0202 6956 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

08:37:16.0202 6956 NativeWifiP - ok

08:37:16.0280 6956 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys

08:37:16.0327 6956 NDIS - ok

08:37:16.0342 6956 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

08:37:16.0342 6956 NdisCap - ok

08:37:16.0358 6956 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

08:37:16.0358 6956 NdisTapi - ok

08:37:16.0405 6956 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

08:37:16.0405 6956 Ndisuio - ok

08:37:16.0483 6956 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

08:37:16.0483 6956 NdisWan - ok

08:37:16.0529 6956 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

08:37:16.0529 6956 NDProxy - ok

08:37:16.0592 6956 [ D5AC41AE382738483FAFFBD7E373D49A ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll

08:37:16.0592 6956 Net Driver HPZ12 - ok

08:37:16.0623 6956 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

08:37:16.0623 6956 NetBIOS - ok

08:37:16.0670 6956 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

08:37:16.0685 6956 NetBT - ok

08:37:16.0701 6956 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe

08:37:16.0701 6956 Netlogon - ok

08:37:16.0748 6956 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll

08:37:16.0763 6956 Netman - ok

08:37:16.0795 6956 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll

08:37:16.0810 6956 netprofm - ok

08:37:16.0857 6956 [ B72BB9496A126FCFC7FC5945DED9B411 ] netr28x C:\Windows\system32\DRIVERS\netr28x.sys

08:37:16.0888 6956 netr28x - ok

08:37:16.0919 6956 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

08:37:16.0919 6956 NetTcpPortSharing - ok

08:37:16.0966 6956 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys

08:37:16.0966 6956 nfrd960 - ok

08:37:17.0044 6956 [ 162100E0BC8377710F9D170631921C03 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys

08:37:17.0044 6956 NisDrv - ok

08:37:17.0107 6956 [ C6E15F2F95F9C0A6098D43510B604E52 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe

08:37:17.0122 6956 NisSrv - ok

08:37:17.0200 6956 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll

08:37:17.0216 6956 NlaSvc - ok

08:37:17.0247 6956 nosGetPlusHelper - ok

08:37:17.0263 6956 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys

08:37:17.0278 6956 Npfs - ok

08:37:17.0294 6956 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll

08:37:17.0294 6956 nsi - ok

08:37:17.0325 6956 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

08:37:17.0341 6956 nsiproxy - ok

08:37:17.0419 6956 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

08:37:17.0465 6956 Ntfs - ok

08:37:17.0543 6956 [ 70E3EB0CEF795D348F05E5A9B115F491 ] NTI IScheduleSvc C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe

08:37:17.0543 6956 NTI IScheduleSvc - ok

08:37:17.0590 6956 [ 64DDD0DEE976302F4BD93E5EFCC2F013 ] NTIDrvr C:\Windows\system32\drivers\NTIDrvr.sys

08:37:17.0590 6956 NTIDrvr - ok

08:37:17.0637 6956 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys

08:37:17.0637 6956 Null - ok

08:37:17.0684 6956 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys

08:37:17.0684 6956 nvraid - ok

08:37:17.0715 6956 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys

08:37:17.0715 6956 nvstor - ok

08:37:17.0746 6956 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

08:37:17.0746 6956 nv_agp - ok

08:37:17.0840 6956 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

08:37:17.0871 6956 odserv - ok

08:37:18.0043 6956 [ E0506331F0454C347B28B2AE4BD14636 ] OfficeSvc C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe

08:37:18.0058 6956 OfficeSvc - ok

08:37:18.0089 6956 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

08:37:18.0089 6956 ohci1394 - ok

08:37:18.0136 6956 [ 30B5F9FB0C35AE6B4A0851D24CE2EE8B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

08:37:18.0136 6956 ose - ok

08:37:18.0355 6956 [ FE9C0029E1AF26350D9985D00520E5C8 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

08:37:18.0511 6956 osppsvc - ok

08:37:18.0557 6956 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

08:37:18.0557 6956 p2pimsvc - ok

08:37:18.0604 6956 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll

08:37:18.0620 6956 p2psvc - ok

08:37:18.0651 6956 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys

08:37:18.0651 6956 Parport - ok

08:37:18.0698 6956 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys

08:37:18.0698 6956 partmgr - ok

08:37:18.0713 6956 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll

08:37:18.0729 6956 PcaSvc - ok

08:37:18.0745 6956 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys

08:37:18.0745 6956 pci - ok

08:37:18.0791 6956 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys

08:37:18.0791 6956 pciide - ok

08:37:18.0807 6956 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys

08:37:18.0807 6956 pcmcia - ok

08:37:18.0823 6956 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys

08:37:18.0823 6956 pcw - ok

08:37:18.0854 6956 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys

08:37:18.0869 6956 PEAUTH - ok

08:37:18.0901 6956 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe

08:37:18.0901 6956 PerfHost - ok

08:37:18.0994 6956 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll

08:37:19.0057 6956 pla - ok

08:37:19.0119 6956 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

08:37:19.0135 6956 PlugPlay - ok

08:37:19.0213 6956 [ 37F6046CDC630442D7DC087501FF6FC6 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll

08:37:19.0228 6956 Pml Driver HPZ12 - ok

08:37:19.0259 6956 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

08:37:19.0259 6956 PNRPAutoReg - ok

08:37:19.0291 6956 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

08:37:19.0291 6956 PNRPsvc - ok

08:37:19.0337 6956 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

08:37:19.0353 6956 PolicyAgent - ok

08:37:19.0400 6956 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll

08:37:19.0431 6956 Power - ok

08:37:19.0447 6956 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

08:37:19.0462 6956 PptpMiniport - ok

08:37:19.0493 6956 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys

08:37:19.0493 6956 Processor - ok

08:37:19.0540 6956 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll

08:37:19.0540 6956 ProfSvc - ok

08:37:19.0556 6956 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe

08:37:19.0556 6956 ProtectedStorage - ok

08:37:19.0603 6956 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys

08:37:19.0603 6956 Psched - ok

08:37:19.0681 6956 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys

08:37:19.0727 6956 ql2300 - ok

08:37:19.0759 6956 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys

08:37:19.0759 6956 ql40xx - ok

08:37:19.0790 6956 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll

08:37:19.0805 6956 QWAVE - ok

08:37:19.0821 6956 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

08:37:19.0821 6956 QWAVEdrv - ok

08:37:19.0837 6956 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

08:37:19.0837 6956 RasAcd - ok

08:37:19.0868 6956 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

08:37:19.0868 6956 RasAgileVpn - ok

08:37:19.0883 6956 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll

08:37:19.0899 6956 RasAuto - ok

08:37:19.0930 6956 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

08:37:19.0930 6956 Rasl2tp - ok

08:37:19.0993 6956 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll

08:37:19.0993 6956 RasMan - ok

08:37:20.0008 6956 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

08:37:20.0008 6956 RasPppoe - ok

08:37:20.0024 6956 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

08:37:20.0024 6956 RasSstp - ok

08:37:20.0071 6956 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

08:37:20.0071 6956 rdbss - ok

08:37:20.0086 6956 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys

08:37:20.0102 6956 rdpbus - ok

08:37:20.0117 6956 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

08:37:20.0117 6956 RDPCDD - ok

08:37:20.0133 6956 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

08:37:20.0133 6956 RDPENCDD - ok

08:37:20.0149 6956 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

08:37:20.0149 6956 RDPREFMP - ok

08:37:20.0180 6956 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

08:37:20.0195 6956 RDPWD - ok

08:37:20.0258 6956 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

08:37:20.0258 6956 rdyboost - ok

08:37:20.0320 6956 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll

08:37:20.0320 6956 RemoteAccess - ok

08:37:20.0367 6956 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll

08:37:20.0367 6956 RemoteRegistry - ok

08:37:20.0383 6956 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

08:37:20.0398 6956 RpcEptMapper - ok

08:37:20.0445 6956 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe

08:37:20.0445 6956 RpcLocator - ok

08:37:20.0492 6956 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll

08:37:20.0507 6956 RpcSs - ok

08:37:20.0539 6956 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

08:37:20.0554 6956 rspndr - ok

08:37:20.0601 6956 [ DB30AA4DAA0D492FA5D7717D8181FFA1 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys

08:37:20.0601 6956 RSUSBSTOR - ok

08:37:20.0632 6956 RtsUIR - ok

08:37:20.0648 6956 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe

08:37:20.0648 6956 SamSs - ok

08:37:20.0679 6956 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

08:37:20.0679 6956 sbp2port - ok

08:37:20.0726 6956 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll

08:37:20.0726 6956 SCardSvr - ok

08:37:20.0773 6956 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

08:37:20.0773 6956 scfilter - ok

08:37:20.0835 6956 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll

08:37:20.0866 6956 Schedule - ok

08:37:20.0897 6956 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll

08:37:20.0913 6956 SCPolicySvc - ok

08:37:20.0944 6956 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll

08:37:20.0944 6956 SDRSVC - ok

08:37:20.0975 6956 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys

08:37:20.0975 6956 secdrv - ok

08:37:21.0022 6956 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll

08:37:21.0038 6956 seclogon - ok

08:37:21.0069 6956 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll

08:37:21.0069 6956 SENS - ok

08:37:21.0085 6956 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll

08:37:21.0100 6956 SensrSvc - ok

08:37:21.0131 6956 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys

08:37:21.0131 6956 Serenum - ok

08:37:21.0163 6956 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys

08:37:21.0163 6956 Serial - ok

08:37:21.0209 6956 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys

08:37:21.0209 6956 sermouse - ok

08:37:21.0272 6956 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll

08:37:21.0287 6956 SessionEnv - ok

08:37:21.0319 6956 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

08:37:21.0319 6956 sffdisk - ok

08:37:21.0334 6956 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

08:37:21.0334 6956 sffp_mmc - ok

08:37:21.0365 6956 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

08:37:21.0365 6956 sffp_sd - ok

08:37:21.0381 6956 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys

08:37:21.0381 6956 sfloppy - ok

08:37:21.0412 6956 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll

08:37:21.0428 6956 SharedAccess - ok

08:37:21.0475 6956 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll

08:37:21.0490 6956 ShellHWDetection - ok

08:37:21.0521 6956 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys

08:37:21.0521 6956 SiSRaid2 - ok

08:37:21.0553 6956 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys

08:37:21.0553 6956 SiSRaid4 - ok

08:37:21.0662 6956 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe

08:37:21.0662 6956 SkypeUpdate - ok

08:37:21.0693 6956 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys

08:37:21.0709 6956 Smb - ok

08:37:21.0740 6956 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe

08:37:21.0755 6956 SNMPTRAP - ok

08:37:21.0787 6956 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys

08:37:21.0787 6956 spldr - ok

08:37:21.0849 6956 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe

08:37:21.0880 6956 Spooler - ok

08:37:22.0021 6956 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe

08:37:22.0145 6956 sppsvc - ok

08:37:22.0161 6956 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll

08:37:22.0161 6956 sppuinotify - ok

08:37:22.0208 6956 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys

08:37:22.0239 6956 srv - ok

08:37:22.0286 6956 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

08:37:22.0317 6956 srv2 - ok

08:37:22.0348 6956 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS

08:37:22.0364 6956 SrvHsfHDA - ok

08:37:22.0411 6956 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS

08:37:22.0457 6956 SrvHsfV92 - ok

08:37:22.0489 6956 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS

08:37:22.0504 6956 SrvHsfWinac - ok

08:37:22.0535 6956 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

08:37:22.0535 6956 srvnet - ok

08:37:22.0567 6956 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

08:37:22.0582 6956 SSDPSRV - ok

08:37:22.0613 6956 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll

08:37:22.0613 6956 SstpSvc - ok

08:37:22.0645 6956 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys

08:37:22.0645 6956 stexstor - ok

08:37:22.0676 6956 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys

08:37:22.0691 6956 StillCam - ok

08:37:22.0754 6956 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll

08:37:22.0785 6956 stisvc - ok

08:37:22.0832 6956 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys

08:37:22.0832 6956 swenum - ok

08:37:22.0863 6956 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll

08:37:22.0879 6956 swprv - ok

08:37:22.0941 6956 [ BCF305959B53B200CEB2AD25AD22F8A7 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys

08:37:22.0941 6956 SynTP - ok

08:37:23.0035 6956 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll

08:37:23.0081 6956 SysMain - ok

08:37:23.0128 6956 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll

08:37:23.0128 6956 TabletInputService - ok

08:37:23.0175 6956 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll

08:37:23.0175 6956 TapiSrv - ok

08:37:23.0191 6956 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll

08:37:23.0206 6956 TBS - ok

08:37:23.0300 6956 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys

08:37:23.0393 6956 Tcpip - ok

08:37:23.0440 6956 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

08:37:23.0456 6956 TCPIP6 - ok

08:37:23.0503 6956 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

08:37:23.0503 6956 tcpipreg - ok

08:37:23.0534 6956 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

08:37:23.0534 6956 TDPIPE - ok

08:37:23.0581 6956 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

08:37:23.0581 6956 TDTCP - ok

08:37:23.0627 6956 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

08:37:23.0643 6956 tdx - ok

08:37:23.0674 6956 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys

08:37:23.0674 6956 TermDD - ok

08:37:23.0705 6956 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll

08:37:23.0737 6956 TermService - ok

08:37:23.0768 6956 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll

08:37:23.0768 6956 Themes - ok

08:37:23.0799 6956 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll

08:37:23.0799 6956 THREADORDER - ok

08:37:23.0815 6956 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll

08:37:23.0815 6956 TrkWks - ok

08:37:23.0877 6956 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

08:37:23.0877 6956 TrustedInstaller - ok

08:37:23.0924 6956 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

08:37:23.0924 6956 tssecsrv - ok

08:37:23.0986 6956 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys

08:37:23.0986 6956 TsUsbFlt - ok

08:37:24.0033 6956 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

08:37:24.0049 6956 tunnel - ok

08:37:24.0080 6956 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys

08:37:24.0080 6956 uagp35 - ok

08:37:24.0127 6956 [ 2E22C1FD397A5A9FFEF55E9D1FC96C00 ] UBHelper C:\Windows\system32\drivers\UBHelper.sys

08:37:24.0127 6956 UBHelper - ok

08:37:24.0173 6956 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

08:37:24.0173 6956 udfs - ok

08:37:24.0220 6956 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe

08:37:24.0220 6956 UI0Detect - ok

08:37:24.0251 6956 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

08:37:24.0251 6956 uliagpkx - ok

08:37:24.0298 6956 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys

08:37:24.0298 6956 umbus - ok

08:37:24.0314 6956 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys

08:37:24.0314 6956 UmPass - ok

08:37:24.0376 6956 [ 70DDE3A86DBEB1D6C3C30AD687B1877A ] Updater Service C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe

08:37:24.0376 6956 Updater Service - ok

08:37:24.0392 6956 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll

08:37:24.0407 6956 upnphost - ok

08:37:24.0470 6956 [ 54D4B48D443E7228BF64CF7CDC3118AC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys

08:37:24.0485 6956 USBAAPL64 - ok

08:37:24.0501 6956 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

08:37:24.0501 6956 usbccgp - ok

08:37:24.0517 6956 USBCCID - ok

08:37:24.0563 6956 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys

08:37:24.0579 6956 usbcir - ok

08:37:24.0595 6956 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys

08:37:24.0595 6956 usbehci - ok

08:37:24.0657 6956 [ 6648C6D7323A2CE0C4776C36CEFBCB14 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys

08:37:24.0657 6956 usbfilter - ok

08:37:24.0704 6956 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

08:37:24.0704 6956 usbhub - ok

08:37:24.0719 6956 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys

08:37:24.0719 6956 usbohci - ok

08:37:24.0782 6956 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

08:37:24.0782 6956 usbprint - ok

08:37:24.0813 6956 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys

08:37:24.0829 6956 usbscan - ok

08:37:24.0844 6956 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

08:37:24.0891 6956 USBSTOR - ok

08:37:24.0922 6956 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys

08:37:24.0922 6956 usbuhci - ok

08:37:24.0953 6956 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys

08:37:24.0969 6956 usbvideo - ok

08:37:24.0985 6956 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll

08:37:25.0000 6956 UxSms - ok

08:37:25.0000 6956 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe

08:37:25.0000 6956 VaultSvc - ok

08:37:25.0047 6956 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys

08:37:25.0047 6956 vdrvroot - ok

08:37:25.0094 6956 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe

08:37:25.0125 6956 vds - ok

08:37:25.0156 6956 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

08:37:25.0156 6956 vga - ok

08:37:25.0172 6956 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys

08:37:25.0172 6956 VgaSave - ok

08:37:25.0203 6956 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys

08:37:25.0203 6956 vhdmp - ok

08:37:25.0250 6956 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys

08:37:25.0250 6956 viaide - ok

08:37:25.0265 6956 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys

08:37:25.0265 6956 volmgr - ok

08:37:25.0312 6956 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

08:37:25.0328 6956 volmgrx - ok

08:37:25.0375 6956 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys

08:37:25.0375 6956 volsnap - ok

08:37:25.0406 6956 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys

08:37:25.0421 6956 vsmraid - ok

08:37:25.0515 6956 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe

08:37:25.0562 6956 VSS - ok

08:37:25.0562 6956 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys

08:37:25.0577 6956 vwifibus - ok

08:37:25.0593 6956 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys

08:37:25.0593 6956 vwififlt - ok

08:37:25.0624 6956 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll

08:37:25.0624 6956 W32Time - ok

08:37:25.0640 6956 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys

08:37:25.0655 6956 WacomPen - ok

08:37:25.0687 6956 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

08:37:25.0687 6956 WANARP - ok

08:37:25.0702 6956 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

08:37:25.0702 6956 Wanarpv6 - ok

08:37:25.0796 6956 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

08:37:25.0843 6956 WatAdminSvc - ok

08:37:25.0905 6956 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe

08:37:25.0967 6956 wbengine - ok

08:37:26.0014 6956 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

08:37:26.0030 6956 WbioSrvc - ok

08:37:26.0077 6956 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll

08:37:26.0092 6956 wcncsvc - ok

08:37:26.0108 6956 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

08:37:26.0123 6956 WcsPlugInService - ok

08:37:26.0155 6956 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys

08:37:26.0155 6956 Wd - ok

08:37:26.0201 6956 [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys

08:37:26.0201 6956 WDC_SAM - ok

08:37:26.0264 6956 [ FA24FBE15A8036387ECC013D06094F3D ] WDDMService C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe

08:37:26.0373 6956 WDDMService - ok

08:37:26.0435 6956 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

08:37:26.0451 6956 Wdf01000 - ok

08:37:26.0498 6956 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll

08:37:26.0498 6956 WdiServiceHost - ok

08:37:26.0513 6956 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll

08:37:26.0513 6956 WdiSystemHost - ok

08:37:26.0576 6956 [ 138AB06ADBBF300AA804D7974A5AEC82 ] WDSmartWareBackgroundService C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe

08:37:26.0607 6956 WDSmartWareBackgroundService - ok

08:37:26.0669 6956 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll

08:37:26.0669 6956 WebClient - ok

08:37:26.0701 6956 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll

08:37:26.0701 6956 Wecsvc - ok

08:37:26.0716 6956 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll

08:37:26.0732 6956 wercplsupport - ok

08:37:26.0747 6956 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll

08:37:26.0747 6956 WerSvc - ok

08:37:26.0779 6956 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

08:37:26.0779 6956 WfpLwf - ok

08:37:26.0794 6956 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys

08:37:26.0794 6956 WIMMount - ok

08:37:26.0857 6956 [ A6EA7A3FC4B00F48535B506DB1E86EFD ] winachsf C:\Windows\system32\DRIVERS\CAX_CNXT.sys

08:37:26.0872 6956 winachsf - ok

08:37:26.0903 6956 WinDefend - ok

08:37:26.0919 6956 WinHttpAutoProxySvc - ok

08:37:26.0997 6956 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

08:37:26.0997 6956 Winmgmt - ok

08:37:27.0106 6956 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll

08:37:27.0169 6956 WinRM - ok

08:37:27.0215 6956 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys

08:37:27.0215 6956 WinUsb - ok

08:37:27.0262 6956 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll

08:37:27.0309 6956 Wlansvc - ok

08:37:27.0387 6956 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

08:37:27.0387 6956 wlcrasvc - ok

08:37:27.0543 6956 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

08:37:27.0605 6956 wlidsvc - ok

08:37:27.0652 6956 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys

08:37:27.0652 6956 WmiAcpi - ok

08:37:27.0699 6956 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

08:37:27.0715 6956 wmiApSrv - ok

08:37:27.0746 6956 WMPNetworkSvc - ok

08:37:27.0777 6956 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll

08:37:27.0777 6956 WPCSvc - ok

08:37:27.0824 6956 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

08:37:27.0839 6956 WPDBusEnum - ok

08:37:27.0871 6956 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

08:37:27.0871 6956 ws2ifsl - ok

08:37:27.0886 6956 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll

08:37:27.0902 6956 wscsvc - ok

08:37:27.0902 6956 WSearch - ok

08:37:28.0027 6956 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll

08:37:28.0105 6956 wuauserv - ok

08:37:28.0136 6956 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

08:37:28.0136 6956 WudfPf - ok

08:37:28.0167 6956 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

08:37:28.0183 6956 WUDFRd - ok

08:37:28.0198 6956 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

08:37:28.0214 6956 wudfsvc - ok

08:37:28.0229 6956 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll

08:37:28.0245 6956 WwanSvc - ok

08:37:28.0276 6956 [ E8F3FA126A06F8E7088F63757112A186 ] XAudio C:\Windows\system32\DRIVERS\XAudio64.sys

08:37:28.0276 6956 XAudio - ok

08:37:28.0292 6956 ================ Scan global ===============================

08:37:28.0323 6956 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll

08:37:28.0354 6956 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll

08:37:28.0385 6956 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll

08:37:28.0401 6956 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll

08:37:28.0432 6956 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe

08:37:28.0432 6956 [Global] - ok

08:37:28.0432 6956 ================ Scan MBR ==================================

08:37:28.0463 6956 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0

08:37:29.0290 6956 \Device\Harddisk0\DR0 - ok

08:37:29.0290 6956 [ 65E858A8A0293BE11A920B0BC99D695E ] \Device\Harddisk1\DR1

08:37:29.0899 6956 \Device\Harddisk1\DR1 - ok

08:37:29.0899 6956 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR2

08:37:32.0831 6956 \Device\Harddisk2\DR2 - ok

08:37:32.0831 6956 ================ Scan VBR ==================================

08:37:32.0847 6956 [ F6DB4357816CB62E20C12650128FA49F ] \Device\Harddisk0\DR0\Partition1

08:37:32.0847 6956 \Device\Harddisk0\DR0\Partition1 - ok

08:37:32.0894 6956 [ E6A2374CABCE2B4808BC5EF1134263D8 ] \Device\Harddisk0\DR0\Partition2

08:37:32.0894 6956 \Device\Harddisk0\DR0\Partition2 - ok

08:37:32.0909 6956 [ 5D8CB174D47A24D4FA38E801922D4FE4 ] \Device\Harddisk1\DR1\Partition1

08:37:32.0909 6956 \Device\Harddisk1\DR1\Partition1 - ok

08:37:32.0909 6956 [ CC786D01974E628BE7768B2FC3D7D773 ] \Device\Harddisk2\DR2\Partition1

08:37:32.0925 6956 \Device\Harddisk2\DR2\Partition1 - ok

08:37:32.0925 6956 ============================================================

08:37:32.0925 6956 Scan finished

08:37:32.0925 6956 ============================================================

08:37:32.0941 6976 Detected object count: 0

08:37:32.0941 6976 Actual detected object count: 0

 

Thank You!



#12 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:25 AM

Posted 10 May 2013 - 08:13 AM

Let's take a look at the policy keys.

 

Please download MiniRegTool64.zip and unzip it.

  • Run the tool.
  • Copy and paste the following into the edit box:

    HKEY_LOCAL_MACHINE\SOFTWARE\Policies
    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies
    HKEY_CURRENT_USER\Software\Policies

     
  • Check Export keys radio button.
  • Press Go button and post the result.

 



#13 chrisd1128

chrisd1128
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:25 AM

Posted 10 May 2013 - 10:09 AM

Results from Miniregtool:

 

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Acrobat Reader]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Acrobat Reader\9.0]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Acrobat Reader\9.0\FeatureLockDown]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Acrobat Reader\9.0\FeatureLockDown\cDefaultExecMenuItems]
"tWhiteList"="Close|GeneralInfo|Quit|FirstPage|PrevPage|NextPage|LastPage|ActualSize|FitPage|FitWidth|FitHeight|SinglePage|OneColumn|TwoPages|TwoColumns|ZoomViewIn|ZoomViewOut|ShowHideBookmarks|ShowHideThumbnails|Print|GoToPage|ZoomTo|GeneralPrefs|SaveAs|FullScreen|OpenOrganizer|Scan|Web2PDF:OpnURL|AcroSendMail:SendMail|Spelling:Check Spelling|PageSetup|Find|FindSearch|GoBack|GoForward|FitVisible|ShowHideToolbarEditing|ShowHideToolbarCommenting|ShowHideToolbarEdit|ShowHideToolbarFile|ShowHideToolbarFind|ShowHideToolbarForms|ShowHideToolbarMeasuring|ShowHideToolbarData|ShowHideToolbarPageDisplay|ShowHideToolbarNavigation|ShowHideToolbarPrintProduction|ShowHideToolbarRedaction|ShowHideToolbarBasicTools|ShowHideToolbarTasks|ShowHideToolbarTypewriter|PropertyToolbar|ShowHideArticles|ShowHideFileAttachment|ShowHideAnnotManager|ShowHideFields|ShowHideOptCont|ShowHideModelTree|ShowHideSignatures|InsertPages|ExtractPages|ReplacePages|DeletePages|CropPages|RotatePages|AddFileAttachment|FindCurrentBookmark|BookmarkShowLocation|GoBackDoc|GoForward|DocHelpUserGuide|HelpReader|rolReadPage|HandMenuItem|ZoomDragMenuItem|Annots:Tool:InkMenuItem|CollectionHome|CollectionDetails|CollectionPreview|CollectionShowRoot"

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Acrobat Reader\9.0\FeatureLockDown\cDefaultLaunchAttachmentPerms]
"tBuiltInPermList"="version:1|.ade:3|.adp:3|.app:3|.arc:3|.arj:3|.asp:3|.bas:3|.bat:3|.bz:3|.bz2:3|.cab:3|.chm:3|.class:3|.cmd:3|.com:3|.command:3|.cpl:3|.crt:3|.csh:3|.desktop:3|.dll:3|.exe:3|.fxp:3|.gz:3|.hex:3|.hlp:3|.hqx:3|.hta:3|.inf:3|.ini:3|.ins:3|.isp:3|.its:3|.job:3|.js:3|.jse:3|.ksh:3|.lnk:3|.lzh:3|.mad:3|.maf:3|.mag:3|.mam:3|.maq:3|.mar:3|.mas:3|.mat:3|.mau:3|.mav:3|.maw:3|.mda:3|.mdb:3|.mde:3|.mdt:3|.mdw:3|.mdz:3|.msc:3|.msi:3|.msp:3|.mst:3|.ocx:3|.ops:3|.pcd:3|.pi:3|.pif:3|.prf:3|.prg:3|.pst:3|.rar:3|.reg:3|.scf:3|.scr:3|.sct:3|.sea:3|.shb:3|.shs:3|.sit:3|.tar:3|.taz:3|.tgz:3|.tmp:3|.url:3|.vb:3|.vbe:3|.vbs:3|.vsmacros:3|.vss:3|.vst:3|.vsw:3|.webloc:3|.ws:3|.wsc:3|.wsf:3|.wsh:3|.z:3|.zip:3|.zlo:3|.zoo:3|.pdf:2|.fdf:2|.jar:3|.pkg:3|.tool:3|.term:3"

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Acrobat Reader\9.0\FeatureLockDown\cDefaultLaunchURLPerms]
"tSchemePerms"="version:2|shell:3|hcp:3|ms-help:3|ms-its:3|ms-itss:3|its:3|mk:3|mhtml:3|help:3|disk:3|afp:3|disks:3|telnet:3|ssh:3|acrobat:2|mailto:2|file:1|rlogin:3|javascript:4|data:3"
"tSponsoredContentSchemeWhiteList"="http|https"
"tFlashContentSchemeWhiteList"="http|https|ftp|rtmp|rtmpe|rtmpt|rtmpte|rtmps|mailto"

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Cryptography]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Cryptography\Configuration]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Cryptography\Configuration\SSL]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Cryptography\Configuration\SSL\00010002]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Office]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Office\12.0]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Office\12.0\Outlook]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Office\12.0\Outlook\Security ]
"NonDefaultStoreScript"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Peernet]
"Disabled"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\CA]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CRLs]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CTLs]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Root]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\Certificates]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\CRLs]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\CTLs]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\trust]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\Certificates]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPublisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPublisher\Certificates]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPublisher\CRLs]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPublisher\CTLs]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Identities]
@=""
"Locked Down"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Cache]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Installer]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Network Connections]
"NC_PersonalFirewallConfig"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\NetworkConnectivityStatusIndicator]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers]
"authenticodeenabled"=dword:00000000
"DefaultLevel"=dword:00040000
"TransparentEnabled"=dword:00000001
"PolicyScope"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{18A1269E-1D49-4310-B157-30DD57AB75CD}]
"SaferFlags"=dword:00000000
"ItemData"="C:\\Documents and Settings\\All Users\\Application Data\\McAfee"

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{1BB04160-01BA-461B-9B99-5A722A6335BF}]
"SaferFlags"=dword:00000000
"ItemData"="C:\\Program Files (x86)\\AVG"

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{40110220-2655-423F-BDD5-42485FBF0598}]
"SaferFlags"=dword:00000000
"ItemData"="C:\\Program Files (x86)\\AVG"

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{5D3C6EF2-535B-4F33-BF61-26E35EAB4916}]
"SaferFlags"=dword:00000000
"ItemData"="C:\\Documents and Settings\\All Users\\Application Data\\Microsoft\\Microsoft Antimalware"

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{7B7E2236-0076-402D-BC97-73DE6AE707DF}]
"SaferFlags"=dword:00000000
"ItemData"="C:\\Program Files (x86)\\Microsoft Security Client"

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{7E804270-4383-4D58-ADA4-249104C74FD7}]
"SaferFlags"=dword:00000000
"ItemData"="C:\\Program Files\\Microsoft Security Client"

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WSDAPI]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WSDAPI\Discovery Proxies]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\Client]
"fEnableUsbNoAckIsochWriteToDevice"=dword:00000050
"fEnableUsbBlockDeviceBySetupClass"=dword:00000001
"fEnableUsbSelectDeviceByInterface"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\Client\UsbBlockDeviceBySetupClasses]
"1000"="{3376f4ce-ff8d-40a2-a80f-bb4359d1415c}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\Client\UsbSelectDeviceByInterfaces]
"1000"="{6bdd1fc6-810f-11d0-bec7-08002be2092f}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Windows File Protection]
"KnownDllList"="nlhtml.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Adobe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Adobe\Acrobat Reader]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Adobe\Acrobat Reader\9.0]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Adobe\Acrobat Reader\9.0\FeatureLockDown]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Adobe\Acrobat Reader\9.0\FeatureLockDown\cDefaultExecMenuItems]
"tWhiteList"="Close|GeneralInfo|Quit|FirstPage|PrevPage|NextPage|LastPage|ActualSize|FitPage|FitWidth|FitHeight|SinglePage|OneColumn|TwoPages|TwoColumns|ZoomViewIn|ZoomViewOut|ShowHideBookmarks|ShowHideThumbnails|Print|GoToPage|ZoomTo|GeneralPrefs|SaveAs|FullScreen|OpenOrganizer|Scan|Web2PDF:OpnURL|AcroSendMail:SendMail|Spelling:Check Spelling|PageSetup|Find|FindSearch|GoBack|GoForward|FitVisible|ShowHideToolbarEditing|ShowHideToolbarCommenting|ShowHideToolbarEdit|ShowHideToolbarFile|ShowHideToolbarFind|ShowHideToolbarForms|ShowHideToolbarMeasuring|ShowHideToolbarData|ShowHideToolbarPageDisplay|ShowHideToolbarNavigation|ShowHideToolbarPrintProduction|ShowHideToolbarRedaction|ShowHideToolbarBasicTools|ShowHideToolbarTasks|ShowHideToolbarTypewriter|PropertyToolbar|ShowHideArticles|ShowHideFileAttachment|ShowHideAnnotManager|ShowHideFields|ShowHideOptCont|ShowHideModelTree|ShowHideSignatures|InsertPages|ExtractPages|ReplacePages|DeletePages|CropPages|RotatePages|AddFileAttachment|FindCurrentBookmark|BookmarkShowLocation|GoBackDoc|GoForward|DocHelpUserGuide|HelpReader|rolReadPage|HandMenuItem|ZoomDragMenuItem|Annots:Tool:InkMenuItem|CollectionHome|CollectionDetails|CollectionPreview|CollectionShowRoot"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Adobe\Acrobat Reader\9.0\FeatureLockDown\cDefaultLaunchAttachmentPerms]
"tBuiltInPermList"="version:1|.ade:3|.adp:3|.app:3|.arc:3|.arj:3|.asp:3|.bas:3|.bat:3|.bz:3|.bz2:3|.cab:3|.chm:3|.class:3|.cmd:3|.com:3|.command:3|.cpl:3|.crt:3|.csh:3|.desktop:3|.dll:3|.exe:3|.fxp:3|.gz:3|.hex:3|.hlp:3|.hqx:3|.hta:3|.inf:3|.ini:3|.ins:3|.isp:3|.its:3|.job:3|.js:3|.jse:3|.ksh:3|.lnk:3|.lzh:3|.mad:3|.maf:3|.mag:3|.mam:3|.maq:3|.mar:3|.mas:3|.mat:3|.mau:3|.mav:3|.maw:3|.mda:3|.mdb:3|.mde:3|.mdt:3|.mdw:3|.mdz:3|.msc:3|.msi:3|.msp:3|.mst:3|.ocx:3|.ops:3|.pcd:3|.pi:3|.pif:3|.prf:3|.prg:3|.pst:3|.rar:3|.reg:3|.scf:3|.scr:3|.sct:3|.sea:3|.shb:3|.shs:3|.sit:3|.tar:3|.taz:3|.tgz:3|.tmp:3|.url:3|.vb:3|.vbe:3|.vbs:3|.vsmacros:3|.vss:3|.vst:3|.vsw:3|.webloc:3|.ws:3|.wsc:3|.wsf:3|.wsh:3|.z:3|.zip:3|.zlo:3|.zoo:3|.pdf:2|.fdf:2|.jar:3|.pkg:3|.tool:3|.term:3"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Adobe\Acrobat Reader\9.0\FeatureLockDown\cDefaultLaunchURLPerms]
"tSchemePerms"="version:2|shell:3|hcp:3|ms-help:3|ms-its:3|ms-itss:3|its:3|mk:3|mhtml:3|help:3|disk:3|afp:3|disks:3|telnet:3|ssh:3|acrobat:2|mailto:2|file:1|rlogin:3|javascript:4|data:3"
"tSponsoredContentSchemeWhiteList"="http|https"
"tFlashContentSchemeWhiteList"="http|https|ftp|rtmp|rtmpe|rtmpt|rtmpte|rtmps|mailto"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Microsoft]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Microsoft\Cryptography]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Microsoft\Cryptography\Configuration]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Microsoft\Cryptography\Configuration\SSL]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Microsoft\Cryptography\Configuration\SSL\00010002]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Microsoft\Office]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Microsoft\Office\12.0]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Microsoft\Office\12.0\Outlook]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Microsoft\Office\12.0\Outlook\Security ]
"NonDefaultStoreScript"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Microsoft\Peernet]
"Disabled"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Microsoft\SystemCertificates]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Microsoft\SystemCertificates\CA]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Microsoft\SystemCertificates\CA\Certificates]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Microsoft\SystemCertificates\CA\CRLs]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Microsoft\SystemCertificates\CA\CTLs]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Microsoft\SystemCertificates\Disallowed]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Microsoft\SystemCertificates\Disallowed\Certificates]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Microsoft\SystemCertificates\Disallowed\CRLs]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Microsoft\SystemCertificates\Disallowed\CTLs]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Microsoft\SystemCertificates\Root]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Microsoft\SystemCertificates\Root\Certificates]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Microsoft\SystemCertificates\Root\CRLs]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Microsoft\SystemCertificates\Root\CTLs]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Microsoft\SystemCertificates\trust]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Microsoft\SystemCertificates\trust\Certificates]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Microsoft\SystemCertificates\trust\CRLs]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Microsoft\SystemCertificates\trust\CTLs]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Microsoft\SystemCertificates\TrustedPeople]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Microsoft\SystemCertificates\TrustedPublisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Microsoft\SystemCertificates\TrustedPublisher\Certificates]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Microsoft\SystemCertificates\TrustedPublisher\CRLs]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Microsoft\SystemCertificates\TrustedPublisher\CTLs]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\CurrentVersion]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\CurrentVersion\Identities]
@=""
"Locked Down"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\CurrentVersion\Internet Settings]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Cache]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\Installer]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\IPSec]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\IPSec\Policy]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\IPSec\Policy\Local]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\Network Connections]
"NC_PersonalFirewallConfig"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\NetworkConnectivityStatusIndicator]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\safer]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\safer\codeidentifiers]
"authenticodeenabled"=dword:00000000
"DefaultLevel"=dword:00040000
"TransparentEnabled"=dword:00000001
"PolicyScope"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\safer\codeidentifiers\0]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{18A1269E-1D49-4310-B157-30DD57AB75CD}]
"SaferFlags"=dword:00000000
"ItemData"="C:\\Documents and Settings\\All Users\\Application Data\\McAfee"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{1BB04160-01BA-461B-9B99-5A722A6335BF}]
"SaferFlags"=dword:00000000
"ItemData"="C:\\Program Files (x86)\\AVG"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{40110220-2655-423F-BDD5-42485FBF0598}]
"SaferFlags"=dword:00000000
"ItemData"="C:\\Program Files (x86)\\AVG"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{5D3C6EF2-535B-4F33-BF61-26E35EAB4916}]
"SaferFlags"=dword:00000000
"ItemData"="C:\\Documents and Settings\\All Users\\Application Data\\Microsoft\\Microsoft Antimalware"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{7B7E2236-0076-402D-BC97-73DE6AE707DF}]
"SaferFlags"=dword:00000000
"ItemData"="C:\\Program Files (x86)\\Microsoft Security Client"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{7E804270-4383-4D58-ADA4-249104C74FD7}]
"SaferFlags"=dword:00000000
"ItemData"="C:\\Program Files\\Microsoft Security Client"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\System]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\WSDAPI]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\WSDAPI\Discovery Proxies]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows NT]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows NT\Terminal Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows NT\Terminal Services\Client]
"fEnableUsbNoAckIsochWriteToDevice"=dword:00000050
"fEnableUsbBlockDeviceBySetupClass"=dword:00000001
"fEnableUsbSelectDeviceByInterface"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows NT\Terminal Services\Client\UsbBlockDeviceBySetupClasses]
"1000"="{3376f4ce-ff8d-40a2-a80f-bb4359d1415c}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows NT\Terminal Services\Client\UsbSelectDeviceByInterfaces]
"1000"="{6bdd1fc6-810f-11d0-bec7-08002be2092f}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows NT\Windows File Protection]
"KnownDllList"="nlhtml.dll"

[HKEY_CURRENT_USER\Software\Policies]

[HKEY_CURRENT_USER\Software\Policies\Microsoft]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA\Certificates]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA\CRLs]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA\CTLs]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\Disallowed]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\trust]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\trust\Certificates]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\trust\CRLs]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\trust\CTLs]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\TrustedPeople]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\Certificates]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\CRLs]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\CTLs]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\5.0]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Cache]

[HKEY_CURRENT_USER\Software\Policies\Power]

[HKEY_CURRENT_USER\Software\Policies\Power\PowerSettings]

 

 

Thanks!



#14 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:25 AM

Posted 10 May 2013 - 11:02 AM

Please download Attached File  fix.reg   648bytes   13 downloads
Double-click it and confirm the prompt to allow to merge.

Important: Restart.

 

Now see if you can run MSI without any problem.


Edited by Farbar, 10 May 2013 - 12:17 PM.


#15 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:25 AM

Posted 10 May 2013 - 12:19 PM

Just to let you know I edited the previous post to add a couple of lines to the fix.reg, so if you have already downloaded or run the fix, please download and run it again.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users