Jump to content

infectedturtle

Members
  • Posts

    21
  • Joined

  • Last visited

Everything posted by infectedturtle

  1. Deleting the profiles from Firefox and Chrome and re-syncing from their servers ended up getting rid of the problem. Thanks for your help. Do you believe I should worry about the security of my passwords?
  2. I went ahead and didn't hard reset my router because I do not want to re-setup all of the intricate things I've done (DD-WRT). I also inspected the .bat file because I do not run scripts without knowing what they do and I have already done the things it was slated to do. No effect. Finally I deleted my user profiles for Chrome and Firefox and we will see if it keeps doing it. I don't ever run IE so that wouldn't have anything to do with the equation.
  3. I am afraid there isn't anything wrong with the Router. None of the other computers in the house have the same symptoms. This isn't a DNS thing because if you try to go to the link again, it will work correctly. It is only the first attempt which redirects. My HOSTS file is also healthy.
  4. Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.05.11.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Lucas :: DEATHWING [administrator] 5/11/2012 10:17:54 AM mbam-log-2012-05-11 (10-17-54).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 203021 Time elapsed: 2 minute(s), 10 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  5. ========== FILES ========== File\Folder C:\Users\Lucas\AppData\Roaming\.minecraft\.minecraft\sqduxv.dll not found. File\Folder C:\Users\Lucas\AppData\Roaming\.minecraft\.minecraft\ulbzyvwiq.dll not found. OTL by OldTimer - Version 3.2.42.3 log created on 05112012_101642
  6. Hello, there is no difference, I am still getting the redirects. Yes I am behind a router, no open ports DD-WRT. Do I need to worry about my passwords? I am considering just wiping the drive and starting over, but I wish I didn't have to. I will run your suggestions and report back.
  7. All processes killed ========== OTL ========== C:\Users\Lucas\AppData\Local\458ffeq4p6hr700641u moved successfully. ADS C:\ProgramData\Microsoft:ao1VlNx8YbGrn9Wv1Onms6MKZd deleted successfully. ADS C:\ProgramData\Microsoft:wXz4oHAJVT4QGLZeJNjw8iHdTa deleted successfully. ========== COMMANDS ========== [EMPTYJAVA] User: All Users User: Default User: Default User User: Lucas ->Java cache emptied: 1494674 bytes User: Public Total Java Files Cleaned = 1.00 mb [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 56475 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Lucas ->Temp folder emptied: 56861689 bytes ->Temporary Internet Files folder emptied: 62597174 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 326331337 bytes ->Google Chrome cache emptied: 314060122 bytes ->Flash cache emptied: 59054 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 56659301 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67563 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 779.00 mb OTL by OldTimer - Version 3.2.42.3 log created on 05102012_203231 Files\Folders moved on Reboot... C:\Users\Lucas\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. Registry entries deleted on Reboot...
  8. Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.05.08.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Lucas :: DEATHWING [administrator] 5/8/2012 8:14:04 PM mbam-log-2012-05-08 (20-14-04).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 201952 Time elapsed: 2 minute(s), 51 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Users\Lucas\AppData\Roaming\.minecraft\.minecraft\sqduxv.dll (Trojan.Happili.XGen) -> Quarantined and deleted successfully. (end)
  9. OTL Extras logfile created on: 5/9/2012 8:36:01 PM - Run 1 OTL by OldTimer - Version 3.2.42.3 Folder = C:\Users\Lucas\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 5.95 Gb Total Physical Memory | 3.04 Gb Available Physical Memory | 51.15% Memory free 11.90 Gb Paging File | 8.50 Gb Available in Paging File | 71.43% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 185.55 Gb Total Space | 73.48 Gb Free Space | 39.60% Space Free | Partition Type: NTFS Drive D: | 384.82 Gb Total Space | 336.30 Gb Free Space | 87.39% Space Free | Partition Type: NTFS Drive V: | 465.76 Gb Total Space | 81.28 Gb Free Space | 17.45% Space Free | Partition Type: NTFS Computer Name: DEATHWING | User Name: Lucas | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-1039735209-2586580631-372817727-1001\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [git_shell] -- wscript "C:\Program Files (x86)\Git\Git Bash.vbs" "%1" Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [git_shell] -- wscript "C:\Program Files (x86)\Git\Git Bash.vbs" "%1" Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{07D49986-0F1A-45EC-A280-BA1E1BFCA5D5}" = rport=445 | protocol=6 | dir=out | app=system | "{0E547AD4-6C7D-4922-B0A5-57AA32EF4210}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | "{1F6D502C-2C4E-4458-B162-5F8517D27BBB}" = rport=137 | protocol=17 | dir=out | app=system | "{41B34316-FA7D-432B-9A5E-73C2242E7EFF}" = lport=139 | protocol=6 | dir=in | app=system | "{51BC914D-F727-4CC5-BF5D-E19340C09CB9}" = lport=10243 | protocol=6 | dir=in | app=system | "{69047C5D-1F28-4D19-96F8-826821DBC526}" = lport=445 | protocol=6 | dir=in | app=system | "{74E8E680-3E8B-433B-8861-9A3D3E80E179}" = lport=2869 | protocol=6 | dir=in | app=system | "{7EC1554B-4196-45A1-8680-67748C427655}" = rport=10243 | protocol=6 | dir=out | app=system | "{8AE60E59-2B45-47D7-ABB5-0356FB9EE0B3}" = lport=137 | protocol=17 | dir=in | app=system | "{95A2FD3C-5F06-48C8-BF89-9D845DFA1A21}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{98A86C84-D4CD-4E09-9B69-6AE3A3B57E0A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{9952FB3F-F5BB-48F9-B8F7-44BE8C168CC7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{9DA80E49-0E77-437A-8EF9-78B7ED46A596}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{A69A412E-0C74-423D-9B94-8D75F294D6BF}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{A8DD4062-C724-46BE-A078-760C18609C13}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{AD3283D1-98F0-461B-816B-A7220ABDFFC7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{B011C823-BEF8-471A-9441-6FEE9D680D4F}" = rport=139 | protocol=6 | dir=out | app=system | "{BD336E05-35AF-4E31-A90F-E7E6FC940E6B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{C1EA5AA9-D05F-4EC7-8F35-20BE2CB12619}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{CA101BE4-0B88-46A5-A1AB-F726B82D613D}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service v4\intuitupdater.exe | "{CE90214D-703F-41F0-B80A-217E0D4885A3}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{D35FB18C-6703-4C3D-B692-2997BBC4F26D}" = lport=138 | protocol=17 | dir=in | app=system | "{DC2D579D-3726-44FB-81CC-10625884C111}" = rport=138 | protocol=17 | dir=out | app=system | "{DEF646C2-C0CF-4802-B1B2-600D3AB5B28F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{F1F20752-9FF5-4A46-A21C-9E8977C0EA7F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{FFBB33F3-CA20-4F89-B901-C0DB6BAF09A7}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service v4\intuitupdateservice.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{03D79D47-765C-4C44-8716-98EDA7F0B05F}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | "{0755C145-E940-4A0F-81F3-AC938D5E838C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe | "{076D6C45-551D-4A5F-BB33-EE2C703E4768}" = protocol=17 | dir=in | app=c:\users\lucas\appdata\local\google\google talk plugin\googletalkplugin.exe | "{0A5AD457-2F44-4605-96C7-7C37996E20FA}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{0D69519C-73E2-4B26-A72B-860A679824FC}" = protocol=6 | dir=in | app=c:\program files (x86)\tightvnc\vncviewer.exe | "{0EC6CFBE-78EE-4085-8466-95C43BE081F3}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe | "{16214C53-3B30-43B3-9C15-BABBF9FC6FEE}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{165EE9F6-7E9C-4596-9711-7C918ECA35DB}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "{19A3DDE1-B234-412B-AB80-E6D5D6C89789}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{1E79C1D1-AFD5-479B-8E26-0FA730F091AC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{1F312B0F-523F-4657-8908-B1F9B39B1BF3}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | "{21E0959A-EEB6-4E22-AF03-F109DCED3CD0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{24C638BB-4651-42AA-A593-E7E01293DEC0}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{2B800D48-E6C2-4398-B637-AD00A2BB6E4D}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | "{3C3B3988-5CEF-464B-A775-80E4EEAAA75B}" = protocol=17 | dir=in | app=c:\users\lucas\appdata\roaming\dropbox\bin\dropbox.exe | "{3E2BF12D-4D24-4389-8407-2A4E0F62AEA9}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "{3E9B38BA-1BCE-4153-AFE0-1FFAFDBA117F}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{4244EDDD-2E43-4893-A2B9-A08C1F50DAA0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{4280E864-B11B-4E01-88AD-CFC7288033D1}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe | "{4BD35305-41A5-4013-985C-E4C19AFE795D}" = protocol=6 | dir=in | app=c:\users\lucas\appdata\roaming\dropbox\bin\dropbox.exe | "{4D7DF199-37B3-488B-8793-29B57CC9C48D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{52B082D7-88F9-4138-B651-B671088F3F6A}" = protocol=6 | dir=in | app=c:\users\lucas\appdata\local\google\google talk plugin\googletalkplugin.exe | "{53F1D0AD-E211-48F4-9960-3AD539A18A98}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\snuggle truck\snuggle truck.exe | "{555358B1-1C58-49EA-AFAE-D6F3DCA356F0}" = dir=in | app=c:\program files (x86)\splashtop\splashtop remote\server\dataproxy.exe | "{5857BE5D-093C-41DC-A65C-9856DA064D8A}" = protocol=17 | dir=in | app=c:\users\lucas\appdata\local\google\google talk plugin\googletalkplugin.exe | "{62BB5FC2-6854-4FB6-8785-3AC24715CAE7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{64BFF7EE-E9DF-4148-89EC-E691EFB09D99}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{6DFA3FB7-5DC4-49DC-B596-884D8A0AFF01}" = protocol=6 | dir=in | app=c:\users\lucas\appdata\local\google\google talk plugin\googletalkplugin.exe | "{6E14714F-017B-4A6F-8C9F-282524C31493}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{74E41ADC-B2D3-4449-873B-E15D955A693F}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{7A92038B-D1B9-408F-9A1C-DD6B59D958B7}" = dir=in | app=c:\program files (x86)\intel corporation\intel wireless display\widiapp.exe | "{7F27402E-9AD7-420A-8765-2EBA15B42C83}" = protocol=6 | dir=in | app=c:\windows\system32\java.exe | "{8189EA91-D5A8-4784-B1E5-77BB4914B61C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe | "{83D90476-0F73-418D-B83E-9A40B42E14E7}" = dir=in | app=c:\program files (x86)\splashtop\splashtop remote\server\srfeature.exe | "{860D8CF8-FFD2-40EA-9DD7-BB2E3616C472}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\snuggle truck\snuggle truck.exe | "{878187EE-E950-4AA6-A4B8-5023B2E32A46}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{88959DEC-CBBF-4BC3-B9BE-D4C13EB11F49}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{8BF12400-7337-4C04-9433-775863E3A22C}" = protocol=17 | dir=in | app=c:\program files (x86)\tightvnc\vncviewer.exe | "{8D1E7393-C817-4116-BE65-C8FB6304FAF0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{8DF5B141-B7C6-4F69-A4DB-9FD206752E0D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{906F72CD-2DEF-4897-B9C4-E9D8ED128840}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{94A2A794-CCB3-4818-9F69-C4022B1D959D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{953F23BD-4876-4FFC-83ED-67903CDBE8FA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{954D4F35-40C2-484B-AF95-9FB034F6FB8D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{95A8ED67-1A2A-4DC3-BF54-372CCFBE7B0A}" = dir=in | app=c:\program files (x86)\splashtop\splashtop remote\server\inputserv.exe | "{95B84ED9-4916-4B87-84FD-F80E391725C4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{9852AEDE-5D97-4E47-8C1C-C2E547422E1E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe | "{9F02C85D-441E-47C7-9C53-83C9A9B0FC94}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{9F9C8142-1340-4B00-B83E-DE76BD2E4571}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{A0AF4E54-C6D3-482F-9E1D-D15A8EEBA2A8}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | "{B1D0C305-A779-4741-AA36-2037EEEC6A1F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe | "{B2EF2011-5C1E-4AC6-9258-D165A3548E24}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{B6042080-540C-4DC9-80B0-81A77B93C014}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{BA2CAB99-FEC0-48F2-AFE7-E42377A63E5A}" = dir=in | app=c:\program files (x86)\splashtop\splashtop remote\server\srlogin.exe | "{CAAD8350-BF6B-4930-BFEB-E6ACA4A2B80B}" = protocol=6 | dir=out | app=system | "{CDDF97B1-9C14-4D05-A30D-26485B383479}" = protocol=17 | dir=in | app=c:\windows\system32\java.exe | "{CF22F183-A128-4612-9F8A-7DAFFE2CC8BD}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | "{D2868EE2-D511-436A-B284-328F92ABE627}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{D3FE344F-395F-4600-8ABA-4CAFB78895C2}" = dir=in | app=c:\program files (x86)\splashtop\splashtop remote\server\srserver.exe | "{DCBB9DBD-1A05-431D-9F00-9D2B500D738C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\omghahalol\counter-strike source\hl2.exe | "{DDB38C2E-D5EB-405F-B627-1DAE330B165D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{E7197AB7-6BAB-4F7A-8A50-ADB613FFA1A8}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{EF652DEE-35FA-4F77-BFC5-DEC6978F5713}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\omghahalol\counter-strike source\hl2.exe | "{F6F3A91A-A946-4980-B80C-478B3E49419A}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{FE4845ED-11BE-4716-8A38-521EB6DF6DFB}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "TCP Query User{2CB272B9-BD52-4273-9336-2E22F0589C06}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe | "TCP Query User{91C08A13-C715-47BF-9320-D403AE710D75}C:\program files (x86)\calibre2\calibre.exe" = protocol=6 | dir=in | app=c:\program files (x86)\calibre2\calibre.exe | "TCP Query User{A477644C-926E-4231-8251-A2D7B9C9A953}C:\program files (x86)\musicbrainz picard\picard.exe" = protocol=6 | dir=in | app=c:\program files (x86)\musicbrainz picard\picard.exe | "TCP Query User{ECB7B1E9-D27A-44A2-B990-312A29AD0AC2}C:\program files (x86)\steam\steamapps\omghahalol\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\omghahalol\counter-strike source\hl2.exe | "TCP Query User{F55B1B18-36AB-45C4-A306-76EEBB9B0033}C:\users\lucas\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\lucas\appdata\roaming\dropbox\bin\dropbox.exe | "UDP Query User{25C05CE1-D6C2-4B8C-B9AC-25DAF847DE1A}C:\program files (x86)\steam\steamapps\omghahalol\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\omghahalol\counter-strike source\hl2.exe | "UDP Query User{B4804827-2ACF-44A8-B98E-539D297590C5}C:\users\lucas\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\lucas\appdata\roaming\dropbox\bin\dropbox.exe | "UDP Query User{C31320E2-4838-4F1F-BD2C-2CFD5056104A}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe | "UDP Query User{EA63E4F3-A1AB-4607-870D-34645A20E634}C:\program files (x86)\musicbrainz picard\picard.exe" = protocol=17 | dir=in | app=c:\program files (x86)\musicbrainz picard\picard.exe | "UDP Query User{F428297E-1B32-4804-B150-A16912D4F33F}C:\program files (x86)\calibre2\calibre.exe" = protocol=17 | dir=in | app=c:\program files (x86)\calibre2\calibre.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518) "{054EF02F-95D8-48F4-9EEB-2F9CE3072ED8}" = AuthenTec TrueAPI "{07E570C2-CEFF-4AA4-BDA7-DA2B4CDD3E62}" = Fresco Logic USB3.0 Host Controller "{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp version 0.99.8 "{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64 "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition) "{25FBDA9A-E868-4B3B-B9FF-D923818511A1}" = Intel® PROSet/Wireless WiFi Software "{26A24AE4-039D-4CA4-87B4-2F86417002FF}" = Java 7 Update 2 (64-bit) "{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel® Wireless Display "{3156336D-8E44-3671-A6FE-AE51D3D6564E}" = Microsoft Windows SDK for Windows 7 (7.1) "{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64 "{467D5E81-8349-4892-9E81-C3674ED8E451}" = Cisco Systems VPN Client 5.0.07.0290 "{49033FF4-8C1C-0EB9-C0A6-4691CB18D0A4}" = ccc-utility64 "{4BDE7544-0A08-4AD9-8A8F-4B7944471C36}" = iTunes "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{5601F151-A69F-4E30-8C60-37928124CD07}" = HP 3D DriveGuard "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{64A3A4F4-B792-11D6-A78A-00B0D0170020}" = Java SE Development Kit 7 Update 2 (64-bit) "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{79174AF2-6CB1-42F5-981E-66DCA49391D0}" = Validity WBF DDK "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64 "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010 "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 "{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64 "{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64 "{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64 "{9B2C4509-2B9F-4303-BA74-E2F9BB773F03}" = Oracle VM VirtualBox 4.1.8 "{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client "{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64 "{B0F1D023-EF17-43DF-A702-25E0FFFE4129}" = TortoiseGit 1.7.7.0 (64 bit) "{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support "{BA9A297F-0198-4EE8-90CB-F5036C180E1D}" = Novacomd "{C27D5B91-DA53-3AEB-5CD5-5F6E0C87459A}" = AMD Catalyst Install Manager "{C7B40C35-85AE-4303-9EEA-1A1EA779664D}" = Intel® PROSet/Wireless Software for Bluetooth® Technology "{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64 "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{DBFC6AAE-DCCB-4C23-B01C-3EDDDC03298B}" = Debugging Tools for Windows (x64) "{EA01EDC3-CFB8-47DA-8C74-53069EB0BD00}" = ASUS Android USB Drivers "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "332CCC08910F1AE2E4D90D25DEDE87E3EF797832" = Windows Driver Package - Palm (WinUSB) Palm Devices (10/09/2009 1.0.1) "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit "CCleaner" = CCleaner "Defraggler" = Defraggler "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft Security Client" = Microsoft Security Essentials "ProInst" = Intel PROSet Wireless "SDKSetup_7.1.7600.0.30514" = Microsoft Windows SDK for Windows 7 (7.1) "SynTPDeinstKey" = Synaptics TouchPad Driver "TeraCopy_is1" = TeraCopy 2.2 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00A53800-BA75-3E9E-BD52-10171E5640B6}" = CCC Help Greek "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{0296D4D2-DA68-2DFD-5AC1-6FB04354A86E}" = PX Profile Update "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{04098274-E98C-86E3-1B2C-50E32E561DF5}" = CCC Help Korean "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{0502C9CA-D1A3-B741-2F0B-A4E6CDDFEF0E}" = CCC Help Norwegian "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0E33EC53-22CE-426C-A88B-2AAC231BAC85}" = Catalyst Control Center - Branding "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86 "{163A486D-BE65-487E-98D9-F5298F3D5E15}" = PhotoTools 2.5 "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{1C34B2AF-0D61-1784-8BC8-219F969BEFD6}" = PX Profile Update "{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1" = Geeks3D.com FurMark 1.9.1 "{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java 6 Update 29 "{26A24AE4-039D-4CA4-87B4-2F83217000FF}" = Java 7 "{285F722C-0E45-47DE-B38E-5B3B10FA4A7C}" = HP Quick Launch "{28B14C2C-B62F-E50C-EECD-97FF3C1ED3CE}" = CCC Help French "{28FE073B-1230-4BF6-830C-7434FD0C0069}" = HP Software Framework "{2D049D1D-CA58-9652-B7C6-19CB98649923}" = CCC Help Dutch "{2EFEAD58-3311-4B2B-9D8A-8D663581D109}" = Splashtop Streamer "{32A3A4F4-B792-11D6-A78A-00B0D0160270}" = Java SE Development Kit 6 Update 27 "{33DFAA69-9EF2-F12B-C6F5-4AF9FD445CF6}" = CCC Help Swedish "{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help "{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7 "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology "{4741965C-AFD0-4D00-81D1-1039F96D4DC3}" = HP SimplePass 2011 "{480DCAD1-8670-66EA-8EBA-178047059A13}" = CCC Help German "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4E33D05D-76CF-5D3C-4D5D-7727530FA161}" = Adobe Content Viewer "{4EA540A5-03BD-9B22-A3DD-E7BDCD879D70}" = CCC Help Finnish "{53CF3920-648B-4F99-8D05-6A6C5298F57B}" = Adobe Creative Suite 5.5 Design Standard "{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver "{55B6344C-AE4F-4DA8-BF32-D7AE0CB4D2BE}_is1" = theRenamer 7.57 "{5B46CEC7-DAD0-46A2-BCD6-B46A3CFD9B61}" = Intel® Wireless Display "{5E58CCDF-4A36-453F-A091-DA8F8D1643B5}" = CCC Help Danish "{60070423-DE0B-59FF-D4B7-16BDB8957864}" = CCC Help Portuguese "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.1.0 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{74FBB537-8915-329D-393E-FDB7DC69A339}" = CCC Help Japanese "{755F4903-030D-B017-30F2-4D5BE92C8D38}" = CCC Help Italian "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{795AADBF-58C2-42D0-B779-E730702A247E}" = HP Connection Manager "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{896C4E12-4857-9715-9F9D-249561D2D7EE}" = CCC Help Thai "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12 "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010 "{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010 "{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010 "{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010 "{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 "{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010 "{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 "{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010 "{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 "{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010 "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010 "{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 "{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010 "{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90932C65-D68E-4257-AEE8-EBBFC36AC601}" = KENWOOD Music Editor Light "{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{968298EC-86D4-8F84-5ABC-E976C5CDA417}" = CCC Help Spanish "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5 "{A79024ED-1969-334A-1ED6-16753F9DE377}" = CCC Help English "{A99BE117-F10C-470D-AE6D-DC2889F5F24E}" = Avadon "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5 "{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3) "{AEAB754A-426C-4738-89C1-52FCB389FCDF}" = calibre "{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86 "{BBDD3C95-E069-E346-6D1B-CC76AE448550}" = CCC Help Chinese Standard "{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader "{C57C21C0-CE1B-26D5-1215-B26862051F6F}" = Catalyst Control Center "{C86CB1B1-4BD0-7BFB-88CF-76762C8CE1D3}" = Catalyst Control Center Graphics Previews Common "{C89269D9-DD02-45DD-99DD-6AE592F6C447}" = TurboTax 2011 wcaiper "{CAF5B770-082F-40C4-853D-3973BB81BDAA}" = TurboTax 2011 WinPerTaxSupport "{CD05F1BC-FC63-1E93-4094-82BC33662E76}" = Catalyst Control Center Localization All "{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}" = System Requirements Lab for Intel "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D61F78AF-A111-9DAE-8368-E3230B168F03}" = CCC Help Polish "{D629D8F0-CA96-11ED-FEAC-38C95F24F4E3}" = CCC Help Russian "{D8CABEA0-CAFB-9320-5F46-EAF31535203F}" = CCC Help Turkish "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{DBCD5E64-7379-4648-9444-8A6558DCB614}" = Recovery Manager "{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio "{E463E171-4082-4744-A466-F7CBE8502789}" = TurboTax 2011 WinPerReleaseEngine "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support "{ED1BD69A-07E3-418C-91F1-D856582581BF}" = HP On Screen Display "{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}" = TurboTax 2011 wrapper "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Display Audio Driver "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center "{F9941E63-AB58-1382-BC5D-545C4A2AA9B1}" = CCC Help Hungarian "{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}" = TurboTax 2011 WinPerFedFormset "{FC3FEC23-8BBB-CA39-DD99-C981F25A5D39}" = CCC Help Chinese Traditional "{FC8292ED-7E61-4370-15D1-60171263AA1D}" = CCC Help Czech "{FD207C2C-A7FF-332A-AC85-5A5ACED6F31B}" = Google Talk Plugin "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Adobe AIR" = Adobe AIR "Afterburner" = MSI Afterburner 2.1.0 "Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode) "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help "com.adobe.dmp.contentviewer" = Adobe Content Viewer "dBpoweramp DSP Effects" = dBpoweramp DSP Effects "dBpoweramp m4a Codec" = dBpoweramp m4a Codec "dBpoweramp Midi Decoder" = dBpoweramp Midi Decoder "dBpoweramp Music Converter" = dBpoweramp Music Converter "EPSON Scanner" = EPSON Scan "FileZilla Client" = FileZilla Client 3.5.3 "FreeCommander_is1" = FreeCommander 2009.02b "Git_is1" = Git version 1.7.9-preview20120201 "HandBrake" = HandBrake 0.9.5 "ImgBurn" = ImgBurn "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "InstallShield_{2EFEAD58-3311-4B2B-9D8A-8D663581D109}" = Splashtop Streamer "InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD "Launchy_21344213_is1" = Launchy 2.6 Beta 2 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400 "Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US) "Mozilla Thunderbird 10.0.2 (x86 en-US)" = Mozilla Thunderbird 10.0.2 (x86 en-US) "MozillaMaintenanceService" = Mozilla Maintenance Service "Mp3tag" = Mp3tag v2.49 "MusicBrainz Picard" = MusicBrainz Picard "Notepad++" = Notepad++ "Office14.PROPLUSR" = Microsoft Office Professional Plus 2010 "Picasa 3" = Picasa 3 "PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software "ProInst" = Intel PROSet Wireless "PuTTY_is1" = PuTTY version 0.61 "SABnzbd" = SABnzbd 0.6.12 "StarCraft II" = StarCraft II "Steam App 111100" = Snuggle Truck "Steam App 300" = Day of Defeat: Source "Steam App 4000" = Garry's Mod "Steam App 440" = Team Fortress 2 "Steam App 550" = Left 4 Dead 2 "TightVNC" = TightVNC 2.0.4 "TrueCrypt" = TrueCrypt "TurboTax 2011" = TurboTax 2011 "VLC media player" = VLC media player 2.0.0 "WBFS Manager 3.0" = WBFS Manager 3.0 "WinMerge_is1" = WinMerge 2.12.4 ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1039735209-2586580631-372817727-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox "Google Chrome" = Google Chrome ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 4/18/2012 3:45:39 AM | Computer Name = Deathwing | Source = ATIeRecord | ID = 16398 Description = ATI EEU failed to post message to CCC Error - 4/18/2012 3:45:39 AM | Computer Name = Deathwing | Source = ATIeRecord | ID = 16398 Description = ATI EEU failed to post message to CCC Error - 4/18/2012 3:45:39 AM | Computer Name = Deathwing | Source = ATIeRecord | ID = 16398 Description = ATI EEU failed to post message to CCC Error - 4/18/2012 3:45:39 AM | Computer Name = Deathwing | Source = ATIeRecord | ID = 16398 Description = ATI EEU failed to post message to CCC Error - 4/18/2012 3:45:39 AM | Computer Name = Deathwing | Source = ATIeRecord | ID = 16398 Description = ATI EEU failed to post message to CCC Error - 4/18/2012 3:45:39 AM | Computer Name = Deathwing | Source = ATIeRecord | ID = 16398 Description = ATI EEU failed to post message to CCC Error - 4/18/2012 3:45:39 AM | Computer Name = Deathwing | Source = ATIeRecord | ID = 16398 Description = ATI EEU failed to post message to CCC Error - 4/18/2012 3:45:39 AM | Computer Name = Deathwing | Source = ATIeRecord | ID = 16398 Description = ATI EEU failed to post message to CCC Error - 4/18/2012 3:45:39 AM | Computer Name = Deathwing | Source = ATIeRecord | ID = 16398 Description = ATI EEU failed to post message to CCC Error - 4/18/2012 10:31:54 AM | Computer Name = Deathwing | Source = WinMgmt | ID = 10 Description = [ Hewlett-Packard Events ] Error - 9/9/2011 5:08:19 PM | Computer Name = Deathwing | Source = Hewlett-Packard | ID = 0 Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\091109020801.xml File not created by asset agent Error - 9/9/2011 5:13:33 PM | Computer Name = Deathwing | Source = Hewlett-Packard | ID = 0 Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\091109021331.xml File not created by asset agent [ HP Connection Manager Events ] Error - 4/11/2012 11:55:33 PM | Computer Name = Deathwing | Source = hpCMSrv | ID = 5 Description = 2012/04/11 20:55:33.171|00001AA0|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged failed [hr:0x800706BA] Error - 4/11/2012 11:56:33 PM | Computer Name = Deathwing | Source = hpCMSrv | ID = 5 Description = 2012/04/11 20:56:33.169|00001AA0|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged failed [hr:0x800706BA] Error - 4/11/2012 11:57:33 PM | Computer Name = Deathwing | Source = hpCMSrv | ID = 5 Description = 2012/04/11 20:57:33.167|00001AA0|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged failed [hr:0x800706BA] Error - 4/11/2012 11:58:33 PM | Computer Name = Deathwing | Source = hpCMSrv | ID = 5 Description = 2012/04/11 20:58:33.165|00001AA0|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged failed [hr:0x800706BA] Error - 4/11/2012 11:59:33 PM | Computer Name = Deathwing | Source = hpCMSrv | ID = 5 Description = 2012/04/11 20:59:33.162|00001AA0|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged failed [hr:0x800706BA] Error - 4/12/2012 12:00:33 AM | Computer Name = Deathwing | Source = hpCMSrv | ID = 5 Description = 2012/04/11 21:00:33.160|00001AA0|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged failed [hr:0x800706BA] Error - 4/12/2012 12:01:33 AM | Computer Name = Deathwing | Source = hpCMSrv | ID = 5 Description = 2012/04/11 21:01:33.173|00001AA0|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged failed [hr:0x800706BA] Error - 4/12/2012 12:02:33 AM | Computer Name = Deathwing | Source = hpCMSrv | ID = 5 Description = 2012/04/11 21:02:33.171|00001AA0|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged failed [hr:0x800706BA] Error - 4/16/2012 11:36:24 PM | Computer Name = Deathwing | Source = hpCMSrv | ID = 5 Description = 2012/04/16 20:36:24.007|00001814|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged failed [hr:0x800706BA] Error - 4/16/2012 11:36:28 PM | Computer Name = Deathwing | Source = hpCMSrv | ID = 5 Description = 2012/04/16 20:36:28.990|00001814|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged failed [hr:0x800706BA] [ HP Software Framework Events ] Error - 4/30/2012 11:05:10 PM | Computer Name = Deathwing | Source = CaslSmBios | ID = 5 Description = 2012/04/30 20:05:10.602|00001174|Error |[CaslWmi]XmlTools::Validate{hpCasl.enReturnCode(string,string)}|The 'schemas-hp-com.casl:TechnologyType' element is invalid - The value '' is invalid according to its datatype 'schemas-hp-com.casl:technologyTypeValue' - The Enumeration constraint failed. Error - 5/2/2012 12:37:50 PM | Computer Name = Deathwing | Source = CaslWmi | ID = 5 Description = 2012/05/02 09:37:50.076|00000F04|Error |[CaslWmi]CommandPanelBrightness::GetCurrentPanelBrightnessFromOS{hpCasl.enReturnCode(CaslWmi.enPanelBrightnessDataType,ushort&)}|Exception occurred in querying WMI for WmiMonitorBrightness: 'Not supported ' Error - 5/2/2012 12:37:50 PM | Computer Name = Deathwing | Source = CaslWmi | ID = 5 Description = 2012/05/02 09:37:50.330|00000F04|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state Error - 5/8/2012 12:41:37 AM | Computer Name = Deathwing | Source = CaslWmi | ID = 5 Description = 2012/05/07 21:41:37.153|00001844|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state Error - 5/8/2012 9:35:36 AM | Computer Name = Deathwing | Source = CaslWmi | ID = 5 Description = 2012/05/08 06:35:36.442|00001784|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state Error - 5/8/2012 11:15:12 PM | Computer Name = Deathwing | Source = CaslWmi | ID = 5 Description = 2012/05/08 20:15:12.203|00000FC8|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state Error - 5/8/2012 11:23:25 PM | Computer Name = Deathwing | Source = CaslWmi | ID = 5 Description = 2012/05/08 20:23:25.940|000018E4|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state Error - 5/9/2012 12:21:42 PM | Computer Name = Deathwing | Source = CaslWmi | ID = 5 Description = 2012/05/09 09:21:42.638|0000140C|Error |[CaslWmi]CommandPanelBrightness::GetCurrentPanelBrightnessFromOS{hpCasl.enReturnCode(CaslWmi.enPanelBrightnessDataType,ushort&)}|Exception occurred in querying WMI for WmiMonitorBrightness: 'Not supported ' Error - 5/9/2012 12:21:42 PM | Computer Name = Deathwing | Source = CaslWmi | ID = 5 Description = 2012/05/09 09:21:42.816|0000140C|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state Error - 5/9/2012 12:23:25 PM | Computer Name = Deathwing | Source = CaslWmi | ID = 5 Description = 2012/05/09 09:23:25.173|00001D84|Error |[CaslWmi]CommandPanelBrightness::GetCurrentPanelBrightnessFromOS{hpCasl.enReturnCode(CaslWmi.enPanelBrightnessDataType,ushort&)}|Exception occurred in querying WMI for WmiMonitorBrightness: 'Not supported ' [ System Events ] Error - 5/3/2012 9:31:54 AM | Computer Name = Deathwing | Source = Disk | ID = 262155 Description = The driver detected a controller error on \Device\Harddisk1\DR10. Error - 5/3/2012 9:31:55 AM | Computer Name = Deathwing | Source = Disk | ID = 262155 Description = The driver detected a controller error on \Device\Harddisk1\DR10. Error - 5/8/2012 3:09:37 PM | Computer Name = Deathwing | Source = Service Control Manager | ID = 7034 Description = The Bluetooth Device Monitor service terminated unexpectedly. It has done this 1 time(s). Error - 5/8/2012 3:09:37 PM | Computer Name = Deathwing | Source = Service Control Manager | ID = 7034 Description = The Bluetooth OBEX Service service terminated unexpectedly. It has done this 1 time(s). Error - 5/8/2012 3:09:37 PM | Computer Name = Deathwing | Source = Service Control Manager | ID = 7034 Description = The Bluetooth Media Service service terminated unexpectedly. It has done this 1 time(s). Error - 5/8/2012 3:13:44 PM | Computer Name = Deathwing | Source = Service Control Manager | ID = 7030 Description = The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error - 5/8/2012 3:16:44 PM | Computer Name = Deathwing | Source = Application Popup | ID = 1060 Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error - 5/8/2012 3:17:12 PM | Computer Name = Deathwing | Source = Service Control Manager | ID = 7030 Description = The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error - 5/8/2012 10:29:31 PM | Computer Name = Deathwing | Source = Service Control Manager | ID = 7030 Description = The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error - 5/8/2012 10:32:03 PM | Computer Name = Deathwing | Source = Service Control Manager | ID = 7030 Description = The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. < End of report >
  10. OTL logfile created on: 5/9/2012 8:36:01 PM - Run 1 OTL by OldTimer - Version 3.2.42.3 Folder = C:\Users\Lucas\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 5.95 Gb Total Physical Memory | 3.04 Gb Available Physical Memory | 51.15% Memory free 11.90 Gb Paging File | 8.50 Gb Available in Paging File | 71.43% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 185.55 Gb Total Space | 73.48 Gb Free Space | 39.60% Space Free | Partition Type: NTFS Drive D: | 384.82 Gb Total Space | 336.30 Gb Free Space | 87.39% Space Free | Partition Type: NTFS Drive V: | 465.76 Gb Total Space | 81.28 Gb Free Space | 17.45% Space Free | Partition Type: NTFS Computer Name: DEATHWING | User Name: Lucas | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/05/09 20:35:04 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Lucas\Desktop\OTL.exe PRC - [2012/05/09 09:38:23 | 004,731,392 | ---- | M] (AVAST Software) -- D:\Dropbox\aswMBR.exe PRC - [2012/05/04 11:41:36 | 027,087,944 | ---- | M] (Dropbox, Inc.) -- C:\Users\Lucas\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2012/03/14 22:20:30 | 000,370,504 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe PRC - [2012/02/15 10:32:12 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe PRC - [2012/02/09 13:44:10 | 000,531,328 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe PRC - [2012/02/09 13:44:06 | 002,509,184 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe PRC - [2012/02/09 13:43:46 | 002,029,952 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\DataProxy.exe PRC - [2012/01/08 23:08:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011/09/01 18:06:50 | 000,227,896 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe PRC - [2011/08/25 18:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe PRC - [2011/08/19 15:48:44 | 000,379,960 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe PRC - [2011/07/20 05:07:50 | 000,260,424 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe PRC - [2011/07/20 05:07:32 | 000,653,128 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe PRC - [2011/07/20 05:07:06 | 000,142,664 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe PRC - [2011/07/11 15:04:44 | 000,574,008 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe PRC - [2011/07/11 15:04:44 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe PRC - [2011/06/16 20:49:40 | 000,402,944 | ---- | M] () -- C:\Apps\envyTouchPad.exe PRC - [2011/05/20 11:10:26 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2011/05/20 11:10:12 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe PRC - [2011/03/30 15:01:10 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe PRC - [2011/03/08 12:21:10 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe PRC - [2011/02/15 15:48:52 | 001,071,160 | ---- | M] (Hewlett-Packard Development Company L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe PRC - [2011/01/24 15:34:06 | 000,991,296 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe PRC - [2011/01/24 15:34:04 | 001,298,496 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe PRC - [2011/01/24 15:33:30 | 000,901,184 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe PRC - [2011/01/24 15:33:24 | 000,979,008 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe PRC - [2010/12/23 18:25:02 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe PRC - [2010/12/23 18:24:58 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe PRC - [2010/11/10 20:28:40 | 000,405,504 | ---- | M] () -- C:\Program Files (x86)\Launchy\Launchy.exe PRC - [2010/11/01 18:35:30 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\ASTSRV.EXE PRC - [2010/03/23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe ========== Modules (No Company Name) ========== MOD - [2012/04/27 19:07:01 | 000,444,400 | ---- | M] () -- C:\Users\Lucas\AppData\Local\Google\Chrome\Application\18.0.1025.168\ppgooglenaclpluginchrome.dll MOD - [2012/04/27 19:06:59 | 003,915,248 | ---- | M] () -- C:\Users\Lucas\AppData\Local\Google\Chrome\Application\18.0.1025.168\pdf.dll MOD - [2012/04/27 19:05:45 | 000,544,240 | ---- | M] () -- C:\Users\Lucas\AppData\Local\Google\Chrome\Application\18.0.1025.168\libglesv2.dll MOD - [2012/04/27 19:05:44 | 000,117,744 | ---- | M] () -- C:\Users\Lucas\AppData\Local\Google\Chrome\Application\18.0.1025.168\libegl.dll MOD - [2012/04/27 19:05:34 | 000,122,880 | ---- | M] () -- C:\Users\Lucas\AppData\Local\Google\Chrome\Application\18.0.1025.168\avutil-51.dll MOD - [2012/04/27 19:05:33 | 000,220,672 | ---- | M] () -- C:\Users\Lucas\AppData\Local\Google\Chrome\Application\18.0.1025.168\avformat-53.dll MOD - [2012/04/27 19:05:32 | 001,747,456 | ---- | M] () -- C:\Users\Lucas\AppData\Local\Google\Chrome\Application\18.0.1025.168\avcodec-53.dll MOD - [2012/04/27 18:09:18 | 008,743,584 | ---- | M] () -- C:\Users\Lucas\AppData\Local\Google\Chrome\Application\18.0.1025.168\gcswf32.dll MOD - [2012/04/12 19:48:35 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\0642b0c04fa10e6986baf58cf1580879\IAStorUtil.ni.dll MOD - [2012/04/12 06:41:40 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\507b4ca18da9d2fde2e51a1f04593443\System.Web.ni.dll MOD - [2012/04/12 06:41:04 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\262285b3d0afafc5059f3fe9be69bff5\System.Windows.Forms.ni.dll MOD - [2012/04/12 06:40:56 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8177623eac8f15cf95b587625439eac7\System.Drawing.ni.dll MOD - [2012/04/11 21:02:15 | 013,197,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\bf4d4ad3e86281bc3924d74f4e716322\System.Windows.Forms.ni.dll MOD - [2012/04/11 21:02:06 | 001,665,536 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\ab9feeb2817859457fc06c4c06f32fe1\System.Drawing.ni.dll MOD - [2012/03/11 15:40:54 | 007,070,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\9bf91363906fc418ea34b30d7bf825b9\System.Core.ni.dll MOD - [2012/03/11 15:40:45 | 009,092,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\26430b84dfd15f788b0e39dce71ef5d1\System.ni.dll MOD - [2012/03/11 15:40:39 | 014,414,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\fe6b346d83857a3f02bda63332e66642\mscorlib.ni.dll MOD - [2012/02/15 08:09:11 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll MOD - [2012/02/15 08:08:27 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll MOD - [2012/02/15 08:08:21 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll MOD - [2012/02/15 08:08:18 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll MOD - [2012/02/15 08:08:17 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll MOD - [2012/02/09 10:25:14 | 000,071,352 | ---- | M] () -- C:\Program Files\TortoiseGit\bin\zlib132.dll MOD - [2012/02/09 10:25:08 | 000,227,512 | ---- | M] () -- C:\Program Files\TortoiseGit\bin\libgit232.dll MOD - [2012/01/08 23:14:35 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\91fa5cc7230b88e3e42b3bccd198f681\IAStorCommon.ni.dll MOD - [2011/10/15 18:33:43 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011/06/16 20:49:40 | 000,402,944 | ---- | M] () -- C:\Apps\envyTouchPad.exe MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF MOD - [2010/11/10 20:28:40 | 000,405,504 | ---- | M] () -- C:\Program Files (x86)\Launchy\Launchy.exe MOD - [2010/11/05 16:08:00 | 000,118,784 | ---- | M] () -- C:\Program Files (x86)\Launchy\plugins\calcy.dll MOD - [2010/11/05 16:03:42 | 000,122,880 | ---- | M] () -- C:\Program Files (x86)\Launchy\plugins\weby.dll MOD - [2010/08/24 19:40:48 | 000,106,496 | ---- | M] () -- C:\Program Files (x86)\Launchy\plugins\runner.dll MOD - [2010/08/24 19:40:48 | 000,030,208 | ---- | M] () -- C:\Program Files (x86)\Launchy\plugins\gcalc.dll MOD - [2010/08/24 19:40:22 | 000,043,520 | ---- | M] () -- C:\Program Files (x86)\Launchy\plugins\verby.dll MOD - [2010/08/24 19:40:08 | 000,110,592 | ---- | M] () -- C:\Program Files (x86)\Launchy\plugins\controly.dll MOD - [2009/12/17 01:18:48 | 000,233,472 | ---- | M] () -- C:\Program Files (x86)\Launchy\imageformats\qmng4.dll MOD - [2009/12/16 23:13:02 | 008,314,880 | ---- | M] () -- C:\Program Files (x86)\Launchy\QtGui4.dll MOD - [2009/12/16 22:56:22 | 000,712,704 | ---- | M] () -- C:\Program Files (x86)\Launchy\QtNetwork4.dll MOD - [2009/12/16 22:54:46 | 002,236,416 | ---- | M] () -- C:\Program Files (x86)\Launchy\QtCore4.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV:64bit: - [2012/01/08 23:14:50 | 000,301,568 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV) SRV:64bit: - [2012/01/08 23:14:48 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters) SRV:64bit: - [2011/08/31 19:08:08 | 001,166,848 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3) SRV:64bit: - [2011/07/27 22:04:48 | 001,517,328 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel® SRV:64bit: - [2011/07/27 21:48:34 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS) SRV:64bit: - [2011/07/27 21:44:18 | 000,844,560 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel® SRV:64bit: - [2011/07/18 17:01:47 | 000,146,816 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE) SRV:64bit: - [2011/06/03 13:51:38 | 000,134,928 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr) Intel® Centrino® Wireless Bluetooth® SRV:64bit: - [2011/05/13 18:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv) SRV:64bit: - [2011/05/08 17:25:40 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2011/03/15 16:35:18 | 000,071,168 | ---- | M] (Palm) [Auto | Running] -- C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe -- (NovacomD) SRV:64bit: - [2010/11/01 18:35:30 | 000,072,192 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysNative\nlsInterface.EXE -- (nlscc) SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2012/05/06 16:55:24 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/04/23 19:57:16 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/03/14 22:20:30 | 000,370,504 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe -- (SSUService) SRV - [2012/02/09 13:44:10 | 000,531,328 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe -- (SplashtopRemoteService) SRV - [2012/01/08 23:13:14 | 002,413,056 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R) SRV - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011/09/01 18:06:50 | 000,227,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe) SRV - [2011/08/25 18:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4) SRV - [2011/08/14 15:39:51 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011/07/20 05:07:50 | 000,260,424 | ---- | M] (HP) [Auto | Running] -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe -- (FPLService) SRV - [2011/07/11 15:04:44 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC) SRV - [2011/06/21 15:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service) SRV - [2011/05/20 11:10:26 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel® SRV - [2011/02/24 22:34:42 | 000,241,648 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe -- (CLKMSVC10_38F51D56) SRV - [2011/02/15 15:48:52 | 001,071,160 | ---- | M] (Hewlett-Packard Development Company L.P.) [On_Demand | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe -- (hpCMSrv) SRV - [2011/01/24 15:34:06 | 000,991,296 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service) SRV - [2011/01/24 15:34:04 | 001,298,496 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service) SRV - [2011/01/24 15:33:30 | 000,901,184 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor) SRV - [2010/12/23 18:25:02 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel® SRV - [2010/12/23 18:24:58 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel® SRV - [2010/11/01 18:35:30 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\ASTSRV.EXE -- (astcc) SRV - [2010/03/23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012/02/24 02:14:42 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.) DRV:64bit: - [2012/02/24 02:14:42 | 000,099,384 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.) DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012/01/08 23:14:50 | 000,528,384 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:64bit: - [2012/01/08 23:13:14 | 000,338,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR) DRV:64bit: - [2012/01/08 23:09:02 | 008,604,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel® DRV:64bit: - [2012/01/08 23:08:17 | 000,208,896 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2012/01/08 23:08:17 | 000,091,648 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2011/12/19 13:45:22 | 000,146,736 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp) DRV:64bit: - [2011/10/14 04:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2011/08/09 23:28:26 | 000,230,352 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt) DRV:64bit: - [2011/08/08 08:32:08 | 000,299,008 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP) DRV:64bit: - [2011/08/08 08:32:08 | 000,299,008 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL) DRV:64bit: - [2011/07/22 09:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV) DRV:64bit: - [2011/07/20 15:58:22 | 000,044,032 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort) DRV:64bit: - [2011/07/12 14:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL) DRV:64bit: - [2011/05/20 10:53:44 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011/05/18 17:57:32 | 000,041,256 | ---- | M] (SeriousBit) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nbdrv.sys -- (Nbdrv) DRV:64bit: - [2011/05/13 18:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt) DRV:64bit: - [2011/05/13 18:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer) DRV:64bit: - [2011/05/08 17:58:06 | 009,259,520 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011/05/08 16:50:14 | 000,301,568 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011/04/16 02:08:26 | 012,228,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd) DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011/02/16 18:11:08 | 000,428,136 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011/02/16 17:46:36 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd) DRV:64bit: - [2011/01/24 02:24:52 | 000,058,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux) DRV:64bit: - [2010/11/20 20:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/20 20:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 20:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010/10/19 17:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel® DRV:64bit: - [2010/10/15 02:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel® DRV:64bit: - [2010/07/28 09:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd) DRV:64bit: - [2010/07/14 07:25:38 | 000,344,616 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl) DRV:64bit: - [2010/03/23 13:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV:64bit: - [2010/02/08 08:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA) DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/13 17:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM) DRV:64bit: - [2009/06/10 14:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92) DRV:64bit: - [2009/06/10 14:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac) DRV:64bit: - [2009/06/10 14:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA) DRV:64bit: - [2009/06/10 13:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD) DRV:64bit: - [2009/06/10 13:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2008/11/16 18:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE) DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM) DRV - [2009/12/18 11:58:52 | 000,017,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys -- (cpudrv64) DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1039735209-2586580631-372817727-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKU\S-1-5-21-1039735209-2586580631-372817727-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US IE - HKU\S-1-5-21-1039735209-2586580631-372817727-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 78 67 C5 4F 21 57 CC 01 [binary data] IE - HKU\S-1-5-21-1039735209-2586580631-372817727-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1039735209-2586580631-372817727-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1039735209-2586580631-372817727-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://www.google.com/" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.2.1: C:\Windows\system32\npDeployJava1.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.2.0: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Lucas\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Lucas\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Lucas\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Lucas\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/04/13 19:32:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/04/23 19:57:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/02/25 21:02:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011/08/09 23:39:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lucas\AppData\Roaming\Mozilla\Extensions [2012/05/01 23:28:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\3s2yhtu7.default\extensions [2012/04/28 13:20:02 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\3s2yhtu7.default\extensions\https-everywhere@eff.org [2012/02/25 21:03:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2011/08/10 00:00:18 | 000,000,000 | ---D | M] (TrueSuite Website Logon) -- C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com [2012/04/23 19:57:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions [2012/03/10 18:27:42 | 001,331,409 | ---- | M] () (No name found) -- C:\USERS\LUCAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3S2YHTU7.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI [2012/03/10 18:27:42 | 000,195,719 | ---- | M] () (No name found) -- C:\USERS\LUCAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3S2YHTU7.DEFAULT\EXTENSIONS\ISREADITLATER@IDEASHOWER.COM.XPI [2012/03/10 18:27:42 | 000,113,603 | ---- | M] () (No name found) -- C:\USERS\LUCAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3S2YHTU7.DEFAULT\EXTENSIONS\NOSQUINT@URANDOM.CA.XPI [2012/04/23 19:57:16 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012/03/10 18:23:43 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/03/10 18:23:43 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}, CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Lucas\AppData\Local\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Lucas\AppData\Local\Google\Chrome\Application\18.0.1025.168\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Lucas\AppData\Local\Google\Chrome\Application\18.0.1025.168\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Lucas\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Lucas\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll CHR - plugin: Java Platform SE 7 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Google Update (Enabled) = C:\Users\Lucas\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - Extension: Google Docs = C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\5.3.2_0\ CHR - Extension: YouTube = C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Adblock Plus (Beta) = C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\ CHR - Extension: Google Search = C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Google Calendar = C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0\ CHR - Extension: Aside = C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkhbmdeeajbgkdpaiencghlmbgbkpdaa\1.1_0\ CHR - Extension: Google Chrome to Phone Extension = C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco\2.3.1_0\ CHR - Extension: SABconnect++ = C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\okphadhbbjadcifjplhifajfacbkkbod\0.5.8_0\ CHR - Extension: Weather Underground = C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjejbgheonogbpfkkjigbmahaljipoej\1.6_0\ CHR - Extension: Gmail = C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012/05/08 12:17:11 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP) O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [bTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [intelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation) O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found O4 - HKLM..\Run: [FLxHCIm] C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\i386_host\FLxHCIm.exe (Windows ® Win 7 DDK provider) O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company L.P.) O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKU\S-1-5-21-1039735209-2586580631-372817727-1001..\Run: [envyTouchPad] C:\Apps\envyTouchPad.exe () O4 - Startup: C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Lucas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Launchy.lnk = C:\Program Files (x86)\Launchy\Launchy.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1039735209-2586580631-372817727-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1039735209-2586580631-372817727-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1039735209-2586580631-372817727-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKU\S-1-5-21-1039735209-2586580631-372817727-1001\..Trusted Domains: box.net ([www] https in Trusted sites) O15 - HKU\S-1-5-21-1039735209-2586580631-372817727-1001\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites) O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 10.2.0) O16:64bit: - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.10.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AF6477D5-C2C1-4A4A-958E-A9DEC6AA64BC}: DhcpNameServer = 10.10.1.1 O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/05/09 20:35:47 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Lucas\Desktop\OTL.exe [2012/05/08 21:06:45 | 000,000,000 | ---D | C] -- C:\Users\Lucas\AppData\Local\Microsoft Games [2012/05/08 20:13:02 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012/05/08 19:33:40 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012/05/08 12:09:45 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012/05/08 12:09:45 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012/05/08 12:09:45 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012/05/08 12:09:42 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2012/05/08 12:09:39 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/05/08 12:08:58 | 004,487,872 | R--- | C] (Swearware) -- C:\Users\Lucas\Desktop\ComboFix.exe [2012/05/08 09:03:30 | 000,000,000 | ---D | C] -- C:\Users\Lucas\AppData\Local\Splashtop [2012/05/08 08:41:07 | 000,000,000 | ---D | C] -- C:\Users\Lucas\Desktop\RK_Quarantine [2012/05/04 00:41:48 | 000,000,000 | ---D | C] -- C:\Users\Lucas\AppData\Roaming\dvdcss [2012/05/01 03:00:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client [2012/04/16 23:40:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenDNS Updater [2012/04/16 23:16:09 | 000,000,000 | ---D | C] -- C:\Users\Lucas\AppData\Roaming\OpenDNS Updater [2012/04/16 22:39:39 | 000,203,320 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudmdm.sys [2012/04/16 22:39:39 | 000,099,384 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudbus.sys [2012/04/16 20:15:43 | 000,000,000 | ---D | C] -- C:\Users\Lucas\Desktop\Bilbo [2012/04/09 21:04:48 | 000,000,000 | ---D | C] -- C:\Users\Lucas\Documents\Asus WebStorage [2012/04/09 21:04:44 | 000,000,000 | ---D | C] -- C:\Users\Lucas\AppData\Roaming\ASUS WebStorage [2012/04/09 21:04:41 | 000,000,000 | ---D | C] -- C:\ProgramData\ASUS WebStorage [2012/04/09 21:04:23 | 000,000,000 | ---D | C] -- C:\Users\Lucas\AppData\Roaming\ASUS [2012/04/09 21:04:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASUS [2012/04/09 21:03:49 | 000,000,000 | ---D | C] -- C:\Program Files\ASUS [2012/04/09 21:03:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0 [2012/04/09 21:01:47 | 000,000,000 | ---D | C] -- C:\Users\Lucas\AppData\Roaming\eCareme [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/05/09 20:35:04 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Lucas\Desktop\OTL.exe [2012/05/09 20:10:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1039735209-2586580631-372817727-1001UA.job [2012/05/09 20:10:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1039735209-2586580631-372817727-1001Core.job [2012/05/09 19:55:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/05/09 10:44:10 | 000,000,512 | ---- | M] () -- C:\Users\Lucas\Desktop\MBR.dat [2012/05/09 08:32:11 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/05/09 08:32:11 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/05/09 06:34:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/05/08 21:42:37 | 000,000,600 | ---- | M] () -- C:\Users\Lucas\AppData\Local\PUTTY.RND [2012/05/08 20:23:59 | 003,055,138 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/05/08 20:23:59 | 000,956,682 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/05/08 20:23:59 | 000,006,618 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/05/08 20:20:08 | 495,865,855 | -HS- | M] () -- C:\hiberfil.sys [2012/05/08 20:14:50 | 000,001,050 | ---- | M] () -- C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012/05/08 12:17:11 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012/05/08 12:08:38 | 004,487,872 | R--- | M] (Swearware) -- C:\Users\Lucas\Desktop\ComboFix.exe [2012/05/01 03:00:57 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif [2012/05/01 03:00:51 | 000,006,584 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012/04/17 19:32:49 | 000,001,456 | ---- | M] () -- C:\Users\Lucas\AppData\Local\Adobe Save for Web 12.0 Prefs [2012/04/16 22:38:54 | 000,001,977 | ---- | M] () -- C:\Users\Lucas\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/05/09 10:44:10 | 000,000,512 | ---- | C] () -- C:\Users\Lucas\Desktop\MBR.dat [2012/05/08 12:09:45 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012/05/08 12:09:45 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012/05/08 12:09:45 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012/05/08 12:09:45 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012/05/08 12:09:45 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012/02/21 07:48:57 | 000,000,600 | ---- | C] () -- C:\Users\Lucas\AppData\Roaming\winscp.rnd [2012/02/18 18:00:01 | 000,000,614 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc [2012/02/04 03:11:04 | 000,001,626 | ---- | C] () -- C:\Users\Lucas\AppData\Local\auto_install.bat [2012/02/04 03:11:04 | 000,001,481 | ---- | C] () -- C:\Users\Lucas\AppData\Local\dc.bat [2012/02/04 03:11:04 | 000,001,288 | ---- | C] () -- C:\Users\Lucas\AppData\Local\cc.bat [2012/01/17 22:00:26 | 000,000,079 | ---- | C] () -- C:\Users\Lucas\AppData\Local\CrystalDiskMark30.ini [2011/12/23 23:56:46 | 000,008,846 | -HS- | C] () -- C:\Users\Lucas\AppData\Local\458ffeq4p6hr700641u [2011/12/16 00:33:54 | 000,153,076 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat [2011/12/09 21:24:34 | 000,002,655 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Midi Decoder.dat [2011/12/09 21:16:16 | 000,013,082 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp DSP Effects.dat [2011/12/09 21:16:08 | 000,017,950 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.dat [2011/11/29 17:38:18 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011/11/29 17:38:12 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2011/11/29 17:38:12 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2011/11/29 17:38:12 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2011/11/29 17:38:12 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2011/11/17 00:24:08 | 000,005,632 | ---- | C] () -- C:\Users\Lucas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/10/29 22:48:26 | 000,003,232 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp m4a Codec.dat [2011/10/29 22:48:08 | 000,225,656 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe [2011/10/16 14:01:55 | 000,000,166 | ---- | C] () -- C:\Users\Lucas\AppData\Roaming\Battery Meter_Settings.ini [2011/09/24 21:20:22 | 000,001,456 | ---- | C] () -- C:\Users\Lucas\AppData\Local\Adobe Save for Web 12.0 Prefs [2011/09/14 11:47:40 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2011/09/10 20:02:31 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI [2011/09/09 16:59:16 | 000,000,600 | ---- | C] () -- C:\Users\Lucas\AppData\Local\PUTTY.RND [2011/09/05 00:19:56 | 000,000,176 | ---- | C] () -- C:\Windows\explorer.exe.config [2011/08/14 15:34:02 | 000,000,412 | ---- | C] () -- C:\Users\Lucas\AppData\Roaming\All CPU Meter_Settings.ini [2011/08/12 23:47:26 | 000,003,155 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat [2011/08/09 23:39:06 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2011/08/09 23:07:41 | 000,006,584 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011/08/09 04:53:48 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011/08/09 04:43:10 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2011/08/09 04:43:08 | 000,003,155 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011/04/16 02:05:50 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2011/04/16 01:59:48 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2011/04/16 01:33:40 | 013,359,616 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2011/03/25 18:16:08 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2011/02/09 21:03:48 | 000,000,326 | ---- | C] () -- C:\Windows\primopdf.ini ========== LOP Check ========== [2011/10/16 13:47:56 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\onOne Software [2011/10/16 13:47:56 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\onOne Software [2012/04/17 23:42:58 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\.minecraft [2012/04/09 21:06:22 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\ASUS [2012/04/09 21:04:44 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\ASUS WebStorage [2011/12/09 21:15:22 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Audacity [2011/09/10 21:55:22 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\calibre [2011/10/18 20:59:10 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\CanuckSoftware [2011/09/24 21:54:34 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2011/09/10 19:30:40 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\com.adobe.dmp.contentviewer [2011/09/09 12:56:00 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2012/02/22 07:38:24 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\DiskAid [2012/03/19 20:39:14 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Downloaded Installations [2012/05/09 14:15:46 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Dropbox [2012/04/09 21:01:47 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\eCareme [2011/09/24 21:20:44 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\EPSON [2012/03/11 18:39:05 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\FileZilla [2011/11/14 22:27:48 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\FlixsterCollections [2011/12/09 00:32:08 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\FreeCommander [2011/08/09 23:39:40 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\GlarySoft [2011/09/04 22:17:31 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\gtk-2.0 [2011/10/05 22:16:34 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\HandBrake [2011/08/14 15:48:38 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\IDT [2011/12/04 20:38:37 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\ImgBurn [2011/08/27 17:17:27 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Jason Robitaille [2011/12/16 00:53:37 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\JasonRobitaille [2012/02/25 21:19:34 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Launchy [2011/10/13 11:39:04 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\LockHunter [2012/03/21 07:16:26 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Mp3tag [2011/10/13 11:55:32 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\MusicBrainz [2011/08/14 15:43:43 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Notepad++ [2011/10/16 13:48:05 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\onOne Software [2012/04/16 23:16:09 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\OpenDNS Updater [2011/09/10 20:02:31 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\PACE Anti-Piracy [2012/04/09 21:05:37 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\PrimoPDF [2012/02/18 19:42:55 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\pymclevel [2012/01/25 21:09:01 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\redsn0w [2012/04/16 22:37:23 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Samsung [2011/08/12 21:20:11 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\SeriousBit [2011/09/28 20:56:23 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2011/08/09 22:22:19 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Synaptics [2011/08/12 23:21:14 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\SystemRequirementsLab [2012/04/29 20:08:37 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\TeraCopy [2011/12/04 19:11:55 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Thunderbird [2011/08/14 14:41:27 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\TightVNC [2011/09/09 18:08:37 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\TrueCrypt [2012/05/07 21:32:36 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\uTorrent [2011/12/09 21:17:38 | 000,032,634 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 1211 bytes -> C:\ProgramData\Microsoft:ao1VlNx8YbGrn9Wv1Onms6MKZd @Alternate Data Stream - 1062 bytes -> C:\ProgramData\Microsoft:wXz4oHAJVT4QGLZeJNjw8iHdTa < End of report >
  11. I am dual booting Ubuntu Natively fyi, so the extended partition contains a 122 GB ext4, 6GB Swap and, the rest as NTFS Media storage.
  12. ListParts by Farbar Version: 12-03-2012 03 Ran by Lucas (administrator) on 09-05-2012 at 09:39:38 Windows 7 (X64) Running From: D:\Dropbox Language: 0409 ************************************************************ ========================= Memory info ====================== Percentage of memory in use: 36% Total physical RAM: 6091.86 MB Available physical RAM: 3850.05 MB Total Pagefile: 12181.91 MB Available Pagefile: 9340.02 MB Total Virtual: 8192 MB Available Virtual: 8191.89 MB ======================= Partitions ========================= 1 Drive c: () (Fixed) (Total:185.55 GB) (Free:73.96 GB) NTFS ==>[system with boot components (obtained from reading drive)] 2 Drive d: () (Fixed) (Total:384.82 GB) (Free:336.3 GB) NTFS 4 Drive v: (Videos) (Network) (Total:465.76 GB) (Free:81.54 GB) NTFS Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 698 GB 2048 KB Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 199 MB 1024 KB Partition 2 Primary 185 GB 200 MB Partition 0 Extended 512 GB 185 GB Partition 3 Logical 122 GB 185 GB Partition 4 Logical 6144 MB 307 GB Partition 5 Logical 384 GB 313 GB ====================================================================================================== Disk: 0 Partition 1 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 SYSTEM NTFS Partition 199 MB Healthy System (partition with boot components) ====================================================================================================== Disk: 0 Partition 2 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 C NTFS Partition 185 GB Healthy Boot ====================================================================================================== Disk: 0 Partition 3 Type : 83 Hidden: Yes Active: No There is no volume associated with this partition. ====================================================================================================== Disk: 0 Partition 4 Type : 82 Hidden: Yes Active: No There is no volume associated with this partition. ====================================================================================================== Disk: 0 Partition 5 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 D NTFS Partition 384 GB Healthy ====================================================================================================== ****** End Of Log ****** aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-05-09 09:40:51 ----------------------------- 09:40:51.036 OS Version: Windows x64 6.1.7601 Service Pack 1 09:40:51.037 Number of processors: 8 586 0x2A07 09:40:51.037 ComputerName: DEATHWING UserName: Lucas 09:40:51.686 Initialize success 10:00:45.624 AVAST engine defs: 12050900 10:05:17.355 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 10:05:17.357 Disk 0 Vendor: TOSHIBA_ GT00 Size: 715404MB BusType: 3 10:05:17.363 Disk 0 MBR read successfully 10:05:17.365 Disk 0 MBR scan 10:05:17.369 Disk 0 unknown MBR code 10:05:17.382 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048 10:05:17.397 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 190000 MB offset 409600 10:05:17.402 Disk 0 Partition - 00 05 Extended 525203 MB offset 389531646 10:05:17.416 Disk 0 Partition 3 00 83 Linux 125000 MB offset 389531648 10:05:17.421 Disk 0 Partition - 00 05 Extended 6145 MB offset 645531648 10:05:17.453 Disk 0 scanning C:\Windows\system32\drivers 10:05:24.895 Service scanning 10:05:57.217 Modules scanning 10:05:57.225 Disk 0 trace - called modules: 10:05:57.266 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys iaStor.sys hal.dll 10:05:57.271 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006b65790] 10:05:57.276 3 CLASSPNP.SYS[fffff88001d5343f] -> nt!IofCallDriver -> [0xfffffa8006a7ab10] 10:05:57.285 5 hpdskflt.sys[fffff88001cfa189] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800692e050] 10:05:57.944 AVAST engine scan C:\Windows 10:05:59.777 AVAST engine scan C:\Windows\system32 10:08:18.624 AVAST engine scan C:\Windows\system32\drivers 10:08:27.503 AVAST engine scan C:\Users\Lucas 10:14:44.918 AVAST engine scan C:\ProgramData 10:17:23.418 Scan finished successfully 10:44:10.001 Disk 0 MBR has been saved successfully to "C:\Users\Lucas\Desktop\MBR.dat" 10:44:10.006 The log file has been saved successfully to "C:\Users\Lucas\Desktop\aswMBR.txt" MBR.zip
  13. RogueKiller V7.4.4 [05/08/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User: Lucas [Admin rights] Mode: Scan -- Date: 05/09/2012 07:26:55 ¤¤¤ Bad processes: 0 ¤¤¤ ¤¤¤ Registry Entries: 2 ¤¤¤ [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: TOSHIBA MK7575GSX +++++ --- User --- [MBR] b27ea8f791f5b651de5b587eaa78abc7 [bSP] 6abcc5b31419a117d0832257e7d591e9 : Linux MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 190000 Mo 2 - [XXXXXX] EXTEN (0x05) [VISIBLE] Offset (sectors): 389531646 | Size: 525203 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1].txt >> RKreport[1].txt
  14. Mr. Charlie, it appears that we are still infected.
  15. Found this and removing now. Log will be posted below. It's odd that MBAM didn't detect this before right? Or was the system so heavily messed up it prevented MBAM from detecting it? I want to try to figure out how we knew the steps to take so that in future I can be better informed. Also, do you think my passwords have been risked? Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.05.08.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Lucas :: DEATHWING [administrator] 5/8/2012 8:14:04 PM mbam-log-2012-05-08 (20-14-04).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 201952 Time elapsed: 2 minute(s), 51 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Users\Lucas\AppData\Roaming\.minecraft\.minecraft\sqduxv.dll (Trojan.Happili.XGen) -> Quarantined and deleted successfully. (end)
  16. Found the file for the first run: ComboFix 12-05-08.02 - Lucas 05/08/2012 12:10:36.1.8 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6092.3709 [GMT -7:00] Running from: c:\users\Lucas\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\458ffeq4p6hr700641u c:\programdata\Roaming c:\windows\system32\drivers\etc\hosts.ics c:\windows\SysWow64\muzapp.exe c:\windows\SysWow64\system32 c:\windows\SysWow64\system32\3DAudio.ax c:\windows\SysWow64\system32\avrt.dll c:\windows\SysWow64\system32\cis-2.4.dll c:\windows\SysWow64\system32\issacapi_bs-2.3.dll c:\windows\SysWow64\system32\issacapi_pe-2.3.dll c:\windows\SysWow64\system32\issacapi_se-2.3.dll c:\windows\SysWow64\system32\MACXMLProto.dll c:\windows\SysWow64\system32\MaDRM.dll c:\windows\SysWow64\system32\MaJGUILib.dll c:\windows\SysWow64\system32\MAMACExtract.dll c:\windows\SysWow64\system32\MASetupCleaner.exe c:\windows\SysWow64\system32\MaXMLProto.dll c:\windows\SysWow64\system32\mfplat.dll c:\windows\SysWow64\system32\MK_Lyric.dll c:\windows\SysWow64\system32\MSCLib.dll c:\windows\SysWow64\system32\MSFLib.dll c:\windows\SysWow64\system32\MSLUR71.dll c:\windows\SysWow64\system32\msvcp60.dll c:\windows\SysWow64\system32\MTTELECHIP.dll c:\windows\SysWow64\system32\MTXSYNCICON.dll c:\windows\SysWow64\system32\muzaf1.dll c:\windows\SysWow64\system32\muzapp.dll c:\windows\SysWow64\system32\muzapp.exe c:\windows\SysWow64\system32\muzdecode.ax c:\windows\SysWow64\system32\muzeffect.ax c:\windows\SysWow64\system32\muzmp4sp.ax c:\windows\SysWow64\system32\muzmpgsp.ax c:\windows\SysWow64\system32\muzoggsp.ax c:\windows\SysWow64\system32\muzwmts.dll c:\windows\SysWow64\system32\psapi.dll . ----- File Replicators ----- . c:\program files (x86)\Git\libexec\git-core\git-add.exe c:\program files (x86)\Git\libexec\git-core\git-annotate.exe c:\program files (x86)\Git\libexec\git-core\git-apply.exe c:\program files (x86)\Git\libexec\git-core\git-archive.exe c:\program files (x86)\Git\libexec\git-core\git-bisect--helper.exe c:\program files (x86)\Git\libexec\git-core\git-blame.exe c:\program files (x86)\Git\libexec\git-core\git-branch.exe c:\program files (x86)\Git\libexec\git-core\git-bundle.exe c:\program files (x86)\Git\libexec\git-core\git-cat-file.exe c:\program files (x86)\Git\libexec\git-core\git-check-attr.exe c:\program files (x86)\Git\libexec\git-core\git-check-ref-format.exe c:\program files (x86)\Git\libexec\git-core\git-checkout-index.exe c:\program files (x86)\Git\libexec\git-core\git-checkout.exe c:\program files (x86)\Git\libexec\git-core\git-cherry-pick.exe c:\program files (x86)\Git\libexec\git-core\git-cherry.exe c:\program files (x86)\Git\libexec\git-core\git-clean.exe c:\program files (x86)\Git\libexec\git-core\git-clone.exe c:\program files (x86)\Git\libexec\git-core\git-commit-tree.exe c:\program files (x86)\Git\libexec\git-core\git-commit.exe c:\program files (x86)\Git\libexec\git-core\git-config.exe c:\program files (x86)\Git\libexec\git-core\git-count-objects.exe c:\program files (x86)\Git\libexec\git-core\git-describe.exe c:\program files (x86)\Git\libexec\git-core\git-diff-files.exe c:\program files (x86)\Git\libexec\git-core\git-diff-index.exe c:\program files (x86)\Git\libexec\git-core\git-diff-tree.exe c:\program files (x86)\Git\libexec\git-core\git-diff.exe c:\program files (x86)\Git\libexec\git-core\git-fast-export.exe c:\program files (x86)\Git\libexec\git-core\git-fetch-pack.exe c:\program files (x86)\Git\libexec\git-core\git-fetch.exe c:\program files (x86)\Git\libexec\git-core\git-fmt-merge-msg.exe c:\program files (x86)\Git\libexec\git-core\git-for-each-ref.exe c:\program files (x86)\Git\libexec\git-core\git-format-patch.exe c:\program files (x86)\Git\libexec\git-core\git-fsck-objects.exe c:\program files (x86)\Git\libexec\git-core\git-fsck.exe c:\program files (x86)\Git\libexec\git-core\git-gc.exe c:\program files (x86)\Git\libexec\git-core\git-get-tar-commit-id.exe c:\program files (x86)\Git\libexec\git-core\git-grep.exe c:\program files (x86)\Git\libexec\git-core\git-hash-object.exe c:\program files (x86)\Git\libexec\git-core\git-help.exe c:\program files (x86)\Git\libexec\git-core\git-index-pack.exe c:\program files (x86)\Git\libexec\git-core\git-init-db.exe c:\program files (x86)\Git\libexec\git-core\git-init.exe c:\program files (x86)\Git\libexec\git-core\git-log.exe c:\program files (x86)\Git\libexec\git-core\git-ls-files.exe c:\program files (x86)\Git\libexec\git-core\git-ls-remote.exe c:\program files (x86)\Git\libexec\git-core\git-ls-tree.exe c:\program files (x86)\Git\libexec\git-core\git-mailinfo.exe c:\program files (x86)\Git\libexec\git-core\git-mailsplit.exe c:\program files (x86)\Git\libexec\git-core\git-merge-base.exe c:\program files (x86)\Git\libexec\git-core\git-merge-file.exe c:\program files (x86)\Git\libexec\git-core\git-merge-index.exe c:\program files (x86)\Git\libexec\git-core\git-merge-ours.exe c:\program files (x86)\Git\libexec\git-core\git-merge-recursive.exe c:\program files (x86)\Git\libexec\git-core\git-merge-subtree.exe c:\program files (x86)\Git\libexec\git-core\git-merge-tree.exe c:\program files (x86)\Git\libexec\git-core\git-merge.exe c:\program files (x86)\Git\libexec\git-core\git-mktag.exe c:\program files (x86)\Git\libexec\git-core\git-mktree.exe c:\program files (x86)\Git\libexec\git-core\git-mv.exe c:\program files (x86)\Git\libexec\git-core\git-name-rev.exe c:\program files (x86)\Git\libexec\git-core\git-notes.exe c:\program files (x86)\Git\libexec\git-core\git-pack-objects.exe c:\program files (x86)\Git\libexec\git-core\git-pack-redundant.exe c:\program files (x86)\Git\libexec\git-core\git-pack-refs.exe c:\program files (x86)\Git\libexec\git-core\git-patch-id.exe c:\program files (x86)\Git\libexec\git-core\git-peek-remote.exe c:\program files (x86)\Git\libexec\git-core\git-prune-packed.exe c:\program files (x86)\Git\libexec\git-core\git-prune.exe c:\program files (x86)\Git\libexec\git-core\git-push.exe c:\program files (x86)\Git\libexec\git-core\git-read-tree.exe c:\program files (x86)\Git\libexec\git-core\git-receive-pack.exe c:\program files (x86)\Git\libexec\git-core\git-reflog.exe c:\program files (x86)\Git\libexec\git-core\git-remote-ext.exe c:\program files (x86)\Git\libexec\git-core\git-remote-fd.exe c:\program files (x86)\Git\libexec\git-core\git-remote.exe c:\program files (x86)\Git\libexec\git-core\git-replace.exe c:\program files (x86)\Git\libexec\git-core\git-repo-config.exe c:\program files (x86)\Git\libexec\git-core\git-rerere.exe c:\program files (x86)\Git\libexec\git-core\git-reset.exe c:\program files (x86)\Git\libexec\git-core\git-rev-list.exe c:\program files (x86)\Git\libexec\git-core\git-rev-parse.exe c:\program files (x86)\Git\libexec\git-core\git-revert.exe c:\program files (x86)\Git\libexec\git-core\git-rm.exe c:\program files (x86)\Git\libexec\git-core\git-send-pack.exe c:\program files (x86)\Git\libexec\git-core\git-shortlog.exe c:\program files (x86)\Git\libexec\git-core\git-show-branch.exe c:\program files (x86)\Git\libexec\git-core\git-show-ref.exe c:\program files (x86)\Git\libexec\git-core\git-show.exe c:\program files (x86)\Git\libexec\git-core\git-stage.exe c:\program files (x86)\Git\libexec\git-core\git-status.exe c:\program files (x86)\Git\libexec\git-core\git-stripspace.exe c:\program files (x86)\Git\libexec\git-core\git-symbolic-ref.exe c:\program files (x86)\Git\libexec\git-core\git-tag.exe c:\program files (x86)\Git\libexec\git-core\git-tar-tree.exe c:\program files (x86)\Git\libexec\git-core\git-unpack-file.exe c:\program files (x86)\Git\libexec\git-core\git-unpack-objects.exe c:\program files (x86)\Git\libexec\git-core\git-update-index.exe c:\program files (x86)\Git\libexec\git-core\git-update-ref.exe c:\program files (x86)\Git\libexec\git-core\git-update-server-info.exe c:\program files (x86)\Git\libexec\git-core\git-upload-archive.exe c:\program files (x86)\Git\libexec\git-core\git-var.exe c:\program files (x86)\Git\libexec\git-core\git-verify-pack.exe c:\program files (x86)\Git\libexec\git-core\git-verify-tag.exe c:\program files (x86)\Git\libexec\git-core\git-whatchanged.exe c:\program files (x86)\Git\libexec\git-core\git-write-tree.exe c:\program files (x86)\Git\libexec\git-core\git.exe c:\windows\Installer\{00A53800-BA75-3E9E-BD52-10171E5640B6}\ARPPRODUCTICON.exe c:\windows\Installer\{04098274-E98C-86E3-1B2C-50E32E561DF5}\ARPPRODUCTICON.exe c:\windows\Installer\{0502C9CA-D1A3-B741-2F0B-A4E6CDDFEF0E}\ARPPRODUCTICON.exe c:\windows\Installer\{28B14C2C-B62F-E50C-EECD-97FF3C1ED3CE}\ARPPRODUCTICON.exe c:\windows\Installer\{2D049D1D-CA58-9652-B7C6-19CB98649923}\ARPPRODUCTICON.exe c:\windows\Installer\{33DFAA69-9EF2-F12B-C6F5-4AF9FD445CF6}\ARPPRODUCTICON.exe c:\windows\Installer\{44E3AB6B-453B-8DAE-9777-1C48F5AB8965}\NewShortcut2_3B1A0823966A48909E77539C330FBF6E.exe c:\windows\Installer\{44E3AB6B-453B-8DAE-9777-1C48F5AB8965}\NewShortcut3_3B1A0823966A48909E77539C330FBF6E.exe c:\windows\Installer\{44E3AB6B-453B-8DAE-9777-1C48F5AB8965}\NewShortcut4_3B1A0823966A48909E77539C330FBF6E.exe c:\windows\Installer\{44E3AB6B-453B-8DAE-9777-1C48F5AB8965}\NewShortcut5_3B1A0823966A48909E77539C330FBF6E.exe c:\windows\Installer\{480DCAD1-8670-66EA-8EBA-178047059A13}\ARPPRODUCTICON.exe c:\windows\Installer\{49033FF4-8C1C-0EB9-C0A6-4691CB18D0A4}\ARPPRODUCTICON.exe c:\windows\Installer\{4EA540A5-03BD-9B22-A3DD-E7BDCD879D70}\ARPPRODUCTICON.exe c:\windows\Installer\{5E58CCDF-4A36-453F-A091-DA8F8D1643B5}\ARPPRODUCTICON.exe c:\windows\Installer\{60070423-DE0B-59FF-D4B7-16BDB8957864}\ARPPRODUCTICON.exe c:\windows\Installer\{74FBB537-8915-329D-393E-FDB7DC69A339}\ARPPRODUCTICON.exe c:\windows\Installer\{755F4903-030D-B017-30F2-4D5BE92C8D38}\ARPPRODUCTICON.exe c:\windows\Installer\{896C4E12-4857-9715-9F9D-249561D2D7EE}\ARPPRODUCTICON.exe c:\windows\Installer\{8D0A0350-B509-B362-4827-63E4C6520E7B}\NewShortcut2_3B1A0823966A48909E77539C330FBF6E.exe c:\windows\Installer\{8D0A0350-B509-B362-4827-63E4C6520E7B}\NewShortcut3_3B1A0823966A48909E77539C330FBF6E.exe c:\windows\Installer\{8D0A0350-B509-B362-4827-63E4C6520E7B}\NewShortcut4_3B1A0823966A48909E77539C330FBF6E.exe c:\windows\Installer\{8D0A0350-B509-B362-4827-63E4C6520E7B}\NewShortcut5_3B1A0823966A48909E77539C330FBF6E.exe c:\windows\Installer\{968298EC-86D4-8F84-5ABC-E976C5CDA417}\ARPPRODUCTICON.exe c:\windows\Installer\{A79024ED-1969-334A-1ED6-16753F9DE377}\ARPPRODUCTICON.exe c:\windows\Installer\{BBDD3C95-E069-E346-6D1B-CC76AE448550}\ARPPRODUCTICON.exe c:\windows\Installer\{C27D5B91-DA53-3AEB-5CD5-5F6E0C87459A}\ARPPRODUCTICON.exe c:\windows\Installer\{C27D5B91-DA53-3AEB-5CD5-5F6E0C87459A}\NewShortcut2_3B1A0823966A48909E77539C330FBF6E.exe c:\windows\Installer\{C27D5B91-DA53-3AEB-5CD5-5F6E0C87459A}\NewShortcut3_3B1A0823966A48909E77539C330FBF6E.exe c:\windows\Installer\{C27D5B91-DA53-3AEB-5CD5-5F6E0C87459A}\NewShortcut4_3B1A0823966A48909E77539C330FBF6E.exe c:\windows\Installer\{C27D5B91-DA53-3AEB-5CD5-5F6E0C87459A}\NewShortcut5_3B1A0823966A48909E77539C330FBF6E.exe c:\windows\Installer\{C57C21C0-CE1B-26D5-1215-B26862051F6F}\ARPPRODUCTICON.exe c:\windows\Installer\{C86CB1B1-4BD0-7BFB-88CF-76762C8CE1D3}\ARPPRODUCTICON.exe c:\windows\Installer\{CD05F1BC-FC63-1E93-4094-82BC33662E76}\ARPPRODUCTICON.exe c:\windows\Installer\{D61F78AF-A111-9DAE-8368-E3230B168F03}\ARPPRODUCTICON.exe c:\windows\Installer\{D629D8F0-CA96-11ED-FEAC-38C95F24F4E3}\ARPPRODUCTICON.exe c:\windows\Installer\{D8CABEA0-CAFB-9320-5F46-EAF31535203F}\ARPPRODUCTICON.exe c:\windows\Installer\{F9941E63-AB58-1382-BC5D-545C4A2AA9B1}\ARPPRODUCTICON.exe c:\windows\Installer\{FC3FEC23-8BBB-CA39-DD99-C981F25A5D39}\ARPPRODUCTICON.exe c:\windows\Installer\{FC8292ED-7E61-4370-15D1-60171263AA1D}\ARPPRODUCTICON.exe . . ((((((((((((((((((((((((( Files Created from 2012-04-08 to 2012-05-08 ))))))))))))))))))))))))))))))) . . 2012-05-08 19:17 . 2012-05-08 19:17 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-05-08 16:03 . 2012-05-08 16:03 -------- d-----w- c:\users\Lucas\AppData\Local\Splashtop 2012-05-07 17:43 . 2012-05-07 17:43 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AE2D88D5-D09F-42D6-8C84-D965EB4F2FC9}\offreg.dll 2012-05-07 14:57 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AE2D88D5-D09F-42D6-8C84-D965EB4F2FC9}\mpengine.dll 2012-05-06 22:19 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-05-04 07:41 . 2012-05-04 07:41 -------- d-----w- c:\users\Lucas\AppData\Roaming\dvdcss 2012-05-01 10:00 . 2012-05-01 10:00 -------- d-----w- c:\program files (x86)\Microsoft Security Client 2012-04-17 06:40 . 2012-04-17 06:51 -------- d-----w- c:\program files (x86)\OpenDNS Updater 2012-04-17 06:16 . 2012-04-17 06:16 -------- d-----w- c:\users\Lucas\AppData\Roaming\OpenDNS Updater 2012-04-17 05:39 . 2012-02-24 09:14 99384 ----a-w- c:\windows\system32\drivers\ssudbus.sys 2012-04-17 05:39 . 2012-02-24 09:14 203320 ----a-w- c:\windows\system32\drivers\ssudmdm.sys 2012-04-17 03:31 . 2009-07-14 01:41 332288 ----a-w- c:\windows\system32\uxtheme.dll.backup 2012-04-17 03:31 . 2010-11-21 03:23 2851840 ----a-w- c:\windows\system32\themeui.dll.backup 2012-04-17 03:31 . 2009-07-14 01:41 44544 ----a-w- c:\windows\system32\themeservice.dll.backup 2012-04-12 03:57 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-04-12 03:57 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-04-12 03:57 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-04-12 03:57 . 2012-04-12 03:57 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help 2012-04-12 03:55 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2012-04-12 03:55 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll 2012-04-12 03:55 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll 2012-04-12 03:55 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll 2012-04-12 03:55 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll 2012-04-12 03:55 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll 2012-04-12 03:55 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll 2012-04-10 04:04 . 2012-04-10 04:04 -------- d-----w- c:\users\Lucas\AppData\Roaming\ASUS WebStorage 2012-04-10 04:04 . 2012-04-10 04:04 -------- d-----w- c:\programdata\ASUS WebStorage 2012-04-10 04:04 . 2012-04-10 04:06 -------- d-----w- c:\users\Lucas\AppData\Roaming\ASUS 2012-04-10 04:04 . 2012-04-10 04:06 -------- d-----w- c:\program files (x86)\ASUS 2012-04-10 04:03 . 2012-04-10 04:03 -------- d-----w- c:\program files\ASUS 2012-04-10 04:03 . 2012-04-10 04:03 -------- d-----w- c:\program files (x86)\MSXML 4.0 2012-04-10 04:01 . 2012-04-10 04:01 -------- d-----w- c:\users\Lucas\AppData\Roaming\eCareme . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-05-06 23:55 . 2012-04-04 04:42 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-05-06 23:55 . 2011-08-14 19:59 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-05-06 23:55 . 2012-04-04 04:55 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2012-04-04 22:56 . 2011-12-24 07:03 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-29 05:11 . 2012-02-22 04:06 4659712 ----a-w- c:\windows\SysWow64\Redemption.dll 2012-03-29 05:11 . 2012-03-29 05:11 45320 ----a-w- c:\windows\SysWow64\MAMACExtract.dll 2012-03-29 05:11 . 2012-02-22 04:06 821824 ----a-w- c:\windows\SysWow64\dgderapi.dll 2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\SysWow64\GPhotos.scr 2012-03-21 03:44 . 2011-04-27 23:25 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys 2012-03-21 03:44 . 2011-04-18 21:18 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys 2012-03-11 22:54 . 2012-02-04 10:11 1626 ----a-w- c:\users\Lucas\AppData\Local\auto_install.bat 2012-03-11 22:54 . 2012-02-04 10:11 1481 ----a-w- c:\users\Lucas\AppData\Local\dc.bat 2012-03-11 22:54 . 2012-02-04 10:11 1288 ----a-w- c:\users\Lucas\AppData\Local\cc.bat 2012-02-17 06:38 . 2012-03-15 06:00 1031680 ----a-w- c:\windows\system32\rdpcore.dll 2012-02-17 05:34 . 2012-03-15 06:00 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll 2012-02-17 04:58 . 2012-03-15 06:00 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-02-17 04:57 . 2012-03-15 06:00 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys 2012-02-15 18:01 . 2012-02-15 18:01 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys 2012-02-15 18:01 . 2012-02-15 18:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll 2012-02-14 19:09 . 2012-02-14 19:09 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX 2012-02-10 14:39 . 2012-02-10 14:39 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{41EF12EC-2857-4EAC-8891-1C8836ABE417}\gapaengine.dll 2012-02-10 06:36 . 2012-03-15 06:00 1544192 ----a-w- c:\windows\system32\DWrite.dll 2012-02-10 05:38 . 2012-03-15 06:00 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll 2012-02-09 04:26 . 2012-02-09 04:26 45056 ----a-r- c:\users\Lucas\AppData\Roaming\Microsoft\Installer\{90932C65-D68E-4257-AEE8-EBBFC36AC601}\NewShortcut9_2F6B7414C56A4A8F8A759ACC21BA185D.exe 2012-02-09 04:26 . 2012-02-09 04:26 45056 ----a-r- c:\users\Lucas\AppData\Roaming\Microsoft\Installer\{90932C65-D68E-4257-AEE8-EBBFC36AC601}\NewShortcut8_5DF58E2DB9BC441F8ACA06CDD068ADBD.exe 2012-02-09 04:26 . 2012-02-09 04:26 45056 ----a-r- c:\users\Lucas\AppData\Roaming\Microsoft\Installer\{90932C65-D68E-4257-AEE8-EBBFC36AC601}\NewShortcut7_5DF58E2DB9BC441F8ACA06CDD068ADBD.exe 2012-02-09 04:26 . 2012-02-09 04:26 90112 ----a-r- c:\users\Lucas\AppData\Roaming\Microsoft\Installer\{90932C65-D68E-4257-AEE8-EBBFC36AC601}\ARPPRODUCTICON.exe 2012-02-09 04:26 . 2012-02-09 04:26 45056 ----a-r- c:\users\Lucas\AppData\Roaming\Microsoft\Installer\{90932C65-D68E-4257-AEE8-EBBFC36AC601}\NewShortcut6_5DF58E2DB9BC441F8ACA06CDD068ADBD.exe 2012-02-09 04:26 . 2012-02-09 04:26 45056 ----a-r- c:\users\Lucas\AppData\Roaming\Microsoft\Installer\{90932C65-D68E-4257-AEE8-EBBFC36AC601}\NewShortcut5_5DF58E2DB9BC441F8ACA06CDD068ADBD.exe 2012-02-09 04:26 . 2012-02-09 04:26 45056 ----a-r- c:\users\Lucas\AppData\Roaming\Microsoft\Installer\{90932C65-D68E-4257-AEE8-EBBFC36AC601}\NewShortcut4_5DF58E2DB9BC441F8ACA06CDD068ADBD.exe 2012-02-09 04:26 . 2012-02-09 04:26 45056 ----a-r- c:\users\Lucas\AppData\Roaming\Microsoft\Installer\{90932C65-D68E-4257-AEE8-EBBFC36AC601}\NewShortcut3_5DF58E2DB9BC441F8ACA06CDD068ADBD.exe 2012-02-09 04:26 . 2012-02-09 04:26 45056 ----a-r- c:\users\Lucas\AppData\Roaming\Microsoft\Installer\{90932C65-D68E-4257-AEE8-EBBFC36AC601}\NewShortcut2_5DF58E2DB9BC441F8ACA06CDD068ADBD.exe 2012-02-09 04:26 . 2012-02-09 04:26 45056 ----a-r- c:\users\Lucas\AppData\Roaming\Microsoft\Installer\{90932C65-D68E-4257-AEE8-EBBFC36AC601}\NewShortcut1_5DF58E2DB9BC441F8ACA06CDD068ADBD.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal] @="{C5994560-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified] @="{C5994561-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict] @="{C5994562-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked] @="{C5994563-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly] @="{C5994564-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted] @="{C5994565-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded] @="{C5994566-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored] @="{C5994567-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned] @="{C5994568-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "envyTouchPad"="c:\apps\envyTouchPad.exe" [2011-06-17 402944] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440] "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2012-01-09 113288] "HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-02-15 94264] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-29 336384] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360] "FLxHCIm"="c:\program files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\i386_host\FLxHCIm.exe" [2011-05-13 38912] "HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2011-07-11 574008] "HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960] "RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2011-03-30 87336] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-07 421736] . c:\users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Lucas\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-4-26 27264496] Launchy.lnk - c:\program files (x86)\Launchy\Launchy.exe [2012-2-25 405504] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-01-24 901184] R2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-01-24 991296] R2 CLKMSVC10_38F51D56;CyberLink Product - 2012/01/08 22:36;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2011-02-25 241648] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-06 257696] R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [x] R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-01-24 1298496] R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [x] R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x] R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864] R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x] R3 massfilter_hs;ZTE HandSet Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys [x] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-24 129976] R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-07-28 340240] R3 Nbdrv;NetBalancer;c:\windows\system32\DRIVERS\nbdrv.sys [x] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-27 291696] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x] R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x] R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x] R3 zgwhsdiag;ZTE WCDMA Handset Diagnostic Port;c:\windows\system32\DRIVERS\zgwhsdiag.sys [x] R3 zgwhsmdm;ZTE WCDMA Handset USB Modem;c:\windows\system32\DRIVERS\zgwhsmdm.sys [x] R3 zgwhsnmea;WCDMA Handset NMEA Port;c:\windows\system32\DRIVERS\zgwhsnmea.sys [x] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368] S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x] S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-07-19 146816] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2012-01-09 89600] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-09-01 1166848] S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-06-03 134928] S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-07-20 260424] S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560] S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-09-02 227896] S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x] S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-07-11 26680] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592] S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-01-09 2413056] S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-26 13672] S2 nlscc;Nalpeiron X64 Service;c:\windows\system32\nlsInterface.exe [x] S2 NovacomD;Palm Novacom;c:\program files\Palm, Inc\novacomd\amd64\novacomd.exe [2011-03-15 71168] S2 SplashtopRemoteService;Splashtop® Remote Service;c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2012-02-09 531328] S2 SSUService;Splashtop Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2012-03-15 370504] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-24 2656280] S3 ALSysIO;ALSysIO;c:\users\Lucas\AppData\Local\Temp\ALSysIO64.sys [x] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x] S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [x] S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x] S3 hpCMSrv;HP Connection Manager 4.0 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-02-15 1071160] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x] S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x] S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x] S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - 45281131 *Deregistered* - 45281131 *Deregistered* - CLKMDRV10_38F51D56 . Contents of the 'Scheduled Tasks' folder . 2012-05-08 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 23:55] . 2012-05-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1039735209-2586580631-372817727-1001Core.job - c:\users\Lucas\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-10 06:15] . 2012-05-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1039735209-2586580631-372817727-1001UA.job - c:\users\Lucas\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-10 06:15] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal] @="{C5994560-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified] @="{C5994561-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict] @="{C5994562-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked] @="{C5994563-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly] @="{C5994564-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted] @="{C5994565-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded] @="{C5994566-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored] @="{C5994567-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned] @="{C5994568-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-01-24 10355200] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-16 168216] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-16 392472] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-16 416024] "IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-07-28 1935120] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-01-09 1128448] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 1271168] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com/ mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105 Trusted Zone: box.net\www Trusted Zone: intuit.com\ttlc TCP: DhcpNameServer = 10.10.1.1 FF - ProfilePath - c:\users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\3s2yhtu7.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ . - - - - ORPHANS REMOVED - - - - . HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe AddRemove-dBpoweramp DSP Effects - c:\windows\system32\SpoonUninstall.exe AddRemove-dBpoweramp m4a Codec - c:\windows\system32\SpoonUninstall.exe AddRemove-dBpoweramp Midi Decoder - c:\windows\system32\SpoonUninstall.exe AddRemove-dBpoweramp Music Converter - c:\windows\system32\SpoonUninstall.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) "{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90, 43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87 "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc, 1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7 "{8590886E-EC8C-43C1-A32C-E4C2B0B6395B}"=hex:51,66,7a,6c,4c,1d,38,12,00,8b,83, 81,be,a2,af,06,dc,3a,a7,82,b5,e8,7d,4f "{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f, aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04 "{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0, b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd "{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,38,12,89,1d,84, f0,92,94,3d,05,e6,72,25,1d,8b,b8,e4,63 . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (LocalSystem) "Timestamp"=hex:8f,f1,96,74,17,cd,cc,01 . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,99,3f,18,39,7c,e9,4e,44,98,02,77,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,99,3f,18,39,7c,e9,4e,44,98,02,77,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version] "Version"=hex:4c,78,f1,91,2b,8c,74,9a,be,26,86,c9,8f,aa,fc,08,68,77,a3,e5,67, 64,1f,06,f8,ab,66,35,71,0f,8b,8f,51,7d,40,ce,99,7c,60,35,5b,2b,5b,ce,8c,33,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-05-08 12:19:19 ComboFix-quarantined-files.txt 2012-05-08 19:19 . Pre-Run: 81,889,263,616 bytes free Post-Run: 81,236,934,656 bytes free . - - End Of File - - 4BC7FE9EDE7CB692B5116452E675A398
  17. It run before when I wasn't home as it disconnected my Splashtop Remote, and did not save in C:\ as it said it did. Here is the re-run: ComboFix 12-05-08.02 - Lucas 05/08/2012 19:27:15.2.8 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6092.3627 [GMT -7:00] Running from: c:\users\Lucas\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-04-09 to 2012-05-09 ))))))))))))))))))))))))))))))) . . 2012-05-09 02:32 . 2012-05-09 02:32 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-05-08 16:03 . 2012-05-08 16:03 -------- d-----w- c:\users\Lucas\AppData\Local\Splashtop 2012-05-07 17:43 . 2012-05-07 17:43 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AE2D88D5-D09F-42D6-8C84-D965EB4F2FC9}\offreg.dll 2012-05-07 14:57 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AE2D88D5-D09F-42D6-8C84-D965EB4F2FC9}\mpengine.dll 2012-05-06 22:19 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-05-04 07:41 . 2012-05-04 07:41 -------- d-----w- c:\users\Lucas\AppData\Roaming\dvdcss 2012-05-01 10:00 . 2012-05-01 10:00 -------- d-----w- c:\program files (x86)\Microsoft Security Client 2012-04-17 06:40 . 2012-04-17 06:51 -------- d-----w- c:\program files (x86)\OpenDNS Updater 2012-04-17 06:16 . 2012-04-17 06:16 -------- d-----w- c:\users\Lucas\AppData\Roaming\OpenDNS Updater 2012-04-17 05:39 . 2012-02-24 09:14 99384 ----a-w- c:\windows\system32\drivers\ssudbus.sys 2012-04-17 05:39 . 2012-02-24 09:14 203320 ----a-w- c:\windows\system32\drivers\ssudmdm.sys 2012-04-17 03:31 . 2009-07-14 01:41 332288 ----a-w- c:\windows\system32\uxtheme.dll.backup 2012-04-17 03:31 . 2010-11-21 03:23 2851840 ----a-w- c:\windows\system32\themeui.dll.backup 2012-04-17 03:31 . 2009-07-14 01:41 44544 ----a-w- c:\windows\system32\themeservice.dll.backup 2012-04-12 03:57 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-04-12 03:57 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-04-12 03:57 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-04-12 03:57 . 2012-04-12 03:57 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help 2012-04-12 03:55 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2012-04-12 03:55 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll 2012-04-12 03:55 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll 2012-04-12 03:55 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll 2012-04-12 03:55 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll 2012-04-12 03:55 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll 2012-04-12 03:55 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll 2012-04-10 04:04 . 2012-04-10 04:04 -------- d-----w- c:\users\Lucas\AppData\Roaming\ASUS WebStorage 2012-04-10 04:04 . 2012-04-10 04:04 -------- d-----w- c:\programdata\ASUS WebStorage 2012-04-10 04:04 . 2012-04-10 04:06 -------- d-----w- c:\users\Lucas\AppData\Roaming\ASUS 2012-04-10 04:04 . 2012-04-10 04:06 -------- d-----w- c:\program files (x86)\ASUS 2012-04-10 04:03 . 2012-04-10 04:03 -------- d-----w- c:\program files\ASUS 2012-04-10 04:03 . 2012-04-10 04:03 -------- d-----w- c:\program files (x86)\MSXML 4.0 2012-04-10 04:01 . 2012-04-10 04:01 -------- d-----w- c:\users\Lucas\AppData\Roaming\eCareme . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-05-06 23:55 . 2012-04-04 04:42 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-05-06 23:55 . 2011-08-14 19:59 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-05-06 23:55 . 2012-04-04 04:55 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2012-04-04 22:56 . 2011-12-24 07:03 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-29 05:11 . 2012-02-22 04:06 4659712 ----a-w- c:\windows\SysWow64\Redemption.dll 2012-03-29 05:11 . 2012-03-29 05:11 45320 ----a-w- c:\windows\SysWow64\MAMACExtract.dll 2012-03-29 05:11 . 2012-02-22 04:06 821824 ----a-w- c:\windows\SysWow64\dgderapi.dll 2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\SysWow64\GPhotos.scr 2012-03-21 03:44 . 2011-04-27 23:25 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys 2012-03-21 03:44 . 2011-04-18 21:18 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys 2012-03-11 22:54 . 2012-02-04 10:11 1626 ----a-w- c:\users\Lucas\AppData\Local\auto_install.bat 2012-03-11 22:54 . 2012-02-04 10:11 1481 ----a-w- c:\users\Lucas\AppData\Local\dc.bat 2012-03-11 22:54 . 2012-02-04 10:11 1288 ----a-w- c:\users\Lucas\AppData\Local\cc.bat 2012-02-17 06:38 . 2012-03-15 06:00 1031680 ----a-w- c:\windows\system32\rdpcore.dll 2012-02-17 05:34 . 2012-03-15 06:00 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll 2012-02-17 04:58 . 2012-03-15 06:00 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-02-17 04:57 . 2012-03-15 06:00 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys 2012-02-15 18:01 . 2012-02-15 18:01 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys 2012-02-15 18:01 . 2012-02-15 18:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll 2012-02-14 19:09 . 2012-02-14 19:09 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX 2012-02-10 14:39 . 2012-02-10 14:39 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{41EF12EC-2857-4EAC-8891-1C8836ABE417}\gapaengine.dll 2012-02-10 06:36 . 2012-03-15 06:00 1544192 ----a-w- c:\windows\system32\DWrite.dll 2012-02-10 05:38 . 2012-03-15 06:00 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll 2012-02-09 04:26 . 2012-02-09 04:26 45056 ----a-r- c:\users\Lucas\AppData\Roaming\Microsoft\Installer\{90932C65-D68E-4257-AEE8-EBBFC36AC601}\NewShortcut9_2F6B7414C56A4A8F8A759ACC21BA185D.exe 2012-02-09 04:26 . 2012-02-09 04:26 45056 ----a-r- c:\users\Lucas\AppData\Roaming\Microsoft\Installer\{90932C65-D68E-4257-AEE8-EBBFC36AC601}\NewShortcut8_5DF58E2DB9BC441F8ACA06CDD068ADBD.exe 2012-02-09 04:26 . 2012-02-09 04:26 45056 ----a-r- c:\users\Lucas\AppData\Roaming\Microsoft\Installer\{90932C65-D68E-4257-AEE8-EBBFC36AC601}\NewShortcut7_5DF58E2DB9BC441F8ACA06CDD068ADBD.exe 2012-02-09 04:26 . 2012-02-09 04:26 90112 ----a-r- c:\users\Lucas\AppData\Roaming\Microsoft\Installer\{90932C65-D68E-4257-AEE8-EBBFC36AC601}\ARPPRODUCTICON.exe 2012-02-09 04:26 . 2012-02-09 04:26 45056 ----a-r- c:\users\Lucas\AppData\Roaming\Microsoft\Installer\{90932C65-D68E-4257-AEE8-EBBFC36AC601}\NewShortcut6_5DF58E2DB9BC441F8ACA06CDD068ADBD.exe 2012-02-09 04:26 . 2012-02-09 04:26 45056 ----a-r- c:\users\Lucas\AppData\Roaming\Microsoft\Installer\{90932C65-D68E-4257-AEE8-EBBFC36AC601}\NewShortcut5_5DF58E2DB9BC441F8ACA06CDD068ADBD.exe 2012-02-09 04:26 . 2012-02-09 04:26 45056 ----a-r- c:\users\Lucas\AppData\Roaming\Microsoft\Installer\{90932C65-D68E-4257-AEE8-EBBFC36AC601}\NewShortcut4_5DF58E2DB9BC441F8ACA06CDD068ADBD.exe 2012-02-09 04:26 . 2012-02-09 04:26 45056 ----a-r- c:\users\Lucas\AppData\Roaming\Microsoft\Installer\{90932C65-D68E-4257-AEE8-EBBFC36AC601}\NewShortcut3_5DF58E2DB9BC441F8ACA06CDD068ADBD.exe 2012-02-09 04:26 . 2012-02-09 04:26 45056 ----a-r- c:\users\Lucas\AppData\Roaming\Microsoft\Installer\{90932C65-D68E-4257-AEE8-EBBFC36AC601}\NewShortcut2_5DF58E2DB9BC441F8ACA06CDD068ADBD.exe 2012-02-09 04:26 . 2012-02-09 04:26 45056 ----a-r- c:\users\Lucas\AppData\Roaming\Microsoft\Installer\{90932C65-D68E-4257-AEE8-EBBFC36AC601}\NewShortcut1_5DF58E2DB9BC441F8ACA06CDD068ADBD.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal] @="{C5994560-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified] @="{C5994561-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict] @="{C5994562-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked] @="{C5994563-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly] @="{C5994564-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted] @="{C5994565-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded] @="{C5994566-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored] @="{C5994567-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned] @="{C5994568-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "envyTouchPad"="c:\apps\envyTouchPad.exe" [2011-06-17 402944] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440] "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2012-01-09 113288] "HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-02-15 94264] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-29 336384] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360] "FLxHCIm"="c:\program files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\i386_host\FLxHCIm.exe" [2011-05-13 38912] "HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2011-07-11 574008] "HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960] "RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2011-03-30 87336] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-07 421736] . c:\users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Lucas\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-4-26 27264496] Launchy.lnk - c:\program files (x86)\Launchy\Launchy.exe [2012-2-25 405504] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-01-24 901184] R2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-01-24 991296] R2 CLKMSVC10_38F51D56;CyberLink Product - 2012/01/08 22:36;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2011-02-25 241648] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-06 257696] R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [x] R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-01-24 1298496] R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [x] R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x] R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864] R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x] R3 massfilter_hs;ZTE HandSet Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys [x] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-24 129976] R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-07-28 340240] R3 Nbdrv;NetBalancer;c:\windows\system32\DRIVERS\nbdrv.sys [x] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-27 291696] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x] R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x] R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x] R3 zgwhsdiag;ZTE WCDMA Handset Diagnostic Port;c:\windows\system32\DRIVERS\zgwhsdiag.sys [x] R3 zgwhsmdm;ZTE WCDMA Handset USB Modem;c:\windows\system32\DRIVERS\zgwhsmdm.sys [x] R3 zgwhsnmea;WCDMA Handset NMEA Port;c:\windows\system32\DRIVERS\zgwhsnmea.sys [x] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368] S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x] S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-07-19 146816] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2012-01-09 89600] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-09-01 1166848] S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-06-03 134928] S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-07-20 260424] S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560] S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-09-02 227896] S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x] S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-07-11 26680] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592] S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-01-09 2413056] S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-26 13672] S2 nlscc;Nalpeiron X64 Service;c:\windows\system32\nlsInterface.exe [x] S2 NovacomD;Palm Novacom;c:\program files\Palm, Inc\novacomd\amd64\novacomd.exe [2011-03-15 71168] S2 SplashtopRemoteService;Splashtop® Remote Service;c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2012-02-09 531328] S2 SSUService;Splashtop Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2012-03-15 370504] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-24 2656280] S3 ALSysIO;ALSysIO;c:\users\Lucas\AppData\Local\Temp\ALSysIO64.sys [x] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x] S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [x] S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x] S3 hpCMSrv;HP Connection Manager 4.0 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-02-15 1071160] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x] S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x] S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x] S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - 45281131 *Deregistered* - 45281131 *Deregistered* - CLKMDRV10_38F51D56 . Contents of the 'Scheduled Tasks' folder . 2012-05-09 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 23:55] . 2012-05-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1039735209-2586580631-372817727-1001Core.job - c:\users\Lucas\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-10 06:15] . 2012-05-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1039735209-2586580631-372817727-1001UA.job - c:\users\Lucas\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-10 06:15] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal] @="{C5994560-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified] @="{C5994561-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict] @="{C5994562-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked] @="{C5994563-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly] @="{C5994564-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted] @="{C5994565-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded] @="{C5994566-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored] @="{C5994567-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned] @="{C5994568-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-01-24 10355200] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-16 168216] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-16 392472] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-16 416024] "IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-07-28 1935120] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-01-09 1128448] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 1271168] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com/ mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105 Trusted Zone: box.net\www Trusted Zone: intuit.com\ttlc TCP: DhcpNameServer = 10.10.1.1 FF - ProfilePath - c:\users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\3s2yhtu7.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) "{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90, 43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87 "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc, 1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7 "{8590886E-EC8C-43C1-A32C-E4C2B0B6395B}"=hex:51,66,7a,6c,4c,1d,38,12,00,8b,83, 81,be,a2,af,06,dc,3a,a7,82,b5,e8,7d,4f "{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f, aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04 "{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0, b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd "{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,38,12,89,1d,84, f0,92,94,3d,05,e6,72,25,1d,8b,b8,e4,63 . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (LocalSystem) "Timestamp"=hex:8f,f1,96,74,17,cd,cc,01 . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,99,3f,18,39,7c,e9,4e,44,98,02,77,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,99,3f,18,39,7c,e9,4e,44,98,02,77,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version] "Version"=hex:4c,78,f1,91,2b,8c,74,9a,be,26,86,c9,8f,aa,fc,08,68,77,a3,e5,67, 64,1f,06,f8,ab,66,35,71,0f,8b,8f,51,7d,40,ce,99,7c,60,35,5b,2b,5b,ce,8c,33,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-05-08 19:33:39 ComboFix-quarantined-files.txt 2012-05-09 02:33 ComboFix2.txt 2012-05-08 19:19 . Pre-Run: 81,303,101,440 bytes free Post-Run: 81,232,728,064 bytes free . - - End Of File - - 775983A175C6601C43E401CA1D52E4A7
  18. Yikes, Combofix is usually an end of the line kind of thing in my experience, is there a reason this is seeming to be so difficult to get rid of? Is it that we don't know exactly what is wrong? I will run it and let you know but in my experience combofix has been for the severe infections.
  19. Hello, No objects found via TDSS killer, only some unsigned drivers. 11:43:12.0277 3800 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18 11:43:13.0971 3800 ============================================================ 11:43:13.0971 3800 Current date / time: 2012/05/08 11:43:13.0971 11:43:13.0971 3800 SystemInfo: 11:43:13.0971 3800 11:43:13.0972 3800 OS Version: 6.1.7601 ServicePack: 1.0 11:43:13.0972 3800 Product type: Workstation 11:43:13.0972 3800 ComputerName: DEATHWING 11:43:13.0972 3800 UserName: Lucas 11:43:13.0972 3800 Windows directory: C:\Windows 11:43:13.0972 3800 System windows directory: C:\Windows 11:43:13.0972 3800 Running under WOW64 11:43:13.0972 3800 Processor architecture: Intel x64 11:43:13.0972 3800 Number of processors: 8 11:43:13.0972 3800 Page size: 0x1000 11:43:13.0972 3800 Boot type: Normal boot 11:43:13.0972 3800 ============================================================ 11:43:14.0419 3800 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 11:43:14.0424 3800 ============================================================ 11:43:14.0424 3800 \Device\Harddisk0\DR0: 11:43:14.0424 3800 MBR partitions: 11:43:14.0424 3800 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800 11:43:14.0424 3800 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x17318000 11:43:14.0468 3800 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x273A1800, BlocksNum 0x301A4800 11:43:14.0468 3800 ============================================================ 11:43:14.0497 3800 C: <-> \Device\Harddisk0\DR0\Partition1 11:43:14.0536 3800 D: <-> \Device\Harddisk0\DR0\Partition2 11:43:14.0536 3800 ============================================================ 11:43:14.0536 3800 Initialize success 11:43:14.0536 3800 ============================================================ 11:43:35.0546 4324 ============================================================ 11:43:35.0546 4324 Scan started 11:43:35.0546 4324 Mode: Manual; SigCheck; TDLFS; 11:43:35.0546 4324 ============================================================ 11:43:35.0840 4324 !SASCORE (6b9a496ed67631da8adb802461876c36) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE 11:43:35.0874 4324 !SASCORE - ok 11:43:36.0148 4324 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys 11:43:36.0179 4324 1394ohci - ok 11:43:36.0205 4324 Accelerometer (5c368f4b04ed2a923e6afca2d37baff5) C:\Windows\system32\DRIVERS\Accelerometer.sys 11:43:36.0277 4324 Accelerometer - ok 11:43:36.0304 4324 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys 11:43:36.0319 4324 ACPI - ok 11:43:36.0355 4324 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys 11:43:36.0382 4324 AcpiPmi - ok 11:43:36.0460 4324 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 11:43:36.0468 4324 AdobeARMservice - ok 11:43:36.0541 4324 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 11:43:36.0553 4324 AdobeFlashPlayerUpdateSvc - ok 11:43:36.0595 4324 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys 11:43:36.0613 4324 adp94xx - ok 11:43:36.0664 4324 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys 11:43:36.0679 4324 adpahci - ok 11:43:36.0688 4324 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys 11:43:36.0701 4324 adpu320 - ok 11:43:36.0724 4324 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll 11:43:36.0757 4324 AeLookupSvc - ok 11:43:36.0877 4324 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe 11:43:36.0899 4324 AESTFilters - ok 11:43:36.0941 4324 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys 11:43:36.0971 4324 AFD - ok 11:43:37.0021 4324 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys 11:43:37.0031 4324 agp440 - ok 11:43:37.0071 4324 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe 11:43:37.0093 4324 ALG - ok 11:43:37.0119 4324 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys 11:43:37.0128 4324 aliide - ok 11:43:37.0207 4324 ALSysIO - ok 11:43:37.0243 4324 AMD External Events Utility (46052887a640397a834cfa61d607bfc5) C:\Windows\system32\atiesrxx.exe 11:43:37.0270 4324 AMD External Events Utility - ok 11:43:37.0308 4324 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys 11:43:37.0318 4324 amdide - ok 11:43:37.0345 4324 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys 11:43:37.0373 4324 AmdK8 - ok 11:43:37.0689 4324 amdkmdag (f419e5cc07decdab85e4e6adab1dbb49) C:\Windows\system32\DRIVERS\atikmdag.sys 11:43:37.0912 4324 amdkmdag - ok 11:43:38.0030 4324 amdkmdap (a2f3f99349169d53e91a953a6f539635) C:\Windows\system32\DRIVERS\atikmpag.sys 11:43:38.0059 4324 amdkmdap - ok 11:43:38.0092 4324 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys 11:43:38.0113 4324 AmdPPM - ok 11:43:38.0158 4324 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys 11:43:38.0169 4324 amdsata - ok 11:43:38.0198 4324 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys 11:43:38.0216 4324 amdsbs - ok 11:43:38.0233 4324 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys 11:43:38.0242 4324 amdxata - ok 11:43:38.0288 4324 AMPPAL (7d9e301ab3247765702d0b65e2e47e50) C:\Windows\system32\DRIVERS\AMPPAL.sys 11:43:38.0315 4324 AMPPAL - ok 11:43:38.0331 4324 AMPPALP (7d9e301ab3247765702d0b65e2e47e50) C:\Windows\system32\DRIVERS\amppal.sys 11:43:38.0342 4324 AMPPALP - ok 11:43:38.0449 4324 AMPPALR3 (576134e43169810b560f0bb6fdee13f5) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe 11:43:38.0478 4324 AMPPALR3 - ok 11:43:38.0597 4324 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys 11:43:38.0630 4324 AppID - ok 11:43:38.0661 4324 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll 11:43:38.0693 4324 AppIDSvc - ok 11:43:38.0729 4324 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll 11:43:38.0767 4324 Appinfo - ok 11:43:38.0850 4324 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 11:43:38.0858 4324 Apple Mobile Device - ok 11:43:38.0890 4324 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys 11:43:38.0901 4324 arc - ok 11:43:38.0917 4324 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys 11:43:38.0927 4324 arcsas - ok 11:43:39.0021 4324 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 11:43:39.0031 4324 aspnet_state - ok 11:43:39.0039 4324 astcc - ok 11:43:39.0061 4324 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 11:43:39.0093 4324 AsyncMac - ok 11:43:39.0149 4324 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys 11:43:39.0158 4324 atapi - ok 11:43:39.0224 4324 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 11:43:39.0266 4324 AudioEndpointBuilder - ok 11:43:39.0271 4324 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 11:43:39.0309 4324 AudioSrv - ok 11:43:39.0383 4324 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll 11:43:39.0399 4324 AxInstSV - ok 11:43:39.0448 4324 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys 11:43:39.0475 4324 b06bdrv - ok 11:43:39.0506 4324 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 11:43:39.0521 4324 b57nd60a - ok 11:43:39.0607 4324 BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys 11:43:39.0638 4324 BCM43XX - ok 11:43:39.0677 4324 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll 11:43:39.0695 4324 BDESVC - ok 11:43:39.0763 4324 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 11:43:39.0807 4324 Beep - ok 11:43:39.0874 4324 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll 11:43:39.0915 4324 BFE - ok 11:43:39.0962 4324 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll 11:43:40.0012 4324 BITS - ok 11:43:40.0081 4324 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 11:43:40.0092 4324 blbdrive - ok 11:43:40.0209 4324 Bluetooth Device Monitor (c440483a5ce0e0ab03a79a33ace35d91) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe 11:43:40.0223 4324 Bluetooth Device Monitor ( UnsignedFile.Multi.Generic ) - warning 11:43:40.0223 4324 Bluetooth Device Monitor - detected UnsignedFile.Multi.Generic (1) 11:43:40.0284 4324 Bluetooth Media Service (c8ab8ca3557cce041ac4c88e76afbad0) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe 11:43:40.0316 4324 Bluetooth Media Service ( UnsignedFile.Multi.Generic ) - warning 11:43:40.0316 4324 Bluetooth Media Service - detected UnsignedFile.Multi.Generic (1) 11:43:40.0371 4324 Bluetooth OBEX Service (df83fb0eb35c91339f1c84c6cf426100) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe 11:43:40.0391 4324 Bluetooth OBEX Service ( UnsignedFile.Multi.Generic ) - warning 11:43:40.0391 4324 Bluetooth OBEX Service - detected UnsignedFile.Multi.Generic (1) 11:43:40.0467 4324 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe 11:43:40.0482 4324 Bonjour Service - ok 11:43:40.0599 4324 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys 11:43:40.0622 4324 bowser - ok 11:43:40.0660 4324 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys 11:43:40.0673 4324 BrFiltLo - ok 11:43:40.0675 4324 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys 11:43:40.0688 4324 BrFiltUp - ok 11:43:40.0722 4324 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll 11:43:40.0763 4324 Browser - ok 11:43:40.0785 4324 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 11:43:40.0816 4324 Brserid - ok 11:43:40.0820 4324 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 11:43:40.0842 4324 BrSerWdm - ok 11:43:40.0870 4324 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 11:43:40.0892 4324 BrUsbMdm - ok 11:43:40.0915 4324 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 11:43:40.0937 4324 BrUsbSer - ok 11:43:40.0981 4324 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys 11:43:41.0005 4324 BthEnum - ok 11:43:41.0055 4324 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 11:43:41.0079 4324 BTHMODEM - ok 11:43:41.0122 4324 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys 11:43:41.0149 4324 BthPan - ok 11:43:41.0189 4324 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys 11:43:41.0218 4324 BTHPORT - ok 11:43:41.0261 4324 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll 11:43:41.0310 4324 bthserv - ok 11:43:41.0399 4324 BTHSSecurityMgr (9e2af97302b9f4bf97e952a865eb31ae) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe 11:43:41.0408 4324 BTHSSecurityMgr - ok 11:43:41.0418 4324 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys 11:43:41.0429 4324 BTHUSB - ok 11:43:41.0474 4324 btmaux (ba554bfcbf21201d310738a42c9c19e1) C:\Windows\system32\DRIVERS\btmaux.sys 11:43:41.0482 4324 btmaux - ok 11:43:41.0533 4324 btwampfl (7a2ce8c1bf4daa1f2766e21e9ca11078) C:\Windows\system32\drivers\btwampfl.sys 11:43:41.0548 4324 btwampfl - ok 11:43:41.0550 4324 btwaudio - ok 11:43:41.0554 4324 btwavdt - ok 11:43:41.0557 4324 btwl2cap - ok 11:43:41.0560 4324 btwrchid - ok 11:43:41.0587 4324 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 11:43:41.0630 4324 cdfs - ok 11:43:41.0661 4324 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys 11:43:41.0673 4324 cdrom - ok 11:43:41.0721 4324 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 11:43:41.0763 4324 CertPropSvc - ok 11:43:41.0810 4324 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys 11:43:41.0832 4324 circlass - ok 11:43:41.0885 4324 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 11:43:41.0901 4324 CLFS - ok 11:43:42.0031 4324 CLKMSVC10_38F51D56 (524dc3807cb1746225f9d26add19c319) C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe 11:43:42.0043 4324 CLKMSVC10_38F51D56 - ok 11:43:42.0102 4324 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 11:43:42.0111 4324 clr_optimization_v2.0.50727_32 - ok 11:43:42.0175 4324 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 11:43:42.0184 4324 clr_optimization_v2.0.50727_64 - ok 11:43:42.0265 4324 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 11:43:42.0275 4324 clr_optimization_v4.0.30319_32 - ok 11:43:42.0303 4324 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 11:43:42.0313 4324 clr_optimization_v4.0.30319_64 - ok 11:43:42.0391 4324 clwvd (50f92c943f18b070f166d019dfab3d9a) C:\Windows\system32\DRIVERS\clwvd.sys 11:43:42.0399 4324 clwvd - ok 11:43:42.0426 4324 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 11:43:42.0438 4324 CmBatt - ok 11:43:42.0446 4324 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys 11:43:42.0455 4324 cmdide - ok 11:43:42.0505 4324 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys 11:43:42.0537 4324 CNG - ok 11:43:42.0576 4324 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys 11:43:42.0585 4324 Compbatt - ok 11:43:42.0612 4324 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys 11:43:42.0642 4324 CompositeBus - ok 11:43:42.0655 4324 COMSysApp - ok 11:43:42.0725 4324 cpudrv64 (3ca734ce373e5675fbc15ca2c45228e5) C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys 11:43:42.0733 4324 cpudrv64 - ok 11:43:42.0767 4324 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys 11:43:42.0777 4324 crcdisk - ok 11:43:42.0819 4324 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll 11:43:42.0862 4324 CryptSvc - ok 11:43:42.0903 4324 CVirtA (44bddeb03c84a1c993c992ffb5700357) C:\Windows\system32\DRIVERS\CVirtA64.sys 11:43:42.0912 4324 CVirtA - ok 11:43:42.0993 4324 CVPND (66257cb4e4fb69887cddc71663741435) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe 11:43:43.0022 4324 CVPND - ok 11:43:43.0145 4324 CVPNDRVA (cc8e52daa9826064ba464dbe531f2bb5) C:\Windows\system32\Drivers\CVPNDRVA.sys 11:43:43.0156 4324 CVPNDRVA - ok 11:43:43.0212 4324 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 11:43:43.0270 4324 DcomLaunch - ok 11:43:43.0303 4324 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll 11:43:43.0351 4324 defragsvc - ok 11:43:43.0390 4324 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys 11:43:43.0432 4324 DfsC - ok 11:43:43.0467 4324 dg_ssudbus (113212d25d0c9bb8901a9833774da97f) C:\Windows\system32\DRIVERS\ssudbus.sys 11:43:43.0478 4324 dg_ssudbus - ok 11:43:43.0517 4324 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll 11:43:43.0560 4324 Dhcp - ok 11:43:43.0593 4324 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 11:43:43.0626 4324 discache - ok 11:43:43.0666 4324 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys 11:43:43.0676 4324 Disk - ok 11:43:43.0725 4324 DNE (05cb5910b3ca6019fc3cca815ee06ffb) C:\Windows\system32\DRIVERS\dne64x.sys 11:43:43.0734 4324 DNE - ok 11:43:43.0777 4324 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll 11:43:43.0798 4324 Dnscache - ok 11:43:43.0835 4324 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll 11:43:43.0878 4324 dot3svc - ok 11:43:43.0902 4324 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll 11:43:43.0950 4324 DPS - ok 11:43:43.0996 4324 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 11:43:44.0026 4324 drmkaud - ok 11:43:44.0069 4324 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys 11:43:44.0091 4324 DXGKrnl - ok 11:43:44.0122 4324 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll 11:43:44.0171 4324 EapHost - ok 11:43:44.0285 4324 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys 11:43:44.0342 4324 ebdrv - ok 11:43:44.0435 4324 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe 11:43:44.0458 4324 EFS - ok 11:43:44.0522 4324 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe 11:43:44.0552 4324 ehRecvr - ok 11:43:44.0573 4324 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe 11:43:44.0585 4324 ehSched - ok 11:43:44.0667 4324 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys 11:43:44.0686 4324 elxstor - ok 11:43:44.0689 4324 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys 11:43:44.0701 4324 ErrDev - ok 11:43:44.0775 4324 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll 11:43:44.0828 4324 EventSystem - ok 11:43:44.0982 4324 EvtEng (e3a96d5ae6e5c7b5472011ba77353368) C:\Program Files\Intel\WiFi\bin\EvtEng.exe 11:43:45.0016 4324 EvtEng - ok 11:43:45.0127 4324 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 11:43:45.0162 4324 exfat - ok 11:43:45.0185 4324 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 11:43:45.0227 4324 fastfat - ok 11:43:45.0287 4324 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe 11:43:45.0322 4324 Fax - ok 11:43:45.0360 4324 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys 11:43:45.0386 4324 fdc - ok 11:43:45.0421 4324 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll 11:43:45.0455 4324 fdPHost - ok 11:43:45.0470 4324 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll 11:43:45.0503 4324 FDResPub - ok 11:43:45.0514 4324 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 11:43:45.0524 4324 FileInfo - ok 11:43:45.0545 4324 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 11:43:45.0578 4324 Filetrace - ok 11:43:45.0595 4324 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys 11:43:45.0617 4324 flpydisk - ok 11:43:45.0640 4324 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys 11:43:45.0654 4324 FltMgr - ok 11:43:45.0715 4324 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll 11:43:45.0754 4324 FontCache - ok 11:43:45.0823 4324 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 11:43:45.0832 4324 FontCache3.0.0.0 - ok 11:43:45.0916 4324 FPLService (0798b9b20cb43057aa8d122090fc9d8c) C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe 11:43:45.0927 4324 FPLService - ok 11:43:46.0003 4324 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 11:43:46.0013 4324 FsDepends - ok 11:43:46.0044 4324 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys 11:43:46.0054 4324 Fs_Rec - ok 11:43:46.0093 4324 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys 11:43:46.0108 4324 fvevol - ok 11:43:46.0138 4324 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys 11:43:46.0148 4324 gagp30kx - ok 11:43:46.0171 4324 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 11:43:46.0179 4324 GEARAspiWDM - ok 11:43:46.0222 4324 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll 11:43:46.0268 4324 gpsvc - ok 11:43:46.0328 4324 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe 11:43:46.0339 4324 gusvc - ok 11:43:46.0382 4324 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 11:43:46.0403 4324 hcw85cir - ok 11:43:46.0441 4324 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys 11:43:46.0460 4324 HdAudAddService - ok 11:43:46.0508 4324 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys 11:43:46.0537 4324 HDAudBus - ok 11:43:46.0555 4324 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys 11:43:46.0566 4324 HidBatt - ok 11:43:46.0599 4324 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 11:43:46.0614 4324 HidBth - ok 11:43:46.0617 4324 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys 11:43:46.0631 4324 HidIr - ok 11:43:46.0656 4324 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll 11:43:46.0703 4324 hidserv - ok 11:43:46.0750 4324 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys 11:43:46.0761 4324 HidUsb - ok 11:43:46.0779 4324 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll 11:43:46.0812 4324 hkmsvc - ok 11:43:46.0841 4324 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll 11:43:46.0869 4324 HomeGroupListener - ok 11:43:46.0896 4324 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll 11:43:46.0924 4324 HomeGroupProvider - ok 11:43:47.0032 4324 HP Support Assistant Service (170233b8d743efe35f462a5d516b93e3) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe 11:43:47.0039 4324 HP Support Assistant Service - ok 11:43:47.0135 4324 hpCMSrv (e040f0064d39f73bb4995d494f3dcbb8) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe 11:43:47.0161 4324 hpCMSrv - ok 11:43:47.0243 4324 HPDrvMntSvc.exe (b19ff523b533a3f198b9239e1749c940) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe 11:43:47.0254 4324 HPDrvMntSvc.exe - ok 11:43:47.0349 4324 hpdskflt (4e0bec0f78096ffd6d3314b497fc49d3) C:\Windows\system32\DRIVERS\hpdskflt.sys 11:43:47.0357 4324 hpdskflt - ok 11:43:47.0414 4324 hpqwmiex (01091b900e15878b4434f9c726c4541d) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe 11:43:47.0437 4324 hpqwmiex - ok 11:43:47.0467 4324 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys 11:43:47.0478 4324 HpSAMD - ok 11:43:47.0494 4324 hpsrv (fc7c13b5a9e9be23b7ae72bbc7fdb278) C:\Windows\system32\Hpservice.exe 11:43:47.0502 4324 hpsrv - ok 11:43:47.0573 4324 HPWMISVC (491ce9b6321fb74e4b37af2c47f98434) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe 11:43:47.0580 4324 HPWMISVC - ok 11:43:47.0612 4324 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys 11:43:47.0670 4324 HTTP - ok 11:43:47.0693 4324 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys 11:43:47.0702 4324 hwpolicy - ok 11:43:47.0734 4324 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys 11:43:47.0746 4324 i8042prt - ok 11:43:47.0786 4324 iaStor (2fdaec4b02729c48c0fd1b0b4695995b) C:\Windows\system32\DRIVERS\iaStor.sys 11:43:47.0802 4324 iaStor - ok 11:43:47.0900 4324 IAStorDataMgrSvc (d41861e56e7552c13674d7f147a02464) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe 11:43:47.0908 4324 IAStorDataMgrSvc - ok 11:43:47.0956 4324 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys 11:43:47.0973 4324 iaStorV - ok 11:43:48.0114 4324 IconMan_R (d72bf0ae484f88399e8343e821c10d6a) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe 11:43:48.0152 4324 IconMan_R ( UnsignedFile.Multi.Generic ) - warning 11:43:48.0152 4324 IconMan_R - detected UnsignedFile.Multi.Generic (1) 11:43:48.0262 4324 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 11:43:48.0285 4324 idsvc - ok 11:43:48.0374 4324 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys 11:43:48.0383 4324 iirsp - ok 11:43:48.0438 4324 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll 11:43:48.0492 4324 IKEEXT - ok 11:43:48.0541 4324 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys 11:43:48.0555 4324 IntcDAud - ok 11:43:48.0576 4324 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys 11:43:48.0586 4324 intelide - ok 11:43:48.0979 4324 intelkmd (6383899c5f964d71b0f96b81fbe59bb8) C:\Windows\system32\DRIVERS\igdpmd64.sys 11:43:49.0261 4324 intelkmd - ok 11:43:49.0376 4324 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 11:43:49.0399 4324 intelppm - ok 11:43:49.0483 4324 IntuitUpdateServiceV4 (1663a135865f0ba6e853353e98e67f2a) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe 11:43:49.0490 4324 IntuitUpdateServiceV4 - ok 11:43:49.0516 4324 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll 11:43:49.0566 4324 IPBusEnum - ok 11:43:49.0588 4324 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys 11:43:49.0621 4324 IpFilterDriver - ok 11:43:49.0647 4324 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll 11:43:49.0686 4324 iphlpsvc - ok 11:43:49.0712 4324 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys 11:43:49.0731 4324 IPMIDRV - ok 11:43:49.0752 4324 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 11:43:49.0785 4324 IPNAT - ok 11:43:49.0893 4324 iPod Service (755e4ba6dce627a2683bb7640553c8d6) C:\Program Files\iPod\bin\iPodService.exe 11:43:49.0916 4324 iPod Service - ok 11:43:49.0952 4324 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 11:43:49.0967 4324 IRENUM - ok 11:43:49.0984 4324 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys 11:43:49.0995 4324 isapnp - ok 11:43:50.0021 4324 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys 11:43:50.0035 4324 iScsiPrt - ok 11:43:50.0065 4324 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys 11:43:50.0074 4324 kbdclass - ok 11:43:50.0106 4324 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys 11:43:50.0118 4324 kbdhid - ok 11:43:50.0147 4324 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 11:43:50.0158 4324 KeyIso - ok 11:43:50.0178 4324 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys 11:43:50.0189 4324 KSecDD - ok 11:43:50.0205 4324 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys 11:43:50.0216 4324 KSecPkg - ok 11:43:50.0233 4324 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 11:43:50.0275 4324 ksthunk - ok 11:43:50.0304 4324 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll 11:43:50.0343 4324 KtmRm - ok 11:43:50.0394 4324 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll 11:43:50.0441 4324 LanmanServer - ok 11:43:50.0460 4324 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll 11:43:50.0494 4324 LanmanWorkstation - ok 11:43:50.0524 4324 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 11:43:50.0557 4324 lltdio - ok 11:43:50.0589 4324 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll 11:43:50.0635 4324 lltdsvc - ok 11:43:50.0652 4324 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll 11:43:50.0685 4324 lmhosts - ok 11:43:50.0784 4324 LMS (d7e0bed3ea21d7bddd410ade51708d90) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe 11:43:50.0796 4324 LMS - ok 11:43:50.0830 4324 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys 11:43:50.0841 4324 LSI_FC - ok 11:43:50.0848 4324 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys 11:43:50.0859 4324 LSI_SAS - ok 11:43:50.0877 4324 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys 11:43:50.0887 4324 LSI_SAS2 - ok 11:43:50.0893 4324 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys 11:43:50.0904 4324 LSI_SCSI - ok 11:43:50.0923 4324 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 11:43:50.0968 4324 luafv - ok 11:43:50.0998 4324 massfilter_hs - ok 11:43:51.0023 4324 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll 11:43:51.0044 4324 Mcx2Svc - ok 11:43:51.0070 4324 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys 11:43:51.0080 4324 megasas - ok 11:43:51.0121 4324 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys 11:43:51.0141 4324 MegaSR - ok 11:43:51.0186 4324 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys 11:43:51.0195 4324 MEIx64 - ok 11:43:51.0219 4324 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 11:43:51.0268 4324 MMCSS - ok 11:43:51.0295 4324 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 11:43:51.0337 4324 Modem - ok 11:43:51.0354 4324 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 11:43:51.0376 4324 monitor - ok 11:43:51.0416 4324 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 11:43:51.0425 4324 mouclass - ok 11:43:51.0452 4324 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 11:43:51.0474 4324 mouhid - ok 11:43:51.0503 4324 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys 11:43:51.0514 4324 mountmgr - ok 11:43:51.0612 4324 MozillaMaintenance (1144c543625a904f836605d0902f8255) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 11:43:51.0622 4324 MozillaMaintenance - ok 11:43:51.0682 4324 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys 11:43:51.0695 4324 MpFilter - ok 11:43:51.0709 4324 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys 11:43:51.0721 4324 mpio - ok 11:43:51.0754 4324 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 11:43:51.0789 4324 mpsdrv - ok 11:43:51.0843 4324 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll 11:43:51.0902 4324 MpsSvc - ok 11:43:51.0924 4324 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys 11:43:51.0946 4324 MRxDAV - ok 11:43:51.0974 4324 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys 11:43:51.0999 4324 mrxsmb - ok 11:43:52.0019 4324 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys 11:43:52.0033 4324 mrxsmb10 - ok 11:43:52.0047 4324 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 11:43:52.0058 4324 mrxsmb20 - ok 11:43:52.0084 4324 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys 11:43:52.0093 4324 msahci - ok 11:43:52.0111 4324 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys 11:43:52.0122 4324 msdsm - ok 11:43:52.0152 4324 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe 11:43:52.0169 4324 MSDTC - ok 11:43:52.0190 4324 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 11:43:52.0222 4324 Msfs - ok 11:43:52.0259 4324 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 11:43:52.0301 4324 mshidkmdf - ok 11:43:52.0313 4324 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys 11:43:52.0322 4324 msisadrv - ok 11:43:52.0345 4324 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll 11:43:52.0389 4324 MSiSCSI - ok 11:43:52.0392 4324 msiserver - ok 11:43:52.0426 4324 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 11:43:52.0470 4324 MSKSSRV - ok 11:43:52.0538 4324 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) C:\Program Files\Microsoft Security Client\MsMpEng.exe 11:43:52.0547 4324 MsMpSvc - ok 11:43:52.0582 4324 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 11:43:52.0629 4324 MSPCLOCK - ok 11:43:52.0645 4324 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 11:43:52.0687 4324 MSPQM - ok 11:43:52.0709 4324 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys 11:43:52.0724 4324 MsRPC - ok 11:43:52.0736 4324 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys 11:43:52.0745 4324 mssmbios - ok 11:43:52.0766 4324 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 11:43:52.0807 4324 MSTEE - ok 11:43:52.0810 4324 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys 11:43:52.0821 4324 MTConfig - ok 11:43:52.0837 4324 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 11:43:52.0846 4324 Mup - ok 11:43:52.0916 4324 MyWiFiDHCPDNS (8f57db74bf5407a4cda6c8b005dc8dd0) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe 11:43:52.0929 4324 MyWiFiDHCPDNS - ok 11:43:52.0975 4324 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll 11:43:53.0019 4324 napagent - ok 11:43:53.0083 4324 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 11:43:53.0114 4324 NativeWifiP - ok 11:43:53.0142 4324 Nbdrv (37bfe7ce56133f2e8e90ef68157d73c8) C:\Windows\system32\DRIVERS\nbdrv.sys 11:43:53.0159 4324 Nbdrv - ok 11:43:53.0221 4324 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys 11:43:53.0246 4324 NDIS - ok 11:43:53.0278 4324 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 11:43:53.0325 4324 NdisCap - ok 11:43:53.0351 4324 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 11:43:53.0384 4324 NdisTapi - ok 11:43:53.0400 4324 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys 11:43:53.0442 4324 Ndisuio - ok 11:43:53.0458 4324 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys 11:43:53.0498 4324 NdisWan - ok 11:43:53.0518 4324 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys 11:43:53.0551 4324 NDProxy - ok 11:43:53.0594 4324 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 11:43:53.0626 4324 NetBIOS - ok 11:43:53.0648 4324 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys 11:43:53.0682 4324 NetBT - ok 11:43:53.0714 4324 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 11:43:53.0724 4324 Netlogon - ok 11:43:53.0763 4324 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll 11:43:53.0808 4324 Netman - ok 11:43:53.0900 4324 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 11:43:53.0909 4324 NetMsmqActivator - ok 11:43:53.0921 4324 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 11:43:53.0929 4324 NetPipeActivator - ok 11:43:53.0967 4324 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll 11:43:54.0022 4324 netprofm - ok 11:43:54.0025 4324 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 11:43:54.0034 4324 NetTcpActivator - ok 11:43:54.0036 4324 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 11:43:54.0045 4324 NetTcpPortSharing - ok 11:43:54.0357 4324 NETwNs64 (50ad7f7040c22bb7caa59a0880875a21) C:\Windows\system32\DRIVERS\NETwNs64.sys 11:43:54.0550 4324 NETwNs64 - ok 11:43:54.0666 4324 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys 11:43:54.0676 4324 nfrd960 - ok 11:43:54.0708 4324 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys 11:43:54.0718 4324 NisDrv - ok 11:43:54.0798 4324 NisSrv (10a43829a9e606af3eef25a1c1665923) C:\Program Files\Microsoft Security Client\NisSrv.exe 11:43:54.0812 4324 NisSrv - ok 11:43:54.0845 4324 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll 11:43:54.0888 4324 NlaSvc - ok 11:43:54.0965 4324 nlscc (40777bd92d73a8ff3b252e4f4881e672) C:\Windows\system32\nlsInterface.exe 11:43:54.0986 4324 nlscc ( UnsignedFile.Multi.Generic ) - warning 11:43:54.0986 4324 nlscc - detected UnsignedFile.Multi.Generic (1) 11:43:55.0047 4324 NovacomD (1e8281a0bc4358cf816754e0a195d329) C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe 11:43:55.0059 4324 NovacomD ( UnsignedFile.Multi.Generic ) - warning 11:43:55.0059 4324 NovacomD - detected UnsignedFile.Multi.Generic (1) 11:43:55.0085 4324 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 11:43:55.0117 4324 Npfs - ok 11:43:55.0150 4324 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll 11:43:55.0190 4324 nsi - ok 11:43:55.0200 4324 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 11:43:55.0241 4324 nsiproxy - ok 11:43:55.0308 4324 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys 11:43:55.0347 4324 Ntfs - ok 11:43:55.0445 4324 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 11:43:55.0477 4324 Null - ok 11:43:55.0517 4324 nusb3hub (9a33100ac62a0463c49e47ee8e77083a) C:\Windows\system32\DRIVERS\nusb3hub.sys 11:43:55.0537 4324 nusb3hub - ok 11:43:55.0568 4324 nusb3xhc (87c321f7bee646b7ec6eedd6eb725741) C:\Windows\system32\DRIVERS\nusb3xhc.sys 11:43:55.0580 4324 nusb3xhc - ok 11:43:55.0626 4324 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys 11:43:55.0643 4324 NVENETFD - ok 11:43:55.0670 4324 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys 11:43:55.0682 4324 nvraid - ok 11:43:55.0704 4324 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys 11:43:55.0716 4324 nvstor - ok 11:43:55.0741 4324 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys 11:43:55.0752 4324 nv_agp - ok 11:43:55.0764 4324 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys 11:43:55.0776 4324 ohci1394 - ok 11:43:55.0834 4324 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 11:43:55.0844 4324 ose - ok 11:43:56.0040 4324 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 11:43:56.0151 4324 osppsvc - ok 11:43:56.0267 4324 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 11:43:56.0288 4324 p2pimsvc - ok 11:43:56.0319 4324 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll 11:43:56.0336 4324 p2psvc - ok 11:43:56.0394 4324 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys 11:43:56.0406 4324 Parport - ok 11:43:56.0421 4324 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys 11:43:56.0431 4324 partmgr - ok 11:43:56.0466 4324 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll 11:43:56.0492 4324 PcaSvc - ok 11:43:56.0509 4324 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys 11:43:56.0520 4324 pci - ok 11:43:56.0551 4324 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys 11:43:56.0561 4324 pciide - ok 11:43:56.0571 4324 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys 11:43:56.0584 4324 pcmcia - ok 11:43:56.0596 4324 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 11:43:56.0605 4324 pcw - ok 11:43:56.0633 4324 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 11:43:56.0686 4324 PEAUTH - ok 11:43:56.0742 4324 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe 11:43:56.0769 4324 PerfHost - ok 11:43:56.0837 4324 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll 11:43:56.0895 4324 pla - ok 11:43:56.0940 4324 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll 11:43:56.0963 4324 PlugPlay - ok 11:43:56.0985 4324 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll 11:43:56.0996 4324 PNRPAutoReg - ok 11:43:57.0022 4324 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 11:43:57.0036 4324 PNRPsvc - ok 11:43:57.0078 4324 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll 11:43:57.0126 4324 PolicyAgent - ok 11:43:57.0158 4324 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll 11:43:57.0206 4324 Power - ok 11:43:57.0281 4324 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys 11:43:57.0323 4324 PptpMiniport - ok 11:43:57.0339 4324 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys 11:43:57.0367 4324 Processor - ok 11:43:57.0394 4324 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll 11:43:57.0430 4324 ProfSvc - ok 11:43:57.0448 4324 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 11:43:57.0459 4324 ProtectedStorage - ok 11:43:57.0504 4324 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys 11:43:57.0544 4324 Psched - ok 11:43:57.0621 4324 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys 11:43:57.0658 4324 ql2300 - ok 11:43:57.0761 4324 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys 11:43:57.0773 4324 ql40xx - ok 11:43:57.0813 4324 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll 11:43:57.0833 4324 QWAVE - ok 11:43:57.0845 4324 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 11:43:57.0876 4324 QWAVEdrv - ok 11:43:57.0879 4324 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 11:43:57.0915 4324 RasAcd - ok 11:43:57.0954 4324 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 11:43:57.0987 4324 RasAgileVpn - ok 11:43:58.0020 4324 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll 11:43:58.0054 4324 RasAuto - ok 11:43:58.0068 4324 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys 11:43:58.0101 4324 Rasl2tp - ok 11:43:58.0126 4324 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll 11:43:58.0163 4324 RasMan - ok 11:43:58.0187 4324 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 11:43:58.0229 4324 RasPppoe - ok 11:43:58.0248 4324 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 11:43:58.0291 4324 RasSstp - ok 11:43:58.0322 4324 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys 11:43:58.0358 4324 rdbss - ok 11:43:58.0373 4324 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys 11:43:58.0386 4324 rdpbus - ok 11:43:58.0396 4324 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 11:43:58.0428 4324 RDPCDD - ok 11:43:58.0459 4324 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 11:43:58.0500 4324 RDPENCDD - ok 11:43:58.0530 4324 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 11:43:58.0563 4324 RDPREFMP - ok 11:43:58.0608 4324 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys 11:43:58.0621 4324 RDPWD - ok 11:43:58.0655 4324 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys 11:43:58.0667 4324 rdyboost - ok 11:43:58.0831 4324 RegSrvc (fd11c1287d38a46fb72353e14d50089c) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe 11:43:58.0855 4324 RegSrvc - ok 11:43:58.0885 4324 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll 11:43:58.0932 4324 RemoteAccess - ok 11:43:58.0958 4324 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll 11:43:59.0002 4324 RemoteRegistry - ok 11:43:59.0065 4324 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys 11:43:59.0093 4324 RFCOMM - ok 11:43:59.0096 4324 RimUsb - ok 11:43:59.0134 4324 RimVSerPort (4aafffa67ac4dfa3d9985d78573887e2) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys 11:43:59.0143 4324 RimVSerPort - ok 11:43:59.0181 4324 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys 11:43:59.0214 4324 ROOTMODEM - ok 11:43:59.0234 4324 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll 11:43:59.0284 4324 RpcEptMapper - ok 11:43:59.0306 4324 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe 11:43:59.0317 4324 RpcLocator - ok 11:43:59.0345 4324 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 11:43:59.0382 4324 RpcSs - ok 11:43:59.0421 4324 RSPCIESTOR (1f5e7af59b390261a85f5bedb1bb88b3) C:\Windows\system32\DRIVERS\RtsPStor.sys 11:43:59.0433 4324 RSPCIESTOR - ok 11:43:59.0467 4324 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 11:43:59.0499 4324 rspndr - ok 11:43:59.0525 4324 RTL8167 (ed5873f7dfb2f96d37f13322211b6bdc) C:\Windows\system32\DRIVERS\Rt64win7.sys 11:43:59.0538 4324 RTL8167 - ok 11:43:59.0558 4324 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 11:43:59.0569 4324 SamSs - ok 11:43:59.0623 4324 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS 11:43:59.0630 4324 SASDIFSV - ok 11:43:59.0637 4324 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS 11:43:59.0643 4324 SASKUTIL - ok 11:43:59.0663 4324 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys 11:43:59.0674 4324 sbp2port - ok 11:43:59.0708 4324 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll 11:43:59.0743 4324 SCardSvr - ok 11:43:59.0765 4324 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys 11:43:59.0806 4324 scfilter - ok 11:43:59.0850 4324 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll 11:43:59.0898 4324 Schedule - ok 11:43:59.0932 4324 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 11:43:59.0963 4324 SCPolicySvc - ok 11:43:59.0992 4324 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys 11:44:00.0013 4324 sdbus - ok 11:44:00.0037 4324 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll 11:44:00.0049 4324 SDRSVC - ok 11:44:00.0079 4324 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 11:44:00.0118 4324 secdrv - ok 11:44:00.0134 4324 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll 11:44:00.0166 4324 seclogon - ok 11:44:00.0188 4324 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll 11:44:00.0221 4324 SENS - ok 11:44:00.0264 4324 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll 11:44:00.0287 4324 SensrSvc - ok 11:44:00.0314 4324 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys 11:44:00.0332 4324 Serenum - ok 11:44:00.0352 4324 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys 11:44:00.0378 4324 Serial - ok 11:44:00.0396 4324 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys 11:44:00.0413 4324 sermouse - ok 11:44:00.0442 4324 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll 11:44:00.0483 4324 SessionEnv - ok 11:44:00.0494 4324 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys 11:44:00.0507 4324 sffdisk - ok 11:44:00.0518 4324 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys 11:44:00.0531 4324 sffp_mmc - ok 11:44:00.0535 4324 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys 11:44:00.0560 4324 sffp_sd - ok 11:44:00.0568 4324 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys 11:44:00.0579 4324 sfloppy - ok 11:44:00.0622 4324 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll 11:44:00.0659 4324 SharedAccess - ok 11:44:00.0685 4324 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll 11:44:00.0730 4324 ShellHWDetection - ok 11:44:00.0752 4324 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys 11:44:00.0761 4324 SiSRaid2 - ok 11:44:00.0775 4324 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys 11:44:00.0786 4324 SiSRaid4 - ok 11:44:00.0805 4324 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 11:44:00.0846 4324 Smb - ok 11:44:00.0882 4324 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe 11:44:00.0900 4324 SNMPTRAP - ok 11:44:00.0984 4324 SplashtopRemoteService (ccf611a259882d8cf4dbabae2341ee31) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe 11:44:00.0998 4324 SplashtopRemoteService - ok 11:44:01.0014 4324 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 11:44:01.0023 4324 spldr - ok 11:44:01.0066 4324 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe 11:44:01.0106 4324 Spooler - ok 11:44:01.0216 4324 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe 11:44:01.0307 4324 sppsvc - ok 11:44:01.0388 4324 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll 11:44:01.0421 4324 sppuinotify - ok 11:44:01.0474 4324 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys 11:44:01.0490 4324 srv - ok 11:44:01.0519 4324 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys 11:44:01.0548 4324 srv2 - ok 11:44:01.0592 4324 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS 11:44:01.0607 4324 SrvHsfHDA - ok 11:44:01.0671 4324 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS 11:44:01.0703 4324 SrvHsfV92 - ok 11:44:01.0829 4324 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS 11:44:01.0850 4324 SrvHsfWinac - ok 11:44:01.0886 4324 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys 11:44:01.0898 4324 srvnet - ok 11:44:01.0945 4324 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll 11:44:01.0992 4324 SSDPSRV - ok 11:44:02.0015 4324 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll 11:44:02.0050 4324 SstpSvc - ok 11:44:02.0085 4324 ssudmdm (78cd64791f8634cf7b582fd085e57c4b) C:\Windows\system32\DRIVERS\ssudmdm.sys 11:44:02.0097 4324 ssudmdm - ok 11:44:02.0166 4324 SSUService (1cfa4a1f3c7bb4c8f299e00428eb8677) C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe 11:44:02.0178 4324 SSUService - ok 11:44:02.0279 4324 STacSV (20e27aa5bcc01c2149830c05fe22f675) C:\Program Files\IDT\WDM\STacSV64.exe 11:44:02.0295 4324 STacSV - ok 11:44:02.0329 4324 Steam Client Service - ok 11:44:02.0353 4324 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys 11:44:02.0363 4324 stexstor - ok 11:44:02.0411 4324 STHDA (beb37ce4e7456f5efa52d783d1e06d8c) C:\Windows\system32\DRIVERS\stwrt64.sys 11:44:02.0431 4324 STHDA - ok 11:44:02.0491 4324 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll 11:44:02.0515 4324 stisvc - ok 11:44:02.0536 4324 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys 11:44:02.0545 4324 swenum - ok 11:44:02.0639 4324 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe 11:44:02.0653 4324 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning 11:44:02.0653 4324 SwitchBoard - detected UnsignedFile.Multi.Generic (1) 11:44:02.0698 4324 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll 11:44:02.0754 4324 swprv - ok 11:44:02.0814 4324 SynTP (ac3cc98b1bdb6540021d3ffb105ac2b9) C:\Windows\system32\DRIVERS\SynTP.sys 11:44:02.0827 4324 SynTP - ok 11:44:02.0902 4324 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll 11:44:02.0943 4324 SysMain - ok 11:44:03.0023 4324 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll 11:44:03.0046 4324 TabletInputService - ok 11:44:03.0077 4324 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll 11:44:03.0121 4324 TapiSrv - ok 11:44:03.0137 4324 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll 11:44:03.0170 4324 TBS - ok 11:44:03.0294 4324 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys 11:44:03.0338 4324 Tcpip - ok 11:44:03.0493 4324 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys 11:44:03.0529 4324 TCPIP6 - ok 11:44:03.0628 4324 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys 11:44:03.0667 4324 tcpipreg - ok 11:44:03.0681 4324 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 11:44:03.0706 4324 TDPIPE - ok 11:44:03.0731 4324 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys 11:44:03.0749 4324 TDTCP - ok 11:44:03.0766 4324 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys 11:44:03.0806 4324 tdx - ok 11:44:03.0831 4324 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys 11:44:03.0840 4324 TermDD - ok 11:44:03.0884 4324 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll 11:44:03.0938 4324 TermService - ok 11:44:03.0954 4324 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll 11:44:03.0971 4324 Themes - ok 11:44:03.0997 4324 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 11:44:04.0031 4324 THREADORDER - ok 11:44:04.0070 4324 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll 11:44:04.0116 4324 TrkWks - ok 11:44:04.0157 4324 truecrypt (ea43de1743c1ba0d2d17b8db90c91d88) C:\Windows\system32\drivers\truecrypt.sys 11:44:04.0169 4324 truecrypt - ok 11:44:04.0220 4324 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe 11:44:04.0261 4324 TrustedInstaller - ok 11:44:04.0283 4324 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys 11:44:04.0332 4324 tssecsrv - ok 11:44:04.0358 4324 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys 11:44:04.0368 4324 TsUsbFlt - ok 11:44:04.0372 4324 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys 11:44:04.0396 4324 TsUsbGD - ok 11:44:04.0441 4324 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys 11:44:04.0489 4324 tunnel - ok 11:44:04.0510 4324 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys 11:44:04.0520 4324 uagp35 - ok 11:44:04.0544 4324 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys 11:44:04.0590 4324 udfs - ok 11:44:04.0616 4324 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe 11:44:04.0628 4324 UI0Detect - ok 11:44:04.0647 4324 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys 11:44:04.0657 4324 uliagpkx - ok 11:44:04.0687 4324 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys 11:44:04.0705 4324 umbus - ok 11:44:04.0730 4324 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys 11:44:04.0741 4324 UmPass - ok 11:44:04.0894 4324 UNS (a678e5ddd974903dd71f503bdcaca218) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe 11:44:04.0950 4324 UNS - ok 11:44:05.0045 4324 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll 11:44:05.0092 4324 upnphost - ok 11:44:05.0146 4324 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys 11:44:05.0155 4324 USBAAPL64 - ok 11:44:05.0193 4324 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys 11:44:05.0204 4324 usbccgp - ok 11:44:05.0243 4324 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys 11:44:05.0257 4324 usbcir - ok 11:44:05.0277 4324 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys 11:44:05.0294 4324 usbehci - ok 11:44:05.0341 4324 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys 11:44:05.0367 4324 usbhub - ok 11:44:05.0379 4324 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys 11:44:05.0399 4324 usbohci - ok 11:44:05.0414 4324 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys 11:44:05.0436 4324 usbprint - ok 11:44:05.0471 4324 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys 11:44:05.0485 4324 usbscan - ok 11:44:05.0509 4324 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS 11:44:05.0534 4324 USBSTOR - ok 11:44:05.0558 4324 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys 11:44:05.0582 4324 usbuhci - ok 11:44:05.0610 4324 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys 11:44:05.0625 4324 usbvideo - ok 11:44:05.0657 4324 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll 11:44:05.0691 4324 UxSms - ok 11:44:05.0714 4324 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 11:44:05.0724 4324 VaultSvc - ok 11:44:05.0782 4324 VBoxDrv (c30f3d43ceb6f79ade9b805387e5f63c) C:\Windows\system32\DRIVERS\VBoxDrv.sys 11:44:05.0792 4324 VBoxDrv - ok 11:44:05.0825 4324 VBoxNetAdp (8acf22b86ce4e85c23e3e9513bf45c37) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys 11:44:05.0835 4324 VBoxNetAdp - ok 11:44:05.0852 4324 VBoxNetFlt (7b657669c53a0e6583f07ebaa303d9ea) C:\Windows\system32\DRIVERS\VBoxNetFlt.sys 11:44:05.0862 4324 VBoxNetFlt - ok 11:44:05.0912 4324 VBoxUSBMon (cf3ee68cd9723e9f21e3198a0f690400) C:\Windows\system32\DRIVERS\VBoxUSBMon.sys 11:44:05.0921 4324 VBoxUSBMon - ok 11:44:05.0942 4324 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys 11:44:05.0951 4324 vdrvroot - ok 11:44:05.0991 4324 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe 11:44:06.0037 4324 vds - ok 11:44:06.0068 4324 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 11:44:06.0080 4324 vga - ok 11:44:06.0092 4324 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 11:44:06.0136 4324 VgaSave - ok 11:44:06.0145 4324 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys 11:44:06.0158 4324 vhdmp - ok 11:44:06.0168 4324 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys 11:44:06.0177 4324 viaide - ok 11:44:06.0207 4324 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys 11:44:06.0216 4324 volmgr - ok 11:44:06.0240 4324 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys 11:44:06.0254 4324 volmgrx - ok 11:44:06.0286 4324 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys 11:44:06.0300 4324 volsnap - ok 11:44:06.0331 4324 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys 11:44:06.0343 4324 vsmraid - ok 11:44:06.0413 4324 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe 11:44:06.0482 4324 VSS - ok 11:44:06.0599 4324 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys 11:44:06.0630 4324 vwifibus - ok 11:44:06.0720 4324 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys 11:44:06.0736 4324 vwififlt - ok 11:44:06.0764 4324 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys 11:44:06.0780 4324 vwifimp - ok 11:44:06.0840 4324 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll 11:44:06.0879 4324 W32Time - ok 11:44:06.0914 4324 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys 11:44:06.0940 4324 WacomPen - ok 11:44:06.0974 4324 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 11:44:07.0075 4324 WANARP - ok 11:44:07.0078 4324 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 11:44:07.0110 4324 Wanarpv6 - ok 11:44:07.0205 4324 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe 11:44:07.0237 4324 WatAdminSvc - ok 11:44:07.0304 4324 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe 11:44:07.0343 4324 wbengine - ok 11:44:07.0426 4324 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll 11:44:07.0445 4324 WbioSrvc - ok 11:44:07.0467 4324 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll 11:44:07.0504 4324 wcncsvc - ok 11:44:07.0522 4324 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll 11:44:07.0533 4324 WcsPlugInService - ok 11:44:07.0583 4324 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys 11:44:07.0592 4324 Wd - ok 11:44:07.0622 4324 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys 11:44:07.0631 4324 WDC_SAM - ok 11:44:07.0660 4324 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 11:44:07.0681 4324 Wdf01000 - ok 11:44:07.0694 4324 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 11:44:07.0725 4324 WdiServiceHost - ok 11:44:07.0728 4324 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 11:44:07.0745 4324 WdiSystemHost - ok 11:44:07.0778 4324 wdkmd (5e1640435dd54d00451156ca5340b109) C:\Windows\system32\DRIVERS\WDKMD.sys 11:44:07.0786 4324 wdkmd - ok 11:44:07.0813 4324 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll 11:44:07.0846 4324 WebClient - ok 11:44:07.0870 4324 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll 11:44:07.0913 4324 Wecsvc - ok 11:44:07.0933 4324 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll 11:44:07.0967 4324 wercplsupport - ok 11:44:07.0995 4324 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll 11:44:08.0029 4324 WerSvc - ok 11:44:08.0064 4324 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 11:44:08.0096 4324 WfpLwf - ok 11:44:08.0113 4324 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 11:44:08.0123 4324 WIMMount - ok 11:44:08.0127 4324 WinHttpAutoProxySvc - ok 11:44:08.0184 4324 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll 11:44:08.0220 4324 Winmgmt - ok 11:44:08.0307 4324 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll 11:44:08.0369 4324 WinRM - ok 11:44:08.0498 4324 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys 11:44:08.0512 4324 WinUsb - ok 11:44:08.0573 4324 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll 11:44:08.0616 4324 Wlansvc - ok 11:44:08.0650 4324 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys 11:44:08.0672 4324 WmiAcpi - ok 11:44:08.0725 4324 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe 11:44:08.0739 4324 wmiApSrv - ok 11:44:08.0795 4324 WMPNetworkSvc - ok 11:44:08.0827 4324 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll 11:44:08.0839 4324 WPCSvc - ok 11:44:08.0856 4324 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll 11:44:08.0870 4324 WPDBusEnum - ok 11:44:08.0895 4324 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 11:44:08.0927 4324 ws2ifsl - ok 11:44:09.0023 4324 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll 11:44:09.0052 4324 wscsvc - ok 11:44:09.0054 4324 WSearch - ok 11:44:09.0134 4324 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll 11:44:09.0200 4324 wuauserv - ok 11:44:09.0308 4324 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys 11:44:09.0347 4324 WudfPf - ok 11:44:09.0373 4324 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys 11:44:09.0418 4324 WUDFRd - ok 11:44:09.0448 4324 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll 11:44:09.0483 4324 wudfsvc - ok 11:44:09.0505 4324 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll 11:44:09.0532 4324 WwanSvc - ok 11:44:09.0560 4324 zgwhsdiag - ok 11:44:09.0577 4324 zgwhsmdm - ok 11:44:09.0593 4324 zgwhsnmea - ok 11:44:09.0635 4324 MBR (0x1B8) (8e734bd7aa1d4f7e9af58df495f6cf9e) \Device\Harddisk0\DR0 11:44:10.0460 4324 \Device\Harddisk0\DR0 - ok 11:44:10.0488 4324 Boot (0x1200) (f7892f1f5ae02a59377ba863a97ea31b) \Device\Harddisk0\DR0\Partition0 11:44:10.0489 4324 \Device\Harddisk0\DR0\Partition0 - ok 11:44:10.0503 4324 Boot (0x1200) (02fd3463f94d61e0293f2b1345fa46fd) \Device\Harddisk0\DR0\Partition1 11:44:10.0505 4324 \Device\Harddisk0\DR0\Partition1 - ok 11:44:10.0530 4324 Boot (0x1200) (b8cb82190b3c52f53d0bba8cdad91fde) \Device\Harddisk0\DR0\Partition2 11:44:10.0531 4324 \Device\Harddisk0\DR0\Partition2 - ok 11:44:10.0532 4324 ============================================================ 11:44:10.0532 4324 Scan finished 11:44:10.0532 4324 ============================================================ 11:44:10.0538 6900 Detected object count: 7 11:44:10.0538 6900 Actual detected object count: 7 11:45:16.0117 6900 Bluetooth Device Monitor ( UnsignedFile.Multi.Generic ) - skipped by user 11:45:16.0117 6900 Bluetooth Device Monitor ( UnsignedFile.Multi.Generic ) - User select action: Skip 11:45:16.0118 6900 Bluetooth Media Service ( UnsignedFile.Multi.Generic ) - skipped by user 11:45:16.0118 6900 Bluetooth Media Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 11:45:16.0119 6900 Bluetooth OBEX Service ( UnsignedFile.Multi.Generic ) - skipped by user 11:45:16.0119 6900 Bluetooth OBEX Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 11:45:16.0120 6900 IconMan_R ( UnsignedFile.Multi.Generic ) - skipped by user 11:45:16.0120 6900 IconMan_R ( UnsignedFile.Multi.Generic ) - User select action: Skip 11:45:16.0121 6900 nlscc ( UnsignedFile.Multi.Generic ) - skipped by user 11:45:16.0121 6900 nlscc ( UnsignedFile.Multi.Generic ) - User select action: Skip 11:45:16.0122 6900 NovacomD ( UnsignedFile.Multi.Generic ) - skipped by user 11:45:16.0122 6900 NovacomD ( UnsignedFile.Multi.Generic ) - User select action: Skip 11:45:16.0123 6900 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user 11:45:16.0123 6900 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip 11:45:43.0925 5072 Deinitialize success
  20. Thank you for the quick reply. RogueKiller V7.4.4 [05/08/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User: Lucas [Admin rights] Mode: Scan -- Date: 05/08/2012 08:41:41 ¤¤¤ Bad processes: 0 ¤¤¤ ¤¤¤ Registry Entries: 6 ¤¤¤ [bLACKLIST DLL] HKUS\S-1-5-19[...]\Run : Update (rundll32.exe "C:\Users\Lucas\AppData\Roaming\.minecraft\.minecraft\ulbzyvwiq.dll",DllRegisterServer) -> FOUND [bLACKLIST DLL] HKUS\S-1-5-20[...]\Run : Update (rundll32.exe "C:\Users\Lucas\AppData\Roaming\.minecraft\.minecraft\ulbzyvwiq.dll",DllRegisterServer) -> FOUND [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ 10.10.1.50 echo ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: TOSHIBA MK7575GSX +++++ --- User --- [MBR] b27ea8f791f5b651de5b587eaa78abc7 [bSP] 6abcc5b31419a117d0832257e7d591e9 : Linux MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 190000 Mo 2 - [XXXXXX] EXTEN (0x05) [VISIBLE] Offset (sectors): 389531646 | Size: 525203 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1].txt >> RKreport[1].txt
  21. Hi, I cannot for the life of me find the problem. I am having one of those re-direct things. I have scanned with MB and MSE and found nothing. The following are my logs, any help would be great. Thanks. . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.0.0 Run by Lucas at 21:45:35 on 2012-05-07 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6092.3593 [GMT -7:00] . AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files\IDT\WDM\STacSV64.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\Hpservice.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\atieclxx.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\WLANExt.exe C:\Windows\system32\conhost.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k WbioSvcGroup C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\IDT\WDM\AESTSr64.exe C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Windows\SysWOW64\astsrv.exe C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe C:\Windows\system32\msiexec.exe C:\Windows\system32\nlsInterface.exe C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe C:\Program Files\Core Temp\Core Temp.exe C:\Windows\System32\rundll32.exe C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe C:\Program Files\IDT\WDM\sttray64.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Apps\envyTouchPad.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Windows\system32\SearchIndexer.exe C:\Users\Lucas\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files (x86)\Launchy\Launchy.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe C:\Users\Lucas\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Lucas\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Lucas\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Lucas\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Lucas\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Lucas\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Lucas\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Windows\system32\sppsvc.exe C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe C:\Windows\system32\wbengine.exe C:\Windows\system32\vssvc.exe C:\Windows\System32\svchost.exe -k swprv C:\Windows\System32\vds.exe C:\Windows\servicing\TrustedInstaller.exe C:\Windows\SysWOW64\NOTEPAD.EXE C:\Windows\system32\DllHost.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = *.local mWinlogon: Userinit=userinit.exe, BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: TrueSuite Website Log On: {8590886e-ec8c-43c1-a32c-e4c2b0b6395b} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll uRun: [envyTouchPad] C:\Apps\envyTouchPad.exe uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" mRun: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin mRun: [FLxHCIm] "C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\i386_host\FLxHCIm.exe" mRun: [<NO NAME>] mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" StartupFolder: C:\Users\Lucas\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Lucas\AppData\Roaming\Dropbox\bin\Dropbox.exe StartupFolder: C:\Users\Lucas\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Launchy.lnk - C:\Program Files (x86)\Launchy\Launchy.exe uPolicies-explorer: HideSCAHealth = 1 (0x1) mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll Trusted Zone: box.net\www Trusted Zone: intuit.com\ttlc DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab TCP: Interfaces\{4AC4F20E-8141-4819-BD8A-793CD83A10FA}\05447425F45505 : DhcpNameServer = 192.168.2.254 TCP: Interfaces\{4AC4F20E-8141-4819-BD8A-793CD83A10FA}\35550554250273431343 : DhcpNameServer = 10.10.1.1 TCP: Interfaces\{4AC4F20E-8141-4819-BD8A-793CD83A10FA}\86F6E6B66723 : DhcpNameServer = 209.18.47.61 209.18.47.62 TCP: Interfaces\{4AC4F20E-8141-4819-BD8A-793CD83A10FA}\C696E6B6379737 : DhcpNameServer = 192.168.0.1 192.168.0.1 TCP: Interfaces\{AF6477D5-C2C1-4A4A-958E-A9DEC6AA64BC} : DhcpNameServer = 10.10.1.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll BHO-X64: TSBHO Class - No File BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO-X64: SmartSelect - No File TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" mRun-x64: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun-x64: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin mRun-x64: [FLxHCIm] "C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\i386_host\FLxHCIm.exe" mRun-x64: [(Default)] mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe mRun-x64: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe mRun-x64: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" Hosts: 10.10.1.50 echo . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\3s2yhtu7.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll FF - plugin: C:\Users\Lucas\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: C:\Users\Lucas\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll FF - plugin: C:\Users\Lucas\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll . ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?] R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928] R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-7-18 146816] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928] R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-1-8 89600] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?] R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-8-31 1166848] R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-1-24 901184] R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-1-24 991296] R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-6-3 134928] R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-7-20 260424] R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-21 85560] R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-9-1 227896] R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?] R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-7-11 26680] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-8-9 13592] R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-1-8 2413056] R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-8-25 13672] R2 nlscc;Nalpeiron X64 Service;C:\Windows\system32\nlsInterface.exe --> C:\Windows\system32\nlsInterface.exe [?] R2 NovacomD;Palm Novacom;C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe [2011-3-15 71168] R2 SplashtopRemoteService;Splashtop® Remote Service;C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2012-2-9 531328] R2 SSUService;Splashtop Software Updater Service;C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2012-3-14 370504] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-8-9 2656280] R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?] R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?] R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;C:\Windows\system32\DRIVERS\AMPPAL.sys --> C:\Windows\system32\DRIVERS\AMPPAL.sys [?] R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-1-24 1298496] R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?] R3 hpCMSrv;HP Connection Manager 4.0 Service;C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-2-15 1071160] R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?] R3 intelkmd;intelkmd;C:\Windows\system32\DRIVERS\igdpmd64.sys --> C:\Windows\system32\DRIVERS\igdpmd64.sys [?] R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?] R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?] R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?] R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?] R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?] R3 wdkmd;Intel WiDi KMD;C:\Windows\system32\DRIVERS\WDKMD.sys --> C:\Windows\system32\DRIVERS\WDKMD.sys [?] S2 CLKMSVC10_38F51D56;CyberLink Product - 2012/01/08 22:36:48;C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2011-2-24 241648] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-3 257696] S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;C:\Windows\system32\DRIVERS\amppal.sys --> C:\Windows\system32\DRIVERS\amppal.sys [?] S3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\system32\DRIVERS\btmaux.sys --> C:\Windows\system32\DRIVERS\btmaux.sys [?] S3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\system32\drivers\btwampfl.sys --> C:\Windows\system32\drivers\btwampfl.sys [?] S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864] S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudbus.sys --> C:\Windows\system32\DRIVERS\ssudbus.sys [?] S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-3-17 129976] S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-7-27 340240] S3 Nbdrv;NetBalancer;C:\Windows\system32\DRIVERS\nbdrv.sys --> C:\Windows\system32\DRIVERS\nbdrv.sys [?] S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?] S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?] S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?] S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?] S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudmdm.sys --> C:\Windows\system32\DRIVERS\ssudmdm.sys [?] S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?] . =============== Created Last 30 ================ . 2012-05-07 17:43:26 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AE2D88D5-D09F-42D6-8C84-D965EB4F2FC9}\offreg.dll 2012-05-07 14:57:14 8917360 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AE2D88D5-D09F-42D6-8C84-D965EB4F2FC9}\mpengine.dll 2012-05-06 22:19:50 8917360 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-05-01 10:00:50 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client 2012-04-17 06:40:47 -------- d-----w- C:\Program Files (x86)\OpenDNS Updater 2012-04-17 06:16:09 -------- d-----w- C:\Users\Lucas\AppData\Roaming\OpenDNS Updater 2012-04-17 05:39:39 99384 ----a-w- C:\Windows\System32\drivers\ssudbus.sys 2012-04-17 05:39:39 203320 ----a-w- C:\Windows\System32\drivers\ssudmdm.sys 2012-04-17 03:31:40 332288 ----a-w- C:\Windows\System32\uxtheme.dll.backup 2012-04-17 03:31:38 2851840 ----a-w- C:\Windows\System32\themeui.dll.backup 2012-04-17 03:31:35 44544 ----a-w- C:\Windows\System32\themeservice.dll.backup 2012-04-12 03:57:54 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-04-12 03:57:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-04-12 03:57:53 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-04-12 03:55:26 81408 ----a-w- C:\Windows\System32\imagehlp.dll 2012-04-12 03:55:26 5120 ----a-w- C:\Windows\SysWow64\wmi.dll 2012-04-12 03:55:26 5120 ----a-w- C:\Windows\System32\wmi.dll 2012-04-12 03:55:26 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys 2012-04-12 03:55:26 220672 ----a-w- C:\Windows\System32\wintrust.dll 2012-04-12 03:55:26 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll 2012-04-12 03:55:26 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll 2012-04-10 04:04:44 -------- d-----w- C:\Users\Lucas\AppData\Roaming\ASUS WebStorage 2012-04-10 04:04:41 -------- d-----w- C:\ProgramData\ASUS WebStorage 2012-04-10 04:04:23 -------- d-----w- C:\Users\Lucas\AppData\Roaming\ASUS 2012-04-10 04:04:15 -------- d-----w- C:\Program Files (x86)\ASUS 2012-04-10 04:03:49 -------- d-----w- C:\Program Files\ASUS 2012-04-10 04:03:16 -------- d-----w- C:\Program Files (x86)\MSXML 4.0 2012-04-10 04:01:47 -------- d-----w- C:\Users\Lucas\AppData\Roaming\eCareme . ==================== Find3M ==================== . 2012-05-06 23:55:24 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-05-06 23:55:24 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-05-06 23:55:09 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe 2012-04-04 22:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-03-29 05:11:22 4659712 ----a-w- C:\Windows\SysWow64\Redemption.dll 2012-03-29 05:11:06 45320 ----a-w- C:\Windows\SysWow64\MAMACExtract.dll 2012-03-29 05:11:02 821824 ----a-w- C:\Windows\SysWow64\dgderapi.dll 2012-03-22 19:12:12 4435968 ----a-w- C:\Windows\SysWow64\GPhotos.scr 2012-03-21 03:44:12 98688 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys 2012-03-21 03:44:12 203888 ----a-w- C:\Windows\System32\drivers\MpFilter.sys 2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll 2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll 2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll 2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll 2012-02-17 04:58:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys 2012-02-17 04:57:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys 2012-02-15 18:01:50 52736 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys 2012-02-15 18:01:50 4547944 ----a-w- C:\Windows\System32\usbaaplrc.dll 2012-02-14 19:09:44 1070352 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX 2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll 2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll . ============= FINISH: 21:45:51.26 =============== Attach.zip
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.