scriibblez

Here is the Combofix log! ComboFix 12-07-06.02 - Angelo 07/07/2012 14:23:23.1.2 - x64 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1845.874 [GMT -4:00] Running from: c:\users\Angelo\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\install.exe c:\windows\assembly\GAC_32\Desktop.ini c:\windows\assembly\GAC_64\Desktop.ini c:\windows\Installer\{61fcaa24-ffd0-4994-b381-d5a0462b6125}\@ c:\windows\Installer\{61fcaa24-ffd0-4994-b381-d5a0462b6125}\L\00000004.@ c:\windows\Installer\{61fcaa24-ffd0-4994-b381-d5a0462b6125}\L\1afb2d56 c:\windows\Installer\{61fcaa24-ffd0-4994-b381-d5a0462b6125}\L\201d3dde c:\windows\Installer\{61fcaa24-ffd0-4994-b381-d5a0462b6125}\n c:\windows\Installer\{61fcaa24-ffd0-4994-b381-d5a0462b6125}\U\00000004.@ c:\windows\Installer\{61fcaa24-ffd0-4994-b381-d5a0462b6125}\U\00000008.@ c:\windows\Installer\{61fcaa24-ffd0-4994-b381-d5a0462b6125}\U\000000cb.@ c:\windows\Installer\{61fcaa24-ffd0-4994-b381-d5a0462b6125}\U\80000000.@ c:\windows\Installer\{61fcaa24-ffd0-4994-b381-d5a0462b6125}\U\80000032.@ c:\windows\Installer\{61fcaa24-ffd0-4994-b381-d5a0462b6125}\U\80000064.@ c:\windows\s.bat . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_{79007602-0CDB-4405-9DBF-1257BB3226EE} . . ((((((((((((((((((((((((( Files Created from 2012-06-07 to 2012-07-07 ))))))))))))))))))))))))))))))) . . 2012-06-17 20:02 . 2012-06-17 21:06 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2012-06-17 20:02 . 2012-06-17 20:02 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2012-06-17 19:36 . 2012-06-17 19:36 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service 2012-06-17 19:36 . 2012-06-17 19:36 588728 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll 2012-06-17 19:36 . 2012-06-17 19:36 43960 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll 2012-06-17 19:36 . 2012-06-17 19:36 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe 2012-06-17 19:36 . 2012-06-17 19:36 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe 2012-06-16 21:21 . 2012-06-16 21:21 -------- d-----w- c:\users\Angelo\AppData\Roaming\Malwarebytes 2012-06-16 21:21 . 2012-06-16 21:21 -------- d-----w- c:\programdata\Malwarebytes 2012-06-16 21:21 . 2012-06-16 21:21 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-06-16 21:21 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-14 00:51 . 2012-05-02 05:32 208896 ----a-w- c:\windows\system32\profsvc.dll 2012-06-08 02:50 . 2012-06-08 02:50 -------- d-sh--w- c:\windows\SysWow64\%APPDATA% . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-05-27 03:00 . 2012-05-27 01:59 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-05-27 03:00 . 2011-12-04 12:03 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-05-27 03:00 . 2012-05-27 03:00 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2012-05-08 17:02 . 2012-06-07 01:29 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F1C44406-B880-42FE-9618-85D975AEF2B3}\mpengine.dll 2012-05-08 17:02 . 2012-06-05 05:54 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-03 284696] "IMSS"="c:\program files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2009-09-30 111640] "332BigDog"="c:\program files (x86)\USB Camera2\VM332_STI.EXE" [2010-01-19 536576] "VitaKeyTSR"="c:\program files (x86)\EgisTec BioExcess\EgisTSR.exe" [2010-05-28 376176] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-12-03 35184] "UCam_Menu"="c:\program files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504] "YouCam Mirror Tray icon"="c:\program files (x86)\Lenovo\YouCam\YouCamTray.exe" [2010-03-02 171104] "EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-03-10 407920] "EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-03-10 201584] "UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408] "UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504] "NokiaInternetModem_AppStart.exe"="c:\program files (x86)\Nokia\Nokia Internet Modem\NokiaInternetModem_AppStart.exe" [2010-10-05 137728] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-09-01 90448] "IndexSearch"="c:\program files (x86)\Nuance\PaperPort\IndexSearch.exe" [2010-03-09 46368] "PaperPort PTD"="c:\program files (x86)\Nuance\PaperPort\pptd40nt.exe" [2010-03-09 29984] "PPort12reminder"="c:\program files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" [2010-02-09 328992] "PDFHook"="c:\program files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe" [2010-03-06 636192] "PDF5 Registry Controller"="c:\program files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe" [2010-03-06 62752] "ControlCenter4"="c:\program files (x86)\ControlCenter4\BrCcBoot.exe" [2010-10-26 139264] "BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2010-06-10 2621440] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 KMService;KMService;c:\windows\system32\srvany.exe [x] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-27 257696] R3 InputFilter_Hid_FlexDef2b;Siliten HID Devices(FlexDef2b) Driver Service;c:\windows\system32\DRIVERS\InputFilter_FlexDef2b.sys [2010-06-19 17920] R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-06-10 270848] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-17 129976] R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696] R3 nokia_cs1x_cdc_acm;Nokia Internet Stick CDC-ACM driver;c:\windows\system32\DRIVERS\nokia_cs1x_cdc_acm.sys [2010-04-22 98304] R3 nokia_cs1x_cdc_ecm;nokia_cs1x_cdc_ecm;c:\windows\system32\DRIVERS\nokia_cs1x_cdc_ecm.sys [2010-04-22 53760] R3 nokia_cs1x_cpo;Nokia Internet Stick Mass Storage Device;c:\windows\system32\DRIVERS\nokia_cs1x_cpo.sys [2010-04-22 13824] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-03-24 243744] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-03 1255736] R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040] R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 121840] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys [2010-01-15 39008] S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2011-03-19 22576] S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2011-03-19 20016] S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2011-03-19 60464] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 EgisTec Data Security Service;EgisTec Data Security Service;c:\program files (x86)\EgisTec BioExcess\EgisDSService.exe [2010-05-28 314736] S2 EgisTec Service;EgisTec Service;c:\program files (x86)\EgisTec BioExcess\EgisService.exe [2010-05-28 709488] S2 FPSensor;EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys);c:\windows\system32\Drivers\FPSensor.sys [2011-03-19 35888] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-03 13336] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408] S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [2010-03-09 144672] S2 RtLedService;RtLedService Installer;c:\program files\Realtek\RtLED\RtLEDService.exe [2010-02-05 311296] S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368] S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-09-30 2320920] S2 UsbService;Eltima Usb to Ethernet Connector;c:\program files (x86)\ASUS\Printer Utilities\UsbService64.exe [2009-05-05 326656] S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2009-10-19 28176] S3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe [2010-01-25 245760] S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-03-26 162304] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-02-22 75304] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904] S3 nokia_cs1x_dc_enum;Nokia Internet Stick DC Enumerator;c:\windows\system32\DRIVERS\nokia_cs1x_dc_enum.sys [2010-04-22 97280] S3 vm332avs;Lenovo Camera2;c:\windows\system32\Drivers\vm332avs.sys [2010-05-11 229488] S3 vuhub;Virtual Usb Hub;c:\windows\system32\DRIVERS\vuhub.sys [2007-12-17 47616] . . Contents of the 'Scheduled Tasks' folder . 2012-07-07 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-27 03:00] . 2012-07-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2591753365-2526377709-281079065-1000Core.job - c:\users\Angelo\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-01 22:04] . 2012-07-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2591753365-2526377709-281079065-1000UA.job - c:\users\Angelo\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-01 22:04] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-02 10821224] "UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504] "EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\utility.exe" [2010-04-12 4462496] "Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2010-03-18 7056800] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-09-01 167704] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-09-01 392472] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-09-01 416024] "Eraser"="c:\progra~1\Eraser\Eraser.exe" [2011-11-05 980368] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032] "combofix"="c:\combofix\CF2977.3XE" [2009-07-14 344576] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.ca/ uLocal Page = c:\windows\system32\blank.htm mStart Page = hxxp://lenovo.msn.com mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.2.1 FF - ProfilePath - c:\users\Angelo\AppData\Roaming\Mozilla\Firefox\Profiles\zwmj45cc.default\ . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKLM-Run-VeriFaceManager - c:\program files (x86)\Lenovo\VeriFace\PManage.exe SafeBoot-MsMpSvc HKLM-Run-ETDWare - c:\program files (x86)\Elantech\ETDCtrl.exe AddRemove-Best Buy pc app - c:\programdata\{FEC7DA28-87AB-47BB-8C6C-FFE15BF1037D}\Best Buy pc app Setup.exe AddRemove-{FBBC4667-2521-4E78-B1BD-8706F774549B} - c:\programdata\{FEC7DA28-87AB-47BB-8C6C-FFE15BF1037D}\Best Buy pc app Setup.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe c:\program files (x86)\ControlCenter4\BrCtrlCntr.exe c:\program files (x86)\ControlCenter4\BrCcUxSys.exe . ************************************************************************** . Completion time: 2012-07-07 14:35:43 - machine was rebooted ComboFix-quarantined-files.txt 2012-07-07 18:35 . Pre-Run: 198,565,834,752 bytes free Post-Run: 197,854,912,512 bytes free . - - End Of File - - 722633FA474AD8C1C8B7496FD7A2156B

Thank you for your responses I feel I should let you know that the internet is not completely dead on the infected laptop.. when it connects to networks it connects as "limited connectivity". Any idea why this is? And it is not the wireless network itself, because I brought this laptop to my friends house and it displays the same limited connectivity when using their wifi, while other computers connect just fine to my home and friends network. Here are the logs: All processes killed ========== FILES ========== Unable to replace file: C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.21979_none_7854c7b7125b248c\cryptsvc.dll with C:\windows\System32\cryptsvc.dll without a reboot. File C:\windows\System32\MPSSVC.dll not found. File C:\windows\System32\sdrsvc.dll not found. File C:\windows\System32\wuaueng.dll not found. File C:\windows\System32\drivers\afd.sys not found. File C:\windows\System32\drivers\tcpip.sys not found. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Angelo ->Temp folder emptied: 198362 bytes ->Temporary Internet Files folder emptied: 413800 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 6106597 bytes ->Google Chrome cache emptied: 0 bytes ->Flash cache emptied: 291 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 0 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 6.00 mb OTL by OldTimer - Version 3.2.53.1 log created on 07052012_204240 Files\Folders moved on Reboot... C:\Users\Angelo\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. PendingFileRenameOperations files... [2012/04/24 00:28:22 | 000,142,336 | ---- | M] (Microsoft Corporation) C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.21979_none_7854c7b7125b248c\cryptsvc.dll : MD5=21993009E0CCB9B4FA195F14D3408626 Registry entries deleted on Reboot... Farbar Service Scanner Version: 25-06-2012 01 Ran by Angelo (administrator) on 05-07-2012 at 20:46:21 Running from "C:\Users\Angelo\Desktop\MWB fix" Microsoft Windows 7 Home Premium (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Dnscache Service is not running. Checking service configuration: The start type of Dnscache service is OK. The ImagePath of Dnscache service is OK. The ServiceDll of Dnscache service is OK. Dhcp Service is not running. Checking service configuration: The start type of Dhcp service is OK. The ImagePath of Dhcp service is OK. The ServiceDll of Dhcp service is OK. tdx Service is not running. Checking service configuration: Checking Start type: ATTENTION!=====> Unable to open tdx registry key. The service key does not exist. Checking ImagePath: ATTENTION!=====> Unable to open tdx registry key. The service key does not exist. Connection Status: ============== Localhost is accessible. There is no connection to network. Google IP is accessible. Attempt to access Google.com returned error: Other errors Yahoo IP is accessible. Attempt to access Yahoo.com returned error: Other errors Windows Firewall: ============= mpsdrv Service is not running. Checking service configuration: The start type of mpsdrv service is OK. The ImagePath of mpsdrv service is OK. MpsSvc Service is not running. Checking service configuration: Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist. Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist. Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist. Firewall Disabled Policy: ================== System Restore: ============ System Restore Disabled Policy: ======================== Action Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== WinDefend Service is not running. Checking service configuration: The start type of WinDefend service is set to Demand. The default start type is Auto. The ImagePath of WinDefend service is OK. The ServiceDll of WinDefend service is OK. Windows Defender Disabled Policy: ========================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware"=DWORD:1 File Check: ======== C:\Windows\System32\nsisvc.dll => MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit C:\Windows\System32\dhcpcore.dll => MD5 is legit C:\Windows\System32\drivers\afd.sys [2012-02-15 07:22] - [2011-12-27 23:59] - 0499200 ____A (Microsoft Corporation) DB9D6C6B2CD95A9CA414D045B627422E C:\Windows\System32\drivers\tdx.sys => MD5 is legit C:\Windows\System32\Drivers\tcpip.sys [2012-05-08 19:51] - [2012-03-30 07:09] - 1895280 ____A (Microsoft Corporation) 624C5B3AA4C99B3184BB922D9ECE3FF0 C:\Windows\System32\dnsrslvr.dll => MD5 is legit C:\Windows\System32\mpssvc.dll [2009-07-13 20:09] - [2009-07-13 21:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3 C:\Windows\System32\bfe.dll => MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit C:\Windows\System32\SDRSVC.dll [2009-07-13 19:36] - [2009-07-13 21:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5 C:\Windows\System32\vssvc.exe => MD5 is legit C:\Windows\System32\wscsvc.dll => MD5 is legit C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit C:\Windows\System32\wuaueng.dll [2009-07-13 20:36] - [2009-07-13 21:41] - 2418176 ____A (Microsoft Corporation) 38340204A2D0228F1E87740FC5E554A7 C:\Windows\System32\qmgr.dll => MD5 is legit C:\Windows\System32\es.dll => MD5 is legit C:\Windows\System32\cryptsvc.dll [2012-06-13 20:51] - [2012-04-24 01:59] - 0182272 ____A (Microsoft Corporation) F02786B66375292E58C8777082D4396D C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit **** End of log ****

Here it is! Farbar Service Scanner Version: 25-06-2012 01 Ran by Angelo (administrator) on 04-07-2012 at 22:08:24 Microsoft Windows 7 Home Premium (X64) ************************************************ ======== Search: "afd.sys;tcpip.sys;mpssvc.dll;SDRSVC.dll;wuaueng.dll;cryptsvc.dll;" ========= C:\windows\System32\cryptsvc.dll [2012-06-13 20:51] - [2012-04-24 01:59] - 0182272 ____A (Microsoft Corporation) F02786B66375292E58C8777082D4396D C:\windows\System32\MPSSVC.dll [2009-07-13 20:09] - [2009-07-13 21:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3 C:\windows\System32\sdrsvc.dll [2009-07-13 19:36] - [2009-07-13 21:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5 C:\windows\System32\wuaueng.dll [2009-07-13 20:36] - [2009-07-13 21:41] - 2418176 ____A (Microsoft Corporation) 38340204A2D0228F1E87740FC5E554A7 C:\windows\System32\drivers\afd.sys [2012-02-15 07:22] - [2011-12-27 23:59] - 0499200 ____A (Microsoft Corporation) DB9D6C6B2CD95A9CA414D045B627422E C:\windows\System32\drivers\tcpip.sys [2012-05-08 19:51] - [2012-03-30 07:09] - 1895280 ____A (Microsoft Corporation) 624C5B3AA4C99B3184BB922D9ECE3FF0 C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.21979_none_7854c7b7125b248c\cryptsvc.dll [2012-06-13 20:51] - [2012-04-24 00:28] - 0142336 ____A (Microsoft Corporation) 21993009E0CCB9B4FA195F14D3408626 C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17827_none_77ff39f3f916c65f\cryptsvc.dll [2012-06-13 20:51] - [2012-04-24 00:36] - 0140288 ____A (Microsoft Corporation) 06E771AA596B8761107AB57E99F128D7 C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.21199_none_7658a1151545269d\cryptsvc.dll [2012-06-13 20:51] - [2012-04-24 00:33] - 0141312 ____A (Microsoft Corporation) F522279B4717E2BFF269C771FAC2B78E C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.17008_none_762f534bfbdf7203\cryptsvc.dll [2012-06-13 20:51] - [2012-04-24 00:47] - 0139264 ____A (Microsoft Corporation) 520A108A2657F4BCA7FCED9CA7D885DE C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_75d5ef87fc22e35a\cryptsvc.dll [2009-07-13 19:33] - [2009-07-13 21:15] - 0135680 ____A (Microsoft Corporation) 9C231178CE4FB385F4B54B0A9080B8A4 C:\Windows\winsxs\amd64_networking-mpssvc-svc_31bf3856ad364e35_6.1.7600.16385_none_f6092d1fe18dc440\MPSSVC.dll [2009-07-13 20:09] - [2009-07-13 21:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3 C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21887_none_364f3a028e605345\afd.sys [2012-02-15 07:22] - [2011-12-28 00:01] - 0498176 ____A (Microsoft Corporation) 36A14FD1A23F57046361733B792CA8DB C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_3695e61e8e2c13d4\afd.sys [2011-12-02 04:32] - [2011-04-24 23:09] - 0499200 ____A (Microsoft Corporation) F4AD06143EAC303F55D0E86C40802976 C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17752_none_35e10b89752ee0f5\afd.sys [2012-02-15 07:22] - [2011-12-27 23:59] - 0498688 ____A (Microsoft Corporation) 1C7857B62DE5994A75B054A9FD4C3825 C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_3618198975057170\afd.sys [2011-12-02 04:32] - [2011-04-24 22:34] - 0499200 ____A (Microsoft Corporation) D5B031C308A409A0A576BFF4CF083D30 C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.21115_none_34b263fe91032456\afd.sys [2012-02-15 07:22] - [2011-12-28 00:01] - 0499200 ____A (Microsoft Corporation) CCA39961E76B491DDF44B1E90FC8971D C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_3483491e9126fe55\afd.sys [2011-12-02 04:32] - [2011-04-24 22:44] - 0499712 ____A (Microsoft Corporation) FBFF8B7C9D116229E9208A0D1CAEB49B C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16937_none_34154fcd77f3bbda\afd.sys [2012-02-15 07:22] - [2011-12-27 23:59] - 0499200 ____A (Microsoft Corporation) DB9D6C6B2CD95A9CA414D045B627422E C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_3430bc3977dfec2d\afd.sys [2011-12-02 04:32] - [2011-04-24 22:44] - 0499712 ____A (Microsoft Corporation) 6EF20DDF3172E97D69F596FB90602F29 C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_33dd3439781e25f7\afd.sys [2009-07-13 19:21] - [2009-07-13 19:21] - 0500224 ____A (Microsoft Corporation) B9384E03479D2506BC924C16A3DB87BC C:\Windows\winsxs\amd64_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.3.7600.16385_none_8ca5655e8bc7dae9\wuaueng.dll [2009-07-13 20:36] - [2009-07-13 21:41] - 2418176 ____A (Microsoft Corporation) 38340204A2D0228F1E87740FC5E554A7 C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21954_none_11a27a8e9643d23a\tcpip.sys [2012-05-08 19:51] - [2012-03-30 06:26] - 1901424 ____A (Microsoft Corporation) 885B202006EE17AE99B9FBCEC9AF88C9 C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21828_none_11c6e9949627e69c\tcpip.sys [2011-12-02 04:31] - [2011-09-29 13:41] - 1912176 ____A (Microsoft Corporation) 3810F06A4D74A7D62641EE73D6B3C660 C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_11cbb5de9625357a\tcpip.sys [2011-12-02 04:32] - [2011-04-25 02:16] - 1927552 ____A (Microsoft Corporation) B77977AEB2FF159D01DB08A309989C5F C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17802_none_114ceccb7cff740d\tcpip.sys [2012-05-08 19:51] - [2012-03-30 07:35] - 1918320 ____A (Microsoft Corporation) ACB82BDA8F46C84F465C1AFA517DC4B9 C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17697_none_10f09b257d43f3eb\tcpip.sys [2011-12-02 04:31] - [2011-09-29 12:29] - 1923952 ____A (Microsoft Corporation) FC62769E7BFF2896035AEED399108162 C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_114de9497cfe9316\tcpip.sys [2011-12-02 04:32] - [2011-04-25 01:33] - 1923968 ____A (Microsoft Corporation) 92CE29D95AC9DD2D0EE9061D551BA250 C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21178_none_0faa5514992a39a7\tcpip.sys [2012-05-08 19:51] - [2012-03-30 06:19] - 1877872 ____A (Microsoft Corporation) 5EFD096DEF47F8B88EF591DA92143440 C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21060_none_0fad20ca992955d7\tcpip.sys [2011-12-02 04:31] - [2011-09-29 12:17] - 1886064 ____A (Microsoft Corporation) AC3E29880DB5659532A1AA3439304A43 C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20951_none_0fb918de99201ffb\tcpip.sys [2011-12-02 04:32] - [2011-04-25 01:28] - 1893248 ____A (Microsoft Corporation) 1F748D5439B65E0BEBD92F65048F030D C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_0fd0b57e990e2079\tcpip.sys [2011-02-11 18:25] - [2011-02-11 18:25] - 1889152 ____A (Microsoft Corporation) 542C6767C68C9D6AAACA59436B0D15C2 C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20687_none_0f9ea52499331463\tcpip.sys [2012-01-15 20:53] - [2010-04-09 03:56] - 1892232 ____A (Microsoft Corporation) A9C0F786AC1F736891D05CE0A1D29DEB C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16986_none_0f140fa780164fde\tcpip.sys [2012-05-08 19:51] - [2012-03-30 07:09] - 1895280 ____A (Microsoft Corporation) 624C5B3AA4C99B3184BB922D9ECE3FF0 C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16889_none_0f170e9f80139ebc\tcpip.sys [2011-12-02 04:31] - [2011-09-29 12:24] - 1897328 ____A (Microsoft Corporation) F18F56EFC0BFB9C87BA01C37B27F4DA5 C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16802_none_0f668bf97fd90dd3\tcpip.sys [2011-12-02 04:32] - [2011-04-25 01:32] - 1896832 ____A (Microsoft Corporation) 61DC720BB065D607D5823F13D2A64321 C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_0f59b7ad7fe2fcc8\tcpip.sys [2011-02-11 18:25] - [2011-02-11 18:25] - 1896832 ____A (Microsoft Corporation) 90A2D722CF64D911879D6C4A4F802A4D C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16569_none_0f2ca8c580036f65\tcpip.sys [2012-01-15 20:53] - [2010-04-09 07:06] - 1898376 ____A (Microsoft Corporation) 7FC877A25796D8ADF539E64703FCA7E1 C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys [2009-07-13 19:25] - [2009-07-13 21:45] - 1898576 ____A (Microsoft Corporation) 912107716BAB424C7870E8E6AF5E07E1 C:\Windows\winsxs\amd64_microsoft-windows-safedocs-main_31bf3856ad364e35_6.1.7600.16385_none_80feadf380799a73\sdrsvc.dll [2009-07-13 19:36] - [2009-07-13 21:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5 C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.21979_none_d473633acab895c2\cryptsvc.dll [2012-06-13 20:51] - [2012-04-24 01:22] - 0186880 ____A (Microsoft Corporation) B7337E9C9E5936355BB700AA33E0936E C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17827_none_d41dd577b1743795\cryptsvc.dll [2012-06-13 20:51] - [2012-04-24 01:37] - 0184320 ____A (Microsoft Corporation) 4F5414602E2544A4554D95517948B705 C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.21199_none_d2773c98cda297d3\cryptsvc.dll [2012-06-13 20:51] - [2012-04-24 01:36] - 0183808 ____A (Microsoft Corporation) CE8BF1423AEE47DA5275FBC8AD3BD642 C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.17008_none_d24deecfb43ce339\cryptsvc.dll [2012-06-13 20:51] - [2012-04-24 01:59] - 0182272 ____A (Microsoft Corporation) F02786B66375292E58C8777082D4396D C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_d1f48b0bb4805490\cryptsvc.dll [2009-07-13 19:49] - [2009-07-13 21:40] - 0175104 ____A (Microsoft Corporation) 8C57411B66282C01533CB776F98AD384 C:\Windows\SysWOW64\cryptsvc.dll [2012-06-13 20:51] - [2012-04-24 00:47] - 0139264 ____A (Microsoft Corporation) 520A108A2657F4BCA7FCED9CA7D885DE C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_7807034ff91166f4\cryptsvc.dll [2011-12-03 19:50] - [2010-11-20 08:18] - 0136192 ____A (Microsoft Corporation) A585BEBF7D054BD9618EDA0922D5484A C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_networking-mpssvc-svc_31bf3856ad364e35_6.1.7601.17514_none_f83a40e7de7c47da\MPSSVC.dll [2011-12-03 19:51] - [2010-11-20 09:26] - 0828416 ____A (Microsoft Corporation) 54FFC9C8898113ACE189D4AA7199D2C1 C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991\afd.sys [2011-12-03 19:50] - [2010-11-20 05:23] - 0499712 ____A (Microsoft Corporation) D31DC7A16DEA4A9BAF179F3D6FBDB38C C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.5.7601.17514_none_1f3413afc64d10c5\wuaueng.dll [2011-12-03 19:50] - [2010-11-20 09:27] - 2420736 ____A (Microsoft Corporation) 9DF12EDBC698B0BC353B3EF84861E430 C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37\tcpip.sys [2011-12-03 19:51] - [2010-11-20 09:33] - 1924480 ____A (Microsoft Corporation) 509383E505C973ED7534A06B3D19688D C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-safedocs-main_31bf3856ad364e35_6.1.7601.17514_none_832fc1bb7d681e0d\sdrsvc.dll [2011-12-03 19:49] - [2010-11-20 09:27] - 0170496 ____A (Microsoft Corporation) 6EA4234DC55346E0709560FE7C2C1972 C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_d4259ed3b16ed82a\cryptsvc.dll [2011-12-03 19:50] - [2010-11-20 09:25] - 0177152 ____A (Microsoft Corporation) 15597883FBE9B056F276ADA3AD87D9AF ====== End Of Search ======

Hi Maniac, here are the logs: All processes killed ========== OTL ========== 64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully. C:\Users\Angelo\AppData\Local\{61fcaa24-ffd0-4994-b381-d5a0462b6125}\@ moved successfully. ========== FILES ========== C:\Users\Angelo\AppData\Local\{61fcaa24-ffd0-4994-b381-d5a0462b6125}\U folder moved successfully. C:\Users\Angelo\AppData\Local\{61fcaa24-ffd0-4994-b381-d5a0462b6125}\L folder moved successfully. C:\Users\Angelo\AppData\Local\{61fcaa24-ffd0-4994-b381-d5a0462b6125} folder moved successfully. File C:\windows\System32\drivers\afd.sys not found. File C:\windows\System32\drivers\tcpip.sys not found. File C:\windows\System32\MPSSVC.dll not found. File C:\windows\System32\sdrsvc.dll not found. File C:\windows\System32\wuaueng.dll not found. Unable to replace file: C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.21979_none_7854c7b7125b248c\cryptsvc.dll with C:\windows\System32\cryptsvc.dll without a reboot. < ipconfig /flushdns /c > Windows IP Configuration Could not flush the DNS Resolver Cache: Function failed during execution. C:\Users\Angelo\Desktop\cmd.bat deleted successfully. C:\Users\Angelo\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Angelo ->Temp folder emptied: 33263597 bytes ->Temporary Internet Files folder emptied: 956964287 bytes ->Java cache emptied: 56515 bytes ->FireFox cache emptied: 99691756 bytes ->Google Chrome cache emptied: 348338024 bytes ->Flash cache emptied: 3256 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 66396648 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 52423 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 1,435.00 mb OTL by OldTimer - Version 3.2.53.1 log created on 07032012_210539 Files\Folders moved on Reboot... C:\Users\Angelo\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. PendingFileRenameOperations files... [2012/04/24 00:28:22 | 000,142,336 | ---- | M] (Microsoft Corporation) C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.21979_none_7854c7b7125b248c\cryptsvc.dll : MD5=21993009E0CCB9B4FA195F14D3408626 Registry entries deleted on Reboot... Farbar Service Scanner Version: 25-06-2012 01 Ran by Angelo (administrator) on 03-07-2012 at 21:09:55 Running from "C:\Users\Angelo\Desktop" Microsoft Windows 7 Home Premium (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Dnscache Service is not running. Checking service configuration: The start type of Dnscache service is OK. The ImagePath of Dnscache service is OK. The ServiceDll of Dnscache service is OK. Dhcp Service is not running. Checking service configuration: The start type of Dhcp service is OK. The ImagePath of Dhcp service is OK. The ServiceDll of Dhcp service is OK. tdx Service is not running. Checking service configuration: Checking Start type: ATTENTION!=====> Unable to open tdx registry key. The service key does not exist. Checking ImagePath: ATTENTION!=====> Unable to open tdx registry key. The service key does not exist. Connection Status: ============== Localhost is accessible. There is no connection to network. Google IP is accessible. Attempt to access Google.com returned error: Other errors Yahoo IP is accessible. Attempt to access Yahoo.com returned error: Other errors Windows Firewall: ============= mpsdrv Service is not running. Checking service configuration: The start type of mpsdrv service is OK. The ImagePath of mpsdrv service is OK. MpsSvc Service is not running. Checking service configuration: Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist. Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist. Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist. Firewall Disabled Policy: ================== System Restore: ============ System Restore Disabled Policy: ======================== Action Center: ============ Windows Update: ============ wuauserv Service is not running. Checking service configuration: The start type of wuauserv service is OK. The ImagePath of wuauserv service is OK. The ServiceDll of wuauserv service is OK. Windows Autoupdate Disabled Policy: ============================ File Check: ======== C:\Windows\System32\nsisvc.dll => MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit C:\Windows\System32\dhcpcore.dll => MD5 is legit C:\Windows\System32\drivers\afd.sys [2012-02-15 07:22] - [2011-12-27 23:59] - 0499200 ____A (Microsoft Corporation) DB9D6C6B2CD95A9CA414D045B627422E C:\Windows\System32\drivers\tdx.sys => MD5 is legit C:\Windows\System32\Drivers\tcpip.sys [2012-05-08 19:51] - [2012-03-30 07:09] - 1895280 ____A (Microsoft Corporation) 624C5B3AA4C99B3184BB922D9ECE3FF0 C:\Windows\System32\dnsrslvr.dll => MD5 is legit C:\Windows\System32\mpssvc.dll [2009-07-13 20:09] - [2009-07-13 21:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3 C:\Windows\System32\bfe.dll => MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit C:\Windows\System32\SDRSVC.dll [2009-07-13 19:36] - [2009-07-13 21:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5 C:\Windows\System32\vssvc.exe => MD5 is legit C:\Windows\System32\wscsvc.dll => MD5 is legit C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit C:\Windows\System32\wuaueng.dll [2009-07-13 20:36] - [2009-07-13 21:41] - 2418176 ____A (Microsoft Corporation) 38340204A2D0228F1E87740FC5E554A7 C:\Windows\System32\qmgr.dll => MD5 is legit C:\Windows\System32\es.dll => MD5 is legit C:\Windows\System32\cryptsvc.dll [2012-06-13 20:51] - [2012-04-24 01:59] - 0182272 ____A (Microsoft Corporation) F02786B66375292E58C8777082D4396D C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit **** End of log ****

Hi, here are the logs aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-07-02 12:41:22 ----------------------------- 12:41:22.139 OS Version: Windows x64 6.1.7600 12:41:22.139 Number of processors: 2 586 0x2505 12:41:22.139 ComputerName: ANGELO-PC UserName: Angelo 12:41:23.777 Initialize success 12:41:41.480 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 12:41:41.480 Disk 0 Vendor: WDC_WD32 02.0 Size: 305245MB BusType: 3 12:41:41.496 Disk 0 MBR read successfully 12:41:41.496 Disk 0 MBR scan 12:41:41.496 Disk 0 Windows 7 default MBR code 12:41:41.512 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 200 MB offset 2048 12:41:41.527 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 260243 MB offset 411648 12:41:41.527 Disk 0 Partition - 00 0F Extended LBA 29692 MB offset 533389312 12:41:41.558 Disk 0 Partition 3 00 12 Compaq diag NTFS 15109 MB offset 594198528 12:41:41.590 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 29691 MB offset 533391360 12:41:41.621 Disk 0 scanning C:\windows\system32\drivers 12:41:49.343 Service scanning 12:42:05.910 Modules scanning 12:42:05.926 Disk 0 trace - called modules: 12:42:05.957 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 12:42:05.957 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80025cc530] 12:42:05.972 3 CLASSPNP.SYS[fffff88001b0e43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8002410050] 12:42:05.988 Scan finished successfully 12:42:38.140 Disk 0 MBR has been saved successfully to "C:\Users\Angelo\Desktop\MBR.dat" 12:42:38.140 The log file has been saved successfully to "C:\Users\Angelo\Desktop\aswMBR.txt" OTL: OTL logfile created on: 7/2/2012 12:43:04 PM - Run 1 OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Angelo\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.80 Gb Total Physical Memory | 0.91 Gb Available Physical Memory | 50.76% Memory free 3.60 Gb Paging File | 2.22 Gb Available in Paging File | 61.65% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 254.14 Gb Total Space | 183.21 Gb Free Space | 72.09% Space Free | Partition Type: NTFS Drive D: | 29.00 Gb Total Space | 28.91 Gb Free Space | 99.70% Space Free | Partition Type: NTFS Drive E: | 3.81 Gb Total Space | 1.84 Gb Free Space | 48.44% Space Free | Partition Type: FAT32 Computer Name: ANGELO-PC | User Name: Angelo | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/07/02 12:38:40 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Angelo\Desktop\OTL.exe PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2011/09/01 18:47:26 | 000,090,448 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe PRC - [2010/10/26 18:20:52 | 001,196,032 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe PRC - [2010/10/26 18:16:06 | 000,331,776 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe PRC - [2010/10/05 15:12:52 | 000,137,728 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Internet Modem\NokiaInternetModem_AppStart.exe PRC - [2010/06/10 14:42:44 | 002,621,440 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe PRC - [2010/05/27 23:14:52 | 000,376,176 | ---- | M] (Egis Technology Inc. ) -- C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe PRC - [2010/05/27 23:14:02 | 000,709,488 | ---- | M] (Egis Technology Inc. ) -- C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe PRC - [2010/05/27 23:13:38 | 000,314,736 | ---- | M] (Egis Technology Inc. ) -- C:\Program Files (x86)\EgisTec BioExcess\EgisDSService.exe PRC - [2010/03/10 18:11:56 | 000,407,920 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe PRC - [2010/03/10 18:11:42 | 000,201,584 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe PRC - [2010/03/09 01:42:02 | 000,029,984 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe PRC - [2010/03/09 01:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe PRC - [2010/03/05 21:11:30 | 000,636,192 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe PRC - [2010/03/03 16:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010/03/03 16:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe PRC - [2010/01/25 09:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe PRC - [2010/01/19 13:44:40 | 000,536,576 | ---- | M] (Vimicro) -- C:\Program Files (x86)\USB Camera2\VM332_STI.EXE PRC - [2009/09/30 08:02:38 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe PRC - [2009/09/30 08:02:36 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe PRC - [2009/05/05 17:06:06 | 000,222,496 | ---- | M] (Acresso Corporation) -- C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe ========== Modules (No Company Name) ========== MOD - [2012/06/14 03:37:49 | 011,824,128 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\84fbf353f91385690a3e4e982aa6930e\System.Web.ni.dll MOD - [2012/06/14 03:37:17 | 012,433,920 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\009c50fb69919b90fb233cb4c35d0ad7\System.Windows.Forms.ni.dll MOD - [2012/06/14 03:37:09 | 001,591,808 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ebefde27b0ef7f39bb49c493b34a602c\System.Drawing.ni.dll MOD - [2012/05/09 03:50:54 | 000,452,608 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\73baa23d28d21c7c01e334211330a84e\IAStorUtil.ni.dll MOD - [2012/05/09 03:48:29 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0c00b1a8336dd4c1bd1ebce7780f20b4\System.Runtime.Remoting.ni.dll MOD - [2012/05/09 03:47:25 | 003,325,952 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b68fdf2c95b93fc5006a092c11eed07c\WindowsBase.ni.dll MOD - [2012/05/09 03:47:18 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll MOD - [2012/05/09 03:47:14 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll MOD - [2012/05/09 03:47:13 | 007,952,384 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll MOD - [2012/05/09 03:47:05 | 011,490,816 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2010/10/05 15:13:26 | 000,028,160 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Internet Modem\ressources\plugins\DiscoveryGeneric.plugin MOD - [2010/10/05 15:13:26 | 000,017,408 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Internet Modem\ressources\plugins\DiscoveryNdis.plugin MOD - [2010/10/05 15:12:54 | 001,048,064 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Internet Modem\wxmsw28u_core_vc_custom.dll MOD - [2010/10/05 15:12:54 | 000,756,224 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Internet Modem\UIToolkit.dll MOD - [2010/10/05 15:12:54 | 000,726,528 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Internet Modem\wxbase28u_vc_custom.dll MOD - [2010/10/05 15:12:54 | 000,500,736 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Internet Modem\Toolkit.dll MOD - [2010/10/05 15:12:52 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Internet Modem\pcre3.dll MOD - [2010/10/05 15:12:52 | 000,137,728 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Internet Modem\NokiaInternetModem_AppStart.exe MOD - [2010/10/05 15:12:52 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Internet Modem\Preferences.dll MOD - [2010/10/05 15:12:50 | 000,308,224 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Internet Modem\Device.dll MOD - [2010/10/05 15:12:50 | 000,246,784 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Internet Modem\DB.dll MOD - [2010/10/05 15:12:50 | 000,125,440 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Internet Modem\Discovery.dll MOD - [2010/10/05 15:12:50 | 000,045,056 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Internet Modem\DriveDetector.dll MOD - [2010/10/05 15:12:48 | 000,088,064 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Internet Modem\ComCore.dll MOD - [2009/02/27 17:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV:64bit: - [2010/09/22 14:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2010/02/05 10:43:20 | 000,311,296 | ---- | M] (Realtek Semiconductor Corp.) [Auto | Running] -- C:\Program Files\Realtek\RtLED\RtLEDService.exe -- (RtLedService) SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svchost.exe -- (WinHttpAutoProxySvc) SRV - [2012/06/17 15:36:42 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/05/26 23:00:09 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011/12/02 05:34:30 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\srvany.exe -- (KMService) SRV - [2010/05/27 23:14:02 | 000,709,488 | ---- | M] (Egis Technology Inc. ) [Auto | Running] -- C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe -- (EgisTec Service) SRV - [2010/05/27 23:13:38 | 000,314,736 | ---- | M] (Egis Technology Inc. ) [Auto | Running] -- C:\Program Files (x86)\EgisTec BioExcess\EgisDSService.exe -- (EgisTec Data Security Service) SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/03/09 01:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe -- (PDFProFiltSrvPP) SRV - [2010/03/03 16:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel® SRV - [2010/01/25 09:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc) SRV - [2009/09/30 08:02:38 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel® SRV - [2009/09/30 08:02:36 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel® SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009/05/05 04:05:24 | 000,326,656 | R--- | M] (ASUSTek COMPUTER INC.) [Auto | Running] -- C:\Program Files (x86)\ASUS\Printer Utilities\UsbService64.exe -- (UsbService) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2012/03/01 02:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011/08/31 20:53:22 | 012,306,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2011/08/01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64) DRV:64bit: - [2011/07/25 18:44:46 | 000,074,752 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb) DRV:64bit: - [2011/07/20 15:58:22 | 000,044,032 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort) DRV:64bit: - [2011/03/19 06:22:49 | 000,035,888 | ---- | M] (EgisTec) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\FPSensor.sys -- (FPSensor) EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys) DRV:64bit: - [2011/03/19 06:22:48 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk) DRV:64bit: - [2011/03/19 06:22:48 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter) DRV:64bit: - [2011/03/19 06:22:48 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ) DRV:64bit: - [2011/03/11 02:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 02:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/06/19 00:36:04 | 000,017,920 | ---- | M] (Siliten) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\InputFilter_FlexDef2b.sys -- (InputFilter_Hid_FlexDef2b) Siliten HID Devices(FlexDef2b) DRV:64bit: - [2010/05/10 21:17:50 | 000,229,488 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vm332avs.sys -- (vm332avs) DRV:64bit: - [2010/04/22 16:07:26 | 000,098,304 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nokia_cs1x_cdc_acm.sys -- (nokia_cs1x_cdc_acm) DRV:64bit: - [2010/04/22 16:07:26 | 000,097,280 | ---- | M] (Nokia) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nokia_cs1x_dc_enum.sys -- (nokia_cs1x_dc_enum) DRV:64bit: - [2010/04/22 16:07:26 | 000,053,760 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nokia_cs1x_cdc_ecm.sys -- (nokia_cs1x_cdc_ecm) DRV:64bit: - [2010/04/22 16:07:26 | 000,013,824 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nokia_cs1x_cpo.sys -- (nokia_cs1x_cpo) DRV:64bit: - [2010/03/26 05:14:50 | 000,162,304 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD) DRV:64bit: - [2010/03/24 05:57:20 | 000,243,744 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2010/03/03 15:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010/03/02 12:45:24 | 001,594,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2010/02/26 17:02:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2010/02/22 06:03:44 | 000,075,304 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2010/01/15 14:08:34 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LhdX64.sys -- (LHDmgr) DRV:64bit: - [2009/10/18 20:40:50 | 000,028,176 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC) DRV:64bit: - [2009/09/17 00:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel® DRV:64bit: - [2009/07/21 10:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd) DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:64bit: - [2009/07/13 20:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM) DRV:64bit: - [2009/07/13 20:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx) DRV:64bit: - [2009/06/10 16:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel® DRV:64bit: - [2009/06/10 16:34:36 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2007/12/16 22:25:14 | 000,047,616 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vuhub.sys -- (vuhub) DRV:64bit: - [2006/12/12 03:29:02 | 000,097,280 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrSerIf.sys -- (BrSerIf) DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data] IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2591753365-2526377709-281079065-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/ IE - HKU\S-1-5-21-2591753365-2526377709-281079065-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2591753365-2526377709-281079065-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox IE - HKU\S-1-5-21-2591753365-2526377709-281079065-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2591753365-2526377709-281079065-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Angelo\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Angelo\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/17 15:36:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/05/21 12:06:15 | 000,000,000 | ---D | M] [2011/12/04 08:00:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Angelo\AppData\Roaming\Mozilla\Extensions [2012/06/17 15:58:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Angelo\AppData\Roaming\Mozilla\Firefox\Profiles\zwmj45cc.default\extensions [2012/04/17 13:29:01 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Angelo\AppData\Roaming\Mozilla\Firefox\Profiles\zwmj45cc.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2012/05/21 12:01:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012/06/17 15:58:13 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\ANGELO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZWMJ45CC.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2012/06/17 15:36:43 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012/06/17 15:36:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/06/17 15:36:40 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}, CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Angelo\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\Angelo\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Angelo\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Angelo\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Angelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Angelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Google Update (Enabled) = C:\Users\Angelo\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll CHR - Extension: YouTube = C:\Users\Angelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google Search = C:\Users\Angelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: AdBlock = C:\Users\Angelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.34_0\ CHR - Extension: ICE Quick Stream = C:\Users\Angelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mapljocpedaolbooelchgnkkaplpadgp\4.92_1\ CHR - Extension: Hover Zoom = C:\Users\Angelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl\4.3.6_0\ CHR - Extension: Gmail = C:\Users\Angelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll (Zeon Corporation) O2 - BHO: (IEPwdBankBHO Class) - {56CBB761-DA41-4E31-B270-B13B4B0A61D0} - C:\Program Files (x86)\EgisTec BioExcess\EgisIEPwdBank.dll (Egis Technology Inc. ) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited) O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited) O4:64bit: - HKLM..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe (The Eraser Project) O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [intelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [updatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [332BigDog] C:\Program Files (x86)\USB Camera2\VM332_STI.EXE (Vimicro) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [brStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [iMSS] C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe () O4 - HKLM..\Run: [indexSearch] C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NokiaInternetModem_AppStart.exe] C:\Program Files (x86)\Nokia\Nokia Internet Modem\NokiaInternetModem_AppStart.exe () O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PDFHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PPort12reminder] C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited) O4 - HKLM..\Run: [uCam_Menu] C:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [updateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [updatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe File not found O4 - HKLM..\Run: [VitaKeyTSR] C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe (Egis Technology Inc. ) O4 - HKLM..\Run: [YouCam Mirror Tray icon] C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe (CyberLink Corp.) O4 - HKU\S-1-5-21-2591753365-2526377709-281079065-1000..\Run: [iSUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Angelo\Desktop\PartyPoker.lnk File not found O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Angelo\Desktop\PartyPoker.lnk File not found O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - mmswsock.dll File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3E34E9DE-FBCC-4629-B42B-0014EBD8D882}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7351B29F-BEA3-4F1F-A4EB-AE9D8A965B66}: DhcpNameServer = 64.71.255.198 64.71.255.253 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D27A83E8-B972-4B86-8195-B42B7A967A20}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{90a54729-1fd4-11e1-9c81-f0def14dbde2}\Shell - "" = AutoRun O33 - MountPoints2\{90a54729-1fd4-11e1-9c81-f0def14dbde2}\Shell\AutoRun\command - "" = E:\Memorybar.exe O33 - MountPoints2\{a7f50fc9-1c6a-11e1-b5a6-f0def14dbde2}\Shell - "" = AutoRun O33 - MountPoints2\{a7f50fc9-1c6a-11e1-b5a6-f0def14dbde2}\Shell\AutoRun\command - "" = E:\application\Nokia_Internet_Modem.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/07/02 12:41:02 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Angelo\Desktop\aswMBR.exe [2012/07/02 12:41:02 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Angelo\Desktop\OTL.exe [2012/07/01 14:08:45 | 002,134,616 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Angelo\Desktop\tdsskiller.exe [2012/06/30 14:36:12 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Angelo\Desktop\dds.scr [2012/06/19 22:07:21 | 000,000,000 | ---D | C] -- C:\Users\Angelo\Desktop\Angeloo [2012/06/19 18:59:24 | 000,000,000 | ---D | C] -- C:\Users\Angelo\Desktop\Angelo [2012/06/17 17:07:14 | 000,000,000 | ---D | C] -- C:\ComboFix [2012/06/17 17:07:08 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/06/17 17:06:40 | 000,000,000 | ---D | C] -- C:\windows\erdnt [2012/06/17 17:06:38 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW [2012/06/17 16:02:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy [2012/06/17 16:02:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2012/06/17 16:02:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy [2012/06/17 15:36:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2012/06/17 15:36:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2012/06/16 17:21:16 | 000,000,000 | ---D | C] -- C:\Users\Angelo\AppData\Roaming\Malwarebytes [2012/06/16 17:21:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/06/16 17:21:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/06/16 17:21:13 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys [2012/06/16 17:21:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012/06/14 03:01:18 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll [2012/06/14 03:01:17 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll [2012/06/14 03:01:17 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll [2012/06/14 03:01:17 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll [2012/06/14 03:01:15 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll [2012/06/14 03:01:15 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll [2012/06/14 03:01:14 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe [2012/06/14 03:01:14 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe [2012/06/14 03:01:11 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl [2012/06/14 03:01:11 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl [2012/06/14 03:01:10 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll [2012/06/14 03:01:10 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll [2012/06/14 03:01:09 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll [2012/06/13 20:51:58 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpcorekmts.dll [2012/06/13 20:51:57 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpwsx.dll [2012/06/13 20:51:57 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdrmemptylst.exe [2012/06/13 20:51:49 | 005,505,392 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe [2012/06/13 20:51:47 | 003,902,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe [2012/06/13 20:51:46 | 003,958,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe [2012/06/13 20:51:42 | 003,213,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msi.dll [2012/06/13 20:51:40 | 001,460,224 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\crypt32.dll [2012/06/13 20:51:39 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cryptnet.dll [2012/06/07 22:50:35 | 000,000,000 | -HSD | C] -- C:\windows\SysWow64\%APPDATA% [2 C:\Users\Angelo\Desktop\*.tmp files -> C:\Users\Angelo\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/07/02 12:42:38 | 000,000,512 | ---- | M] () -- C:\Users\Angelo\Desktop\MBR.dat [2012/07/02 12:39:50 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2591753365-2526377709-281079065-1000UA.job [2012/07/02 12:39:40 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2012/07/02 12:39:39 | 000,000,860 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2591753365-2526377709-281079065-1000Core.job [2012/07/02 12:39:36 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012/07/02 12:38:40 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Angelo\Desktop\OTL.exe [2012/07/02 12:38:38 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Angelo\Desktop\aswMBR.exe [2012/07/01 14:07:04 | 002,134,616 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Angelo\Desktop\tdsskiller.exe [2012/06/30 14:54:29 | 000,013,632 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/06/30 14:54:29 | 000,013,632 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/06/30 14:45:47 | 1450,582,016 | -HS- | M] () -- C:\hiberfil.sys [2012/06/30 14:44:39 | 000,729,880 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2012/06/30 14:44:39 | 000,626,540 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2012/06/30 14:44:39 | 000,107,784 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2012/06/30 14:35:20 | 000,340,645 | ---- | M] () -- C:\Users\Angelo\Desktop\FSS.exe [2012/06/30 14:33:58 | 000,126,976 | ---- | M] () -- C:\Users\Angelo\Desktop\ResetTeaTimer.exe [2012/06/30 14:32:42 | 000,132,597 | ---- | M] () -- C:\Users\Angelo\Desktop\Flash_Disinfector.exe [2012/06/30 12:59:42 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Angelo\Desktop\dds.scr [2012/06/17 17:07:15 | 000,000,332 | ---- | M] () -- C:\Start_.cmd [2012/06/17 15:56:40 | 000,001,049 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012/06/17 13:34:35 | 000,453,162 | ---- | M] () -- C:\Users\Angelo\Desktop\rbctestingfriday.zip [2012/06/16 17:16:16 | 000,002,198 | ---- | M] () -- C:\windows\epplauncher.mif [2012/06/14 03:33:39 | 000,430,656 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT [2012/06/09 14:03:43 | 000,172,994 | ---- | M] () -- C:\Users\Angelo\Desktop\Scenario 1 Assets and Liabilites.jpg [2012/06/09 14:02:08 | 000,210,390 | ---- | M] () -- C:\Users\Angelo\Desktop\Lloyd Balanced Scenario 1.jpg [2 C:\Users\Angelo\Desktop\*.tmp files -> C:\Users\Angelo\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/07/02 12:42:38 | 000,000,512 | ---- | C] () -- C:\Users\Angelo\Desktop\MBR.dat [2012/06/30 14:36:06 | 000,340,645 | ---- | C] () -- C:\Users\Angelo\Desktop\FSS.exe [2012/06/30 14:36:06 | 000,132,597 | ---- | C] () -- C:\Users\Angelo\Desktop\Flash_Disinfector.exe [2012/06/30 14:36:06 | 000,126,976 | ---- | C] () -- C:\Users\Angelo\Desktop\ResetTeaTimer.exe [2012/06/17 17:07:15 | 000,000,332 | ---- | C] () -- C:\Start_.cmd [2012/06/17 15:56:40 | 000,001,049 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012/06/17 12:00:22 | 000,453,162 | ---- | C] () -- C:\Users\Angelo\Desktop\rbctestingfriday.zip [2012/06/09 14:03:43 | 000,172,994 | ---- | C] () -- C:\Users\Angelo\Desktop\Scenario 1 Assets and Liabilites.jpg [2012/06/09 14:02:08 | 000,210,390 | ---- | C] () -- C:\Users\Angelo\Desktop\Lloyd Balanced Scenario 1.jpg [2012/02/21 06:07:01 | 000,000,027 | ---- | C] () -- C:\windows\BRPP2KA.INI [2012/02/21 06:07:00 | 000,000,419 | ---- | C] () -- C:\windows\BRWMARK.INI [2012/01/25 20:55:32 | 000,045,056 | ---- | C] () -- C:\windows\SysWow64\BRTCPCON.DLL [2012/01/25 20:54:58 | 000,000,114 | ---- | C] () -- C:\windows\SysWow64\BRLMW03A.INI [2012/01/14 19:47:40 | 000,010,752 | ---- | C] () -- C:\Users\Angelo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/01/11 16:51:24 | 000,002,048 | -HS- | C] () -- C:\Users\Angelo\AppData\Local\{61fcaa24-ffd0-4994-b381-d5a0462b6125}\@ [2011/12/05 23:57:31 | 000,000,355 | ---- | C] () -- C:\Users\Angelo\Computer - Shortcut.lnk [2011/12/02 05:35:14 | 000,008,192 | ---- | C] () -- C:\windows\SysWow64\srvany.exe [2011/12/02 01:05:04 | 000,744,030 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI [2011/09/14 06:56:19 | 000,000,019 | ---- | C] () -- C:\windows\maa.dat [2011/08/31 20:51:16 | 000,867,020 | ---- | C] () -- C:\windows\SysWow64\igkrng575.bin [2011/08/31 20:51:16 | 000,128,204 | ---- | C] () -- C:\windows\SysWow64\igcompkrng575.bin [2011/08/31 20:51:16 | 000,105,608 | ---- | C] () -- C:\windows\SysWow64\igfcg575m.bin [2011/08/31 20:26:20 | 013,903,872 | ---- | C] () -- C:\windows\SysWow64\ig4icd32.dll [2011/03/19 06:29:29 | 002,110,816 | ---- | C] () -- C:\windows\SysWow64\Apblend.dll [2011/03/19 06:29:29 | 001,171,456 | ---- | C] () -- C:\windows\SysWow64\PicNotify.dll [2011/03/19 06:29:20 | 001,044,480 | ---- | C] () -- C:\windows\SysWow64\3DImageRenderer.dll [2011/01/19 03:29:51 | 000,001,341 | ---- | C] () -- C:\windows\vm332Rmv.ini ========== Alternate Data Streams ========== @Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:8CE646EE < End of report > OTL Extras logfile created on: 7/2/2012 12:43:04 PM - Run 1 OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Angelo\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.80 Gb Total Physical Memory | 0.91 Gb Available Physical Memory | 50.76% Memory free 3.60 Gb Paging File | 2.22 Gb Available in Paging File | 61.65% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 254.14 Gb Total Space | 183.21 Gb Free Space | 72.09% Space Free | Partition Type: NTFS Drive D: | 29.00 Gb Total Space | 28.91 Gb Free Space | 99.70% Space Free | Partition Type: NTFS Drive E: | 3.81 Gb Total Space | 1.84 Gb Free Space | 48.44% Space Free | Partition Type: FAT32 Computer Name: ANGELO-PC | User Name: Angelo | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) .url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{3D33F6F0-4D90-484D-A1D9-09AE791CCBD9}" = Eraser 6.0.9.2343 "{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery "{5ACF5427-B4E4-4F85-A512-151E0BECF7E3}" = RtLED "{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2 "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64) "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}" = PaperPort Image Printer 64-bit "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010 "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support "{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app "0A4175B489A1B4A6E07E11B063A6263480C51D71" = Windows Driver Package - Lenovo (ACPIVPC) System (10/19/2009 5.4.0.1) "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit "CCleaner" = CCleaner "Elantech" = ETDWare PS/2-x64 7.0.4.17_WHQL "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2 "Microsoft Security Client" = Microsoft Security Essentials [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0034859F-8E01-4C1D-BE77-F891C4786FBC}" = Lenovo Security Suite "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Professional "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0CE226F3-EB27-4ECD-BBF5-F088716779FD}" = Energy Management "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java 6 Update 30 "{28656860-4728-433C-8AD4-D1A930437BC8}" = Nuance PDF Viewer Plus "{28ABE740-47F3-441B-9437-852F6A64EFF8}" = Lenovo_Wireless_Driver "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}" = Brother MFL-Pro Suite DCP-7060D "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform "{62077C63-F77A-4C72-A67E-400F4E9B14BC}" = Nokia Internet Modem "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack "{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}" = Nuance PaperPort 12 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010 "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010 "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010 "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010 "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010 "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010 "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010 "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010 "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5 "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AC76BA86-7AD7-1033-7B44-A90100000001}" = Adobe Reader 9.0.1 "{ACF31D9F-70C2-40A1-9C7A-28BA16E64B56}" = BioExcess "{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0333}" = Lenovo EasyCamera "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center "{F909BB1B-3FC1-4EDA-AF1F-8F1A89163591}" = BlackBerry Desktop Software 6.1 "{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Adobe AIR" = Adobe AIR "BlackBerry_Desktop" = BlackBerry Desktop Software 6.1 "File Shredder_is1" = File Shredder 2.0 "FormatFactory" = FormatFactory 2.95 "Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 5.0.2.1125 "GOM Player" = GOM Player "InstallShield_{0034859F-8E01-4C1D-BE77-F891C4786FBC}" = Lenovo Security Suite "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery "InstallShield_{ACF31D9F-70C2-40A1-9C7A-28BA16E64B56}" = BioExcess "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400 "Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US) "MozillaMaintenanceService" = Mozilla Maintenance Service "Office14.PROPLUS" = Microsoft Office Professional Plus 2010 "PartyPoker" = PartyPoker "PokerStars" = PokerStars "uTorrent" = µTorrent "WinLiveSuite" = Windows Live Essentials ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-2591753365-2526377709-281079065-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome "Internet Banking Payment Assistant" = Internet Banking Payment Assistant 2.2 ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 6/17/2012 10:34:12 AM | Computer Name = Angelo-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 2048964 Error - 6/17/2012 10:34:12 AM | Computer Name = Angelo-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 2048964 Error - 6/17/2012 10:34:13 AM | Computer Name = Angelo-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 6/17/2012 10:34:13 AM | Computer Name = Angelo-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 2049963 Error - 6/17/2012 10:34:13 AM | Computer Name = Angelo-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 2049963 Error - 6/17/2012 10:34:14 AM | Computer Name = Angelo-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 6/17/2012 10:34:14 AM | Computer Name = Angelo-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 2050961 Error - 6/17/2012 10:34:14 AM | Computer Name = Angelo-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 2050961 Error - 6/17/2012 3:36:17 PM | Computer Name = Angelo-PC | Source = Brother BrLog | ID = 1001 Description = TWN BrtTWN: [2012/06/17 15:36:17.453]: [00003096]: BrStiIf: GetDeviceList Failed! pStiInfo = 0x0.. Error - 6/17/2012 3:36:17 PM | Computer Name = Angelo-PC | Source = Brother BrLog | ID = 1001 Description = TWN BrtTWN: [2012/06/17 15:36:17.453]: [00003096]: ##### Fatal ERROR!! Create STI-device failed! ##### Error - 6/17/2012 3:36:17 PM | Computer Name = Angelo-PC | Source = Brother BrLog | ID = 1001 Description = TWN BrtTWN: [2012/06/17 15:36:17.453]: [00003096]: Initialize TwdsMain Class failed! [ System Events ] Error - 6/21/2012 7:54:10 PM | Computer Name = Angelo-PC | Source = Service Control Manager | ID = 7003 Description = The DHCP Client service depends the following service: Tdx. This service might not be installed. Error - 6/21/2012 7:54:10 PM | Computer Name = Angelo-PC | Source = Service Control Manager | ID = 7001 Description = The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: %%1075 Error - 6/21/2012 8:54:00 PM | Computer Name = Angelo-PC | Source = Service Control Manager | ID = 7003 Description = The DHCP Client service depends the following service: Tdx. This service might not be installed. Error - 6/21/2012 8:54:00 PM | Computer Name = Angelo-PC | Source = Service Control Manager | ID = 7001 Description = The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: %%1075 Error - 6/21/2012 8:54:05 PM | Computer Name = Angelo-PC | Source = Service Control Manager | ID = 7003 Description = The DHCP Client service depends the following service: Tdx. This service might not be installed. Error - 6/21/2012 8:54:05 PM | Computer Name = Angelo-PC | Source = Service Control Manager | ID = 7001 Description = The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: %%1075 Error - 6/21/2012 8:54:05 PM | Computer Name = Angelo-PC | Source = Service Control Manager | ID = 7003 Description = The DHCP Client service depends the following service: Tdx. This service might not be installed. Error - 6/21/2012 8:54:05 PM | Computer Name = Angelo-PC | Source = Service Control Manager | ID = 7001 Description = The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: %%1075 Error - 6/21/2012 8:54:10 PM | Computer Name = Angelo-PC | Source = Service Control Manager | ID = 7003 Description = The DHCP Client service depends the following service: Tdx. This service might not be installed. Error - 6/21/2012 8:54:10 PM | Computer Name = Angelo-PC | Source = Service Control Manager | ID = 7001 Description = The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: %%1075 < End of report >

There were no malicious objects found; only 3 suspicious threats. 14:08:57.0144 2056 TDSS rootkit removing tool 2.7.43.0 Jun 29 2012 17:54:22 14:08:57.0191 2056 ============================================================ 14:08:57.0191 2056 Current date / time: 2012/07/01 14:08:57.0191 14:08:57.0191 2056 SystemInfo: 14:08:57.0191 2056 14:08:57.0191 2056 OS Version: 6.1.7600 ServicePack: 0.0 14:08:57.0191 2056 Product type: Workstation 14:08:57.0191 2056 ComputerName: ANGELO-PC 14:08:57.0191 2056 UserName: Angelo 14:08:57.0191 2056 Windows directory: C:\windows 14:08:57.0191 2056 System windows directory: C:\windows 14:08:57.0191 2056 Running under WOW64 14:08:57.0191 2056 Processor architecture: Intel x64 14:08:57.0191 2056 Number of processors: 2 14:08:57.0191 2056 Page size: 0x1000 14:08:57.0191 2056 Boot type: Normal boot 14:08:57.0191 2056 ============================================================ 14:08:57.0831 2056 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 14:08:57.0846 2056 Drive \Device\Harddisk1\DR2 - Size: 0xF4800000 (3.82 Gb), SectorSize: 0x200, Cylinders: 0x1F2, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 14:08:57.0846 2056 ============================================================ 14:08:57.0846 2056 \Device\Harddisk0\DR0: 14:08:57.0846 2056 MBR partitions: 14:08:57.0846 2056 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x64000 14:08:57.0846 2056 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64800, BlocksNum 0x1FC49800 14:08:57.0862 2056 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1FCAE800, BlocksNum 0x39FD800 14:08:57.0862 2056 \Device\Harddisk1\DR2: 14:08:57.0862 2056 MBR partitions: 14:08:57.0862 2056 \Device\Harddisk1\DR2\Partition0: MBR, Type 0xB, StartLBA 0x2000, BlocksNum 0x7A2000 14:08:57.0862 2056 ============================================================ 14:08:57.0924 2056 C: <-> \Device\Harddisk0\DR0\Partition1 14:08:57.0971 2056 D: <-> \Device\Harddisk0\DR0\Partition2 14:08:57.0971 2056 ============================================================ 14:08:57.0971 2056 Initialize success 14:08:57.0971 2056 ============================================================ 14:09:22.0182 4428 ============================================================ 14:09:22.0182 4428 Scan started 14:09:22.0182 4428 Mode: Manual; SigCheck; TDLFS; 14:09:22.0182 4428 ============================================================ 14:09:23.0290 4428 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\windows\system32\DRIVERS\1394ohci.sys 14:09:23.0571 4428 1394ohci - ok 14:09:23.0649 4428 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\windows\system32\DRIVERS\ACPI.sys 14:09:23.0680 4428 ACPI - ok 14:09:23.0711 4428 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\windows\system32\DRIVERS\acpipmi.sys 14:09:23.0805 4428 AcpiPmi - ok 14:09:23.0898 4428 ACPIVPC (dc201246a14cb3b274df59faf539ab07) C:\windows\system32\DRIVERS\AcpiVpc.sys 14:09:23.0930 4428 ACPIVPC - ok 14:09:24.0148 4428 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 14:09:24.0179 4428 AdobeFlashPlayerUpdateSvc - ok 14:09:24.0320 4428 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys 14:09:24.0398 4428 adp94xx - ok 14:09:24.0460 4428 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys 14:09:24.0507 4428 adpahci - ok 14:09:24.0554 4428 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys 14:09:24.0569 4428 adpu320 - ok 14:09:24.0616 4428 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll 14:09:24.0803 4428 AeLookupSvc - ok 14:09:24.0881 4428 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\windows\system32\drivers\afd.sys 14:09:24.0959 4428 AFD - ok 14:09:24.0990 4428 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\DRIVERS\agp440.sys 14:09:25.0022 4428 agp440 - ok 14:09:25.0068 4428 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe 14:09:25.0146 4428 ALG - ok 14:09:25.0162 4428 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\DRIVERS\aliide.sys 14:09:25.0178 4428 aliide - ok 14:09:25.0193 4428 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\DRIVERS\amdide.sys 14:09:25.0209 4428 amdide - ok 14:09:25.0209 4428 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys 14:09:25.0256 4428 AmdK8 - ok 14:09:25.0271 4428 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys 14:09:25.0287 4428 AmdPPM - ok 14:09:25.0349 4428 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\windows\system32\drivers\amdsata.sys 14:09:25.0365 4428 amdsata - ok 14:09:25.0412 4428 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys 14:09:25.0443 4428 amdsbs - ok 14:09:25.0458 4428 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\windows\system32\drivers\amdxata.sys 14:09:25.0490 4428 amdxata - ok 14:09:25.0521 4428 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\windows\system32\drivers\appid.sys 14:09:25.0630 4428 AppID - ok 14:09:25.0661 4428 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll 14:09:25.0755 4428 AppIDSvc - ok 14:09:25.0786 4428 Appinfo (d065be66822847b7f127d1f90158376e) C:\windows\System32\appinfo.dll 14:09:25.0848 4428 Appinfo - ok 14:09:26.0004 4428 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 14:09:26.0020 4428 Apple Mobile Device - ok 14:09:26.0114 4428 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys 14:09:26.0145 4428 arc - ok 14:09:26.0145 4428 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys 14:09:26.0160 4428 arcsas - ok 14:09:26.0176 4428 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys 14:09:26.0285 4428 AsyncMac - ok 14:09:26.0316 4428 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\DRIVERS\atapi.sys 14:09:26.0332 4428 atapi - ok 14:09:26.0520 4428 athr (f8633cdd09647a64ee8db550630427ff) C:\windows\system32\DRIVERS\athrx.sys 14:09:26.0629 4428 athr - ok 14:09:26.0817 4428 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\windows\System32\Audiosrv.dll 14:09:26.0941 4428 AudioEndpointBuilder - ok 14:09:26.0941 4428 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\windows\System32\Audiosrv.dll 14:09:27.0019 4428 AudioSrv - ok 14:09:27.0066 4428 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\windows\System32\AxInstSV.dll 14:09:27.0175 4428 AxInstSV - ok 14:09:27.0285 4428 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys 14:09:27.0331 4428 b06bdrv - ok 14:09:27.0378 4428 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys 14:09:27.0441 4428 b57nd60a - ok 14:09:27.0503 4428 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll 14:09:27.0565 4428 BDESVC - ok 14:09:27.0581 4428 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys 14:09:27.0675 4428 Beep - ok 14:09:27.0768 4428 BFE (4992c609a6315671463e30f6512bc022) C:\windows\System32\bfe.dll 14:09:27.0862 4428 BFE - ok 14:09:27.0955 4428 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\windows\System32\qmgr.dll 14:09:28.0033 4428 BITS - ok 14:09:28.0143 4428 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys 14:09:28.0189 4428 blbdrive - ok 14:09:28.0299 4428 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe 14:09:28.0330 4428 Bonjour Service - ok 14:09:28.0377 4428 bowser (19d20159708e152267e53b66677a4995) C:\windows\system32\DRIVERS\bowser.sys 14:09:28.0455 4428 bowser - ok 14:09:28.0486 4428 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys 14:09:28.0548 4428 BrFiltLo - ok 14:09:28.0548 4428 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys 14:09:28.0564 4428 BrFiltUp - ok 14:09:28.0626 4428 Browser (94fbc06f294d58d02361918418f996e3) C:\windows\System32\browser.dll 14:09:28.0720 4428 Browser - ok 14:09:28.0767 4428 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys 14:09:28.0845 4428 Brserid - ok 14:09:28.0907 4428 BrSerIf (34f6c504b150f99dae69d7073d2a4df4) C:\windows\system32\DRIVERS\BrSerIf.sys 14:09:28.0969 4428 BrSerIf - ok 14:09:29.0001 4428 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys 14:09:29.0047 4428 BrSerWdm - ok 14:09:29.0079 4428 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys 14:09:29.0141 4428 BrUsbMdm - ok 14:09:29.0172 4428 BrUsbSer (601cb966fffebc6806626dc8e7aa0ef2) C:\windows\system32\DRIVERS\BrUsbSer.sys 14:09:29.0203 4428 BrUsbSer - ok 14:09:29.0297 4428 BrYNSvc (ea7e57f87d6fee5fd6c5f813c04e8cd2) C:\Program Files (x86)\Browny02\BrYNSvc.exe 14:09:29.0313 4428 BrYNSvc ( UnsignedFile.Multi.Generic ) - warning 14:09:29.0313 4428 BrYNSvc - detected UnsignedFile.Multi.Generic (1) 14:09:29.0344 4428 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\windows\system32\drivers\BthEnum.sys 14:09:29.0406 4428 BthEnum - ok 14:09:29.0453 4428 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys 14:09:29.0547 4428 BTHMODEM - ok 14:09:29.0547 4428 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\windows\system32\DRIVERS\bthpan.sys 14:09:29.0593 4428 BthPan - ok 14:09:29.0671 4428 BTHPORT (21084ceb85280468c9aca3c805c0f8cf) C:\windows\System32\Drivers\BTHport.sys 14:09:29.0734 4428 BTHPORT - ok 14:09:29.0781 4428 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll 14:09:29.0874 4428 bthserv - ok 14:09:29.0905 4428 BTHUSB (8504842634dd144c075b6b0c982ccec4) C:\windows\System32\Drivers\BTHUSB.sys 14:09:29.0952 4428 BTHUSB - ok 14:09:30.0015 4428 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys 14:09:30.0093 4428 cdfs - ok 14:09:30.0139 4428 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\windows\system32\DRIVERS\cdrom.sys 14:09:30.0186 4428 cdrom - ok 14:09:30.0233 4428 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\windows\System32\certprop.dll 14:09:30.0327 4428 CertPropSvc - ok 14:09:30.0342 4428 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys 14:09:30.0389 4428 circlass - ok 14:09:30.0436 4428 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys 14:09:30.0467 4428 CLFS - ok 14:09:30.0545 4428 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 14:09:30.0576 4428 clr_optimization_v2.0.50727_32 - ok 14:09:30.0607 4428 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 14:09:30.0623 4428 clr_optimization_v2.0.50727_64 - ok 14:09:30.0717 4428 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 14:09:30.0763 4428 clr_optimization_v4.0.30319_32 - ok 14:09:30.0810 4428 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 14:09:30.0826 4428 clr_optimization_v4.0.30319_64 - ok 14:09:30.0857 4428 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys 14:09:30.0919 4428 CmBatt - ok 14:09:30.0951 4428 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\DRIVERS\cmdide.sys 14:09:30.0966 4428 cmdide - ok 14:09:31.0044 4428 CNG (937beb186a735aca91d717044a49d17e) C:\windows\system32\Drivers\cng.sys 14:09:31.0153 4428 CNG - ok 14:09:31.0185 4428 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys 14:09:31.0200 4428 Compbatt - ok 14:09:31.0216 4428 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\windows\system32\DRIVERS\CompositeBus.sys 14:09:31.0263 4428 CompositeBus - ok 14:09:31.0294 4428 COMSysApp - ok 14:09:31.0309 4428 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys 14:09:31.0325 4428 crcdisk - ok 14:09:31.0387 4428 CryptSvc (f02786b66375292e58c8777082d4396d) C:\windows\system32\cryptsvc.dll 14:09:31.0450 4428 CryptSvc - ok 14:09:31.0512 4428 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\windows\system32\rpcss.dll 14:09:31.0606 4428 DcomLaunch - ok 14:09:31.0684 4428 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll 14:09:31.0793 4428 defragsvc - ok 14:09:31.0840 4428 DfsC (9c253ce7311ca60fc11c774692a13208) C:\windows\system32\Drivers\dfsc.sys 14:09:31.0918 4428 DfsC - ok 14:09:31.0980 4428 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\windows\system32\dhcpcore.dll 14:09:32.0105 4428 Dhcp - ok 14:09:32.0136 4428 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys 14:09:32.0214 4428 discache - ok 14:09:32.0277 4428 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys 14:09:32.0308 4428 Disk - ok 14:09:32.0355 4428 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\windows\System32\dnsrslvr.dll 14:09:32.0417 4428 Dnscache - ok 14:09:32.0464 4428 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\windows\System32\dot3svc.dll 14:09:32.0557 4428 dot3svc - ok 14:09:32.0589 4428 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\windows\system32\dps.dll 14:09:32.0667 4428 DPS - ok 14:09:32.0682 4428 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys 14:09:32.0713 4428 drmkaud - ok 14:09:32.0823 4428 DXGKrnl (601e731bf8e3f22906ce7d4d724b0439) C:\windows\System32\drivers\dxgkrnl.sys 14:09:32.0869 4428 DXGKrnl - ok 14:09:32.0901 4428 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll 14:09:32.0979 4428 EapHost - ok 14:09:33.0244 4428 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys 14:09:33.0384 4428 ebdrv - ok 14:09:33.0525 4428 EFS (156f6159457d0aa7e59b62681b56eb90) C:\windows\System32\lsass.exe 14:09:33.0587 4428 EFS - ok 14:09:33.0712 4428 EgisTec Data Security Service (c49212d3d964b77d15755412cc55144c) C:\Program Files (x86)\EgisTec BioExcess\EgisDSService.exe 14:09:33.0743 4428 EgisTec Data Security Service - ok 14:09:33.0821 4428 EgisTec Service (fb74fd6a2cbb69926078645010b65943) C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe 14:09:33.0883 4428 EgisTec Service - ok 14:09:34.0008 4428 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\windows\ehome\ehRecvr.exe 14:09:34.0102 4428 ehRecvr - ok 14:09:34.0133 4428 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe 14:09:34.0149 4428 ehSched - ok 14:09:34.0336 4428 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys 14:09:34.0383 4428 elxstor - ok 14:09:34.0398 4428 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\DRIVERS\errdev.sys 14:09:34.0429 4428 ErrDev - ok 14:09:34.0476 4428 ETD (f6ad6e0674ef94390f0554bf946977af) C:\windows\system32\DRIVERS\ETD.sys 14:09:34.0539 4428 ETD - ok 14:09:34.0601 4428 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll 14:09:34.0695 4428 EventSystem - ok 14:09:34.0741 4428 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys 14:09:34.0819 4428 exfat - ok 14:09:34.0835 4428 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys 14:09:34.0913 4428 fastfat - ok 14:09:35.0007 4428 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\windows\system32\fxssvc.exe 14:09:35.0100 4428 Fax - ok 14:09:35.0100 4428 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys 14:09:35.0131 4428 fdc - ok 14:09:35.0163 4428 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll 14:09:35.0209 4428 fdPHost - ok 14:09:35.0225 4428 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll 14:09:35.0287 4428 FDResPub - ok 14:09:35.0334 4428 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys 14:09:35.0365 4428 FileInfo - ok 14:09:35.0381 4428 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys 14:09:35.0459 4428 Filetrace - ok 14:09:35.0459 4428 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys 14:09:35.0490 4428 flpydisk - ok 14:09:35.0537 4428 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\windows\system32\drivers\fltmgr.sys 14:09:35.0584 4428 FltMgr - ok 14:09:35.0709 4428 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\windows\system32\FntCache.dll 14:09:35.0833 4428 FontCache - ok 14:09:35.0896 4428 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 14:09:35.0911 4428 FontCache3.0.0.0 - ok 14:09:35.0989 4428 FPSensor (54a9c5a6aa0bb0041a4af7172ffc3d9f) C:\windows\system32\Drivers\FPSensor.sys 14:09:36.0021 4428 FPSensor - ok 14:09:36.0036 4428 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys 14:09:36.0052 4428 FsDepends - ok 14:09:36.0114 4428 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\windows\system32\drivers\Fs_Rec.sys 14:09:36.0130 4428 Fs_Rec - ok 14:09:36.0208 4428 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\windows\system32\DRIVERS\fvevol.sys 14:09:36.0255 4428 fvevol - ok 14:09:36.0286 4428 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys 14:09:36.0301 4428 gagp30kx - ok 14:09:36.0364 4428 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys 14:09:36.0379 4428 GEARAspiWDM - ok 14:09:36.0457 4428 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\windows\System32\gpsvc.dll 14:09:36.0520 4428 gpsvc - ok 14:09:36.0551 4428 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys 14:09:36.0613 4428 hcw85cir - ok 14:09:36.0660 4428 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\windows\system32\drivers\HdAudio.sys 14:09:36.0738 4428 HdAudAddService - ok 14:09:36.0785 4428 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\windows\system32\DRIVERS\HDAudBus.sys 14:09:36.0847 4428 HDAudBus - ok 14:09:36.0879 4428 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\windows\system32\DRIVERS\HECIx64.sys 14:09:36.0910 4428 HECIx64 - ok 14:09:36.0925 4428 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys 14:09:36.0957 4428 HidBatt - ok 14:09:36.0988 4428 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys 14:09:37.0050 4428 HidBth - ok 14:09:37.0081 4428 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys 14:09:37.0113 4428 HidIr - ok 14:09:37.0159 4428 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\System32\hidserv.dll 14:09:37.0269 4428 hidserv - ok 14:09:37.0315 4428 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\windows\system32\DRIVERS\hidusb.sys 14:09:37.0347 4428 HidUsb - ok 14:09:37.0409 4428 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\windows\system32\kmsvc.dll 14:09:37.0503 4428 hkmsvc - ok 14:09:37.0534 4428 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\windows\system32\ListSvc.dll 14:09:37.0596 4428 HomeGroupListener - ok 14:09:37.0627 4428 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\windows\system32\provsvc.dll 14:09:37.0690 4428 HomeGroupProvider - ok 14:09:37.0737 4428 HpSAMD (0886d440058f203eba0e1825e4355914) C:\windows\system32\DRIVERS\HpSAMD.sys 14:09:37.0752 4428 HpSAMD - ok 14:09:37.0893 4428 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\windows\system32\drivers\HTTP.sys 14:09:38.0002 4428 HTTP - ok 14:09:38.0033 4428 hwpolicy (f17766a19145f111856378df337a5d79) C:\windows\system32\drivers\hwpolicy.sys 14:09:38.0049 4428 hwpolicy - ok 14:09:38.0095 4428 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys 14:09:38.0111 4428 i8042prt - ok 14:09:38.0189 4428 iaStor (abbf174cb394f5c437410a788b7e404a) C:\windows\system32\DRIVERS\iaStor.sys 14:09:38.0236 4428 iaStor - ok 14:09:38.0345 4428 IAStorDataMgrSvc (31a0e93cdf29007d6c6fffb632f375ed) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe 14:09:38.0361 4428 IAStorDataMgrSvc - ok 14:09:38.0423 4428 iaStorV (b75e45c564e944a2657167d197ab29da) C:\windows\system32\drivers\iaStorV.sys 14:09:38.0470 4428 iaStorV - ok 14:09:38.0595 4428 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 14:09:38.0641 4428 idsvc - ok 14:09:39.0499 4428 igfx (0d1b8c64bdf0e5cdc523a1409ffb5ef0) C:\windows\system32\DRIVERS\igdkmd64.sys 14:09:39.0905 4428 igfx - ok 14:09:40.0077 4428 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys 14:09:40.0108 4428 iirsp - ok 14:09:40.0201 4428 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\windows\System32\ikeext.dll 14:09:40.0311 4428 IKEEXT - ok 14:09:40.0357 4428 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\windows\system32\DRIVERS\Impcd.sys 14:09:40.0435 4428 Impcd - ok 14:09:40.0482 4428 InputFilter_Hid_FlexDef2b (caa8bc6737dfa3bf1a50175cfb226788) C:\windows\system32\DRIVERS\InputFilter_FlexDef2b.sys 14:09:40.0545 4428 InputFilter_Hid_FlexDef2b - ok 14:09:40.0779 4428 IntcAzAudAddService (daecb75c7c2a4bdeafead19a6fd327c5) C:\windows\system32\drivers\RTKVHD64.sys 14:09:40.0888 4428 IntcAzAudAddService - ok 14:09:41.0028 4428 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\DRIVERS\intelide.sys 14:09:41.0059 4428 intelide - ok 14:09:41.0106 4428 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys 14:09:41.0153 4428 intelppm - ok 14:09:41.0215 4428 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll 14:09:41.0309 4428 IPBusEnum - ok 14:09:41.0309 4428 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\windows\system32\DRIVERS\ipfltdrv.sys 14:09:41.0356 4428 IpFilterDriver - ok 14:09:41.0449 4428 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\windows\System32\iphlpsvc.dll 14:09:41.0543 4428 iphlpsvc - ok 14:09:41.0574 4428 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\windows\system32\DRIVERS\IPMIDrv.sys 14:09:41.0605 4428 IPMIDRV - ok 14:09:41.0652 4428 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys 14:09:41.0715 4428 IPNAT - ok 14:09:41.0871 4428 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe 14:09:41.0917 4428 iPod Service - ok 14:09:41.0949 4428 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys 14:09:41.0964 4428 IRENUM - ok 14:09:41.0980 4428 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\DRIVERS\isapnp.sys 14:09:41.0995 4428 isapnp - ok 14:09:42.0011 4428 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\windows\system32\DRIVERS\msiscsi.sys 14:09:42.0042 4428 iScsiPrt - ok 14:09:42.0073 4428 k57nd60a (7dbafe10c1b777305c80bea42fbda710) C:\windows\system32\DRIVERS\k57nd60a.sys 14:09:42.0105 4428 k57nd60a - ok 14:09:42.0151 4428 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys 14:09:42.0167 4428 kbdclass - ok 14:09:42.0198 4428 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\windows\system32\DRIVERS\kbdhid.sys 14:09:42.0245 4428 kbdhid - ok 14:09:42.0307 4428 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\windows\system32\lsass.exe 14:09:42.0323 4428 KeyIso - ok 14:09:42.0339 4428 KMService - ok 14:09:42.0370 4428 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\windows\system32\Drivers\ksecdd.sys 14:09:42.0385 4428 KSecDD - ok 14:09:42.0417 4428 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\windows\system32\Drivers\ksecpkg.sys 14:09:42.0432 4428 KSecPkg - ok 14:09:42.0463 4428 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys 14:09:42.0541 4428 ksthunk - ok 14:09:42.0619 4428 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll 14:09:42.0729 4428 KtmRm - ok 14:09:42.0775 4428 L1C (55480b9c63f3f91a8ebbadcbf28fe581) C:\windows\system32\DRIVERS\L1C62x64.sys 14:09:42.0791 4428 L1C - ok 14:09:42.0853 4428 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\windows\System32\srvsvc.dll 14:09:42.0931 4428 LanmanServer - ok 14:09:42.0978 4428 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\windows\System32\wkssvc.dll 14:09:43.0072 4428 LanmanWorkstation - ok 14:09:43.0103 4428 LHDmgr (be166935083f9c38edfdc21b9a7a679b) C:\windows\system32\DRIVERS\LhdX64.sys 14:09:43.0119 4428 LHDmgr - ok 14:09:43.0165 4428 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys 14:09:43.0228 4428 lltdio - ok 14:09:43.0306 4428 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll 14:09:43.0384 4428 lltdsvc - ok 14:09:43.0399 4428 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll 14:09:43.0446 4428 lmhosts - ok 14:09:43.0555 4428 LMS (0b4f38aa22d5634c48edb18fe257f005) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe 14:09:43.0602 4428 LMS - ok 14:09:43.0633 4428 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys 14:09:43.0649 4428 LSI_FC - ok 14:09:43.0696 4428 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys 14:09:43.0727 4428 LSI_SAS - ok 14:09:43.0727 4428 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys 14:09:43.0743 4428 LSI_SAS2 - ok 14:09:43.0758 4428 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys 14:09:43.0774 4428 LSI_SCSI - ok 14:09:43.0805 4428 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys 14:09:43.0883 4428 luafv - ok 14:09:43.0930 4428 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\windows\system32\drivers\mbam.sys 14:09:43.0945 4428 MBAMProtector - ok 14:09:44.0055 4428 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 14:09:44.0086 4428 MBAMService - ok 14:09:44.0148 4428 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\windows\system32\Mcx2Svc.dll 14:09:44.0195 4428 Mcx2Svc - ok 14:09:44.0242 4428 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys 14:09:44.0257 4428 megasas - ok 14:09:44.0273 4428 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys 14:09:44.0304 4428 MegaSR - ok 14:09:44.0382 4428 Microsoft SharePoint Workspace Audit Service - ok 14:09:44.0413 4428 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll 14:09:44.0491 4428 MMCSS - ok 14:09:44.0491 4428 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys 14:09:44.0554 4428 Modem - ok 14:09:44.0585 4428 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys 14:09:44.0616 4428 monitor - ok 14:09:44.0647 4428 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys 14:09:44.0663 4428 mouclass - ok 14:09:44.0710 4428 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys 14:09:44.0757 4428 mouhid - ok 14:09:44.0788 4428 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\windows\system32\drivers\mountmgr.sys 14:09:44.0803 4428 mountmgr - ok 14:09:44.0850 4428 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 14:09:44.0881 4428 MozillaMaintenance - ok 14:09:44.0959 4428 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\windows\system32\DRIVERS\MpFilter.sys 14:09:44.0991 4428 MpFilter - ok 14:09:45.0006 4428 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\windows\system32\DRIVERS\mpio.sys 14:09:45.0022 4428 mpio - ok 14:09:45.0053 4428 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys 14:09:45.0084 4428 mpsdrv - ok 14:09:45.0100 4428 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\windows\system32\drivers\mrxdav.sys 14:09:45.0147 4428 MRxDAV - ok 14:09:45.0193 4428 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\windows\system32\DRIVERS\mrxsmb.sys 14:09:45.0256 4428 mrxsmb - ok 14:09:45.0303 4428 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\windows\system32\DRIVERS\mrxsmb10.sys 14:09:45.0349 4428 mrxsmb10 - ok 14:09:45.0381 4428 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\windows\system32\DRIVERS\mrxsmb20.sys 14:09:45.0412 4428 mrxsmb20 - ok 14:09:45.0443 4428 msahci (5c37497276e3b3a5488b23a326a754b7) C:\windows\system32\DRIVERS\msahci.sys 14:09:45.0474 4428 msahci - ok 14:09:45.0490 4428 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\windows\system32\DRIVERS\msdsm.sys 14:09:45.0505 4428 msdsm - ok 14:09:45.0537 4428 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe 14:09:45.0583 4428 MSDTC - ok 14:09:45.0615 4428 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys 14:09:45.0677 4428 Msfs - ok 14:09:45.0724 4428 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys 14:09:45.0786 4428 mshidkmdf - ok 14:09:45.0786 4428 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\DRIVERS\msisadrv.sys 14:09:45.0802 4428 msisadrv - ok 14:09:45.0864 4428 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll 14:09:45.0958 4428 MSiSCSI - ok 14:09:45.0958 4428 msiserver - ok 14:09:45.0989 4428 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys 14:09:46.0051 4428 MSKSSRV - ok 14:09:46.0083 4428 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys 14:09:46.0129 4428 MSPCLOCK - ok 14:09:46.0145 4428 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys 14:09:46.0207 4428 MSPQM - ok 14:09:46.0270 4428 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\windows\system32\drivers\MsRPC.sys 14:09:46.0317 4428 MsRPC - ok 14:09:46.0332 4428 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys 14:09:46.0379 4428 mssmbios - ok 14:09:46.0395 4428 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys 14:09:46.0488 4428 MSTEE - ok 14:09:46.0488 4428 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys 14:09:46.0504 4428 MTConfig - ok 14:09:46.0535 4428 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys 14:09:46.0566 4428 Mup - ok 14:09:46.0582 4428 mwlPSDFilter (6ffecc25b39dc7652a0cec0ada9db589) C:\windows\system32\DRIVERS\mwlPSDFilter.sys 14:09:46.0613 4428 mwlPSDFilter - ok 14:09:46.0613 4428 mwlPSDNServ (0befe32ca56d6ee89d58175725596a85) C:\windows\system32\DRIVERS\mwlPSDNServ.sys 14:09:46.0644 4428 mwlPSDNServ - ok 14:09:46.0660 4428 mwlPSDVDisk (d43bc633b8660463e446e28e14a51262) C:\windows\system32\DRIVERS\mwlPSDVDisk.sys 14:09:46.0676 4428 mwlPSDVDisk - ok 14:09:46.0738 4428 napagent (4987e079a4530fa737a128be54b63b12) C:\windows\system32\qagentRT.dll 14:09:46.0800 4428 napagent - ok 14:09:46.0847 4428 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys 14:09:46.0910 4428 NativeWifiP - ok 14:09:47.0019 4428 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\windows\system32\drivers\ndis.sys 14:09:47.0066 4428 NDIS - ok 14:09:47.0097 4428 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys 14:09:47.0128 4428 NdisCap - ok 14:09:47.0159 4428 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys 14:09:47.0222 4428 NdisTapi - ok 14:09:47.0253 4428 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\windows\system32\DRIVERS\ndisuio.sys 14:09:47.0315 4428 Ndisuio - ok 14:09:47.0362 4428 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\windows\system32\DRIVERS\ndiswan.sys 14:09:47.0409 4428 NdisWan - ok 14:09:47.0440 4428 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\windows\system32\drivers\NDProxy.sys 14:09:47.0518 4428 NDProxy - ok 14:09:47.0549 4428 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys 14:09:47.0596 4428 NetBIOS - ok 14:09:47.0627 4428 NetBT (9162b273a44ab9dce5b44362731d062a) C:\windows\system32\DRIVERS\netbt.sys 14:09:47.0705 4428 NetBT - ok 14:09:47.0768 4428 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\windows\system32\lsass.exe 14:09:47.0768 4428 Netlogon - ok 14:09:47.0861 4428 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll 14:09:48.0017 4428 Netman - ok 14:09:48.0064 4428 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll 14:09:48.0158 4428 netprofm - ok 14:09:48.0220 4428 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 14:09:48.0251 4428 NetTcpPortSharing - ok 14:09:48.0672 4428 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\windows\system32\DRIVERS\netw5v64.sys 14:09:48.0860 4428 netw5v64 - ok 14:09:49.0031 4428 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys 14:09:49.0062 4428 nfrd960 - ok 14:09:49.0109 4428 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\windows\system32\DRIVERS\NisDrvWFP.sys 14:09:49.0125 4428 NisDrv - ok 14:09:49.0218 4428 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe 14:09:49.0250 4428 NisSrv - ok 14:09:49.0312 4428 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\windows\System32\nlasvc.dll 14:09:49.0390 4428 NlaSvc - ok 14:09:49.0437 4428 nokia_cs1x_cdc_acm (72c68daac5bb340f601b0f3a2d0c9d2d) C:\windows\system32\DRIVERS\nokia_cs1x_cdc_acm.sys 14:09:49.0499 4428 nokia_cs1x_cdc_acm - ok 14:09:49.0546 4428 nokia_cs1x_cdc_ecm (c655858a74feca05f32adafe8b2aab8e) C:\windows\system32\DRIVERS\nokia_cs1x_cdc_ecm.sys 14:09:49.0593 4428 nokia_cs1x_cdc_ecm - ok 14:09:49.0640 4428 nokia_cs1x_cpo (f39e2fb4a53747780921a2c2077e929a) C:\windows\system32\DRIVERS\nokia_cs1x_cpo.sys 14:09:49.0671 4428 nokia_cs1x_cpo - ok 14:09:49.0702 4428 nokia_cs1x_dc_enum (3e5312f22ff4ffda2d608a90bbffe65b) C:\windows\system32\DRIVERS\nokia_cs1x_dc_enum.sys 14:09:49.0749 4428 nokia_cs1x_dc_enum - ok 14:09:49.0796 4428 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys 14:09:49.0874 4428 Npfs - ok 14:09:49.0905 4428 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll 14:09:49.0983 4428 nsi - ok 14:09:49.0998 4428 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys 14:09:50.0092 4428 nsiproxy - ok 14:09:50.0264 4428 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\windows\system32\drivers\Ntfs.sys 14:09:50.0357 4428 Ntfs - ok 14:09:50.0498 4428 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys 14:09:50.0560 4428 Null - ok 14:09:50.0591 4428 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\windows\system32\drivers\nvraid.sys 14:09:50.0622 4428 nvraid - ok 14:09:50.0654 4428 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\windows\system32\drivers\nvstor.sys 14:09:50.0669 4428 nvstor - ok 14:09:50.0700 4428 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\DRIVERS\nv_agp.sys 14:09:50.0732 4428 nv_agp - ok 14:09:50.0732 4428 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\DRIVERS\ohci1394.sys 14:09:50.0763 4428 ohci1394 - ok 14:09:50.0888 4428 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 14:09:50.0919 4428 ose - ok 14:09:51.0293 4428 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 14:09:51.0480 4428 osppsvc - ok 14:09:51.0636 4428 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll 14:09:51.0699 4428 p2pimsvc - ok 14:09:51.0761 4428 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll 14:09:51.0792 4428 p2psvc - ok 14:09:51.0839 4428 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys 14:09:51.0855 4428 Parport - ok 14:09:51.0886 4428 partmgr (90061b1acfe8ccaa5345750ffe08d8b8) C:\windows\system32\drivers\partmgr.sys 14:09:51.0902 4428 partmgr - ok 14:09:51.0933 4428 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll 14:09:51.0995 4428 PcaSvc - ok 14:09:52.0026 4428 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\windows\system32\DRIVERS\pci.sys 14:09:52.0058 4428 pci - ok 14:09:52.0058 4428 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys 14:09:52.0073 4428 pciide - ok 14:09:52.0089 4428 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys 14:09:52.0104 4428 pcmcia - ok 14:09:52.0120 4428 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys 14:09:52.0136 4428 pcw - ok 14:09:52.0260 4428 PDFProFiltSrvPP (c1c3baf078be5a14384a4ba2d730817d) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe 14:09:52.0276 4428 PDFProFiltSrvPP - ok 14:09:52.0338 4428 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys 14:09:52.0448 4428 PEAUTH - ok 14:09:52.0557 4428 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe 14:09:52.0604 4428 PerfHost - ok 14:09:52.0775 4428 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\windows\system32\pla.dll 14:09:52.0900 4428 pla - ok 14:09:52.0994 4428 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\windows\system32\umpnpmgr.dll 14:09:53.0040 4428 PlugPlay - ok 14:09:53.0040 4428 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll 14:09:53.0056 4428 PNRPAutoReg - ok 14:09:53.0103 4428 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll 14:09:53.0118 4428 PNRPsvc - ok 14:09:53.0196 4428 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\windows\system32\DRIVERS\point64.sys 14:09:53.0212 4428 Point64 - ok 14:09:53.0274 4428 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\windows\System32\ipsecsvc.dll 14:09:53.0399 4428 PolicyAgent - ok 14:09:53.0430 4428 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll 14:09:53.0508 4428 Power - ok 14:09:53.0571 4428 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\windows\system32\DRIVERS\raspptp.sys 14:09:53.0633 4428 PptpMiniport - ok 14:09:53.0664 4428 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys 14:09:53.0711 4428 Processor - ok 14:09:53.0758 4428 ProfSvc (97293447431311c06703368ad0f6c4be) C:\windows\system32\profsvc.dll 14:09:53.0836 4428 ProfSvc - ok 14:09:53.0898 4428 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\windows\system32\lsass.exe 14:09:53.0914 4428 ProtectedStorage - ok 14:09:53.0945 4428 Psched (ee992183bd8eaefd9973f352e587a299) C:\windows\system32\DRIVERS\pacer.sys 14:09:54.0039 4428 Psched - ok 14:09:54.0195 4428 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys 14:09:54.0288 4428 ql2300 - ok 14:09:54.0429 4428 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys 14:09:54.0460 4428 ql40xx - ok 14:09:54.0507 4428 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll 14:09:54.0538 4428 QWAVE - ok 14:09:54.0554 4428 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys 14:09:54.0600 4428 QWAVEdrv - ok 14:09:54.0600 4428 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys 14:09:54.0663 4428 RasAcd - ok 14:09:54.0725 4428 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys 14:09:54.0772 4428 RasAgileVpn - ok 14:09:54.0788 4428 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll 14:09:54.0850 4428 RasAuto - ok 14:09:54.0912 4428 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\windows\system32\DRIVERS\rasl2tp.sys 14:09:55.0022 4428 Rasl2tp - ok 14:09:55.0084 4428 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\windows\System32\rasmans.dll 14:09:55.0178 4428 RasMan - ok 14:09:55.0209 4428 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys 14:09:55.0287 4428 RasPppoe - ok 14:09:55.0334 4428 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys 14:09:55.0412 4428 RasSstp - ok 14:09:55.0474 4428 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\windows\system32\DRIVERS\rdbss.sys 14:09:55.0568 4428 rdbss - ok 14:09:55.0599 4428 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys 14:09:55.0646 4428 rdpbus - ok 14:09:55.0692 4428 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys 14:09:55.0755 4428 RDPCDD - ok 14:09:55.0755 4428 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys 14:09:55.0802 4428 RDPENCDD - ok 14:09:55.0833 4428 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys 14:09:55.0880 4428 RDPREFMP - ok 14:09:55.0911 4428 RDPWD (447de7e3dea39d422c1504f245b668b1) C:\windows\system32\drivers\RDPWD.sys 14:09:55.0989 4428 RDPWD - ok 14:09:56.0036 4428 rdyboost (634b9a2181d98f15941236886164ec8b) C:\windows\system32\drivers\rdyboost.sys 14:09:56.0082 4428 rdyboost - ok 14:09:56.0129 4428 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll 14:09:56.0223 4428 RemoteAccess - ok 14:09:56.0285 4428 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll 14:09:56.0363 4428 RemoteRegistry - ok 14:09:56.0441 4428 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\windows\system32\DRIVERS\rfcomm.sys 14:09:56.0504 4428 RFCOMM - ok 14:09:56.0550 4428 RimUsb (ad42432d22940b4215177be113e4919c) C:\windows\system32\Drivers\RimUsb_AMD64.sys 14:09:56.0613 4428 RimUsb - ok 14:09:56.0644 4428 RimVSerPort (4aafffa67ac4dfa3d9985d78573887e2) C:\windows\system32\DRIVERS\RimSerial_AMD64.sys 14:09:56.0691 4428 RimVSerPort - ok 14:09:56.0706 4428 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\windows\system32\Drivers\RootMdm.sys 14:09:56.0753 4428 ROOTMODEM - ok 14:09:56.0784 4428 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll 14:09:56.0847 4428 RpcEptMapper - ok 14:09:56.0879 4428 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe 14:09:56.0895 4428 RpcLocator - ok 14:09:56.0941 4428 RpcSs (7266972e86890e2b30c0c322e906b027) C:\windows\system32\rpcss.dll 14:09:57.0004 4428 RpcSs - ok 14:09:57.0035 4428 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys 14:09:57.0113 4428 rspndr - ok 14:09:57.0160 4428 RSUSBSTOR (79bad3e977966af21df982def5a99c76) C:\windows\system32\Drivers\RtsUStor.sys 14:09:57.0191 4428 RSUSBSTOR - ok 14:09:57.0285 4428 RtLedService (0d2bb5612cc0af08edd08ff8e196a9a5) C:\Program Files\Realtek\RtLED\RtLEDService.exe 14:09:57.0331 4428 RtLedService ( UnsignedFile.Multi.Generic ) - warning 14:09:57.0331 4428 RtLedService - detected UnsignedFile.Multi.Generic (1) 14:09:57.0347 4428 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\windows\system32\lsass.exe 14:09:57.0378 4428 SamSs - ok 14:09:57.0409 4428 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\windows\system32\DRIVERS\sbp2port.sys 14:09:57.0441 4428 sbp2port - ok 14:09:57.0612 4428 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe 14:09:57.0659 4428 SBSDWSCService - ok 14:09:57.0690 4428 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll 14:09:57.0753 4428 SCardSvr - ok 14:09:57.0815 4428 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\windows\system32\DRIVERS\scfilter.sys 14:09:57.0909 4428 scfilter - ok 14:09:58.0018 4428 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\windows\system32\schedsvc.dll 14:09:58.0111 4428 Schedule - ok 14:09:58.0158 4428 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\windows\System32\certprop.dll 14:09:58.0205 4428 SCPolicySvc - ok 14:09:58.0236 4428 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\windows\System32\SDRSVC.dll 14:09:58.0299 4428 SDRSVC - ok 14:09:58.0377 4428 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys 14:09:58.0455 4428 secdrv - ok 14:09:58.0470 4428 seclogon (463b386ebc70f98da5dff85f7e654346) C:\windows\system32\seclogon.dll 14:09:58.0548 4428 seclogon - ok 14:09:58.0579 4428 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\System32\sens.dll 14:09:58.0673 4428 SENS - ok 14:09:58.0689 4428 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll 14:09:58.0767 4428 SensrSvc - ok 14:09:58.0782 4428 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys 14:09:58.0813 4428 Serenum - ok 14:09:58.0845 4428 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys 14:09:58.0860 4428 Serial - ok 14:09:58.0876 4428 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys 14:09:58.0907 4428 sermouse - ok 14:09:58.0938 4428 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\windows\system32\sessenv.dll 14:09:58.0985 4428 SessionEnv - ok 14:09:59.0001 4428 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\DRIVERS\sffdisk.sys 14:09:59.0063 4428 sffdisk - ok 14:09:59.0063 4428 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\DRIVERS\sffp_mmc.sys 14:09:59.0110 4428 sffp_mmc - ok 14:09:59.0110 4428 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\windows\system32\DRIVERS\sffp_sd.sys 14:09:59.0125 4428 sffp_sd - ok 14:09:59.0125 4428 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys 14:09:59.0141 4428 sfloppy - ok 14:09:59.0188 4428 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\windows\System32\shsvcs.dll 14:09:59.0235 4428 ShellHWDetection - ok 14:09:59.0250 4428 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys 14:09:59.0266 4428 SiSRaid2 - ok 14:09:59.0281 4428 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys 14:09:59.0281 4428 SiSRaid4 - ok 14:09:59.0328 4428 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys 14:09:59.0391 4428 Smb - ok 14:09:59.0437 4428 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe 14:09:59.0484 4428 SNMPTRAP - ok 14:09:59.0515 4428 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys 14:09:59.0531 4428 spldr - ok 14:09:59.0593 4428 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\windows\System32\spoolsv.exe 14:09:59.0656 4428 Spooler - ok 14:09:59.0952 4428 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\windows\system32\sppsvc.exe 14:10:00.0077 4428 sppsvc - ok 14:10:00.0186 4428 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll 14:10:00.0280 4428 sppuinotify - ok 14:10:00.0389 4428 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\windows\system32\DRIVERS\srv.sys 14:10:00.0436 4428 srv - ok 14:10:00.0498 4428 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\windows\system32\DRIVERS\srv2.sys 14:10:00.0561 4428 srv2 - ok 14:10:00.0623 4428 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\windows\system32\DRIVERS\srvnet.sys 14:10:00.0654 4428 srvnet - ok 14:10:00.0732 4428 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll 14:10:00.0841 4428 SSDPSRV - ok 14:10:00.0873 4428 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll 14:10:00.0904 4428 SstpSvc - ok 14:10:00.0951 4428 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys 14:10:00.0951 4428 stexstor - ok 14:10:01.0029 4428 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\windows\System32\wiaservc.dll 14:10:01.0091 4428 stisvc - ok 14:10:01.0107 4428 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys 14:10:01.0122 4428 swenum - ok 14:10:01.0185 4428 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll 14:10:01.0278 4428 swprv - ok 14:10:01.0465 4428 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\windows\system32\sysmain.dll 14:10:01.0575 4428 SysMain - ok 14:10:01.0715 4428 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\windows\System32\TabSvc.dll 14:10:01.0762 4428 TabletInputService - ok 14:10:01.0824 4428 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\windows\System32\tapisrv.dll 14:10:01.0887 4428 TapiSrv - ok 14:10:01.0902 4428 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll 14:10:01.0949 4428 TBS - ok 14:10:02.0152 4428 Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0) C:\windows\system32\drivers\tcpip.sys 14:10:02.0230 4428 Tcpip - ok 14:10:02.0511 4428 TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0) C:\windows\system32\DRIVERS\tcpip.sys 14:10:02.0557 4428 TCPIP6 - ok 14:10:02.0651 4428 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\windows\system32\drivers\tcpipreg.sys 14:10:02.0713 4428 tcpipreg - ok 14:10:02.0729 4428 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys 14:10:02.0791 4428 TDPIPE - ok 14:10:02.0823 4428 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\windows\system32\drivers\tdtcp.sys 14:10:02.0885 4428 TDTCP - ok 14:10:02.0916 4428 TermDD (c448651339196c0e869a355171875522) C:\windows\system32\DRIVERS\termdd.sys 14:10:02.0932 4428 TermDD - ok 14:10:03.0025 4428 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\windows\System32\termsrv.dll 14:10:03.0119 4428 TermService - ok 14:10:03.0135 4428 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll 14:10:03.0197 4428 Themes - ok 14:10:03.0244 4428 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll 14:10:03.0291 4428 THREADORDER - ok 14:10:03.0306 4428 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll 14:10:03.0369 4428 TrkWks - ok 14:10:03.0447 4428 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\windows\servicing\TrustedInstaller.exe 14:10:03.0478 4428 TrustedInstaller - ok 14:10:03.0493 4428 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\windows\system32\DRIVERS\tssecsrv.sys 14:10:03.0540 4428 tssecsrv - ok 14:10:03.0587 4428 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\windows\system32\DRIVERS\tunnel.sys 14:10:03.0696 4428 tunnel - ok 14:10:03.0743 4428 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys 14:10:03.0759 4428 uagp35 - ok 14:10:03.0790 4428 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\windows\system32\DRIVERS\udfs.sys 14:10:03.0883 4428 udfs - ok 14:10:03.0915 4428 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe 14:10:03.0930 4428 UI0Detect - ok 14:10:03.0961 4428 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\DRIVERS\uliagpkx.sys 14:10:03.0961 4428 uliagpkx - ok 14:10:03.0993 4428 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\windows\system32\DRIVERS\umbus.sys 14:10:04.0024 4428 umbus - ok 14:10:04.0039 4428 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys 14:10:04.0086 4428 UmPass - ok 14:10:04.0383 4428 UNS (6fdb1ca1add261f893c90738eba37197) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe 14:10:04.0476 4428 UNS - ok 14:10:04.0632 4428 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll 14:10:04.0726 4428 upnphost - ok 14:10:04.0804 4428 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\windows\system32\Drivers\usbaapl64.sys 14:10:04.0882 4428 USBAAPL64 - ok 14:10:04.0944 4428 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\windows\system32\drivers\usbaudio.sys 14:10:04.0991 4428 usbaudio - ok 14:10:05.0038 4428 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\windows\system32\DRIVERS\usbccgp.sys 14:10:05.0116 4428 usbccgp - ok 14:10:05.0163 4428 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\DRIVERS\usbcir.sys 14:10:05.0225 4428 usbcir - ok 14:10:05.0256 4428 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\windows\system32\drivers\usbehci.sys 14:10:05.0287 4428 usbehci - ok 14:10:05.0334 4428 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\windows\system32\DRIVERS\usbhub.sys 14:10:05.0365 4428 usbhub - ok 14:10:05.0397 4428 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\windows\system32\drivers\usbohci.sys 14:10:05.0428 4428 usbohci - ok 14:10:05.0459 4428 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys 14:10:05.0475 4428 usbprint - ok 14:10:05.0521 4428 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys 14:10:05.0553 4428 usbscan - ok 14:10:05.0693 4428 UsbService (068d8fb5be679cc214bbf91971f692d0) C:\Program Files (x86)\ASUS\Printer Utilities\UsbService64.exe 14:10:05.0724 4428 UsbService ( UnsignedFile.Multi.Generic ) - warning 14:10:05.0724 4428 UsbService - detected UnsignedFile.Multi.Generic (1) 14:10:05.0771 4428 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\windows\system32\DRIVERS\USBSTOR.SYS 14:10:05.0849 4428 USBSTOR - ok 14:10:05.0880 4428 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\windows\system32\drivers\usbuhci.sys 14:10:05.0911 4428 usbuhci - ok 14:10:05.0974 4428 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\windows\system32\Drivers\usbvideo.sys 14:10:06.0036 4428 usbvideo - ok 14:10:06.0083 4428 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\windows\system32\DRIVERS\usb8023x.sys 14:10:06.0114 4428 usb_rndisx - ok 14:10:06.0145 4428 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll 14:10:06.0239 4428 UxSms - ok 14:10:06.0286 4428 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\windows\system32\lsass.exe 14:10:06.0301 4428 VaultSvc - ok 14:10:06.0333 4428 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\DRIVERS\vdrvroot.sys 14:10:06.0348 4428 vdrvroot - ok 14:10:06.0411 4428 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\windows\System32\vds.exe 14:10:06.0473 4428 vds - ok 14:10:06.0504 4428 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys 14:10:06.0535 4428 vga - ok 14:10:06.0567 4428 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys 14:10:06.0629 4428 VgaSave - ok 14:10:06.0645 4428 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\windows\system32\DRIVERS\vhdmp.sys 14:10:06.0660 4428 vhdmp - ok 14:10:06.0676 4428 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\DRIVERS\viaide.sys 14:10:06.0676 4428 viaide - ok 14:10:06.0754 4428 vm332avs (640563f62cbb9b0a306232fa37945149) C:\windows\system32\Drivers\vm332avs.sys 14:10:06.0801 4428 vm332avs - ok 14:10:06.0816 4428 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\windows\system32\DRIVERS\volmgr.sys 14:10:06.0832 4428 volmgr - ok 14:10:06.0863 4428 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\windows\system32\drivers\volmgrx.sys 14:10:06.0894 4428 volmgrx - ok 14:10:06.0925 4428 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\windows\system32\DRIVERS\volsnap.sys 14:10:06.0972 4428 volsnap - ok 14:10:07.0003 4428 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys 14:10:07.0035 4428 vsmraid - ok 14:10:07.0191 4428 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\windows\system32\vssvc.exe 14:10:07.0237 4428 VSS - ok 14:10:07.0393 4428 vuhub (e07d31ee76ee18bfca49ad9a89782d43) C:\windows\system32\DRIVERS\vuhub.sys 14:10:07.0425 4428 vuhub - ok 14:10:07.0440 4428 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys 14:10:07.0503 4428 vwifibus - ok 14:10:07.0534 4428 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys 14:10:07.0596 4428 vwififlt - ok 14:10:07.0659 4428 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll 14:10:07.0737 4428 W32Time - ok 14:10:07.0752 4428 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys 14:10:07.0783 4428 WacomPen - ok 14:10:07.0846 4428 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys 14:10:07.0893 4428 WANARP - ok 14:10:07.0908 4428 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys 14:10:07.0939 4428 Wanarpv6 - ok 14:10:08.0111 4428 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe 14:10:08.0173 4428 WatAdminSvc - ok 14:10:08.0314 4428 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\windows\system32\wbengine.exe 14:10:08.0439 4428 wbengine - ok 14:10:08.0579 4428 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll 14:10:08.0626 4428 WbioSrvc - ok 14:10:08.0704 4428 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\windows\System32\wcncsvc.dll 14:10:08.0782 4428 wcncsvc - ok 14:10:08.0813 4428 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll 14:10:08.0875 4428 WcsPlugInService - ok 14:10:08.0922 4428 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys 14:10:08.0938 4428 Wd - ok 14:10:09.0000 4428 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys 14:10:09.0047 4428 Wdf01000 - ok 14:10:09.0063 4428 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll 14:10:09.0109 4428 WdiServiceHost - ok 14:10:09.0109 4428 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll 14:10:09.0141 4428 WdiSystemHost - ok 14:10:09.0187 4428 WebClient (733006127f235be7c35354ebee7b9a7b) C:\windows\System32\webclnt.dll 14:10:09.0250 4428 WebClient - ok 14:10:09.0312 4428 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll 14:10:09.0421 4428 Wecsvc - ok 14:10:09.0437 4428 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll 14:10:09.0484 4428 wercplsupport - ok 14:10:09.0515 4428 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll 14:10:09.0546 4428 WerSvc - ok 14:10:09.0609 4428 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys 14:10:09.0687 4428 WfpLwf - ok 14:10:09.0702 4428 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys 14:10:09.0718 4428 WIMMount - ok 14:10:09.0749 4428 WinDefend - ok 14:10:09.0827 4428 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll 14:10:09.0905 4428 Winmgmt - ok 14:10:10.0092 4428 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\windows\system32\WsmSvc.dll 14:10:10.0233 4428 WinRM - ok 14:10:10.0451 4428 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\windows\system32\DRIVERS\WinUsb.sys 14:10:10.0498 4428 WinUsb - ok 14:10:10.0623 4428 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll 14:10:10.0701 4428 Wlansvc - ok 14:10:10.0794 4428 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe 14:10:10.0810 4428 wlcrasvc - ok 14:10:11.0059 4428 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 14:10:11.0153 4428 wlidsvc - ok 14:10:11.0293 4428 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys 14:10:11.0309 4428 WmiAcpi - ok 14:10:11.0387 4428 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe 14:10:11.0434 4428 wmiApSrv - ok 14:10:11.0496 4428 WMPNetworkSvc - ok 14:10:11.0543 4428 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll 14:10:11.0574 4428 WPCSvc - ok 14:10:11.0605 4428 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\windows\system32\wpdbusenum.dll 14:10:11.0637 4428 WPDBusEnum - ok 14:10:11.0683 4428 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys 14:10:11.0761 4428 ws2ifsl - ok 14:10:11.0808 4428 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\windows\system32\wscsvc.dll 14:10:11.0871 4428 wscsvc - ok 14:10:11.0917 4428 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\windows\system32\DRIVERS\WSDPrint.sys 14:10:11.0949 4428 WSDPrintDevice - ok 14:10:11.0949 4428 WSearch - ok 14:10:12.0027 4428 wsvd (83575c43b2bfe9ab0661a7f957e843c0) C:\windows\system32\DRIVERS\wsvd.sys 14:10:12.0058 4428 wsvd - ok 14:10:12.0276 4428 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\windows\system32\wuaueng.dll 14:10:12.0370 4428 wuauserv - ok 14:10:12.0510 4428 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\windows\system32\drivers\WudfPf.sys 14:10:12.0604 4428 WudfPf - ok 14:10:12.0651 4428 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\windows\system32\DRIVERS\WUDFRd.sys 14:10:12.0713 4428 WUDFRd - ok 14:10:12.0744 4428 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\windows\System32\WUDFSvc.dll 14:10:12.0822 4428 wudfsvc - ok 14:10:12.0853 4428 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll 14:10:12.0931 4428 WwanSvc - ok 14:10:12.0963 4428 {79007602-0CDB-4405-9DBF-1257BB3226EE} - ok 14:10:12.0994 4428 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 14:10:13.0571 4428 \Device\Harddisk0\DR0 - ok 14:10:13.0587 4428 MBR (0x1B8) (ddae9d649db12f6aff24483f2c298989) \Device\Harddisk1\DR2 14:10:13.0727 4428 \Device\Harddisk1\DR2 - ok 14:10:13.0727 4428 Boot (0x1200) (56ddd760577959baf9844df38a6b18cc) \Device\Harddisk0\DR0\Partition0 14:10:13.0727 4428 \Device\Harddisk0\DR0\Partition0 - ok 14:10:13.0743 4428 Boot (0x1200) (480129f3973c9b42f7d979dea7932675) \Device\Harddisk0\DR0\Partition1 14:10:13.0743 4428 \Device\Harddisk0\DR0\Partition1 - ok 14:10:13.0774 4428 Boot (0x1200) (d359b0ef8f415e99e8dbaba05f82db47) \Device\Harddisk0\DR0\Partition2 14:10:13.0774 4428 \Device\Harddisk0\DR0\Partition2 - ok 14:10:13.0789 4428 Boot (0x1200) (d210ae37f0d6bcb2d7ad53ad645973d2) \Device\Harddisk1\DR2\Partition0 14:10:13.0789 4428 \Device\Harddisk1\DR2\Partition0 - ok 14:10:13.0789 4428 ============================================================ 14:10:13.0789 4428 Scan finished 14:10:13.0789 4428 ============================================================ 14:10:13.0789 2836 Detected object count: 3 14:10:13.0789 2836 Actual detected object count: 3 14:10:28.0360 2836 BrYNSvc ( UnsignedFile.Multi.Generic ) - skipped by user 14:10:28.0360 2836 BrYNSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:10:28.0360 2836 RtLedService ( UnsignedFile.Multi.Generic ) - skipped by user 14:10:28.0360 2836 RtLedService ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:10:28.0375 2836 UsbService ( UnsignedFile.Multi.Generic ) - skipped by user 14:10:28.0375 2836 UsbService ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:10:57.0610 2756 Deinitialize success Farbar log: Farbar Service Scanner Version: 25-06-2012 01 Ran by Angelo (administrator) on 01-07-2012 at 14:13:14 Microsoft Windows 7 Home Premium (X64) ************************************************ ======== Search: "afd.sys;tcpip.sys;mpssvc.dll;SDRSVC.dll;wuaueng.dll;cryptsvc.dll;" ========= C:\windows\System32\cryptsvc.dll [2012-06-13 20:51] - [2012-04-24 01:59] - 0182272 ____A (Microsoft Corporation) F02786B66375292E58C8777082D4396D C:\windows\System32\MPSSVC.dll [2009-07-13 20:09] - [2009-07-13 21:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3 C:\windows\System32\sdrsvc.dll [2009-07-13 19:36] - [2009-07-13 21:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5 C:\windows\System32\wuaueng.dll [2009-07-13 20:36] - [2009-07-13 21:41] - 2418176 ____A (Microsoft Corporation) 38340204A2D0228F1E87740FC5E554A7 C:\windows\System32\drivers\afd.sys [2012-02-15 07:22] - [2011-12-27 23:59] - 0499200 ____A (Microsoft Corporation) DB9D6C6B2CD95A9CA414D045B627422E C:\windows\System32\drivers\tcpip.sys [2012-05-08 19:51] - [2012-03-30 07:09] - 1895280 ____A (Microsoft Corporation) 624C5B3AA4C99B3184BB922D9ECE3FF0 C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.21979_none_7854c7b7125b248c\cryptsvc.dll [2012-06-13 20:51] - [2012-04-24 00:28] - 0142336 ____A (Microsoft Corporation) 21993009E0CCB9B4FA195F14D3408626 C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17827_none_77ff39f3f916c65f\cryptsvc.dll [2012-06-13 20:51] - [2012-04-24 00:36] - 0140288 ____A (Microsoft Corporation) 06E771AA596B8761107AB57E99F128D7 C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.21199_none_7658a1151545269d\cryptsvc.dll [2012-06-13 20:51] - [2012-04-24 00:33] - 0141312 ____A (Microsoft Corporation) F522279B4717E2BFF269C771FAC2B78E C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.17008_none_762f534bfbdf7203\cryptsvc.dll [2012-06-13 20:51] - [2012-04-24 00:47] - 0139264 ____A (Microsoft Corporation) 520A108A2657F4BCA7FCED9CA7D885DE C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_75d5ef87fc22e35a\cryptsvc.dll [2009-07-13 19:33] - [2009-07-13 21:15] - 0135680 ____A (Microsoft Corporation) 9C231178CE4FB385F4B54B0A9080B8A4 C:\Windows\winsxs\amd64_networking-mpssvc-svc_31bf3856ad364e35_6.1.7600.16385_none_f6092d1fe18dc440\MPSSVC.dll [2009-07-13 20:09] - [2009-07-13 21:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3 C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21887_none_364f3a028e605345\afd.sys [2012-02-15 07:22] - [2011-12-28 00:01] - 0498176 ____A (Microsoft Corporation) 36A14FD1A23F57046361733B792CA8DB C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_3695e61e8e2c13d4\afd.sys [2011-12-02 04:32] - [2011-04-24 23:09] - 0499200 ____A (Microsoft Corporation) F4AD06143EAC303F55D0E86C40802976 C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17752_none_35e10b89752ee0f5\afd.sys [2012-02-15 07:22] - [2011-12-27 23:59] - 0498688 ____A (Microsoft Corporation) 1C7857B62DE5994A75B054A9FD4C3825 C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_3618198975057170\afd.sys [2011-12-02 04:32] - [2011-04-24 22:34] - 0499200 ____A (Microsoft Corporation) D5B031C308A409A0A576BFF4CF083D30 C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.21115_none_34b263fe91032456\afd.sys [2012-02-15 07:22] - [2011-12-28 00:01] - 0499200 ____A (Microsoft Corporation) CCA39961E76B491DDF44B1E90FC8971D C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_3483491e9126fe55\afd.sys [2011-12-02 04:32] - [2011-04-24 22:44] - 0499712 ____A (Microsoft Corporation) FBFF8B7C9D116229E9208A0D1CAEB49B C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16937_none_34154fcd77f3bbda\afd.sys [2012-02-15 07:22] - [2011-12-27 23:59] - 0499200 ____A (Microsoft Corporation) DB9D6C6B2CD95A9CA414D045B627422E C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_3430bc3977dfec2d\afd.sys [2011-12-02 04:32] - [2011-04-24 22:44] - 0499712 ____A (Microsoft Corporation) 6EF20DDF3172E97D69F596FB90602F29 C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_33dd3439781e25f7\afd.sys [2009-07-13 19:21] - [2009-07-13 19:21] - 0500224 ____A (Microsoft Corporation) B9384E03479D2506BC924C16A3DB87BC C:\Windows\winsxs\amd64_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.3.7600.16385_none_8ca5655e8bc7dae9\wuaueng.dll [2009-07-13 20:36] - [2009-07-13 21:41] - 2418176 ____A (Microsoft Corporation) 38340204A2D0228F1E87740FC5E554A7 C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21954_none_11a27a8e9643d23a\tcpip.sys [2012-05-08 19:51] - [2012-03-30 06:26] - 1901424 ____A (Microsoft Corporation) 885B202006EE17AE99B9FBCEC9AF88C9 C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21828_none_11c6e9949627e69c\tcpip.sys [2011-12-02 04:31] - [2011-09-29 13:41] - 1912176 ____A (Microsoft Corporation) 3810F06A4D74A7D62641EE73D6B3C660 C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_11cbb5de9625357a\tcpip.sys [2011-12-02 04:32] - [2011-04-25 02:16] - 1927552 ____A (Microsoft Corporation) B77977AEB2FF159D01DB08A309989C5F C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17802_none_114ceccb7cff740d\tcpip.sys [2012-05-08 19:51] - [2012-03-30 07:35] - 1918320 ____A (Microsoft Corporation) ACB82BDA8F46C84F465C1AFA517DC4B9 C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17697_none_10f09b257d43f3eb\tcpip.sys [2011-12-02 04:31] - [2011-09-29 12:29] - 1923952 ____A (Microsoft Corporation) FC62769E7BFF2896035AEED399108162 C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_114de9497cfe9316\tcpip.sys [2011-12-02 04:32] - [2011-04-25 01:33] - 1923968 ____A (Microsoft Corporation) 92CE29D95AC9DD2D0EE9061D551BA250 C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21178_none_0faa5514992a39a7\tcpip.sys [2012-05-08 19:51] - [2012-03-30 06:19] - 1877872 ____A (Microsoft Corporation) 5EFD096DEF47F8B88EF591DA92143440 C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21060_none_0fad20ca992955d7\tcpip.sys [2011-12-02 04:31] - [2011-09-29 12:17] - 1886064 ____A (Microsoft Corporation) AC3E29880DB5659532A1AA3439304A43 C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20951_none_0fb918de99201ffb\tcpip.sys [2011-12-02 04:32] - [2011-04-25 01:28] - 1893248 ____A (Microsoft Corporation) 1F748D5439B65E0BEBD92F65048F030D C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_0fd0b57e990e2079\tcpip.sys [2011-02-11 18:25] - [2011-02-11 18:25] - 1889152 ____A (Microsoft Corporation) 542C6767C68C9D6AAACA59436B0D15C2 C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20687_none_0f9ea52499331463\tcpip.sys [2012-01-15 20:53] - [2010-04-09 03:56] - 1892232 ____A (Microsoft Corporation) A9C0F786AC1F736891D05CE0A1D29DEB C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16986_none_0f140fa780164fde\tcpip.sys [2012-05-08 19:51] - [2012-03-30 07:09] - 1895280 ____A (Microsoft Corporation) 624C5B3AA4C99B3184BB922D9ECE3FF0 C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16889_none_0f170e9f80139ebc\tcpip.sys [2011-12-02 04:31] - [2011-09-29 12:24] - 1897328 ____A (Microsoft Corporation) F18F56EFC0BFB9C87BA01C37B27F4DA5 C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16802_none_0f668bf97fd90dd3\tcpip.sys [2011-12-02 04:32] - [2011-04-25 01:32] - 1896832 ____A (Microsoft Corporation) 61DC720BB065D607D5823F13D2A64321 C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_0f59b7ad7fe2fcc8\tcpip.sys [2011-02-11 18:25] - [2011-02-11 18:25] - 1896832 ____A (Microsoft Corporation) 90A2D722CF64D911879D6C4A4F802A4D C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16569_none_0f2ca8c580036f65\tcpip.sys [2012-01-15 20:53] - [2010-04-09 07:06] - 1898376 ____A (Microsoft Corporation) 7FC877A25796D8ADF539E64703FCA7E1 C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys [2009-07-13 19:25] - [2009-07-13 21:45] - 1898576 ____A (Microsoft Corporation) 912107716BAB424C7870E8E6AF5E07E1 C:\Windows\winsxs\amd64_microsoft-windows-safedocs-main_31bf3856ad364e35_6.1.7600.16385_none_80feadf380799a73\sdrsvc.dll [2009-07-13 19:36] - [2009-07-13 21:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5 C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.21979_none_d473633acab895c2\cryptsvc.dll [2012-06-13 20:51] - [2012-04-24 01:22] - 0186880 ____A (Microsoft Corporation) B7337E9C9E5936355BB700AA33E0936E C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17827_none_d41dd577b1743795\cryptsvc.dll [2012-06-13 20:51] - [2012-04-24 01:37] - 0184320 ____A (Microsoft Corporation) 4F5414602E2544A4554D95517948B705 C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.21199_none_d2773c98cda297d3\cryptsvc.dll [2012-06-13 20:51] - [2012-04-24 01:36] - 0183808 ____A (Microsoft Corporation) CE8BF1423AEE47DA5275FBC8AD3BD642 C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.17008_none_d24deecfb43ce339\cryptsvc.dll [2012-06-13 20:51] - [2012-04-24 01:59] - 0182272 ____A (Microsoft Corporation) F02786B66375292E58C8777082D4396D C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_d1f48b0bb4805490\cryptsvc.dll [2009-07-13 19:49] - [2009-07-13 21:40] - 0175104 ____A (Microsoft Corporation) 8C57411B66282C01533CB776F98AD384 C:\Windows\SysWOW64\cryptsvc.dll [2012-06-13 20:51] - [2012-04-24 00:47] - 0139264 ____A (Microsoft Corporation) 520A108A2657F4BCA7FCED9CA7D885DE C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_7807034ff91166f4\cryptsvc.dll [2011-12-03 19:50] - [2010-11-20 08:18] - 0136192 ____A (Microsoft Corporation) A585BEBF7D054BD9618EDA0922D5484A C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_networking-mpssvc-svc_31bf3856ad364e35_6.1.7601.17514_none_f83a40e7de7c47da\MPSSVC.dll [2011-12-03 19:51] - [2010-11-20 09:26] - 0828416 ____A (Microsoft Corporation) 54FFC9C8898113ACE189D4AA7199D2C1 C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991\afd.sys [2011-12-03 19:50] - [2010-11-20 05:23] - 0499712 ____A (Microsoft Corporation) D31DC7A16DEA4A9BAF179F3D6FBDB38C C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.5.7601.17514_none_1f3413afc64d10c5\wuaueng.dll [2011-12-03 19:50] - [2010-11-20 09:27] - 2420736 ____A (Microsoft Corporation) 9DF12EDBC698B0BC353B3EF84861E430 C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37\tcpip.sys [2011-12-03 19:51] - [2010-11-20 09:33] - 1924480 ____A (Microsoft Corporation) 509383E505C973ED7534A06B3D19688D C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-safedocs-main_31bf3856ad364e35_6.1.7601.17514_none_832fc1bb7d681e0d\sdrsvc.dll [2011-12-03 19:49] - [2010-11-20 09:27] - 0170496 ____A (Microsoft Corporation) 6EA4234DC55346E0709560FE7C2C1972 C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_d4259ed3b16ed82a\cryptsvc.dll [2011-12-03 19:50] - [2010-11-20 09:25] - 0177152 ____A (Microsoft Corporation) 15597883FBE9B056F276ADA3AD87D9AF ====== End Of Search ======

Hi Maniac, thank you for your response. I tried to run Flash Disinfector but nothing seems to happen when I run the file. I tried to run as administrator as well, but again.. nothing pops up or anything. Is this normal? I rebooted regardless, and continued onto the next steps. This is the Farbar log: Farbar Service Scanner Version: 25-06-2012 01 Ran by Angelo (administrator) on 30-06-2012 at 14:49:13 Running from "C:\Users\Angelo\Desktop" Microsoft Windows 7 Home Premium (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Dnscache Service is not running. Checking service configuration: The start type of Dnscache service is OK. The ImagePath of Dnscache service is OK. The ServiceDll of Dnscache service is OK. Dhcp Service is not running. Checking service configuration: The start type of Dhcp service is OK. The ImagePath of Dhcp service is OK. The ServiceDll of Dhcp service is OK. tdx Service is not running. Checking service configuration: Checking Start type: ATTENTION!=====> Unable to open tdx registry key. The service key does not exist. Checking ImagePath: ATTENTION!=====> Unable to open tdx registry key. The service key does not exist. Connection Status: ============== Localhost is accessible. There is no connection to network. Google IP is accessible. Attempt to access Google.com returned error: Other errors Yahoo IP is accessible. Attempt to access Yahoo.com returned error: Other errors Windows Firewall: ============= mpsdrv Service is not running. Checking service configuration: The start type of mpsdrv service is OK. The ImagePath of mpsdrv service is OK. MpsSvc Service is not running. Checking service configuration: Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist. Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist. Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist. Firewall Disabled Policy: ================== System Restore: ============ System Restore Disabled Policy: ======================== Action Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ File Check: ======== C:\Windows\System32\nsisvc.dll => MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit C:\Windows\System32\dhcpcore.dll => MD5 is legit C:\Windows\System32\drivers\afd.sys [2012-02-15 07:22] - [2011-12-27 23:59] - 0499200 ____A (Microsoft Corporation) DB9D6C6B2CD95A9CA414D045B627422E C:\Windows\System32\drivers\tdx.sys => MD5 is legit C:\Windows\System32\Drivers\tcpip.sys [2012-05-08 19:51] - [2012-03-30 07:09] - 1895280 ____A (Microsoft Corporation) 624C5B3AA4C99B3184BB922D9ECE3FF0 C:\Windows\System32\dnsrslvr.dll => MD5 is legit C:\Windows\System32\mpssvc.dll [2009-07-13 20:09] - [2009-07-13 21:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3 C:\Windows\System32\bfe.dll => MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit C:\Windows\System32\SDRSVC.dll [2009-07-13 19:36] - [2009-07-13 21:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5 C:\Windows\System32\vssvc.exe => MD5 is legit C:\Windows\System32\wscsvc.dll => MD5 is legit C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit C:\Windows\System32\wuaueng.dll [2009-07-13 20:36] - [2009-07-13 21:41] - 2418176 ____A (Microsoft Corporation) 38340204A2D0228F1E87740FC5E554A7 C:\Windows\System32\qmgr.dll => MD5 is legit C:\Windows\System32\es.dll => MD5 is legit C:\Windows\System32\cryptsvc.dll [2012-06-13 20:51] - [2012-04-24 01:59] - 0182272 ____A (Microsoft Corporation) F02786B66375292E58C8777082D4396D C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit **** End of log ****

This trojan keeps redirecting webpages to ads and now the internet doesn't work at ALL. Here are the logs: . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_30 Run by Angelo at 13:03:42 on 2012-06-30 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1845.942 [GMT -4:00] . AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} . ============== Running Processes =============== . C:\windows\system32\wininit.exe C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\svchost.exe -k RPCSS C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k LocalService C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe C:\windows\System32\spoolsv.exe C:\windows\system32\svchost.exe -k LocalServiceNoNetwork C:\windows\System32\svchost.exe -k NetworkService C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files (x86)\EgisTec BioExcess\EgisDSService.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Realtek\RtLED\RtLEDService.exe C:\Program Files (x86)\ASUS\Printer Utilities\UsbService64.exe C:\Program Files\Realtek\RtLED\RtLED.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\windows\system32\taskhost.exe C:\windows\system32\Dwm.exe C:\windows\Explorer.EXE C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\Elantech\ETDCtrl.exe C:\Program Files (x86)\Lenovo\Energy Management\utility.exe C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Eraser\Eraser.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe C:\Program Files\Elantech\ETDCtrlHelper.exe C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\USB Camera2\VM332_STI.EXE C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe C:\Program Files (x86)\Nokia\Nokia Internet Modem\NokiaInternetModem_AppStart.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe C:\windows\system32\SearchIndexer.exe C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe C:\Program Files (x86)\Browny02\BrYNSvc.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\windows\system32\svchost.exe -k netsvcs C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE C:\windows\system32\taskeng.exe C:\windows\system32\taskeng.exe C:\Windows\system32\WUDFHost.exe C:\windows\system32\wbem\wmiprvse.exe \\?\C:\windows\system32\wbem\WMIADAP.EXE C:\windows\system32\wbem\wmiprvse.exe C:\windows\system32\taskhost.exe C:\windows\System32\svchost.exe -k WerSvcGroup C:\windows\system32\igfxsrvc.exe C:\windows\system32\DllHost.exe C:\windows\system32\DllHost.exe C:\windows\SysWOW64\cmd.exe C:\windows\system32\conhost.exe C:\windows\SysWOW64\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.ca/ mStart Page = hxxp://lenovo.msn.com uInternet Settings,ProxyOverride = *.local BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll BHO: PlusIEEventHelper Class: {551a852f-39a6-44a7-9c13-afbec9185a9d} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll BHO: IEPwdBankBHO Class: {56cbb761-da41-4e31-b270-b13b4b0a61d0} - C:\Program Files (x86)\EgisTec BioExcess\EgisIEPwdBank.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll uRun: [Google Update] "C:\Users\Angelo\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [iSUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun: [iMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" mRun: [332BigDog] C:\Program Files (x86)\USB Camera2\VM332_STI.EXE mRun: [VitaKeyTSR] "C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe" mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe mRun: [uCam_Menu] "C:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0" mRun: [YouCam Mirror Tray icon] "C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe" /s mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe" mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d mRun: [updateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0" mRun: [updatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery" mRun: [NokiaInternetModem_AppStart.exe] "C:\Program Files (x86)\Nokia\Nokia Internet Modem\NokiaInternetModem_AppStart.exe" "-start" "C:\Program Files (x86)\Nokia\Nokia Internet Modem\NokiaInternetModem.exe" mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe mRun: [indexSearch] "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe" mRun: [PaperPort PTD] "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe" mRun: [PPort12reminder] "C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini" mRun: [PDFHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe mRun: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe mRun: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun mRun: [brStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Angelo\Desktop\PartyPoker.lnk IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll LSP: mswsock.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab TCP: DhcpNameServer = 192.168.2.1 TCP: Interfaces\{3E34E9DE-FBCC-4629-B42B-0014EBD8D882} : DhcpNameServer = 192.168.2.1 TCP: Interfaces\{3E34E9DE-FBCC-4629-B42B-0014EBD8D882}\343524 : DhcpNameServer = 192.168.0.1 TCP: Interfaces\{3E34E9DE-FBCC-4629-B42B-0014EBD8D882}\35475607860293930303 : DhcpNameServer = 10.0.0.1 TCP: Interfaces\{7351B29F-BEA3-4F1F-A4EB-AE9D8A965B66} : DhcpNameServer = 64.71.255.198 64.71.255.253 TCP: Interfaces\{D27A83E8-B972-4B86-8195-B42B7A967A20} : DhcpNameServer = 192.168.1.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL LSA: Notification Packages = scecli EgisPwdFilter EgisDSPwdFilter BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll BHO-X64: PlusIEEventHelper Class: {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll BHO-X64: IEPwdBankBHO Class: {56CBB761-DA41-4E31-B270-B13B4B0A61D0} - C:\Program Files (x86)\EgisTec BioExcess\EgisIEPwdBank.dll BHO-X64: IEPwdBankBHO - No File BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun-x64: [iMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" mRun-x64: [332BigDog] C:\Program Files (x86)\USB Camera2\VM332_STI.EXE mRun-x64: [VitaKeyTSR] "C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe" mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun-x64: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe mRun-x64: [uCam_Menu] "C:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0" mRun-x64: [YouCam Mirror Tray icon] "C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe" /s mRun-x64: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe" mRun-x64: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d mRun-x64: [updateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0" mRun-x64: [updatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery" mRun-x64: [NokiaInternetModem_AppStart.exe] "C:\Program Files (x86)\Nokia\Nokia Internet Modem\NokiaInternetModem_AppStart.exe" "-start" "C:\Program Files (x86)\Nokia\Nokia Internet Modem\NokiaInternetModem.exe" mRun-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe mRun-x64: [indexSearch] "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe" mRun-x64: [PaperPort PTD] "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe" mRun-x64: [PPort12reminder] "C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini" mRun-x64: [PDFHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe mRun-x64: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe mRun-x64: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun mRun-x64: [brStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray IE-X64: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe IE-X64: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Angelo\Desktop\PartyPoker.lnk SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Angelo\AppData\Roaming\Mozilla\Firefox\Profiles\zwmj45cc.default\ FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\Angelo\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll . ============= SERVICES / DRIVERS =============== . R0 LHDmgr;LHDmgr;C:\windows\system32\DRIVERS\LhdX64.sys --> C:\windows\system32\DRIVERS\LhdX64.sys [?] R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\system32\DRIVERS\MpFilter.sys --> C:\windows\system32\DRIVERS\MpFilter.sys [?] R1 mwlPSDFilter;mwlPSDFilter;C:\windows\system32\DRIVERS\mwlPSDFilter.sys --> C:\windows\system32\DRIVERS\mwlPSDFilter.sys [?] R1 mwlPSDNServ;mwlPSDNServ;C:\windows\system32\DRIVERS\mwlPSDNServ.sys --> C:\windows\system32\DRIVERS\mwlPSDNServ.sys [?] R1 mwlPSDVDisk;mwlPSDVDisk;C:\windows\system32\DRIVERS\mwlPSDVDisk.sys --> C:\windows\system32\DRIVERS\mwlPSDVDisk.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?] R2 EgisTec Data Security Service;EgisTec Data Security Service;C:\Program Files (x86)\EgisTec BioExcess\EgisDSService.exe [2010-5-27 314736] R2 EgisTec Service;EgisTec Service;C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe [2010-5-27 709488] R2 FPSensor;EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys);C:\windows\system32\Drivers\FPSensor.sys --> C:\windows\system32\Drivers\FPSensor.sys [?] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-3-19 13336] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-6-16 654408] R2 PDFProFiltSrvPP;PDFProFiltSrvPP;C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [2010-3-9 144672] R2 RtLedService;RtLedService Installer;C:\Program Files\Realtek\RtLED\RtLEDService.exe [2010-2-5 311296] R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-6-17 1153368] R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-3-19 2320920] R2 UsbService;Eltima Usb to Ethernet Connector;C:\Program Files (x86)\ASUS\Printer Utilities\UsbService64.exe [2012-1-25 326656] R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\windows\system32\DRIVERS\AcpiVpc.sys --> C:\windows\system32\DRIVERS\AcpiVpc.sys [?] R3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2012-1-25 245760] R3 ETD;ELAN PS/2 Port Input Device;C:\windows\system32\DRIVERS\ETD.sys --> C:\windows\system32\DRIVERS\ETD.sys [?] R3 HECIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?] R3 Impcd;Impcd;C:\windows\system32\DRIVERS\Impcd.sys --> C:\windows\system32\DRIVERS\Impcd.sys [?] R3 InputFilter_Hid_FlexDef2b;Siliten HID Devices(FlexDef2b) Driver Service;C:\windows\system32\DRIVERS\InputFilter_FlexDef2b.sys --> C:\windows\system32\DRIVERS\InputFilter_FlexDef2b.sys [?] R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\system32\DRIVERS\L1C62x64.sys --> C:\windows\system32\DRIVERS\L1C62x64.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?] R3 nokia_cs1x_dc_enum;Nokia Internet Stick DC Enumerator;C:\windows\system32\DRIVERS\nokia_cs1x_dc_enum.sys --> C:\windows\system32\DRIVERS\nokia_cs1x_dc_enum.sys [?] R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] R3 vm332avs;Lenovo Camera2;C:\windows\system32\Drivers\vm332avs.sys --> C:\windows\system32\Drivers\vm332avs.sys [?] R3 vuhub;Virtual Usb Hub;C:\windows\system32\DRIVERS\vuhub.sys --> C:\windows\system32\DRIVERS\vuhub.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 KMService;KMService;C:\Windows\System32\srvany.exe [2011-12-2 8192] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-26 257696] S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\windows\system32\DRIVERS\k57nd60a.sys --> C:\windows\system32\DRIVERS\k57nd60a.sys [?] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 30963576] S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-6-17 129976] S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\windows\system32\DRIVERS\netw5v64.sys --> C:\windows\system32\DRIVERS\netw5v64.sys [?] S3 NisDrv;Microsoft Network Inspection System;C:\windows\system32\DRIVERS\NisDrvWFP.sys --> C:\windows\system32\DRIVERS\NisDrvWFP.sys [?] S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696] S3 nokia_cs1x_cdc_acm;Nokia Internet Stick CDC-ACM driver;C:\windows\system32\DRIVERS\nokia_cs1x_cdc_acm.sys --> C:\windows\system32\DRIVERS\nokia_cs1x_cdc_acm.sys [?] S3 nokia_cs1x_cdc_ecm;nokia_cs1x_cdc_ecm;C:\windows\system32\DRIVERS\nokia_cs1x_cdc_ecm.sys --> C:\windows\system32\DRIVERS\nokia_cs1x_cdc_ecm.sys [?] S3 nokia_cs1x_cpo;Nokia Internet Stick Mass Storage Device;C:\windows\system32\DRIVERS\nokia_cs1x_cpo.sys --> C:\windows\system32\DRIVERS\nokia_cs1x_cpo.sys [?] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?] S3 WSDPrintDevice;WSD Print Support via UMB;C:\windows\system32\DRIVERS\WSDPrint.sys --> C:\windows\system32\DRIVERS\WSDPrint.sys [?] S3 wsvd;wsvd;C:\windows\system32\DRIVERS\wsvd.sys --> C:\windows\system32\DRIVERS\wsvd.sys [?] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2012-06-17 21:07:15 332 ----a-w- C:\Start_.cmd 2012-06-17 21:07:14 -------- d-----w- C:\ComboFix 2012-06-17 20:02:26 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy 2012-06-17 20:02:26 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2012-06-17 19:36:44 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service 2012-06-17 19:36:42 588728 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll 2012-06-17 19:36:42 43960 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll 2012-06-17 19:36:42 157352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe 2012-06-17 19:36:42 129976 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe 2012-06-16 21:21:16 -------- d-----w- C:\Users\Angelo\AppData\Roaming\Malwarebytes 2012-06-16 21:21:14 -------- d-----w- C:\ProgramData\Malwarebytes 2012-06-16 21:21:13 24904 ----a-w- C:\windows\System32\drivers\mbam.sys 2012-06-16 21:21:13 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-06-14 00:51:59 208896 ----a-w- C:\windows\System32\profsvc.dll 2012-06-08 02:50:35 -------- d-sh--w- C:\windows\SysWow64\%APPDATA% 2012-06-07 01:29:23 8955792 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F1C44406-B880-42FE-9618-85D975AEF2B3}\mpengine.dll 2012-06-05 05:54:16 8955792 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-06-01 12:08:57 -------- d-----w- C:\Program Files\Microsoft IntelliPoint . ==================== Find3M ==================== . 2012-05-27 03:00:09 70304 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-05-27 03:00:09 419488 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe 2012-05-27 03:00:04 8744608 ----a-w- C:\windows\SysWow64\FlashPlayerInstaller.exe 2012-05-18 02:06:48 2311680 ----a-w- C:\windows\System32\jscript9.dll 2012-05-18 01:59:14 1392128 ----a-w- C:\windows\System32\wininet.dll 2012-05-18 01:58:39 1494528 ----a-w- C:\windows\System32\inetcpl.cpl 2012-05-18 01:55:22 173056 ----a-w- C:\windows\System32\ieUnatt.exe 2012-05-18 01:51:30 2382848 ----a-w- C:\windows\System32\mshtml.tlb 2012-05-17 22:45:37 1800192 ----a-w- C:\windows\SysWow64\jscript9.dll 2012-05-17 22:35:47 1129472 ----a-w- C:\windows\SysWow64\wininet.dll 2012-05-17 22:35:39 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl 2012-05-17 22:29:45 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe 2012-05-17 22:24:45 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb 2012-05-15 01:32:20 3144192 ----a-w- C:\windows\System32\win32k.sys 2012-05-04 10:52:22 5505392 ----a-w- C:\windows\System32\ntoskrnl.exe 2012-05-04 10:08:16 3958128 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe 2012-05-04 10:08:15 3902320 ----a-w- C:\windows\SysWow64\ntoskrnl.exe 2012-04-28 03:50:40 204800 ----a-w- C:\windows\System32\drivers\rdpwd.sys 2012-04-26 05:34:38 76288 ----a-w- C:\windows\System32\rdpwsx.dll 2012-04-26 05:34:37 149504 ----a-w- C:\windows\System32\rdpcorekmts.dll 2012-04-26 05:28:32 9216 ----a-w- C:\windows\System32\rdrmemptylst.exe 2012-04-24 05:59:45 182272 ----a-w- C:\windows\System32\cryptsvc.dll 2012-04-24 05:59:45 1460224 ----a-w- C:\windows\System32\crypt32.dll 2012-04-24 05:59:45 140288 ----a-w- C:\windows\System32\cryptnet.dll 2012-04-24 04:47:04 139264 ----a-w- C:\windows\SysWow64\cryptsvc.dll 2012-04-24 04:47:04 103936 ----a-w- C:\windows\SysWow64\cryptnet.dll 2012-04-24 04:47:03 1156608 ----a-w- C:\windows\SysWow64\crypt32.dll 2012-04-07 12:18:36 3213824 ----a-w- C:\windows\System32\msi.dll 2012-04-07 11:34:37 2342400 ----a-w- C:\windows\SysWow64\msi.dll . ============= FINISH: 13:04:50.54 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 12/1/2011 4:54:30 PM System Uptime: 6/20/2012 9:15:53 PM (232 hours ago) . Motherboard: LENOVO | | MoutCook Processor: Intel® Pentium® CPU P6200 @ 2.13GHz | CPU 1 | 917/133mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 254 GiB total, 183.276 GiB free. D: is FIXED (NTFS) - 29 GiB total, 28.907 GiB free. E: is Removable F: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP153: 5/31/2012 10:51:21 PM - Windows Update RP154: 6/1/2012 10:53:02 PM - Windows Update RP155: 6/2/2012 10:52:24 PM - Windows Update RP156: 6/4/2012 3:00:13 AM - Windows Update RP157: 6/4/2012 7:12:02 PM - Windows Update RP158: 6/5/2012 1:52:52 AM - Windows Update RP159: 6/6/2012 9:27:39 PM - Windows Update RP160: 6/14/2012 3:00:25 AM - Windows Update RP161: 6/21/2012 7:37:48 AM - Scheduled Checkpoint RP162: 6/29/2012 7:10:25 AM - Scheduled Checkpoint . ==== Installed Programs ====================== . µTorrent Adobe AIR Adobe Reader 9.0.1 Apple Application Support Apple Software Update Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver Best Buy pc app BioExcess BlackBerry Desktop Software 6.1 Brother MFL-Pro Suite DCP-7060D CyberLink YouCam D3DX10 Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Energy Management File Shredder 2.0 FormatFactory 2.95 Free Video to MP3 Converter version 5.0.2.1125 GOM Player Google Chrome Intel® Control Center Intel® Graphics Media Accelerator Driver Intel® Management Engine Components Intel® Rapid Storage Technology Internet Banking Payment Assistant 2.2 Java Auto Updater Java 6 Update 30 Junk Mail filter update Lenovo EasyCamera Lenovo OneKey Recovery Lenovo Security Suite Lenovo_Wireless_Driver Malwarebytes Anti-Malware version 1.61.0.1400 Mesh Runtime Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Groove MUI (English) 2010 Microsoft Office InfoPath MUI (English) 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Word MUI (English) 2010 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Mozilla Firefox 12.0 (x86 en-US) Mozilla Maintenance Service MSVCRT MSVCRT_amd64 MSXML 4.0 SP3 Parser MSXML 4.0 SP3 Parser (KB973685) Nokia Internet Modem Nuance PaperPort 12 Nuance PDF Viewer Plus PartyPoker PokerStars Power2Go Realtek High Definition Audio Driver Realtek USB 2.0 Card Reader Scansoft PDF Professional Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Skype™ 5.5 Spybot - Search & Destroy Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553092) Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources . ==== Event Viewer Messages From Past Week ======== . 6/30/2012 12:56:09 PM, Error: Service Control Manager [7003] - The DHCP Client service depends the following service: Tdx. This service might not be installed. 6/30/2012 12:56:09 PM, Error: Service Control Manager [7001] - The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: The dependency service does not exist or has been marked for deletion. 6/27/2012 9:48:08 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NlaSvc service. . ==== End Of File =========================== Thank you in advance!