scriibblez
-
Posts
8 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by scriibblez
-
-
Thank you for your responses
I feel I should let you know that the internet is not completely dead on the infected laptop.. when it connects to networks it connects as "limited connectivity". Any idea why this is? And it is not the wireless network itself, because I brought this laptop to my friends house and it displays the same limited connectivity when using their wifi, while other computers connect just fine to my home and friends network. Here are the logs:All processes killed
========== FILES ==========
Unable to replace file: C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.21979_none_7854c7b7125b248c\cryptsvc.dll with C:\windows\System32\cryptsvc.dll without a reboot.
File C:\windows\System32\MPSSVC.dll not found.
File C:\windows\System32\sdrsvc.dll not found.
File C:\windows\System32\wuaueng.dll not found.
File C:\windows\System32\drivers\afd.sys not found.
File C:\windows\System32\drivers\tcpip.sys not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Angelo
->Temp folder emptied: 198362 bytes
->Temporary Internet Files folder emptied: 413800 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 6106597 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 291 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 6.00 mb
OTL by OldTimer - Version 3.2.53.1 log created on 07052012_204240
Files\Folders moved on Reboot...
C:\Users\Angelo\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
[2012/04/24 00:28:22 | 000,142,336 | ---- | M] (Microsoft Corporation) C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.21979_none_7854c7b7125b248c\cryptsvc.dll : MD5=21993009E0CCB9B4FA195F14D3408626
Registry entries deleted on Reboot...
Farbar Service Scanner Version: 25-06-2012 01
Ran by Angelo (administrator) on 05-07-2012 at 20:46:21
Running from "C:\Users\Angelo\Desktop\MWB fix"
Microsoft Windows 7 Home Premium (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.
tdx Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open tdx registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open tdx registry key. The service key does not exist.
Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Google IP is accessible.
Attempt to access Google.com returned error: Other errors
Yahoo IP is accessible.
Attempt to access Yahoo.com returned error: Other errors
Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.
MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Action Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2012-02-15 07:22] - [2011-12-27 23:59] - 0499200 ____A (Microsoft Corporation) DB9D6C6B2CD95A9CA414D045B627422E
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2012-05-08 19:51] - [2012-03-30 07:09] - 1895280 ____A (Microsoft Corporation) 624C5B3AA4C99B3184BB922D9ECE3FF0
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll
[2009-07-13 20:09] - [2009-07-13 21:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll
[2009-07-13 19:36] - [2009-07-13 21:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll
[2009-07-13 20:36] - [2009-07-13 21:41] - 2418176 ____A (Microsoft Corporation) 38340204A2D0228F1E87740FC5E554A7
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll
[2012-06-13 20:51] - [2012-04-24 01:59] - 0182272 ____A (Microsoft Corporation) F02786B66375292E58C8777082D4396D
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
**** End of log ****
-
Here it is!
Farbar Service Scanner Version: 25-06-2012 01
Ran by Angelo (administrator) on 04-07-2012 at 22:08:24
Microsoft Windows 7 Home Premium (X64)
************************************************
======== Search: "afd.sys;tcpip.sys;mpssvc.dll;SDRSVC.dll;wuaueng.dll;cryptsvc.dll;" =========
C:\windows\System32\cryptsvc.dll
[2012-06-13 20:51] - [2012-04-24 01:59] - 0182272 ____A (Microsoft Corporation) F02786B66375292E58C8777082D4396D
C:\windows\System32\MPSSVC.dll
[2009-07-13 20:09] - [2009-07-13 21:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3
C:\windows\System32\sdrsvc.dll
[2009-07-13 19:36] - [2009-07-13 21:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5
C:\windows\System32\wuaueng.dll
[2009-07-13 20:36] - [2009-07-13 21:41] - 2418176 ____A (Microsoft Corporation) 38340204A2D0228F1E87740FC5E554A7
C:\windows\System32\drivers\afd.sys
[2012-02-15 07:22] - [2011-12-27 23:59] - 0499200 ____A (Microsoft Corporation) DB9D6C6B2CD95A9CA414D045B627422E
C:\windows\System32\drivers\tcpip.sys
[2012-05-08 19:51] - [2012-03-30 07:09] - 1895280 ____A (Microsoft Corporation) 624C5B3AA4C99B3184BB922D9ECE3FF0
C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.21979_none_7854c7b7125b248c\cryptsvc.dll
[2012-06-13 20:51] - [2012-04-24 00:28] - 0142336 ____A (Microsoft Corporation) 21993009E0CCB9B4FA195F14D3408626
C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17827_none_77ff39f3f916c65f\cryptsvc.dll
[2012-06-13 20:51] - [2012-04-24 00:36] - 0140288 ____A (Microsoft Corporation) 06E771AA596B8761107AB57E99F128D7
C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.21199_none_7658a1151545269d\cryptsvc.dll
[2012-06-13 20:51] - [2012-04-24 00:33] - 0141312 ____A (Microsoft Corporation) F522279B4717E2BFF269C771FAC2B78E
C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.17008_none_762f534bfbdf7203\cryptsvc.dll
[2012-06-13 20:51] - [2012-04-24 00:47] - 0139264 ____A (Microsoft Corporation) 520A108A2657F4BCA7FCED9CA7D885DE
C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_75d5ef87fc22e35a\cryptsvc.dll
[2009-07-13 19:33] - [2009-07-13 21:15] - 0135680 ____A (Microsoft Corporation) 9C231178CE4FB385F4B54B0A9080B8A4
C:\Windows\winsxs\amd64_networking-mpssvc-svc_31bf3856ad364e35_6.1.7600.16385_none_f6092d1fe18dc440\MPSSVC.dll
[2009-07-13 20:09] - [2009-07-13 21:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3
C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21887_none_364f3a028e605345\afd.sys
[2012-02-15 07:22] - [2011-12-28 00:01] - 0498176 ____A (Microsoft Corporation) 36A14FD1A23F57046361733B792CA8DB
C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_3695e61e8e2c13d4\afd.sys
[2011-12-02 04:32] - [2011-04-24 23:09] - 0499200 ____A (Microsoft Corporation) F4AD06143EAC303F55D0E86C40802976
C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17752_none_35e10b89752ee0f5\afd.sys
[2012-02-15 07:22] - [2011-12-27 23:59] - 0498688 ____A (Microsoft Corporation) 1C7857B62DE5994A75B054A9FD4C3825
C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_3618198975057170\afd.sys
[2011-12-02 04:32] - [2011-04-24 22:34] - 0499200 ____A (Microsoft Corporation) D5B031C308A409A0A576BFF4CF083D30
C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.21115_none_34b263fe91032456\afd.sys
[2012-02-15 07:22] - [2011-12-28 00:01] - 0499200 ____A (Microsoft Corporation) CCA39961E76B491DDF44B1E90FC8971D
C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_3483491e9126fe55\afd.sys
[2011-12-02 04:32] - [2011-04-24 22:44] - 0499712 ____A (Microsoft Corporation) FBFF8B7C9D116229E9208A0D1CAEB49B
C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16937_none_34154fcd77f3bbda\afd.sys
[2012-02-15 07:22] - [2011-12-27 23:59] - 0499200 ____A (Microsoft Corporation) DB9D6C6B2CD95A9CA414D045B627422E
C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_3430bc3977dfec2d\afd.sys
[2011-12-02 04:32] - [2011-04-24 22:44] - 0499712 ____A (Microsoft Corporation) 6EF20DDF3172E97D69F596FB90602F29
C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_33dd3439781e25f7\afd.sys
[2009-07-13 19:21] - [2009-07-13 19:21] - 0500224 ____A (Microsoft Corporation) B9384E03479D2506BC924C16A3DB87BC
C:\Windows\winsxs\amd64_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.3.7600.16385_none_8ca5655e8bc7dae9\wuaueng.dll
[2009-07-13 20:36] - [2009-07-13 21:41] - 2418176 ____A (Microsoft Corporation) 38340204A2D0228F1E87740FC5E554A7
C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21954_none_11a27a8e9643d23a\tcpip.sys
[2012-05-08 19:51] - [2012-03-30 06:26] - 1901424 ____A (Microsoft Corporation) 885B202006EE17AE99B9FBCEC9AF88C9
C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21828_none_11c6e9949627e69c\tcpip.sys
[2011-12-02 04:31] - [2011-09-29 13:41] - 1912176 ____A (Microsoft Corporation) 3810F06A4D74A7D62641EE73D6B3C660
C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_11cbb5de9625357a\tcpip.sys
[2011-12-02 04:32] - [2011-04-25 02:16] - 1927552 ____A (Microsoft Corporation) B77977AEB2FF159D01DB08A309989C5F
C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17802_none_114ceccb7cff740d\tcpip.sys
[2012-05-08 19:51] - [2012-03-30 07:35] - 1918320 ____A (Microsoft Corporation) ACB82BDA8F46C84F465C1AFA517DC4B9
C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17697_none_10f09b257d43f3eb\tcpip.sys
[2011-12-02 04:31] - [2011-09-29 12:29] - 1923952 ____A (Microsoft Corporation) FC62769E7BFF2896035AEED399108162
C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_114de9497cfe9316\tcpip.sys
[2011-12-02 04:32] - [2011-04-25 01:33] - 1923968 ____A (Microsoft Corporation) 92CE29D95AC9DD2D0EE9061D551BA250
C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21178_none_0faa5514992a39a7\tcpip.sys
[2012-05-08 19:51] - [2012-03-30 06:19] - 1877872 ____A (Microsoft Corporation) 5EFD096DEF47F8B88EF591DA92143440
C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21060_none_0fad20ca992955d7\tcpip.sys
[2011-12-02 04:31] - [2011-09-29 12:17] - 1886064 ____A (Microsoft Corporation) AC3E29880DB5659532A1AA3439304A43
C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20951_none_0fb918de99201ffb\tcpip.sys
[2011-12-02 04:32] - [2011-04-25 01:28] - 1893248 ____A (Microsoft Corporation) 1F748D5439B65E0BEBD92F65048F030D
C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_0fd0b57e990e2079\tcpip.sys
[2011-02-11 18:25] - [2011-02-11 18:25] - 1889152 ____A (Microsoft Corporation) 542C6767C68C9D6AAACA59436B0D15C2
C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20687_none_0f9ea52499331463\tcpip.sys
[2012-01-15 20:53] - [2010-04-09 03:56] - 1892232 ____A (Microsoft Corporation) A9C0F786AC1F736891D05CE0A1D29DEB
C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16986_none_0f140fa780164fde\tcpip.sys
[2012-05-08 19:51] - [2012-03-30 07:09] - 1895280 ____A (Microsoft Corporation) 624C5B3AA4C99B3184BB922D9ECE3FF0
C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16889_none_0f170e9f80139ebc\tcpip.sys
[2011-12-02 04:31] - [2011-09-29 12:24] - 1897328 ____A (Microsoft Corporation) F18F56EFC0BFB9C87BA01C37B27F4DA5
C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16802_none_0f668bf97fd90dd3\tcpip.sys
[2011-12-02 04:32] - [2011-04-25 01:32] - 1896832 ____A (Microsoft Corporation) 61DC720BB065D607D5823F13D2A64321
C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_0f59b7ad7fe2fcc8\tcpip.sys
[2011-02-11 18:25] - [2011-02-11 18:25] - 1896832 ____A (Microsoft Corporation) 90A2D722CF64D911879D6C4A4F802A4D
C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16569_none_0f2ca8c580036f65\tcpip.sys
[2012-01-15 20:53] - [2010-04-09 07:06] - 1898376 ____A (Microsoft Corporation) 7FC877A25796D8ADF539E64703FCA7E1
C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys
[2009-07-13 19:25] - [2009-07-13 21:45] - 1898576 ____A (Microsoft Corporation) 912107716BAB424C7870E8E6AF5E07E1
C:\Windows\winsxs\amd64_microsoft-windows-safedocs-main_31bf3856ad364e35_6.1.7600.16385_none_80feadf380799a73\sdrsvc.dll
[2009-07-13 19:36] - [2009-07-13 21:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5
C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.21979_none_d473633acab895c2\cryptsvc.dll
[2012-06-13 20:51] - [2012-04-24 01:22] - 0186880 ____A (Microsoft Corporation) B7337E9C9E5936355BB700AA33E0936E
C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17827_none_d41dd577b1743795\cryptsvc.dll
[2012-06-13 20:51] - [2012-04-24 01:37] - 0184320 ____A (Microsoft Corporation) 4F5414602E2544A4554D95517948B705
C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.21199_none_d2773c98cda297d3\cryptsvc.dll
[2012-06-13 20:51] - [2012-04-24 01:36] - 0183808 ____A (Microsoft Corporation) CE8BF1423AEE47DA5275FBC8AD3BD642
C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.17008_none_d24deecfb43ce339\cryptsvc.dll
[2012-06-13 20:51] - [2012-04-24 01:59] - 0182272 ____A (Microsoft Corporation) F02786B66375292E58C8777082D4396D
C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_d1f48b0bb4805490\cryptsvc.dll
[2009-07-13 19:49] - [2009-07-13 21:40] - 0175104 ____A (Microsoft Corporation) 8C57411B66282C01533CB776F98AD384
C:\Windows\SysWOW64\cryptsvc.dll
[2012-06-13 20:51] - [2012-04-24 00:47] - 0139264 ____A (Microsoft Corporation) 520A108A2657F4BCA7FCED9CA7D885DE
C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_7807034ff91166f4\cryptsvc.dll
[2011-12-03 19:50] - [2010-11-20 08:18] - 0136192 ____A (Microsoft Corporation) A585BEBF7D054BD9618EDA0922D5484A
C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_networking-mpssvc-svc_31bf3856ad364e35_6.1.7601.17514_none_f83a40e7de7c47da\MPSSVC.dll
[2011-12-03 19:51] - [2010-11-20 09:26] - 0828416 ____A (Microsoft Corporation) 54FFC9C8898113ACE189D4AA7199D2C1
C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991\afd.sys
[2011-12-03 19:50] - [2010-11-20 05:23] - 0499712 ____A (Microsoft Corporation) D31DC7A16DEA4A9BAF179F3D6FBDB38C
C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.5.7601.17514_none_1f3413afc64d10c5\wuaueng.dll
[2011-12-03 19:50] - [2010-11-20 09:27] - 2420736 ____A (Microsoft Corporation) 9DF12EDBC698B0BC353B3EF84861E430
C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37\tcpip.sys
[2011-12-03 19:51] - [2010-11-20 09:33] - 1924480 ____A (Microsoft Corporation) 509383E505C973ED7534A06B3D19688D
C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-safedocs-main_31bf3856ad364e35_6.1.7601.17514_none_832fc1bb7d681e0d\sdrsvc.dll
[2011-12-03 19:49] - [2010-11-20 09:27] - 0170496 ____A (Microsoft Corporation) 6EA4234DC55346E0709560FE7C2C1972
C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_d4259ed3b16ed82a\cryptsvc.dll
[2011-12-03 19:50] - [2010-11-20 09:25] - 0177152 ____A (Microsoft Corporation) 15597883FBE9B056F276ADA3AD87D9AF
====== End Of Search ======
-
Hi Maniac, here are the logs:
All processes killed
========== OTL ==========
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
C:\Users\Angelo\AppData\Local\{61fcaa24-ffd0-4994-b381-d5a0462b6125}\@ moved successfully.
========== FILES ==========
C:\Users\Angelo\AppData\Local\{61fcaa24-ffd0-4994-b381-d5a0462b6125}\U folder moved successfully.
C:\Users\Angelo\AppData\Local\{61fcaa24-ffd0-4994-b381-d5a0462b6125}\L folder moved successfully.
C:\Users\Angelo\AppData\Local\{61fcaa24-ffd0-4994-b381-d5a0462b6125} folder moved successfully.
File C:\windows\System32\drivers\afd.sys not found.
File C:\windows\System32\drivers\tcpip.sys not found.
File C:\windows\System32\MPSSVC.dll not found.
File C:\windows\System32\sdrsvc.dll not found.
File C:\windows\System32\wuaueng.dll not found.
Unable to replace file: C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.21979_none_7854c7b7125b248c\cryptsvc.dll with C:\windows\System32\cryptsvc.dll without a reboot.
< ipconfig /flushdns /c >
Windows IP Configuration
Could not flush the DNS Resolver Cache: Function failed during execution.
C:\Users\Angelo\Desktop\cmd.bat deleted successfully.
C:\Users\Angelo\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Angelo
->Temp folder emptied: 33263597 bytes
->Temporary Internet Files folder emptied: 956964287 bytes
->Java cache emptied: 56515 bytes
->FireFox cache emptied: 99691756 bytes
->Google Chrome cache emptied: 348338024 bytes
->Flash cache emptied: 3256 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 66396648 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 52423 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 1,435.00 mb
OTL by OldTimer - Version 3.2.53.1 log created on 07032012_210539
Files\Folders moved on Reboot...
C:\Users\Angelo\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
[2012/04/24 00:28:22 | 000,142,336 | ---- | M] (Microsoft Corporation) C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.21979_none_7854c7b7125b248c\cryptsvc.dll : MD5=21993009E0CCB9B4FA195F14D3408626
Registry entries deleted on Reboot...
Farbar Service Scanner Version: 25-06-2012 01
Ran by Angelo (administrator) on 03-07-2012 at 21:09:55
Running from "C:\Users\Angelo\Desktop"
Microsoft Windows 7 Home Premium (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.
tdx Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open tdx registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open tdx registry key. The service key does not exist.
Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Google IP is accessible.
Attempt to access Google.com returned error: Other errors
Yahoo IP is accessible.
Attempt to access Yahoo.com returned error: Other errors
Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.
MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Action Center:
============
Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.
Windows Autoupdate Disabled Policy:
============================
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2012-02-15 07:22] - [2011-12-27 23:59] - 0499200 ____A (Microsoft Corporation) DB9D6C6B2CD95A9CA414D045B627422E
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2012-05-08 19:51] - [2012-03-30 07:09] - 1895280 ____A (Microsoft Corporation) 624C5B3AA4C99B3184BB922D9ECE3FF0
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll
[2009-07-13 20:09] - [2009-07-13 21:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll
[2009-07-13 19:36] - [2009-07-13 21:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll
[2009-07-13 20:36] - [2009-07-13 21:41] - 2418176 ____A (Microsoft Corporation) 38340204A2D0228F1E87740FC5E554A7
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll
[2012-06-13 20:51] - [2012-04-24 01:59] - 0182272 ____A (Microsoft Corporation) F02786B66375292E58C8777082D4396D
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
**** End of log ****
-
Hi, here are the logs
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-02 12:41:22
-----------------------------
12:41:22.139 OS Version: Windows x64 6.1.7600
12:41:22.139 Number of processors: 2 586 0x2505
12:41:22.139 ComputerName: ANGELO-PC UserName: Angelo
12:41:23.777 Initialize success
12:41:41.480 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
12:41:41.480 Disk 0 Vendor: WDC_WD32 02.0 Size: 305245MB BusType: 3
12:41:41.496 Disk 0 MBR read successfully
12:41:41.496 Disk 0 MBR scan
12:41:41.496 Disk 0 Windows 7 default MBR code
12:41:41.512 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 200 MB offset 2048
12:41:41.527 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 260243 MB offset 411648
12:41:41.527 Disk 0 Partition - 00 0F Extended LBA 29692 MB offset 533389312
12:41:41.558 Disk 0 Partition 3 00 12 Compaq diag NTFS 15109 MB offset 594198528
12:41:41.590 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 29691 MB offset 533391360
12:41:41.621 Disk 0 scanning C:\windows\system32\drivers
12:41:49.343 Service scanning
12:42:05.910 Modules scanning
12:42:05.926 Disk 0 trace - called modules:
12:42:05.957 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
12:42:05.957 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80025cc530]
12:42:05.972 3 CLASSPNP.SYS[fffff88001b0e43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8002410050]
12:42:05.988 Scan finished successfully
12:42:38.140 Disk 0 MBR has been saved successfully to "C:\Users\Angelo\Desktop\MBR.dat"
12:42:38.140 The log file has been saved successfully to "C:\Users\Angelo\Desktop\aswMBR.txt"
OTL:
OTL logfile created on: 7/2/2012 12:43:04 PM - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Angelo\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.80 Gb Total Physical Memory | 0.91 Gb Available Physical Memory | 50.76% Memory free
3.60 Gb Paging File | 2.22 Gb Available in Paging File | 61.65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 254.14 Gb Total Space | 183.21 Gb Free Space | 72.09% Space Free | Partition Type: NTFS
Drive D: | 29.00 Gb Total Space | 28.91 Gb Free Space | 99.70% Space Free | Partition Type: NTFS
Drive E: | 3.81 Gb Total Space | 1.84 Gb Free Space | 48.44% Space Free | Partition Type: FAT32
Computer Name: ANGELO-PC | User Name: Angelo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/07/02 12:38:40 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Angelo\Desktop\OTL.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/09/01 18:47:26 | 000,090,448 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2010/10/26 18:20:52 | 001,196,032 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
PRC - [2010/10/26 18:16:06 | 000,331,776 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
PRC - [2010/10/05 15:12:52 | 000,137,728 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Internet Modem\NokiaInternetModem_AppStart.exe
PRC - [2010/06/10 14:42:44 | 002,621,440 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
PRC - [2010/05/27 23:14:52 | 000,376,176 | ---- | M] (Egis Technology Inc. ) -- C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe
PRC - [2010/05/27 23:14:02 | 000,709,488 | ---- | M] (Egis Technology Inc. ) -- C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe
PRC - [2010/05/27 23:13:38 | 000,314,736 | ---- | M] (Egis Technology Inc. ) -- C:\Program Files (x86)\EgisTec BioExcess\EgisDSService.exe
PRC - [2010/03/10 18:11:56 | 000,407,920 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
PRC - [2010/03/10 18:11:42 | 000,201,584 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
PRC - [2010/03/09 01:42:02 | 000,029,984 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
PRC - [2010/03/09 01:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
PRC - [2010/03/05 21:11:30 | 000,636,192 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
PRC - [2010/03/03 16:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/03/03 16:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/01/25 09:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe
PRC - [2010/01/19 13:44:40 | 000,536,576 | ---- | M] (Vimicro) -- C:\Program Files (x86)\USB Camera2\VM332_STI.EXE
PRC - [2009/09/30 08:02:38 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009/09/30 08:02:36 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/05/05 17:06:06 | 000,222,496 | ---- | M] (Acresso Corporation) -- C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
========== Modules (No Company Name) ==========
MOD - [2012/06/14 03:37:49 | 011,824,128 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\84fbf353f91385690a3e4e982aa6930e\System.Web.ni.dll
MOD - [2012/06/14 03:37:17 | 012,433,920 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\009c50fb69919b90fb233cb4c35d0ad7\System.Windows.Forms.ni.dll
MOD - [2012/06/14 03:37:09 | 001,591,808 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ebefde27b0ef7f39bb49c493b34a602c\System.Drawing.ni.dll
MOD - [2012/05/09 03:50:54 | 000,452,608 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\73baa23d28d21c7c01e334211330a84e\IAStorUtil.ni.dll
MOD - [2012/05/09 03:48:29 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0c00b1a8336dd4c1bd1ebce7780f20b4\System.Runtime.Remoting.ni.dll
MOD - [2012/05/09 03:47:25 | 003,325,952 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b68fdf2c95b93fc5006a092c11eed07c\WindowsBase.ni.dll
MOD - [2012/05/09 03:47:18 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll
MOD - [2012/05/09 03:47:14 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll
MOD - [2012/05/09 03:47:13 | 007,952,384 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll
MOD - [2012/05/09 03:47:05 | 011,490,816 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll
MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/10/05 15:13:26 | 000,028,160 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Internet Modem\ressources\plugins\DiscoveryGeneric.plugin
MOD - [2010/10/05 15:13:26 | 000,017,408 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Internet Modem\ressources\plugins\DiscoveryNdis.plugin
MOD - [2010/10/05 15:12:54 | 001,048,064 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Internet Modem\wxmsw28u_core_vc_custom.dll
MOD - [2010/10/05 15:12:54 | 000,756,224 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Internet Modem\UIToolkit.dll
MOD - [2010/10/05 15:12:54 | 000,726,528 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Internet Modem\wxbase28u_vc_custom.dll
MOD - [2010/10/05 15:12:54 | 000,500,736 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Internet Modem\Toolkit.dll
MOD - [2010/10/05 15:12:52 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Internet Modem\pcre3.dll
MOD - [2010/10/05 15:12:52 | 000,137,728 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Internet Modem\NokiaInternetModem_AppStart.exe
MOD - [2010/10/05 15:12:52 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Internet Modem\Preferences.dll
MOD - [2010/10/05 15:12:50 | 000,308,224 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Internet Modem\Device.dll
MOD - [2010/10/05 15:12:50 | 000,246,784 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Internet Modem\DB.dll
MOD - [2010/10/05 15:12:50 | 000,125,440 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Internet Modem\Discovery.dll
MOD - [2010/10/05 15:12:50 | 000,045,056 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Internet Modem\DriveDetector.dll
MOD - [2010/10/05 15:12:48 | 000,088,064 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Internet Modem\ComCore.dll
MOD - [2009/02/27 17:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2010/09/22 14:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/02/05 10:43:20 | 000,311,296 | ---- | M] (Realtek Semiconductor Corp.) [Auto | Running] -- C:\Program Files\Realtek\RtLED\RtLEDService.exe -- (RtLedService)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svchost.exe -- (WinHttpAutoProxySvc)
SRV - [2012/06/17 15:36:42 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/05/26 23:00:09 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/12/02 05:34:30 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\srvany.exe -- (KMService)
SRV - [2010/05/27 23:14:02 | 000,709,488 | ---- | M] (Egis Technology Inc. ) [Auto | Running] -- C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe -- (EgisTec Service)
SRV - [2010/05/27 23:13:38 | 000,314,736 | ---- | M] (Egis Technology Inc. ) [Auto | Running] -- C:\Program Files (x86)\EgisTec BioExcess\EgisDSService.exe -- (EgisTec Data Security Service)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/09 01:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe -- (PDFProFiltSrvPP)
SRV - [2010/03/03 16:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2010/01/25 09:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2009/09/30 08:02:38 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2009/09/30 08:02:36 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/05 04:05:24 | 000,326,656 | R--- | M] (ASUSTek COMPUTER INC.) [Auto | Running] -- C:\Program Files (x86)\ASUS\Printer Utilities\UsbService64.exe -- (UsbService)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/01 02:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/08/31 20:53:22 | 012,306,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/08/01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/07/25 18:44:46 | 000,074,752 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2011/07/20 15:58:22 | 000,044,032 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2011/03/19 06:22:49 | 000,035,888 | ---- | M] (EgisTec) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\FPSensor.sys -- (FPSensor) EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys)
DRV:64bit: - [2011/03/19 06:22:48 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2011/03/19 06:22:48 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2011/03/19 06:22:48 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2011/03/11 02:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/06/19 00:36:04 | 000,017,920 | ---- | M] (Siliten) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\InputFilter_FlexDef2b.sys -- (InputFilter_Hid_FlexDef2b) Siliten HID Devices(FlexDef2b)
DRV:64bit: - [2010/05/10 21:17:50 | 000,229,488 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vm332avs.sys -- (vm332avs)
DRV:64bit: - [2010/04/22 16:07:26 | 000,098,304 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nokia_cs1x_cdc_acm.sys -- (nokia_cs1x_cdc_acm)
DRV:64bit: - [2010/04/22 16:07:26 | 000,097,280 | ---- | M] (Nokia) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nokia_cs1x_dc_enum.sys -- (nokia_cs1x_dc_enum)
DRV:64bit: - [2010/04/22 16:07:26 | 000,053,760 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nokia_cs1x_cdc_ecm.sys -- (nokia_cs1x_cdc_ecm)
DRV:64bit: - [2010/04/22 16:07:26 | 000,013,824 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nokia_cs1x_cpo.sys -- (nokia_cs1x_cpo)
DRV:64bit: - [2010/03/26 05:14:50 | 000,162,304 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2010/03/24 05:57:20 | 000,243,744 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/03/03 15:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/03/02 12:45:24 | 001,594,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/02/26 17:02:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/22 06:03:44 | 000,075,304 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/01/15 14:08:34 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LhdX64.sys -- (LHDmgr)
DRV:64bit: - [2009/10/18 20:40:50 | 000,028,176 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV:64bit: - [2009/09/17 00:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/07/21 10:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 20:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/07/13 20:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/06/10 16:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/06/10 16:34:36 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2007/12/16 22:25:14 | 000,047,616 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vuhub.sys -- (vuhub)
DRV:64bit: - [2006/12/12 03:29:02 | 000,097,280 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrSerIf.sys -- (BrSerIf)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2591753365-2526377709-281079065-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKU\S-1-5-21-2591753365-2526377709-281079065-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2591753365-2526377709-281079065-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKU\S-1-5-21-2591753365-2526377709-281079065-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2591753365-2526377709-281079065-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Angelo\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Angelo\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/17 15:36:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/05/21 12:06:15 | 000,000,000 | ---D | M]
[2011/12/04 08:00:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Angelo\AppData\Roaming\Mozilla\Extensions
[2012/06/17 15:58:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Angelo\AppData\Roaming\Mozilla\Firefox\Profiles\zwmj45cc.default\extensions
[2012/04/17 13:29:01 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Angelo\AppData\Roaming\Mozilla\Firefox\Profiles\zwmj45cc.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012/05/21 12:01:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/06/17 15:58:13 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\ANGELO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZWMJ45CC.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/06/17 15:36:43 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/06/17 15:36:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/17 15:36:40 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Angelo\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\Angelo\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Angelo\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Angelo\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Angelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Angelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Angelo\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll
CHR - Extension: YouTube = C:\Users\Angelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Angelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AdBlock = C:\Users\Angelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.34_0\
CHR - Extension: ICE Quick Stream = C:\Users\Angelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mapljocpedaolbooelchgnkkaplpadgp\4.92_1\
CHR - Extension: Hover Zoom = C:\Users\Angelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl\4.3.6_0\
CHR - Extension: Gmail = C:\Users\Angelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (IEPwdBankBHO Class) - {56CBB761-DA41-4E31-B270-B13B4B0A61D0} - C:\Program Files (x86)\EgisTec BioExcess\EgisIEPwdBank.dll (Egis Technology Inc. )
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4:64bit: - HKLM..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe (The Eraser Project)
O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [intelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [updatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [332BigDog] C:\Program Files (x86)\USB Camera2\VM332_STI.EXE (Vimicro)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [brStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [iMSS] C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe ()
O4 - HKLM..\Run: [indexSearch] C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NokiaInternetModem_AppStart.exe] C:\Program Files (x86)\Nokia\Nokia Internet Modem\NokiaInternetModem_AppStart.exe ()
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDFHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PPort12reminder] C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [uCam_Menu] C:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [updateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [updatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe File not found
O4 - HKLM..\Run: [VitaKeyTSR] C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe (Egis Technology Inc. )
O4 - HKLM..\Run: [YouCam Mirror Tray icon] C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-2591753365-2526377709-281079065-1000..\Run: [iSUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Angelo\Desktop\PartyPoker.lnk File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Angelo\Desktop\PartyPoker.lnk File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3E34E9DE-FBCC-4629-B42B-0014EBD8D882}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7351B29F-BEA3-4F1F-A4EB-AE9D8A965B66}: DhcpNameServer = 64.71.255.198 64.71.255.253
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D27A83E8-B972-4B86-8195-B42B7A967A20}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{90a54729-1fd4-11e1-9c81-f0def14dbde2}\Shell - "" = AutoRun
O33 - MountPoints2\{90a54729-1fd4-11e1-9c81-f0def14dbde2}\Shell\AutoRun\command - "" = E:\Memorybar.exe
O33 - MountPoints2\{a7f50fc9-1c6a-11e1-b5a6-f0def14dbde2}\Shell - "" = AutoRun
O33 - MountPoints2\{a7f50fc9-1c6a-11e1-b5a6-f0def14dbde2}\Shell\AutoRun\command - "" = E:\application\Nokia_Internet_Modem.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012/07/02 12:41:02 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Angelo\Desktop\aswMBR.exe
[2012/07/02 12:41:02 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Angelo\Desktop\OTL.exe
[2012/07/01 14:08:45 | 002,134,616 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Angelo\Desktop\tdsskiller.exe
[2012/06/30 14:36:12 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Angelo\Desktop\dds.scr
[2012/06/19 22:07:21 | 000,000,000 | ---D | C] -- C:\Users\Angelo\Desktop\Angeloo
[2012/06/19 18:59:24 | 000,000,000 | ---D | C] -- C:\Users\Angelo\Desktop\Angelo
[2012/06/17 17:07:14 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/06/17 17:07:08 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/06/17 17:06:40 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2012/06/17 17:06:38 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012/06/17 16:02:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/06/17 16:02:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/06/17 16:02:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/06/17 15:36:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/06/17 15:36:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/06/16 17:21:16 | 000,000,000 | ---D | C] -- C:\Users\Angelo\AppData\Roaming\Malwarebytes
[2012/06/16 17:21:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/16 17:21:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/06/16 17:21:13 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2012/06/16 17:21:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/06/14 03:01:18 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2012/06/14 03:01:17 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2012/06/14 03:01:17 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2012/06/14 03:01:17 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2012/06/14 03:01:15 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2012/06/14 03:01:15 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2012/06/14 03:01:14 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2012/06/14 03:01:14 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2012/06/14 03:01:11 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2012/06/14 03:01:11 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2012/06/14 03:01:10 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2012/06/14 03:01:10 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2012/06/14 03:01:09 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2012/06/13 20:51:58 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpcorekmts.dll
[2012/06/13 20:51:57 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpwsx.dll
[2012/06/13 20:51:57 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdrmemptylst.exe
[2012/06/13 20:51:49 | 005,505,392 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
[2012/06/13 20:51:47 | 003,902,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe
[2012/06/13 20:51:46 | 003,958,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe
[2012/06/13 20:51:42 | 003,213,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msi.dll
[2012/06/13 20:51:40 | 001,460,224 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\crypt32.dll
[2012/06/13 20:51:39 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cryptnet.dll
[2012/06/07 22:50:35 | 000,000,000 | -HSD | C] -- C:\windows\SysWow64\%APPDATA%
[2 C:\Users\Angelo\Desktop\*.tmp files -> C:\Users\Angelo\Desktop\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/07/02 12:42:38 | 000,000,512 | ---- | M] () -- C:\Users\Angelo\Desktop\MBR.dat
[2012/07/02 12:39:50 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2591753365-2526377709-281079065-1000UA.job
[2012/07/02 12:39:40 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/07/02 12:39:39 | 000,000,860 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2591753365-2526377709-281079065-1000Core.job
[2012/07/02 12:39:36 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/07/02 12:38:40 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Angelo\Desktop\OTL.exe
[2012/07/02 12:38:38 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Angelo\Desktop\aswMBR.exe
[2012/07/01 14:07:04 | 002,134,616 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Angelo\Desktop\tdsskiller.exe
[2012/06/30 14:54:29 | 000,013,632 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/30 14:54:29 | 000,013,632 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/30 14:45:47 | 1450,582,016 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/30 14:44:39 | 000,729,880 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/06/30 14:44:39 | 000,626,540 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/06/30 14:44:39 | 000,107,784 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/06/30 14:35:20 | 000,340,645 | ---- | M] () -- C:\Users\Angelo\Desktop\FSS.exe
[2012/06/30 14:33:58 | 000,126,976 | ---- | M] () -- C:\Users\Angelo\Desktop\ResetTeaTimer.exe
[2012/06/30 14:32:42 | 000,132,597 | ---- | M] () -- C:\Users\Angelo\Desktop\Flash_Disinfector.exe
[2012/06/30 12:59:42 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Angelo\Desktop\dds.scr
[2012/06/17 17:07:15 | 000,000,332 | ---- | M] () -- C:\Start_.cmd
[2012/06/17 15:56:40 | 000,001,049 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/06/17 13:34:35 | 000,453,162 | ---- | M] () -- C:\Users\Angelo\Desktop\rbctestingfriday.zip
[2012/06/16 17:16:16 | 000,002,198 | ---- | M] () -- C:\windows\epplauncher.mif
[2012/06/14 03:33:39 | 000,430,656 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012/06/09 14:03:43 | 000,172,994 | ---- | M] () -- C:\Users\Angelo\Desktop\Scenario 1 Assets and Liabilites.jpg
[2012/06/09 14:02:08 | 000,210,390 | ---- | M] () -- C:\Users\Angelo\Desktop\Lloyd Balanced Scenario 1.jpg
[2 C:\Users\Angelo\Desktop\*.tmp files -> C:\Users\Angelo\Desktop\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/07/02 12:42:38 | 000,000,512 | ---- | C] () -- C:\Users\Angelo\Desktop\MBR.dat
[2012/06/30 14:36:06 | 000,340,645 | ---- | C] () -- C:\Users\Angelo\Desktop\FSS.exe
[2012/06/30 14:36:06 | 000,132,597 | ---- | C] () -- C:\Users\Angelo\Desktop\Flash_Disinfector.exe
[2012/06/30 14:36:06 | 000,126,976 | ---- | C] () -- C:\Users\Angelo\Desktop\ResetTeaTimer.exe
[2012/06/17 17:07:15 | 000,000,332 | ---- | C] () -- C:\Start_.cmd
[2012/06/17 15:56:40 | 000,001,049 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/06/17 12:00:22 | 000,453,162 | ---- | C] () -- C:\Users\Angelo\Desktop\rbctestingfriday.zip
[2012/06/09 14:03:43 | 000,172,994 | ---- | C] () -- C:\Users\Angelo\Desktop\Scenario 1 Assets and Liabilites.jpg
[2012/06/09 14:02:08 | 000,210,390 | ---- | C] () -- C:\Users\Angelo\Desktop\Lloyd Balanced Scenario 1.jpg
[2012/02/21 06:07:01 | 000,000,027 | ---- | C] () -- C:\windows\BRPP2KA.INI
[2012/02/21 06:07:00 | 000,000,419 | ---- | C] () -- C:\windows\BRWMARK.INI
[2012/01/25 20:55:32 | 000,045,056 | ---- | C] () -- C:\windows\SysWow64\BRTCPCON.DLL
[2012/01/25 20:54:58 | 000,000,114 | ---- | C] () -- C:\windows\SysWow64\BRLMW03A.INI
[2012/01/14 19:47:40 | 000,010,752 | ---- | C] () -- C:\Users\Angelo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/11 16:51:24 | 000,002,048 | -HS- | C] () -- C:\Users\Angelo\AppData\Local\{61fcaa24-ffd0-4994-b381-d5a0462b6125}\@
[2011/12/05 23:57:31 | 000,000,355 | ---- | C] () -- C:\Users\Angelo\Computer - Shortcut.lnk
[2011/12/02 05:35:14 | 000,008,192 | ---- | C] () -- C:\windows\SysWow64\srvany.exe
[2011/12/02 01:05:04 | 000,744,030 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/09/14 06:56:19 | 000,000,019 | ---- | C] () -- C:\windows\maa.dat
[2011/08/31 20:51:16 | 000,867,020 | ---- | C] () -- C:\windows\SysWow64\igkrng575.bin
[2011/08/31 20:51:16 | 000,128,204 | ---- | C] () -- C:\windows\SysWow64\igcompkrng575.bin
[2011/08/31 20:51:16 | 000,105,608 | ---- | C] () -- C:\windows\SysWow64\igfcg575m.bin
[2011/08/31 20:26:20 | 013,903,872 | ---- | C] () -- C:\windows\SysWow64\ig4icd32.dll
[2011/03/19 06:29:29 | 002,110,816 | ---- | C] () -- C:\windows\SysWow64\Apblend.dll
[2011/03/19 06:29:29 | 001,171,456 | ---- | C] () -- C:\windows\SysWow64\PicNotify.dll
[2011/03/19 06:29:20 | 001,044,480 | ---- | C] () -- C:\windows\SysWow64\3DImageRenderer.dll
[2011/01/19 03:29:51 | 000,001,341 | ---- | C] () -- C:\windows\vm332Rmv.ini
========== Alternate Data Streams ==========
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:8CE646EE
< End of report >
OTL Extras logfile created on: 7/2/2012 12:43:04 PM - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Angelo\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.80 Gb Total Physical Memory | 0.91 Gb Available Physical Memory | 50.76% Memory free
3.60 Gb Paging File | 2.22 Gb Available in Paging File | 61.65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 254.14 Gb Total Space | 183.21 Gb Free Space | 72.09% Space Free | Partition Type: NTFS
Drive D: | 29.00 Gb Total Space | 28.91 Gb Free Space | 99.70% Space Free | Partition Type: NTFS
Drive E: | 3.81 Gb Total Space | 1.84 Gb Free Space | 48.44% Space Free | Partition Type: FAT32
Computer Name: ANGELO-PC | User Name: Angelo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{3D33F6F0-4D90-484D-A1D9-09AE791CCBD9}" = Eraser 6.0.9.2343
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{5ACF5427-B4E4-4F85-A512-151E0BECF7E3}" = RtLED
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}" = PaperPort Image Printer 64-bit
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app
"0A4175B489A1B4A6E07E11B063A6263480C51D71" = Windows Driver Package - Lenovo (ACPIVPC) System (10/19/2009 5.4.0.1)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CCleaner" = CCleaner
"Elantech" = ETDWare PS/2-x64 7.0.4.17_WHQL
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Microsoft Security Client" = Microsoft Security Essentials
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0034859F-8E01-4C1D-BE77-F891C4786FBC}" = Lenovo Security Suite
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Professional
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CE226F3-EB27-4ECD-BBF5-F088716779FD}" = Energy Management
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java 6 Update 30
"{28656860-4728-433C-8AD4-D1A930437BC8}" = Nuance PDF Viewer Plus
"{28ABE740-47F3-441B-9437-852F6A64EFF8}" = Lenovo_Wireless_Driver
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}" = Brother MFL-Pro Suite DCP-7060D
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{62077C63-F77A-4C72-A67E-400F4E9B14BC}" = Nokia Internet Modem
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}" = Nuance PaperPort 12
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A90100000001}" = Adobe Reader 9.0.1
"{ACF31D9F-70C2-40A1-9C7A-28BA16E64B56}" = BioExcess
"{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0333}" = Lenovo EasyCamera
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{F909BB1B-3FC1-4EDA-AF1F-8F1A89163591}" = BlackBerry Desktop Software 6.1
"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.1
"File Shredder_is1" = File Shredder 2.0
"FormatFactory" = FormatFactory 2.95
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 5.0.2.1125
"GOM Player" = GOM Player
"InstallShield_{0034859F-8E01-4C1D-BE77-F891C4786FBC}" = Lenovo Security Suite
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"InstallShield_{ACF31D9F-70C2-40A1-9C7A-28BA16E64B56}" = BioExcess
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"PartyPoker" = PartyPoker
"PokerStars" = PokerStars
"uTorrent" = µTorrent
"WinLiveSuite" = Windows Live Essentials
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2591753365-2526377709-281079065-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Internet Banking Payment Assistant" = Internet Banking Payment Assistant 2.2
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 6/17/2012 10:34:12 AM | Computer Name = Angelo-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2048964
Error - 6/17/2012 10:34:12 AM | Computer Name = Angelo-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2048964
Error - 6/17/2012 10:34:13 AM | Computer Name = Angelo-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 6/17/2012 10:34:13 AM | Computer Name = Angelo-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2049963
Error - 6/17/2012 10:34:13 AM | Computer Name = Angelo-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2049963
Error - 6/17/2012 10:34:14 AM | Computer Name = Angelo-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 6/17/2012 10:34:14 AM | Computer Name = Angelo-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2050961
Error - 6/17/2012 10:34:14 AM | Computer Name = Angelo-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2050961
Error - 6/17/2012 3:36:17 PM | Computer Name = Angelo-PC | Source = Brother BrLog | ID = 1001
Description = TWN BrtTWN: [2012/06/17 15:36:17.453]: [00003096]: BrStiIf: GetDeviceList
Failed! pStiInfo = 0x0..
Error - 6/17/2012 3:36:17 PM | Computer Name = Angelo-PC | Source = Brother BrLog | ID = 1001
Description = TWN BrtTWN: [2012/06/17 15:36:17.453]: [00003096]: ##### Fatal ERROR!!
Create STI-device failed! #####
Error - 6/17/2012 3:36:17 PM | Computer Name = Angelo-PC | Source = Brother BrLog | ID = 1001
Description = TWN BrtTWN: [2012/06/17 15:36:17.453]: [00003096]: Initialize TwdsMain
Class failed!
[ System Events ]
Error - 6/21/2012 7:54:10 PM | Computer Name = Angelo-PC | Source = Service Control Manager | ID = 7003
Description = The DHCP Client service depends the following service: Tdx. This service
might not be installed.
Error - 6/21/2012 7:54:10 PM | Computer Name = Angelo-PC | Source = Service Control Manager | ID = 7001
Description = The WinHTTP Web Proxy Auto-Discovery Service service depends on the
DHCP Client service which failed to start because of the following error: %%1075
Error - 6/21/2012 8:54:00 PM | Computer Name = Angelo-PC | Source = Service Control Manager | ID = 7003
Description = The DHCP Client service depends the following service: Tdx. This service
might not be installed.
Error - 6/21/2012 8:54:00 PM | Computer Name = Angelo-PC | Source = Service Control Manager | ID = 7001
Description = The WinHTTP Web Proxy Auto-Discovery Service service depends on the
DHCP Client service which failed to start because of the following error: %%1075
Error - 6/21/2012 8:54:05 PM | Computer Name = Angelo-PC | Source = Service Control Manager | ID = 7003
Description = The DHCP Client service depends the following service: Tdx. This service
might not be installed.
Error - 6/21/2012 8:54:05 PM | Computer Name = Angelo-PC | Source = Service Control Manager | ID = 7001
Description = The WinHTTP Web Proxy Auto-Discovery Service service depends on the
DHCP Client service which failed to start because of the following error: %%1075
Error - 6/21/2012 8:54:05 PM | Computer Name = Angelo-PC | Source = Service Control Manager | ID = 7003
Description = The DHCP Client service depends the following service: Tdx. This service
might not be installed.
Error - 6/21/2012 8:54:05 PM | Computer Name = Angelo-PC | Source = Service Control Manager | ID = 7001
Description = The WinHTTP Web Proxy Auto-Discovery Service service depends on the
DHCP Client service which failed to start because of the following error: %%1075
Error - 6/21/2012 8:54:10 PM | Computer Name = Angelo-PC | Source = Service Control Manager | ID = 7003
Description = The DHCP Client service depends the following service: Tdx. This service
might not be installed.
Error - 6/21/2012 8:54:10 PM | Computer Name = Angelo-PC | Source = Service Control Manager | ID = 7001
Description = The WinHTTP Web Proxy Auto-Discovery Service service depends on the
DHCP Client service which failed to start because of the following error: %%1075
< End of report >
-
There were no malicious objects found; only 3 suspicious threats.
14:08:57.0144 2056 TDSS rootkit removing tool 2.7.43.0 Jun 29 2012 17:54:22
14:08:57.0191 2056 ============================================================
14:08:57.0191 2056 Current date / time: 2012/07/01 14:08:57.0191
14:08:57.0191 2056 SystemInfo:
14:08:57.0191 2056
14:08:57.0191 2056 OS Version: 6.1.7600 ServicePack: 0.0
14:08:57.0191 2056 Product type: Workstation
14:08:57.0191 2056 ComputerName: ANGELO-PC
14:08:57.0191 2056 UserName: Angelo
14:08:57.0191 2056 Windows directory: C:\windows
14:08:57.0191 2056 System windows directory: C:\windows
14:08:57.0191 2056 Running under WOW64
14:08:57.0191 2056 Processor architecture: Intel x64
14:08:57.0191 2056 Number of processors: 2
14:08:57.0191 2056 Page size: 0x1000
14:08:57.0191 2056 Boot type: Normal boot
14:08:57.0191 2056 ============================================================
14:08:57.0831 2056 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:08:57.0846 2056 Drive \Device\Harddisk1\DR2 - Size: 0xF4800000 (3.82 Gb), SectorSize: 0x200, Cylinders: 0x1F2, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
14:08:57.0846 2056 ============================================================
14:08:57.0846 2056 \Device\Harddisk0\DR0:
14:08:57.0846 2056 MBR partitions:
14:08:57.0846 2056 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x64000
14:08:57.0846 2056 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64800, BlocksNum 0x1FC49800
14:08:57.0862 2056 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1FCAE800, BlocksNum 0x39FD800
14:08:57.0862 2056 \Device\Harddisk1\DR2:
14:08:57.0862 2056 MBR partitions:
14:08:57.0862 2056 \Device\Harddisk1\DR2\Partition0: MBR, Type 0xB, StartLBA 0x2000, BlocksNum 0x7A2000
14:08:57.0862 2056 ============================================================
14:08:57.0924 2056 C: <-> \Device\Harddisk0\DR0\Partition1
14:08:57.0971 2056 D: <-> \Device\Harddisk0\DR0\Partition2
14:08:57.0971 2056 ============================================================
14:08:57.0971 2056 Initialize success
14:08:57.0971 2056 ============================================================
14:09:22.0182 4428 ============================================================
14:09:22.0182 4428 Scan started
14:09:22.0182 4428 Mode: Manual; SigCheck; TDLFS;
14:09:22.0182 4428 ============================================================
14:09:23.0290 4428 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\windows\system32\DRIVERS\1394ohci.sys
14:09:23.0571 4428 1394ohci - ok
14:09:23.0649 4428 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\windows\system32\DRIVERS\ACPI.sys
14:09:23.0680 4428 ACPI - ok
14:09:23.0711 4428 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\windows\system32\DRIVERS\acpipmi.sys
14:09:23.0805 4428 AcpiPmi - ok
14:09:23.0898 4428 ACPIVPC (dc201246a14cb3b274df59faf539ab07) C:\windows\system32\DRIVERS\AcpiVpc.sys
14:09:23.0930 4428 ACPIVPC - ok
14:09:24.0148 4428 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:09:24.0179 4428 AdobeFlashPlayerUpdateSvc - ok
14:09:24.0320 4428 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
14:09:24.0398 4428 adp94xx - ok
14:09:24.0460 4428 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
14:09:24.0507 4428 adpahci - ok
14:09:24.0554 4428 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
14:09:24.0569 4428 adpu320 - ok
14:09:24.0616 4428 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
14:09:24.0803 4428 AeLookupSvc - ok
14:09:24.0881 4428 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\windows\system32\drivers\afd.sys
14:09:24.0959 4428 AFD - ok
14:09:24.0990 4428 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\DRIVERS\agp440.sys
14:09:25.0022 4428 agp440 - ok
14:09:25.0068 4428 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
14:09:25.0146 4428 ALG - ok
14:09:25.0162 4428 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\DRIVERS\aliide.sys
14:09:25.0178 4428 aliide - ok
14:09:25.0193 4428 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\DRIVERS\amdide.sys
14:09:25.0209 4428 amdide - ok
14:09:25.0209 4428 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
14:09:25.0256 4428 AmdK8 - ok
14:09:25.0271 4428 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
14:09:25.0287 4428 AmdPPM - ok
14:09:25.0349 4428 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\windows\system32\drivers\amdsata.sys
14:09:25.0365 4428 amdsata - ok
14:09:25.0412 4428 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
14:09:25.0443 4428 amdsbs - ok
14:09:25.0458 4428 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\windows\system32\drivers\amdxata.sys
14:09:25.0490 4428 amdxata - ok
14:09:25.0521 4428 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\windows\system32\drivers\appid.sys
14:09:25.0630 4428 AppID - ok
14:09:25.0661 4428 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
14:09:25.0755 4428 AppIDSvc - ok
14:09:25.0786 4428 Appinfo (d065be66822847b7f127d1f90158376e) C:\windows\System32\appinfo.dll
14:09:25.0848 4428 Appinfo - ok
14:09:26.0004 4428 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:09:26.0020 4428 Apple Mobile Device - ok
14:09:26.0114 4428 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
14:09:26.0145 4428 arc - ok
14:09:26.0145 4428 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
14:09:26.0160 4428 arcsas - ok
14:09:26.0176 4428 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
14:09:26.0285 4428 AsyncMac - ok
14:09:26.0316 4428 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\DRIVERS\atapi.sys
14:09:26.0332 4428 atapi - ok
14:09:26.0520 4428 athr (f8633cdd09647a64ee8db550630427ff) C:\windows\system32\DRIVERS\athrx.sys
14:09:26.0629 4428 athr - ok
14:09:26.0817 4428 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\windows\System32\Audiosrv.dll
14:09:26.0941 4428 AudioEndpointBuilder - ok
14:09:26.0941 4428 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\windows\System32\Audiosrv.dll
14:09:27.0019 4428 AudioSrv - ok
14:09:27.0066 4428 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\windows\System32\AxInstSV.dll
14:09:27.0175 4428 AxInstSV - ok
14:09:27.0285 4428 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys
14:09:27.0331 4428 b06bdrv - ok
14:09:27.0378 4428 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
14:09:27.0441 4428 b57nd60a - ok
14:09:27.0503 4428 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
14:09:27.0565 4428 BDESVC - ok
14:09:27.0581 4428 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
14:09:27.0675 4428 Beep - ok
14:09:27.0768 4428 BFE (4992c609a6315671463e30f6512bc022) C:\windows\System32\bfe.dll
14:09:27.0862 4428 BFE - ok
14:09:27.0955 4428 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\windows\System32\qmgr.dll
14:09:28.0033 4428 BITS - ok
14:09:28.0143 4428 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
14:09:28.0189 4428 blbdrive - ok
14:09:28.0299 4428 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
14:09:28.0330 4428 Bonjour Service - ok
14:09:28.0377 4428 bowser (19d20159708e152267e53b66677a4995) C:\windows\system32\DRIVERS\bowser.sys
14:09:28.0455 4428 bowser - ok
14:09:28.0486 4428 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
14:09:28.0548 4428 BrFiltLo - ok
14:09:28.0548 4428 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
14:09:28.0564 4428 BrFiltUp - ok
14:09:28.0626 4428 Browser (94fbc06f294d58d02361918418f996e3) C:\windows\System32\browser.dll
14:09:28.0720 4428 Browser - ok
14:09:28.0767 4428 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
14:09:28.0845 4428 Brserid - ok
14:09:28.0907 4428 BrSerIf (34f6c504b150f99dae69d7073d2a4df4) C:\windows\system32\DRIVERS\BrSerIf.sys
14:09:28.0969 4428 BrSerIf - ok
14:09:29.0001 4428 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
14:09:29.0047 4428 BrSerWdm - ok
14:09:29.0079 4428 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
14:09:29.0141 4428 BrUsbMdm - ok
14:09:29.0172 4428 BrUsbSer (601cb966fffebc6806626dc8e7aa0ef2) C:\windows\system32\DRIVERS\BrUsbSer.sys
14:09:29.0203 4428 BrUsbSer - ok
14:09:29.0297 4428 BrYNSvc (ea7e57f87d6fee5fd6c5f813c04e8cd2) C:\Program Files (x86)\Browny02\BrYNSvc.exe
14:09:29.0313 4428 BrYNSvc ( UnsignedFile.Multi.Generic ) - warning
14:09:29.0313 4428 BrYNSvc - detected UnsignedFile.Multi.Generic (1)
14:09:29.0344 4428 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\windows\system32\drivers\BthEnum.sys
14:09:29.0406 4428 BthEnum - ok
14:09:29.0453 4428 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
14:09:29.0547 4428 BTHMODEM - ok
14:09:29.0547 4428 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\windows\system32\DRIVERS\bthpan.sys
14:09:29.0593 4428 BthPan - ok
14:09:29.0671 4428 BTHPORT (21084ceb85280468c9aca3c805c0f8cf) C:\windows\System32\Drivers\BTHport.sys
14:09:29.0734 4428 BTHPORT - ok
14:09:29.0781 4428 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
14:09:29.0874 4428 bthserv - ok
14:09:29.0905 4428 BTHUSB (8504842634dd144c075b6b0c982ccec4) C:\windows\System32\Drivers\BTHUSB.sys
14:09:29.0952 4428 BTHUSB - ok
14:09:30.0015 4428 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
14:09:30.0093 4428 cdfs - ok
14:09:30.0139 4428 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\windows\system32\DRIVERS\cdrom.sys
14:09:30.0186 4428 cdrom - ok
14:09:30.0233 4428 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\windows\System32\certprop.dll
14:09:30.0327 4428 CertPropSvc - ok
14:09:30.0342 4428 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
14:09:30.0389 4428 circlass - ok
14:09:30.0436 4428 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
14:09:30.0467 4428 CLFS - ok
14:09:30.0545 4428 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:09:30.0576 4428 clr_optimization_v2.0.50727_32 - ok
14:09:30.0607 4428 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:09:30.0623 4428 clr_optimization_v2.0.50727_64 - ok
14:09:30.0717 4428 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:09:30.0763 4428 clr_optimization_v4.0.30319_32 - ok
14:09:30.0810 4428 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:09:30.0826 4428 clr_optimization_v4.0.30319_64 - ok
14:09:30.0857 4428 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
14:09:30.0919 4428 CmBatt - ok
14:09:30.0951 4428 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\DRIVERS\cmdide.sys
14:09:30.0966 4428 cmdide - ok
14:09:31.0044 4428 CNG (937beb186a735aca91d717044a49d17e) C:\windows\system32\Drivers\cng.sys
14:09:31.0153 4428 CNG - ok
14:09:31.0185 4428 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
14:09:31.0200 4428 Compbatt - ok
14:09:31.0216 4428 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\windows\system32\DRIVERS\CompositeBus.sys
14:09:31.0263 4428 CompositeBus - ok
14:09:31.0294 4428 COMSysApp - ok
14:09:31.0309 4428 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
14:09:31.0325 4428 crcdisk - ok
14:09:31.0387 4428 CryptSvc (f02786b66375292e58c8777082d4396d) C:\windows\system32\cryptsvc.dll
14:09:31.0450 4428 CryptSvc - ok
14:09:31.0512 4428 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\windows\system32\rpcss.dll
14:09:31.0606 4428 DcomLaunch - ok
14:09:31.0684 4428 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
14:09:31.0793 4428 defragsvc - ok
14:09:31.0840 4428 DfsC (9c253ce7311ca60fc11c774692a13208) C:\windows\system32\Drivers\dfsc.sys
14:09:31.0918 4428 DfsC - ok
14:09:31.0980 4428 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\windows\system32\dhcpcore.dll
14:09:32.0105 4428 Dhcp - ok
14:09:32.0136 4428 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
14:09:32.0214 4428 discache - ok
14:09:32.0277 4428 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
14:09:32.0308 4428 Disk - ok
14:09:32.0355 4428 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\windows\System32\dnsrslvr.dll
14:09:32.0417 4428 Dnscache - ok
14:09:32.0464 4428 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\windows\System32\dot3svc.dll
14:09:32.0557 4428 dot3svc - ok
14:09:32.0589 4428 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\windows\system32\dps.dll
14:09:32.0667 4428 DPS - ok
14:09:32.0682 4428 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
14:09:32.0713 4428 drmkaud - ok
14:09:32.0823 4428 DXGKrnl (601e731bf8e3f22906ce7d4d724b0439) C:\windows\System32\drivers\dxgkrnl.sys
14:09:32.0869 4428 DXGKrnl - ok
14:09:32.0901 4428 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
14:09:32.0979 4428 EapHost - ok
14:09:33.0244 4428 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
14:09:33.0384 4428 ebdrv - ok
14:09:33.0525 4428 EFS (156f6159457d0aa7e59b62681b56eb90) C:\windows\System32\lsass.exe
14:09:33.0587 4428 EFS - ok
14:09:33.0712 4428 EgisTec Data Security Service (c49212d3d964b77d15755412cc55144c) C:\Program Files (x86)\EgisTec BioExcess\EgisDSService.exe
14:09:33.0743 4428 EgisTec Data Security Service - ok
14:09:33.0821 4428 EgisTec Service (fb74fd6a2cbb69926078645010b65943) C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe
14:09:33.0883 4428 EgisTec Service - ok
14:09:34.0008 4428 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\windows\ehome\ehRecvr.exe
14:09:34.0102 4428 ehRecvr - ok
14:09:34.0133 4428 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
14:09:34.0149 4428 ehSched - ok
14:09:34.0336 4428 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
14:09:34.0383 4428 elxstor - ok
14:09:34.0398 4428 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\DRIVERS\errdev.sys
14:09:34.0429 4428 ErrDev - ok
14:09:34.0476 4428 ETD (f6ad6e0674ef94390f0554bf946977af) C:\windows\system32\DRIVERS\ETD.sys
14:09:34.0539 4428 ETD - ok
14:09:34.0601 4428 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
14:09:34.0695 4428 EventSystem - ok
14:09:34.0741 4428 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
14:09:34.0819 4428 exfat - ok
14:09:34.0835 4428 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
14:09:34.0913 4428 fastfat - ok
14:09:35.0007 4428 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\windows\system32\fxssvc.exe
14:09:35.0100 4428 Fax - ok
14:09:35.0100 4428 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
14:09:35.0131 4428 fdc - ok
14:09:35.0163 4428 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
14:09:35.0209 4428 fdPHost - ok
14:09:35.0225 4428 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
14:09:35.0287 4428 FDResPub - ok
14:09:35.0334 4428 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
14:09:35.0365 4428 FileInfo - ok
14:09:35.0381 4428 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
14:09:35.0459 4428 Filetrace - ok
14:09:35.0459 4428 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
14:09:35.0490 4428 flpydisk - ok
14:09:35.0537 4428 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\windows\system32\drivers\fltmgr.sys
14:09:35.0584 4428 FltMgr - ok
14:09:35.0709 4428 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\windows\system32\FntCache.dll
14:09:35.0833 4428 FontCache - ok
14:09:35.0896 4428 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:09:35.0911 4428 FontCache3.0.0.0 - ok
14:09:35.0989 4428 FPSensor (54a9c5a6aa0bb0041a4af7172ffc3d9f) C:\windows\system32\Drivers\FPSensor.sys
14:09:36.0021 4428 FPSensor - ok
14:09:36.0036 4428 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
14:09:36.0052 4428 FsDepends - ok
14:09:36.0114 4428 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\windows\system32\drivers\Fs_Rec.sys
14:09:36.0130 4428 Fs_Rec - ok
14:09:36.0208 4428 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\windows\system32\DRIVERS\fvevol.sys
14:09:36.0255 4428 fvevol - ok
14:09:36.0286 4428 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
14:09:36.0301 4428 gagp30kx - ok
14:09:36.0364 4428 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
14:09:36.0379 4428 GEARAspiWDM - ok
14:09:36.0457 4428 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\windows\System32\gpsvc.dll
14:09:36.0520 4428 gpsvc - ok
14:09:36.0551 4428 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
14:09:36.0613 4428 hcw85cir - ok
14:09:36.0660 4428 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\windows\system32\drivers\HdAudio.sys
14:09:36.0738 4428 HdAudAddService - ok
14:09:36.0785 4428 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\windows\system32\DRIVERS\HDAudBus.sys
14:09:36.0847 4428 HDAudBus - ok
14:09:36.0879 4428 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\windows\system32\DRIVERS\HECIx64.sys
14:09:36.0910 4428 HECIx64 - ok
14:09:36.0925 4428 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys
14:09:36.0957 4428 HidBatt - ok
14:09:36.0988 4428 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys
14:09:37.0050 4428 HidBth - ok
14:09:37.0081 4428 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys
14:09:37.0113 4428 HidIr - ok
14:09:37.0159 4428 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\System32\hidserv.dll
14:09:37.0269 4428 hidserv - ok
14:09:37.0315 4428 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\windows\system32\DRIVERS\hidusb.sys
14:09:37.0347 4428 HidUsb - ok
14:09:37.0409 4428 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\windows\system32\kmsvc.dll
14:09:37.0503 4428 hkmsvc - ok
14:09:37.0534 4428 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\windows\system32\ListSvc.dll
14:09:37.0596 4428 HomeGroupListener - ok
14:09:37.0627 4428 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\windows\system32\provsvc.dll
14:09:37.0690 4428 HomeGroupProvider - ok
14:09:37.0737 4428 HpSAMD (0886d440058f203eba0e1825e4355914) C:\windows\system32\DRIVERS\HpSAMD.sys
14:09:37.0752 4428 HpSAMD - ok
14:09:37.0893 4428 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\windows\system32\drivers\HTTP.sys
14:09:38.0002 4428 HTTP - ok
14:09:38.0033 4428 hwpolicy (f17766a19145f111856378df337a5d79) C:\windows\system32\drivers\hwpolicy.sys
14:09:38.0049 4428 hwpolicy - ok
14:09:38.0095 4428 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
14:09:38.0111 4428 i8042prt - ok
14:09:38.0189 4428 iaStor (abbf174cb394f5c437410a788b7e404a) C:\windows\system32\DRIVERS\iaStor.sys
14:09:38.0236 4428 iaStor - ok
14:09:38.0345 4428 IAStorDataMgrSvc (31a0e93cdf29007d6c6fffb632f375ed) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
14:09:38.0361 4428 IAStorDataMgrSvc - ok
14:09:38.0423 4428 iaStorV (b75e45c564e944a2657167d197ab29da) C:\windows\system32\drivers\iaStorV.sys
14:09:38.0470 4428 iaStorV - ok
14:09:38.0595 4428 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:09:38.0641 4428 idsvc - ok
14:09:39.0499 4428 igfx (0d1b8c64bdf0e5cdc523a1409ffb5ef0) C:\windows\system32\DRIVERS\igdkmd64.sys
14:09:39.0905 4428 igfx - ok
14:09:40.0077 4428 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys
14:09:40.0108 4428 iirsp - ok
14:09:40.0201 4428 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\windows\System32\ikeext.dll
14:09:40.0311 4428 IKEEXT - ok
14:09:40.0357 4428 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\windows\system32\DRIVERS\Impcd.sys
14:09:40.0435 4428 Impcd - ok
14:09:40.0482 4428 InputFilter_Hid_FlexDef2b (caa8bc6737dfa3bf1a50175cfb226788) C:\windows\system32\DRIVERS\InputFilter_FlexDef2b.sys
14:09:40.0545 4428 InputFilter_Hid_FlexDef2b - ok
14:09:40.0779 4428 IntcAzAudAddService (daecb75c7c2a4bdeafead19a6fd327c5) C:\windows\system32\drivers\RTKVHD64.sys
14:09:40.0888 4428 IntcAzAudAddService - ok
14:09:41.0028 4428 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\DRIVERS\intelide.sys
14:09:41.0059 4428 intelide - ok
14:09:41.0106 4428 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
14:09:41.0153 4428 intelppm - ok
14:09:41.0215 4428 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
14:09:41.0309 4428 IPBusEnum - ok
14:09:41.0309 4428 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\windows\system32\DRIVERS\ipfltdrv.sys
14:09:41.0356 4428 IpFilterDriver - ok
14:09:41.0449 4428 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\windows\System32\iphlpsvc.dll
14:09:41.0543 4428 iphlpsvc - ok
14:09:41.0574 4428 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\windows\system32\DRIVERS\IPMIDrv.sys
14:09:41.0605 4428 IPMIDRV - ok
14:09:41.0652 4428 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
14:09:41.0715 4428 IPNAT - ok
14:09:41.0871 4428 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
14:09:41.0917 4428 iPod Service - ok
14:09:41.0949 4428 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
14:09:41.0964 4428 IRENUM - ok
14:09:41.0980 4428 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\DRIVERS\isapnp.sys
14:09:41.0995 4428 isapnp - ok
14:09:42.0011 4428 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\windows\system32\DRIVERS\msiscsi.sys
14:09:42.0042 4428 iScsiPrt - ok
14:09:42.0073 4428 k57nd60a (7dbafe10c1b777305c80bea42fbda710) C:\windows\system32\DRIVERS\k57nd60a.sys
14:09:42.0105 4428 k57nd60a - ok
14:09:42.0151 4428 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
14:09:42.0167 4428 kbdclass - ok
14:09:42.0198 4428 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\windows\system32\DRIVERS\kbdhid.sys
14:09:42.0245 4428 kbdhid - ok
14:09:42.0307 4428 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\windows\system32\lsass.exe
14:09:42.0323 4428 KeyIso - ok
14:09:42.0339 4428 KMService - ok
14:09:42.0370 4428 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\windows\system32\Drivers\ksecdd.sys
14:09:42.0385 4428 KSecDD - ok
14:09:42.0417 4428 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\windows\system32\Drivers\ksecpkg.sys
14:09:42.0432 4428 KSecPkg - ok
14:09:42.0463 4428 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
14:09:42.0541 4428 ksthunk - ok
14:09:42.0619 4428 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
14:09:42.0729 4428 KtmRm - ok
14:09:42.0775 4428 L1C (55480b9c63f3f91a8ebbadcbf28fe581) C:\windows\system32\DRIVERS\L1C62x64.sys
14:09:42.0791 4428 L1C - ok
14:09:42.0853 4428 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\windows\System32\srvsvc.dll
14:09:42.0931 4428 LanmanServer - ok
14:09:42.0978 4428 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\windows\System32\wkssvc.dll
14:09:43.0072 4428 LanmanWorkstation - ok
14:09:43.0103 4428 LHDmgr (be166935083f9c38edfdc21b9a7a679b) C:\windows\system32\DRIVERS\LhdX64.sys
14:09:43.0119 4428 LHDmgr - ok
14:09:43.0165 4428 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
14:09:43.0228 4428 lltdio - ok
14:09:43.0306 4428 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
14:09:43.0384 4428 lltdsvc - ok
14:09:43.0399 4428 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
14:09:43.0446 4428 lmhosts - ok
14:09:43.0555 4428 LMS (0b4f38aa22d5634c48edb18fe257f005) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
14:09:43.0602 4428 LMS - ok
14:09:43.0633 4428 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys
14:09:43.0649 4428 LSI_FC - ok
14:09:43.0696 4428 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys
14:09:43.0727 4428 LSI_SAS - ok
14:09:43.0727 4428 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys
14:09:43.0743 4428 LSI_SAS2 - ok
14:09:43.0758 4428 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys
14:09:43.0774 4428 LSI_SCSI - ok
14:09:43.0805 4428 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
14:09:43.0883 4428 luafv - ok
14:09:43.0930 4428 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\windows\system32\drivers\mbam.sys
14:09:43.0945 4428 MBAMProtector - ok
14:09:44.0055 4428 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
14:09:44.0086 4428 MBAMService - ok
14:09:44.0148 4428 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\windows\system32\Mcx2Svc.dll
14:09:44.0195 4428 Mcx2Svc - ok
14:09:44.0242 4428 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
14:09:44.0257 4428 megasas - ok
14:09:44.0273 4428 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys
14:09:44.0304 4428 MegaSR - ok
14:09:44.0382 4428 Microsoft SharePoint Workspace Audit Service - ok
14:09:44.0413 4428 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
14:09:44.0491 4428 MMCSS - ok
14:09:44.0491 4428 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
14:09:44.0554 4428 Modem - ok
14:09:44.0585 4428 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
14:09:44.0616 4428 monitor - ok
14:09:44.0647 4428 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
14:09:44.0663 4428 mouclass - ok
14:09:44.0710 4428 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
14:09:44.0757 4428 mouhid - ok
14:09:44.0788 4428 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\windows\system32\drivers\mountmgr.sys
14:09:44.0803 4428 mountmgr - ok
14:09:44.0850 4428 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
14:09:44.0881 4428 MozillaMaintenance - ok
14:09:44.0959 4428 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\windows\system32\DRIVERS\MpFilter.sys
14:09:44.0991 4428 MpFilter - ok
14:09:45.0006 4428 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\windows\system32\DRIVERS\mpio.sys
14:09:45.0022 4428 mpio - ok
14:09:45.0053 4428 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
14:09:45.0084 4428 mpsdrv - ok
14:09:45.0100 4428 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\windows\system32\drivers\mrxdav.sys
14:09:45.0147 4428 MRxDAV - ok
14:09:45.0193 4428 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\windows\system32\DRIVERS\mrxsmb.sys
14:09:45.0256 4428 mrxsmb - ok
14:09:45.0303 4428 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\windows\system32\DRIVERS\mrxsmb10.sys
14:09:45.0349 4428 mrxsmb10 - ok
14:09:45.0381 4428 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\windows\system32\DRIVERS\mrxsmb20.sys
14:09:45.0412 4428 mrxsmb20 - ok
14:09:45.0443 4428 msahci (5c37497276e3b3a5488b23a326a754b7) C:\windows\system32\DRIVERS\msahci.sys
14:09:45.0474 4428 msahci - ok
14:09:45.0490 4428 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\windows\system32\DRIVERS\msdsm.sys
14:09:45.0505 4428 msdsm - ok
14:09:45.0537 4428 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
14:09:45.0583 4428 MSDTC - ok
14:09:45.0615 4428 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
14:09:45.0677 4428 Msfs - ok
14:09:45.0724 4428 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
14:09:45.0786 4428 mshidkmdf - ok
14:09:45.0786 4428 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\DRIVERS\msisadrv.sys
14:09:45.0802 4428 msisadrv - ok
14:09:45.0864 4428 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
14:09:45.0958 4428 MSiSCSI - ok
14:09:45.0958 4428 msiserver - ok
14:09:45.0989 4428 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
14:09:46.0051 4428 MSKSSRV - ok
14:09:46.0083 4428 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
14:09:46.0129 4428 MSPCLOCK - ok
14:09:46.0145 4428 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
14:09:46.0207 4428 MSPQM - ok
14:09:46.0270 4428 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\windows\system32\drivers\MsRPC.sys
14:09:46.0317 4428 MsRPC - ok
14:09:46.0332 4428 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
14:09:46.0379 4428 mssmbios - ok
14:09:46.0395 4428 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
14:09:46.0488 4428 MSTEE - ok
14:09:46.0488 4428 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys
14:09:46.0504 4428 MTConfig - ok
14:09:46.0535 4428 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
14:09:46.0566 4428 Mup - ok
14:09:46.0582 4428 mwlPSDFilter (6ffecc25b39dc7652a0cec0ada9db589) C:\windows\system32\DRIVERS\mwlPSDFilter.sys
14:09:46.0613 4428 mwlPSDFilter - ok
14:09:46.0613 4428 mwlPSDNServ (0befe32ca56d6ee89d58175725596a85) C:\windows\system32\DRIVERS\mwlPSDNServ.sys
14:09:46.0644 4428 mwlPSDNServ - ok
14:09:46.0660 4428 mwlPSDVDisk (d43bc633b8660463e446e28e14a51262) C:\windows\system32\DRIVERS\mwlPSDVDisk.sys
14:09:46.0676 4428 mwlPSDVDisk - ok
14:09:46.0738 4428 napagent (4987e079a4530fa737a128be54b63b12) C:\windows\system32\qagentRT.dll
14:09:46.0800 4428 napagent - ok
14:09:46.0847 4428 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
14:09:46.0910 4428 NativeWifiP - ok
14:09:47.0019 4428 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\windows\system32\drivers\ndis.sys
14:09:47.0066 4428 NDIS - ok
14:09:47.0097 4428 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
14:09:47.0128 4428 NdisCap - ok
14:09:47.0159 4428 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
14:09:47.0222 4428 NdisTapi - ok
14:09:47.0253 4428 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\windows\system32\DRIVERS\ndisuio.sys
14:09:47.0315 4428 Ndisuio - ok
14:09:47.0362 4428 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\windows\system32\DRIVERS\ndiswan.sys
14:09:47.0409 4428 NdisWan - ok
14:09:47.0440 4428 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\windows\system32\drivers\NDProxy.sys
14:09:47.0518 4428 NDProxy - ok
14:09:47.0549 4428 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
14:09:47.0596 4428 NetBIOS - ok
14:09:47.0627 4428 NetBT (9162b273a44ab9dce5b44362731d062a) C:\windows\system32\DRIVERS\netbt.sys
14:09:47.0705 4428 NetBT - ok
14:09:47.0768 4428 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\windows\system32\lsass.exe
14:09:47.0768 4428 Netlogon - ok
14:09:47.0861 4428 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
14:09:48.0017 4428 Netman - ok
14:09:48.0064 4428 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
14:09:48.0158 4428 netprofm - ok
14:09:48.0220 4428 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:09:48.0251 4428 NetTcpPortSharing - ok
14:09:48.0672 4428 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\windows\system32\DRIVERS\netw5v64.sys
14:09:48.0860 4428 netw5v64 - ok
14:09:49.0031 4428 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys
14:09:49.0062 4428 nfrd960 - ok
14:09:49.0109 4428 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\windows\system32\DRIVERS\NisDrvWFP.sys
14:09:49.0125 4428 NisDrv - ok
14:09:49.0218 4428 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
14:09:49.0250 4428 NisSrv - ok
14:09:49.0312 4428 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\windows\System32\nlasvc.dll
14:09:49.0390 4428 NlaSvc - ok
14:09:49.0437 4428 nokia_cs1x_cdc_acm (72c68daac5bb340f601b0f3a2d0c9d2d) C:\windows\system32\DRIVERS\nokia_cs1x_cdc_acm.sys
14:09:49.0499 4428 nokia_cs1x_cdc_acm - ok
14:09:49.0546 4428 nokia_cs1x_cdc_ecm (c655858a74feca05f32adafe8b2aab8e) C:\windows\system32\DRIVERS\nokia_cs1x_cdc_ecm.sys
14:09:49.0593 4428 nokia_cs1x_cdc_ecm - ok
14:09:49.0640 4428 nokia_cs1x_cpo (f39e2fb4a53747780921a2c2077e929a) C:\windows\system32\DRIVERS\nokia_cs1x_cpo.sys
14:09:49.0671 4428 nokia_cs1x_cpo - ok
14:09:49.0702 4428 nokia_cs1x_dc_enum (3e5312f22ff4ffda2d608a90bbffe65b) C:\windows\system32\DRIVERS\nokia_cs1x_dc_enum.sys
14:09:49.0749 4428 nokia_cs1x_dc_enum - ok
14:09:49.0796 4428 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
14:09:49.0874 4428 Npfs - ok
14:09:49.0905 4428 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
14:09:49.0983 4428 nsi - ok
14:09:49.0998 4428 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
14:09:50.0092 4428 nsiproxy - ok
14:09:50.0264 4428 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\windows\system32\drivers\Ntfs.sys
14:09:50.0357 4428 Ntfs - ok
14:09:50.0498 4428 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
14:09:50.0560 4428 Null - ok
14:09:50.0591 4428 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\windows\system32\drivers\nvraid.sys
14:09:50.0622 4428 nvraid - ok
14:09:50.0654 4428 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\windows\system32\drivers\nvstor.sys
14:09:50.0669 4428 nvstor - ok
14:09:50.0700 4428 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\DRIVERS\nv_agp.sys
14:09:50.0732 4428 nv_agp - ok
14:09:50.0732 4428 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\DRIVERS\ohci1394.sys
14:09:50.0763 4428 ohci1394 - ok
14:09:50.0888 4428 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:09:50.0919 4428 ose - ok
14:09:51.0293 4428 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
14:09:51.0480 4428 osppsvc - ok
14:09:51.0636 4428 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
14:09:51.0699 4428 p2pimsvc - ok
14:09:51.0761 4428 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
14:09:51.0792 4428 p2psvc - ok
14:09:51.0839 4428 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys
14:09:51.0855 4428 Parport - ok
14:09:51.0886 4428 partmgr (90061b1acfe8ccaa5345750ffe08d8b8) C:\windows\system32\drivers\partmgr.sys
14:09:51.0902 4428 partmgr - ok
14:09:51.0933 4428 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
14:09:51.0995 4428 PcaSvc - ok
14:09:52.0026 4428 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\windows\system32\DRIVERS\pci.sys
14:09:52.0058 4428 pci - ok
14:09:52.0058 4428 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys
14:09:52.0073 4428 pciide - ok
14:09:52.0089 4428 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys
14:09:52.0104 4428 pcmcia - ok
14:09:52.0120 4428 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
14:09:52.0136 4428 pcw - ok
14:09:52.0260 4428 PDFProFiltSrvPP (c1c3baf078be5a14384a4ba2d730817d) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
14:09:52.0276 4428 PDFProFiltSrvPP - ok
14:09:52.0338 4428 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
14:09:52.0448 4428 PEAUTH - ok
14:09:52.0557 4428 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
14:09:52.0604 4428 PerfHost - ok
14:09:52.0775 4428 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\windows\system32\pla.dll
14:09:52.0900 4428 pla - ok
14:09:52.0994 4428 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\windows\system32\umpnpmgr.dll
14:09:53.0040 4428 PlugPlay - ok
14:09:53.0040 4428 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
14:09:53.0056 4428 PNRPAutoReg - ok
14:09:53.0103 4428 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
14:09:53.0118 4428 PNRPsvc - ok
14:09:53.0196 4428 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\windows\system32\DRIVERS\point64.sys
14:09:53.0212 4428 Point64 - ok
14:09:53.0274 4428 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\windows\System32\ipsecsvc.dll
14:09:53.0399 4428 PolicyAgent - ok
14:09:53.0430 4428 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
14:09:53.0508 4428 Power - ok
14:09:53.0571 4428 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\windows\system32\DRIVERS\raspptp.sys
14:09:53.0633 4428 PptpMiniport - ok
14:09:53.0664 4428 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys
14:09:53.0711 4428 Processor - ok
14:09:53.0758 4428 ProfSvc (97293447431311c06703368ad0f6c4be) C:\windows\system32\profsvc.dll
14:09:53.0836 4428 ProfSvc - ok
14:09:53.0898 4428 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\windows\system32\lsass.exe
14:09:53.0914 4428 ProtectedStorage - ok
14:09:53.0945 4428 Psched (ee992183bd8eaefd9973f352e587a299) C:\windows\system32\DRIVERS\pacer.sys
14:09:54.0039 4428 Psched - ok
14:09:54.0195 4428 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys
14:09:54.0288 4428 ql2300 - ok
14:09:54.0429 4428 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys
14:09:54.0460 4428 ql40xx - ok
14:09:54.0507 4428 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
14:09:54.0538 4428 QWAVE - ok
14:09:54.0554 4428 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
14:09:54.0600 4428 QWAVEdrv - ok
14:09:54.0600 4428 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
14:09:54.0663 4428 RasAcd - ok
14:09:54.0725 4428 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
14:09:54.0772 4428 RasAgileVpn - ok
14:09:54.0788 4428 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
14:09:54.0850 4428 RasAuto - ok
14:09:54.0912 4428 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\windows\system32\DRIVERS\rasl2tp.sys
14:09:55.0022 4428 Rasl2tp - ok
14:09:55.0084 4428 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\windows\System32\rasmans.dll
14:09:55.0178 4428 RasMan - ok
14:09:55.0209 4428 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
14:09:55.0287 4428 RasPppoe - ok
14:09:55.0334 4428 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
14:09:55.0412 4428 RasSstp - ok
14:09:55.0474 4428 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\windows\system32\DRIVERS\rdbss.sys
14:09:55.0568 4428 rdbss - ok
14:09:55.0599 4428 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
14:09:55.0646 4428 rdpbus - ok
14:09:55.0692 4428 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
14:09:55.0755 4428 RDPCDD - ok
14:09:55.0755 4428 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
14:09:55.0802 4428 RDPENCDD - ok
14:09:55.0833 4428 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
14:09:55.0880 4428 RDPREFMP - ok
14:09:55.0911 4428 RDPWD (447de7e3dea39d422c1504f245b668b1) C:\windows\system32\drivers\RDPWD.sys
14:09:55.0989 4428 RDPWD - ok
14:09:56.0036 4428 rdyboost (634b9a2181d98f15941236886164ec8b) C:\windows\system32\drivers\rdyboost.sys
14:09:56.0082 4428 rdyboost - ok
14:09:56.0129 4428 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
14:09:56.0223 4428 RemoteAccess - ok
14:09:56.0285 4428 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
14:09:56.0363 4428 RemoteRegistry - ok
14:09:56.0441 4428 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\windows\system32\DRIVERS\rfcomm.sys
14:09:56.0504 4428 RFCOMM - ok
14:09:56.0550 4428 RimUsb (ad42432d22940b4215177be113e4919c) C:\windows\system32\Drivers\RimUsb_AMD64.sys
14:09:56.0613 4428 RimUsb - ok
14:09:56.0644 4428 RimVSerPort (4aafffa67ac4dfa3d9985d78573887e2) C:\windows\system32\DRIVERS\RimSerial_AMD64.sys
14:09:56.0691 4428 RimVSerPort - ok
14:09:56.0706 4428 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\windows\system32\Drivers\RootMdm.sys
14:09:56.0753 4428 ROOTMODEM - ok
14:09:56.0784 4428 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
14:09:56.0847 4428 RpcEptMapper - ok
14:09:56.0879 4428 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
14:09:56.0895 4428 RpcLocator - ok
14:09:56.0941 4428 RpcSs (7266972e86890e2b30c0c322e906b027) C:\windows\system32\rpcss.dll
14:09:57.0004 4428 RpcSs - ok
14:09:57.0035 4428 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
14:09:57.0113 4428 rspndr - ok
14:09:57.0160 4428 RSUSBSTOR (79bad3e977966af21df982def5a99c76) C:\windows\system32\Drivers\RtsUStor.sys
14:09:57.0191 4428 RSUSBSTOR - ok
14:09:57.0285 4428 RtLedService (0d2bb5612cc0af08edd08ff8e196a9a5) C:\Program Files\Realtek\RtLED\RtLEDService.exe
14:09:57.0331 4428 RtLedService ( UnsignedFile.Multi.Generic ) - warning
14:09:57.0331 4428 RtLedService - detected UnsignedFile.Multi.Generic (1)
14:09:57.0347 4428 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\windows\system32\lsass.exe
14:09:57.0378 4428 SamSs - ok
14:09:57.0409 4428 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\windows\system32\DRIVERS\sbp2port.sys
14:09:57.0441 4428 sbp2port - ok
14:09:57.0612 4428 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
14:09:57.0659 4428 SBSDWSCService - ok
14:09:57.0690 4428 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
14:09:57.0753 4428 SCardSvr - ok
14:09:57.0815 4428 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\windows\system32\DRIVERS\scfilter.sys
14:09:57.0909 4428 scfilter - ok
14:09:58.0018 4428 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\windows\system32\schedsvc.dll
14:09:58.0111 4428 Schedule - ok
14:09:58.0158 4428 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\windows\System32\certprop.dll
14:09:58.0205 4428 SCPolicySvc - ok
14:09:58.0236 4428 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\windows\System32\SDRSVC.dll
14:09:58.0299 4428 SDRSVC - ok
14:09:58.0377 4428 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
14:09:58.0455 4428 secdrv - ok
14:09:58.0470 4428 seclogon (463b386ebc70f98da5dff85f7e654346) C:\windows\system32\seclogon.dll
14:09:58.0548 4428 seclogon - ok
14:09:58.0579 4428 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\System32\sens.dll
14:09:58.0673 4428 SENS - ok
14:09:58.0689 4428 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
14:09:58.0767 4428 SensrSvc - ok
14:09:58.0782 4428 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
14:09:58.0813 4428 Serenum - ok
14:09:58.0845 4428 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys
14:09:58.0860 4428 Serial - ok
14:09:58.0876 4428 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys
14:09:58.0907 4428 sermouse - ok
14:09:58.0938 4428 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\windows\system32\sessenv.dll
14:09:58.0985 4428 SessionEnv - ok
14:09:59.0001 4428 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\DRIVERS\sffdisk.sys
14:09:59.0063 4428 sffdisk - ok
14:09:59.0063 4428 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\DRIVERS\sffp_mmc.sys
14:09:59.0110 4428 sffp_mmc - ok
14:09:59.0110 4428 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\windows\system32\DRIVERS\sffp_sd.sys
14:09:59.0125 4428 sffp_sd - ok
14:09:59.0125 4428 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
14:09:59.0141 4428 sfloppy - ok
14:09:59.0188 4428 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\windows\System32\shsvcs.dll
14:09:59.0235 4428 ShellHWDetection - ok
14:09:59.0250 4428 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys
14:09:59.0266 4428 SiSRaid2 - ok
14:09:59.0281 4428 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys
14:09:59.0281 4428 SiSRaid4 - ok
14:09:59.0328 4428 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
14:09:59.0391 4428 Smb - ok
14:09:59.0437 4428 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
14:09:59.0484 4428 SNMPTRAP - ok
14:09:59.0515 4428 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
14:09:59.0531 4428 spldr - ok
14:09:59.0593 4428 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\windows\System32\spoolsv.exe
14:09:59.0656 4428 Spooler - ok
14:09:59.0952 4428 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\windows\system32\sppsvc.exe
14:10:00.0077 4428 sppsvc - ok
14:10:00.0186 4428 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
14:10:00.0280 4428 sppuinotify - ok
14:10:00.0389 4428 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\windows\system32\DRIVERS\srv.sys
14:10:00.0436 4428 srv - ok
14:10:00.0498 4428 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\windows\system32\DRIVERS\srv2.sys
14:10:00.0561 4428 srv2 - ok
14:10:00.0623 4428 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\windows\system32\DRIVERS\srvnet.sys
14:10:00.0654 4428 srvnet - ok
14:10:00.0732 4428 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
14:10:00.0841 4428 SSDPSRV - ok
14:10:00.0873 4428 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
14:10:00.0904 4428 SstpSvc - ok
14:10:00.0951 4428 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys
14:10:00.0951 4428 stexstor - ok
14:10:01.0029 4428 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\windows\System32\wiaservc.dll
14:10:01.0091 4428 stisvc - ok
14:10:01.0107 4428 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
14:10:01.0122 4428 swenum - ok
14:10:01.0185 4428 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
14:10:01.0278 4428 swprv - ok
14:10:01.0465 4428 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\windows\system32\sysmain.dll
14:10:01.0575 4428 SysMain - ok
14:10:01.0715 4428 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\windows\System32\TabSvc.dll
14:10:01.0762 4428 TabletInputService - ok
14:10:01.0824 4428 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\windows\System32\tapisrv.dll
14:10:01.0887 4428 TapiSrv - ok
14:10:01.0902 4428 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
14:10:01.0949 4428 TBS - ok
14:10:02.0152 4428 Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0) C:\windows\system32\drivers\tcpip.sys
14:10:02.0230 4428 Tcpip - ok
14:10:02.0511 4428 TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0) C:\windows\system32\DRIVERS\tcpip.sys
14:10:02.0557 4428 TCPIP6 - ok
14:10:02.0651 4428 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\windows\system32\drivers\tcpipreg.sys
14:10:02.0713 4428 tcpipreg - ok
14:10:02.0729 4428 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
14:10:02.0791 4428 TDPIPE - ok
14:10:02.0823 4428 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\windows\system32\drivers\tdtcp.sys
14:10:02.0885 4428 TDTCP - ok
14:10:02.0916 4428 TermDD (c448651339196c0e869a355171875522) C:\windows\system32\DRIVERS\termdd.sys
14:10:02.0932 4428 TermDD - ok
14:10:03.0025 4428 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\windows\System32\termsrv.dll
14:10:03.0119 4428 TermService - ok
14:10:03.0135 4428 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
14:10:03.0197 4428 Themes - ok
14:10:03.0244 4428 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
14:10:03.0291 4428 THREADORDER - ok
14:10:03.0306 4428 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
14:10:03.0369 4428 TrkWks - ok
14:10:03.0447 4428 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\windows\servicing\TrustedInstaller.exe
14:10:03.0478 4428 TrustedInstaller - ok
14:10:03.0493 4428 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\windows\system32\DRIVERS\tssecsrv.sys
14:10:03.0540 4428 tssecsrv - ok
14:10:03.0587 4428 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\windows\system32\DRIVERS\tunnel.sys
14:10:03.0696 4428 tunnel - ok
14:10:03.0743 4428 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys
14:10:03.0759 4428 uagp35 - ok
14:10:03.0790 4428 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\windows\system32\DRIVERS\udfs.sys
14:10:03.0883 4428 udfs - ok
14:10:03.0915 4428 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
14:10:03.0930 4428 UI0Detect - ok
14:10:03.0961 4428 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\DRIVERS\uliagpkx.sys
14:10:03.0961 4428 uliagpkx - ok
14:10:03.0993 4428 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\windows\system32\DRIVERS\umbus.sys
14:10:04.0024 4428 umbus - ok
14:10:04.0039 4428 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
14:10:04.0086 4428 UmPass - ok
14:10:04.0383 4428 UNS (6fdb1ca1add261f893c90738eba37197) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
14:10:04.0476 4428 UNS - ok
14:10:04.0632 4428 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
14:10:04.0726 4428 upnphost - ok
14:10:04.0804 4428 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\windows\system32\Drivers\usbaapl64.sys
14:10:04.0882 4428 USBAAPL64 - ok
14:10:04.0944 4428 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\windows\system32\drivers\usbaudio.sys
14:10:04.0991 4428 usbaudio - ok
14:10:05.0038 4428 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\windows\system32\DRIVERS\usbccgp.sys
14:10:05.0116 4428 usbccgp - ok
14:10:05.0163 4428 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\DRIVERS\usbcir.sys
14:10:05.0225 4428 usbcir - ok
14:10:05.0256 4428 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\windows\system32\drivers\usbehci.sys
14:10:05.0287 4428 usbehci - ok
14:10:05.0334 4428 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\windows\system32\DRIVERS\usbhub.sys
14:10:05.0365 4428 usbhub - ok
14:10:05.0397 4428 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\windows\system32\drivers\usbohci.sys
14:10:05.0428 4428 usbohci - ok
14:10:05.0459 4428 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
14:10:05.0475 4428 usbprint - ok
14:10:05.0521 4428 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys
14:10:05.0553 4428 usbscan - ok
14:10:05.0693 4428 UsbService (068d8fb5be679cc214bbf91971f692d0) C:\Program Files (x86)\ASUS\Printer Utilities\UsbService64.exe
14:10:05.0724 4428 UsbService ( UnsignedFile.Multi.Generic ) - warning
14:10:05.0724 4428 UsbService - detected UnsignedFile.Multi.Generic (1)
14:10:05.0771 4428 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\windows\system32\DRIVERS\USBSTOR.SYS
14:10:05.0849 4428 USBSTOR - ok
14:10:05.0880 4428 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\windows\system32\drivers\usbuhci.sys
14:10:05.0911 4428 usbuhci - ok
14:10:05.0974 4428 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\windows\system32\Drivers\usbvideo.sys
14:10:06.0036 4428 usbvideo - ok
14:10:06.0083 4428 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\windows\system32\DRIVERS\usb8023x.sys
14:10:06.0114 4428 usb_rndisx - ok
14:10:06.0145 4428 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
14:10:06.0239 4428 UxSms - ok
14:10:06.0286 4428 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\windows\system32\lsass.exe
14:10:06.0301 4428 VaultSvc - ok
14:10:06.0333 4428 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\DRIVERS\vdrvroot.sys
14:10:06.0348 4428 vdrvroot - ok
14:10:06.0411 4428 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\windows\System32\vds.exe
14:10:06.0473 4428 vds - ok
14:10:06.0504 4428 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
14:10:06.0535 4428 vga - ok
14:10:06.0567 4428 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
14:10:06.0629 4428 VgaSave - ok
14:10:06.0645 4428 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\windows\system32\DRIVERS\vhdmp.sys
14:10:06.0660 4428 vhdmp - ok
14:10:06.0676 4428 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\DRIVERS\viaide.sys
14:10:06.0676 4428 viaide - ok
14:10:06.0754 4428 vm332avs (640563f62cbb9b0a306232fa37945149) C:\windows\system32\Drivers\vm332avs.sys
14:10:06.0801 4428 vm332avs - ok
14:10:06.0816 4428 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\windows\system32\DRIVERS\volmgr.sys
14:10:06.0832 4428 volmgr - ok
14:10:06.0863 4428 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\windows\system32\drivers\volmgrx.sys
14:10:06.0894 4428 volmgrx - ok
14:10:06.0925 4428 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\windows\system32\DRIVERS\volsnap.sys
14:10:06.0972 4428 volsnap - ok
14:10:07.0003 4428 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys
14:10:07.0035 4428 vsmraid - ok
14:10:07.0191 4428 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\windows\system32\vssvc.exe
14:10:07.0237 4428 VSS - ok
14:10:07.0393 4428 vuhub (e07d31ee76ee18bfca49ad9a89782d43) C:\windows\system32\DRIVERS\vuhub.sys
14:10:07.0425 4428 vuhub - ok
14:10:07.0440 4428 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
14:10:07.0503 4428 vwifibus - ok
14:10:07.0534 4428 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
14:10:07.0596 4428 vwififlt - ok
14:10:07.0659 4428 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
14:10:07.0737 4428 W32Time - ok
14:10:07.0752 4428 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys
14:10:07.0783 4428 WacomPen - ok
14:10:07.0846 4428 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
14:10:07.0893 4428 WANARP - ok
14:10:07.0908 4428 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
14:10:07.0939 4428 Wanarpv6 - ok
14:10:08.0111 4428 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
14:10:08.0173 4428 WatAdminSvc - ok
14:10:08.0314 4428 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\windows\system32\wbengine.exe
14:10:08.0439 4428 wbengine - ok
14:10:08.0579 4428 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
14:10:08.0626 4428 WbioSrvc - ok
14:10:08.0704 4428 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\windows\System32\wcncsvc.dll
14:10:08.0782 4428 wcncsvc - ok
14:10:08.0813 4428 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
14:10:08.0875 4428 WcsPlugInService - ok
14:10:08.0922 4428 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys
14:10:08.0938 4428 Wd - ok
14:10:09.0000 4428 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
14:10:09.0047 4428 Wdf01000 - ok
14:10:09.0063 4428 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
14:10:09.0109 4428 WdiServiceHost - ok
14:10:09.0109 4428 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
14:10:09.0141 4428 WdiSystemHost - ok
14:10:09.0187 4428 WebClient (733006127f235be7c35354ebee7b9a7b) C:\windows\System32\webclnt.dll
14:10:09.0250 4428 WebClient - ok
14:10:09.0312 4428 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
14:10:09.0421 4428 Wecsvc - ok
14:10:09.0437 4428 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
14:10:09.0484 4428 wercplsupport - ok
14:10:09.0515 4428 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
14:10:09.0546 4428 WerSvc - ok
14:10:09.0609 4428 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
14:10:09.0687 4428 WfpLwf - ok
14:10:09.0702 4428 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
14:10:09.0718 4428 WIMMount - ok
14:10:09.0749 4428 WinDefend - ok
14:10:09.0827 4428 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
14:10:09.0905 4428 Winmgmt - ok
14:10:10.0092 4428 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\windows\system32\WsmSvc.dll
14:10:10.0233 4428 WinRM - ok
14:10:10.0451 4428 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\windows\system32\DRIVERS\WinUsb.sys
14:10:10.0498 4428 WinUsb - ok
14:10:10.0623 4428 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
14:10:10.0701 4428 Wlansvc - ok
14:10:10.0794 4428 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
14:10:10.0810 4428 wlcrasvc - ok
14:10:11.0059 4428 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:10:11.0153 4428 wlidsvc - ok
14:10:11.0293 4428 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys
14:10:11.0309 4428 WmiAcpi - ok
14:10:11.0387 4428 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
14:10:11.0434 4428 wmiApSrv - ok
14:10:11.0496 4428 WMPNetworkSvc - ok
14:10:11.0543 4428 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
14:10:11.0574 4428 WPCSvc - ok
14:10:11.0605 4428 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\windows\system32\wpdbusenum.dll
14:10:11.0637 4428 WPDBusEnum - ok
14:10:11.0683 4428 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
14:10:11.0761 4428 ws2ifsl - ok
14:10:11.0808 4428 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\windows\system32\wscsvc.dll
14:10:11.0871 4428 wscsvc - ok
14:10:11.0917 4428 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\windows\system32\DRIVERS\WSDPrint.sys
14:10:11.0949 4428 WSDPrintDevice - ok
14:10:11.0949 4428 WSearch - ok
14:10:12.0027 4428 wsvd (83575c43b2bfe9ab0661a7f957e843c0) C:\windows\system32\DRIVERS\wsvd.sys
14:10:12.0058 4428 wsvd - ok
14:10:12.0276 4428 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\windows\system32\wuaueng.dll
14:10:12.0370 4428 wuauserv - ok
14:10:12.0510 4428 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\windows\system32\drivers\WudfPf.sys
14:10:12.0604 4428 WudfPf - ok
14:10:12.0651 4428 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\windows\system32\DRIVERS\WUDFRd.sys
14:10:12.0713 4428 WUDFRd - ok
14:10:12.0744 4428 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\windows\System32\WUDFSvc.dll
14:10:12.0822 4428 wudfsvc - ok
14:10:12.0853 4428 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
14:10:12.0931 4428 WwanSvc - ok
14:10:12.0963 4428 {79007602-0CDB-4405-9DBF-1257BB3226EE} - ok
14:10:12.0994 4428 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
14:10:13.0571 4428 \Device\Harddisk0\DR0 - ok
14:10:13.0587 4428 MBR (0x1B8) (ddae9d649db12f6aff24483f2c298989) \Device\Harddisk1\DR2
14:10:13.0727 4428 \Device\Harddisk1\DR2 - ok
14:10:13.0727 4428 Boot (0x1200) (56ddd760577959baf9844df38a6b18cc) \Device\Harddisk0\DR0\Partition0
14:10:13.0727 4428 \Device\Harddisk0\DR0\Partition0 - ok
14:10:13.0743 4428 Boot (0x1200) (480129f3973c9b42f7d979dea7932675) \Device\Harddisk0\DR0\Partition1
14:10:13.0743 4428 \Device\Harddisk0\DR0\Partition1 - ok
14:10:13.0774 4428 Boot (0x1200) (d359b0ef8f415e99e8dbaba05f82db47) \Device\Harddisk0\DR0\Partition2
14:10:13.0774 4428 \Device\Harddisk0\DR0\Partition2 - ok
14:10:13.0789 4428 Boot (0x1200) (d210ae37f0d6bcb2d7ad53ad645973d2) \Device\Harddisk1\DR2\Partition0
14:10:13.0789 4428 \Device\Harddisk1\DR2\Partition0 - ok
14:10:13.0789 4428 ============================================================
14:10:13.0789 4428 Scan finished
14:10:13.0789 4428 ============================================================
14:10:13.0789 2836 Detected object count: 3
14:10:13.0789 2836 Actual detected object count: 3
14:10:28.0360 2836 BrYNSvc ( UnsignedFile.Multi.Generic ) - skipped by user
14:10:28.0360 2836 BrYNSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:10:28.0360 2836 RtLedService ( UnsignedFile.Multi.Generic ) - skipped by user
14:10:28.0360 2836 RtLedService ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:10:28.0375 2836 UsbService ( UnsignedFile.Multi.Generic ) - skipped by user
14:10:28.0375 2836 UsbService ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:10:57.0610 2756 Deinitialize success
Farbar log:
Farbar Service Scanner Version: 25-06-2012 01
Ran by Angelo (administrator) on 01-07-2012 at 14:13:14
Microsoft Windows 7 Home Premium (X64)
************************************************
======== Search: "afd.sys;tcpip.sys;mpssvc.dll;SDRSVC.dll;wuaueng.dll;cryptsvc.dll;" =========
C:\windows\System32\cryptsvc.dll
[2012-06-13 20:51] - [2012-04-24 01:59] - 0182272 ____A (Microsoft Corporation) F02786B66375292E58C8777082D4396D
C:\windows\System32\MPSSVC.dll
[2009-07-13 20:09] - [2009-07-13 21:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3
C:\windows\System32\sdrsvc.dll
[2009-07-13 19:36] - [2009-07-13 21:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5
C:\windows\System32\wuaueng.dll
[2009-07-13 20:36] - [2009-07-13 21:41] - 2418176 ____A (Microsoft Corporation) 38340204A2D0228F1E87740FC5E554A7
C:\windows\System32\drivers\afd.sys
[2012-02-15 07:22] - [2011-12-27 23:59] - 0499200 ____A (Microsoft Corporation) DB9D6C6B2CD95A9CA414D045B627422E
C:\windows\System32\drivers\tcpip.sys
[2012-05-08 19:51] - [2012-03-30 07:09] - 1895280 ____A (Microsoft Corporation) 624C5B3AA4C99B3184BB922D9ECE3FF0
C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.21979_none_7854c7b7125b248c\cryptsvc.dll
[2012-06-13 20:51] - [2012-04-24 00:28] - 0142336 ____A (Microsoft Corporation) 21993009E0CCB9B4FA195F14D3408626
C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17827_none_77ff39f3f916c65f\cryptsvc.dll
[2012-06-13 20:51] - [2012-04-24 00:36] - 0140288 ____A (Microsoft Corporation) 06E771AA596B8761107AB57E99F128D7
C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.21199_none_7658a1151545269d\cryptsvc.dll
[2012-06-13 20:51] - [2012-04-24 00:33] - 0141312 ____A (Microsoft Corporation) F522279B4717E2BFF269C771FAC2B78E
C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.17008_none_762f534bfbdf7203\cryptsvc.dll
[2012-06-13 20:51] - [2012-04-24 00:47] - 0139264 ____A (Microsoft Corporation) 520A108A2657F4BCA7FCED9CA7D885DE
C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_75d5ef87fc22e35a\cryptsvc.dll
[2009-07-13 19:33] - [2009-07-13 21:15] - 0135680 ____A (Microsoft Corporation) 9C231178CE4FB385F4B54B0A9080B8A4
C:\Windows\winsxs\amd64_networking-mpssvc-svc_31bf3856ad364e35_6.1.7600.16385_none_f6092d1fe18dc440\MPSSVC.dll
[2009-07-13 20:09] - [2009-07-13 21:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3
C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21887_none_364f3a028e605345\afd.sys
[2012-02-15 07:22] - [2011-12-28 00:01] - 0498176 ____A (Microsoft Corporation) 36A14FD1A23F57046361733B792CA8DB
C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_3695e61e8e2c13d4\afd.sys
[2011-12-02 04:32] - [2011-04-24 23:09] - 0499200 ____A (Microsoft Corporation) F4AD06143EAC303F55D0E86C40802976
C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17752_none_35e10b89752ee0f5\afd.sys
[2012-02-15 07:22] - [2011-12-27 23:59] - 0498688 ____A (Microsoft Corporation) 1C7857B62DE5994A75B054A9FD4C3825
C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_3618198975057170\afd.sys
[2011-12-02 04:32] - [2011-04-24 22:34] - 0499200 ____A (Microsoft Corporation) D5B031C308A409A0A576BFF4CF083D30
C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.21115_none_34b263fe91032456\afd.sys
[2012-02-15 07:22] - [2011-12-28 00:01] - 0499200 ____A (Microsoft Corporation) CCA39961E76B491DDF44B1E90FC8971D
C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_3483491e9126fe55\afd.sys
[2011-12-02 04:32] - [2011-04-24 22:44] - 0499712 ____A (Microsoft Corporation) FBFF8B7C9D116229E9208A0D1CAEB49B
C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16937_none_34154fcd77f3bbda\afd.sys
[2012-02-15 07:22] - [2011-12-27 23:59] - 0499200 ____A (Microsoft Corporation) DB9D6C6B2CD95A9CA414D045B627422E
C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_3430bc3977dfec2d\afd.sys
[2011-12-02 04:32] - [2011-04-24 22:44] - 0499712 ____A (Microsoft Corporation) 6EF20DDF3172E97D69F596FB90602F29
C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_33dd3439781e25f7\afd.sys
[2009-07-13 19:21] - [2009-07-13 19:21] - 0500224 ____A (Microsoft Corporation) B9384E03479D2506BC924C16A3DB87BC
C:\Windows\winsxs\amd64_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.3.7600.16385_none_8ca5655e8bc7dae9\wuaueng.dll
[2009-07-13 20:36] - [2009-07-13 21:41] - 2418176 ____A (Microsoft Corporation) 38340204A2D0228F1E87740FC5E554A7
C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21954_none_11a27a8e9643d23a\tcpip.sys
[2012-05-08 19:51] - [2012-03-30 06:26] - 1901424 ____A (Microsoft Corporation) 885B202006EE17AE99B9FBCEC9AF88C9
C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21828_none_11c6e9949627e69c\tcpip.sys
[2011-12-02 04:31] - [2011-09-29 13:41] - 1912176 ____A (Microsoft Corporation) 3810F06A4D74A7D62641EE73D6B3C660
C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_11cbb5de9625357a\tcpip.sys
[2011-12-02 04:32] - [2011-04-25 02:16] - 1927552 ____A (Microsoft Corporation) B77977AEB2FF159D01DB08A309989C5F
C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17802_none_114ceccb7cff740d\tcpip.sys
[2012-05-08 19:51] - [2012-03-30 07:35] - 1918320 ____A (Microsoft Corporation) ACB82BDA8F46C84F465C1AFA517DC4B9
C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17697_none_10f09b257d43f3eb\tcpip.sys
[2011-12-02 04:31] - [2011-09-29 12:29] - 1923952 ____A (Microsoft Corporation) FC62769E7BFF2896035AEED399108162
C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_114de9497cfe9316\tcpip.sys
[2011-12-02 04:32] - [2011-04-25 01:33] - 1923968 ____A (Microsoft Corporation) 92CE29D95AC9DD2D0EE9061D551BA250
C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21178_none_0faa5514992a39a7\tcpip.sys
[2012-05-08 19:51] - [2012-03-30 06:19] - 1877872 ____A (Microsoft Corporation) 5EFD096DEF47F8B88EF591DA92143440
C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21060_none_0fad20ca992955d7\tcpip.sys
[2011-12-02 04:31] - [2011-09-29 12:17] - 1886064 ____A (Microsoft Corporation) AC3E29880DB5659532A1AA3439304A43
C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20951_none_0fb918de99201ffb\tcpip.sys
[2011-12-02 04:32] - [2011-04-25 01:28] - 1893248 ____A (Microsoft Corporation) 1F748D5439B65E0BEBD92F65048F030D
C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_0fd0b57e990e2079\tcpip.sys
[2011-02-11 18:25] - [2011-02-11 18:25] - 1889152 ____A (Microsoft Corporation) 542C6767C68C9D6AAACA59436B0D15C2
C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20687_none_0f9ea52499331463\tcpip.sys
[2012-01-15 20:53] - [2010-04-09 03:56] - 1892232 ____A (Microsoft Corporation) A9C0F786AC1F736891D05CE0A1D29DEB
C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16986_none_0f140fa780164fde\tcpip.sys
[2012-05-08 19:51] - [2012-03-30 07:09] - 1895280 ____A (Microsoft Corporation) 624C5B3AA4C99B3184BB922D9ECE3FF0
C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16889_none_0f170e9f80139ebc\tcpip.sys
[2011-12-02 04:31] - [2011-09-29 12:24] - 1897328 ____A (Microsoft Corporation) F18F56EFC0BFB9C87BA01C37B27F4DA5
C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16802_none_0f668bf97fd90dd3\tcpip.sys
[2011-12-02 04:32] - [2011-04-25 01:32] - 1896832 ____A (Microsoft Corporation) 61DC720BB065D607D5823F13D2A64321
C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_0f59b7ad7fe2fcc8\tcpip.sys
[2011-02-11 18:25] - [2011-02-11 18:25] - 1896832 ____A (Microsoft Corporation) 90A2D722CF64D911879D6C4A4F802A4D
C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16569_none_0f2ca8c580036f65\tcpip.sys
[2012-01-15 20:53] - [2010-04-09 07:06] - 1898376 ____A (Microsoft Corporation) 7FC877A25796D8ADF539E64703FCA7E1
C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys
[2009-07-13 19:25] - [2009-07-13 21:45] - 1898576 ____A (Microsoft Corporation) 912107716BAB424C7870E8E6AF5E07E1
C:\Windows\winsxs\amd64_microsoft-windows-safedocs-main_31bf3856ad364e35_6.1.7600.16385_none_80feadf380799a73\sdrsvc.dll
[2009-07-13 19:36] - [2009-07-13 21:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5
C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.21979_none_d473633acab895c2\cryptsvc.dll
[2012-06-13 20:51] - [2012-04-24 01:22] - 0186880 ____A (Microsoft Corporation) B7337E9C9E5936355BB700AA33E0936E
C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17827_none_d41dd577b1743795\cryptsvc.dll
[2012-06-13 20:51] - [2012-04-24 01:37] - 0184320 ____A (Microsoft Corporation) 4F5414602E2544A4554D95517948B705
C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.21199_none_d2773c98cda297d3\cryptsvc.dll
[2012-06-13 20:51] - [2012-04-24 01:36] - 0183808 ____A (Microsoft Corporation) CE8BF1423AEE47DA5275FBC8AD3BD642
C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.17008_none_d24deecfb43ce339\cryptsvc.dll
[2012-06-13 20:51] - [2012-04-24 01:59] - 0182272 ____A (Microsoft Corporation) F02786B66375292E58C8777082D4396D
C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_d1f48b0bb4805490\cryptsvc.dll
[2009-07-13 19:49] - [2009-07-13 21:40] - 0175104 ____A (Microsoft Corporation) 8C57411B66282C01533CB776F98AD384
C:\Windows\SysWOW64\cryptsvc.dll
[2012-06-13 20:51] - [2012-04-24 00:47] - 0139264 ____A (Microsoft Corporation) 520A108A2657F4BCA7FCED9CA7D885DE
C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_7807034ff91166f4\cryptsvc.dll
[2011-12-03 19:50] - [2010-11-20 08:18] - 0136192 ____A (Microsoft Corporation) A585BEBF7D054BD9618EDA0922D5484A
C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_networking-mpssvc-svc_31bf3856ad364e35_6.1.7601.17514_none_f83a40e7de7c47da\MPSSVC.dll
[2011-12-03 19:51] - [2010-11-20 09:26] - 0828416 ____A (Microsoft Corporation) 54FFC9C8898113ACE189D4AA7199D2C1
C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991\afd.sys
[2011-12-03 19:50] - [2010-11-20 05:23] - 0499712 ____A (Microsoft Corporation) D31DC7A16DEA4A9BAF179F3D6FBDB38C
C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.5.7601.17514_none_1f3413afc64d10c5\wuaueng.dll
[2011-12-03 19:50] - [2010-11-20 09:27] - 2420736 ____A (Microsoft Corporation) 9DF12EDBC698B0BC353B3EF84861E430
C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37\tcpip.sys
[2011-12-03 19:51] - [2010-11-20 09:33] - 1924480 ____A (Microsoft Corporation) 509383E505C973ED7534A06B3D19688D
C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-safedocs-main_31bf3856ad364e35_6.1.7601.17514_none_832fc1bb7d681e0d\sdrsvc.dll
[2011-12-03 19:49] - [2010-11-20 09:27] - 0170496 ____A (Microsoft Corporation) 6EA4234DC55346E0709560FE7C2C1972
C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_d4259ed3b16ed82a\cryptsvc.dll
[2011-12-03 19:50] - [2010-11-20 09:25] - 0177152 ____A (Microsoft Corporation) 15597883FBE9B056F276ADA3AD87D9AF
====== End Of Search ======
-
Hi Maniac, thank you for your response.
I tried to run Flash Disinfector but nothing seems to happen when I run the file. I tried to run as administrator as well, but again.. nothing pops up or anything. Is this normal? I rebooted regardless, and continued onto the next steps.
This is the Farbar log:
Farbar Service Scanner Version: 25-06-2012 01
Ran by Angelo (administrator) on 30-06-2012 at 14:49:13
Running from "C:\Users\Angelo\Desktop"
Microsoft Windows 7 Home Premium (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.
tdx Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open tdx registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open tdx registry key. The service key does not exist.
Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Google IP is accessible.
Attempt to access Google.com returned error: Other errors
Yahoo IP is accessible.
Attempt to access Yahoo.com returned error: Other errors
Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.
MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Action Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2012-02-15 07:22] - [2011-12-27 23:59] - 0499200 ____A (Microsoft Corporation) DB9D6C6B2CD95A9CA414D045B627422E
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2012-05-08 19:51] - [2012-03-30 07:09] - 1895280 ____A (Microsoft Corporation) 624C5B3AA4C99B3184BB922D9ECE3FF0
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll
[2009-07-13 20:09] - [2009-07-13 21:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll
[2009-07-13 19:36] - [2009-07-13 21:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll
[2009-07-13 20:36] - [2009-07-13 21:41] - 2418176 ____A (Microsoft Corporation) 38340204A2D0228F1E87740FC5E554A7
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll
[2012-06-13 20:51] - [2012-04-24 01:59] - 0182272 ____A (Microsoft Corporation) F02786B66375292E58C8777082D4396D
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
**** End of log ****
-
This trojan keeps redirecting webpages to ads and now the internet doesn't work at ALL.
Here are the logs:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_30
Run by Angelo at 13:03:42 on 2012-06-30
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1845.942 [GMT -4:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\System32\svchost.exe -k NetworkService
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\EgisTec BioExcess\EgisDSService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Realtek\RtLED\RtLEDService.exe
C:\Program Files (x86)\ASUS\Printer Utilities\UsbService64.exe
C:\Program Files\Realtek\RtLED\RtLED.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Eraser\Eraser.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\USB Camera2\VM332_STI.EXE
C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files (x86)\Nokia\Nokia Internet Modem\NokiaInternetModem_AppStart.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Program Files (x86)\Browny02\BrYNSvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\svchost.exe -k netsvcs
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\windows\system32\taskeng.exe
C:\windows\system32\taskeng.exe
C:\Windows\system32\WUDFHost.exe
C:\windows\system32\wbem\wmiprvse.exe
\\?\C:\windows\system32\wbem\WMIADAP.EXE
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\taskhost.exe
C:\windows\System32\svchost.exe -k WerSvcGroup
C:\windows\system32\igfxsrvc.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
mStart Page = hxxp://lenovo.msn.com
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: PlusIEEventHelper Class: {551a852f-39a6-44a7-9c13-afbec9185a9d} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll
BHO: IEPwdBankBHO Class: {56cbb761-da41-4e31-b270-b13b4b0a61d0} - C:\Program Files (x86)\EgisTec BioExcess\EgisIEPwdBank.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Google Update] "C:\Users\Angelo\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [iSUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [iMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"
mRun: [332BigDog] C:\Program Files (x86)\USB Camera2\VM332_STI.EXE
mRun: [VitaKeyTSR] "C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
mRun: [uCam_Menu] "C:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"
mRun: [YouCam Mirror Tray icon] "C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe" /s
mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun: [updateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
mRun: [updatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
mRun: [NokiaInternetModem_AppStart.exe] "C:\Program Files (x86)\Nokia\Nokia Internet Modem\NokiaInternetModem_AppStart.exe" "-start" "C:\Program Files (x86)\Nokia\Nokia Internet Modem\NokiaInternetModem.exe"
mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun: [indexSearch] "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe"
mRun: [PaperPort PTD] "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe"
mRun: [PPort12reminder] "C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini"
mRun: [PDFHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe
mRun: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe
mRun: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun
mRun: [brStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Angelo\Desktop\PartyPoker.lnk
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{3E34E9DE-FBCC-4629-B42B-0014EBD8D882} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{3E34E9DE-FBCC-4629-B42B-0014EBD8D882}\343524 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{3E34E9DE-FBCC-4629-B42B-0014EBD8D882}\35475607860293930303 : DhcpNameServer = 10.0.0.1
TCP: Interfaces\{7351B29F-BEA3-4F1F-A4EB-AE9D8A965B66} : DhcpNameServer = 64.71.255.198 64.71.255.253
TCP: Interfaces\{D27A83E8-B972-4B86-8195-B42B7A967A20} : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
LSA: Notification Packages = scecli EgisPwdFilter EgisDSPwdFilter
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO-X64: PlusIEEventHelper Class: {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll
BHO-X64: IEPwdBankBHO Class: {56CBB761-DA41-4E31-B270-B13B4B0A61D0} - C:\Program Files (x86)\EgisTec BioExcess\EgisIEPwdBank.dll
BHO-X64: IEPwdBankBHO - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [iMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"
mRun-x64: [332BigDog] C:\Program Files (x86)\USB Camera2\VM332_STI.EXE
mRun-x64: [VitaKeyTSR] "C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
mRun-x64: [uCam_Menu] "C:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"
mRun-x64: [YouCam Mirror Tray icon] "C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe" /s
mRun-x64: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun-x64: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun-x64: [updateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
mRun-x64: [updatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
mRun-x64: [NokiaInternetModem_AppStart.exe] "C:\Program Files (x86)\Nokia\Nokia Internet Modem\NokiaInternetModem_AppStart.exe" "-start" "C:\Program Files (x86)\Nokia\Nokia Internet Modem\NokiaInternetModem.exe"
mRun-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun-x64: [indexSearch] "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe"
mRun-x64: [PaperPort PTD] "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe"
mRun-x64: [PPort12reminder] "C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini"
mRun-x64: [PDFHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe
mRun-x64: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe
mRun-x64: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun
mRun-x64: [brStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
IE-X64: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
IE-X64: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Angelo\Desktop\PartyPoker.lnk
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Angelo\AppData\Roaming\Mozilla\Firefox\Profiles\zwmj45cc.default\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Angelo\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
.
============= SERVICES / DRIVERS ===============
.
R0 LHDmgr;LHDmgr;C:\windows\system32\DRIVERS\LhdX64.sys --> C:\windows\system32\DRIVERS\LhdX64.sys [?]
R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\system32\DRIVERS\MpFilter.sys --> C:\windows\system32\DRIVERS\MpFilter.sys [?]
R1 mwlPSDFilter;mwlPSDFilter;C:\windows\system32\DRIVERS\mwlPSDFilter.sys --> C:\windows\system32\DRIVERS\mwlPSDFilter.sys [?]
R1 mwlPSDNServ;mwlPSDNServ;C:\windows\system32\DRIVERS\mwlPSDNServ.sys --> C:\windows\system32\DRIVERS\mwlPSDNServ.sys [?]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\windows\system32\DRIVERS\mwlPSDVDisk.sys --> C:\windows\system32\DRIVERS\mwlPSDVDisk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 EgisTec Data Security Service;EgisTec Data Security Service;C:\Program Files (x86)\EgisTec BioExcess\EgisDSService.exe [2010-5-27 314736]
R2 EgisTec Service;EgisTec Service;C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe [2010-5-27 709488]
R2 FPSensor;EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys);C:\windows\system32\Drivers\FPSensor.sys --> C:\windows\system32\Drivers\FPSensor.sys [?]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-3-19 13336]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-6-16 654408]
R2 PDFProFiltSrvPP;PDFProFiltSrvPP;C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [2010-3-9 144672]
R2 RtLedService;RtLedService Installer;C:\Program Files\Realtek\RtLED\RtLEDService.exe [2010-2-5 311296]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-6-17 1153368]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-3-19 2320920]
R2 UsbService;Eltima Usb to Ethernet Connector;C:\Program Files (x86)\ASUS\Printer Utilities\UsbService64.exe [2012-1-25 326656]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\windows\system32\DRIVERS\AcpiVpc.sys --> C:\windows\system32\DRIVERS\AcpiVpc.sys [?]
R3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2012-1-25 245760]
R3 ETD;ELAN PS/2 Port Input Device;C:\windows\system32\DRIVERS\ETD.sys --> C:\windows\system32\DRIVERS\ETD.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\windows\system32\DRIVERS\Impcd.sys --> C:\windows\system32\DRIVERS\Impcd.sys [?]
R3 InputFilter_Hid_FlexDef2b;Siliten HID Devices(FlexDef2b) Driver Service;C:\windows\system32\DRIVERS\InputFilter_FlexDef2b.sys --> C:\windows\system32\DRIVERS\InputFilter_FlexDef2b.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\system32\DRIVERS\L1C62x64.sys --> C:\windows\system32\DRIVERS\L1C62x64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?]
R3 nokia_cs1x_dc_enum;Nokia Internet Stick DC Enumerator;C:\windows\system32\DRIVERS\nokia_cs1x_dc_enum.sys --> C:\windows\system32\DRIVERS\nokia_cs1x_dc_enum.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 vm332avs;Lenovo Camera2;C:\windows\system32\Drivers\vm332avs.sys --> C:\windows\system32\Drivers\vm332avs.sys [?]
R3 vuhub;Virtual Usb Hub;C:\windows\system32\DRIVERS\vuhub.sys --> C:\windows\system32\DRIVERS\vuhub.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 KMService;KMService;C:\Windows\System32\srvany.exe [2011-12-2 8192]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-26 257696]
S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\windows\system32\DRIVERS\k57nd60a.sys --> C:\windows\system32\DRIVERS\k57nd60a.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 30963576]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-6-17 129976]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\windows\system32\DRIVERS\netw5v64.sys --> C:\windows\system32\DRIVERS\netw5v64.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\windows\system32\DRIVERS\NisDrvWFP.sys --> C:\windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 nokia_cs1x_cdc_acm;Nokia Internet Stick CDC-ACM driver;C:\windows\system32\DRIVERS\nokia_cs1x_cdc_acm.sys --> C:\windows\system32\DRIVERS\nokia_cs1x_cdc_acm.sys [?]
S3 nokia_cs1x_cdc_ecm;nokia_cs1x_cdc_ecm;C:\windows\system32\DRIVERS\nokia_cs1x_cdc_ecm.sys --> C:\windows\system32\DRIVERS\nokia_cs1x_cdc_ecm.sys [?]
S3 nokia_cs1x_cpo;Nokia Internet Stick Mass Storage Device;C:\windows\system32\DRIVERS\nokia_cs1x_cpo.sys --> C:\windows\system32\DRIVERS\nokia_cs1x_cpo.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\windows\system32\DRIVERS\WSDPrint.sys --> C:\windows\system32\DRIVERS\WSDPrint.sys [?]
S3 wsvd;wsvd;C:\windows\system32\DRIVERS\wsvd.sys --> C:\windows\system32\DRIVERS\wsvd.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-06-17 21:07:15 332 ----a-w- C:\Start_.cmd
2012-06-17 21:07:14 -------- d-----w- C:\ComboFix
2012-06-17 20:02:26 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-06-17 20:02:26 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-06-17 19:36:44 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2012-06-17 19:36:42 588728 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2012-06-17 19:36:42 43960 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
2012-06-17 19:36:42 157352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-06-17 19:36:42 129976 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-06-16 21:21:16 -------- d-----w- C:\Users\Angelo\AppData\Roaming\Malwarebytes
2012-06-16 21:21:14 -------- d-----w- C:\ProgramData\Malwarebytes
2012-06-16 21:21:13 24904 ----a-w- C:\windows\System32\drivers\mbam.sys
2012-06-16 21:21:13 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-14 00:51:59 208896 ----a-w- C:\windows\System32\profsvc.dll
2012-06-08 02:50:35 -------- d-sh--w- C:\windows\SysWow64\%APPDATA%
2012-06-07 01:29:23 8955792 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F1C44406-B880-42FE-9618-85D975AEF2B3}\mpengine.dll
2012-06-05 05:54:16 8955792 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-01 12:08:57 -------- d-----w- C:\Program Files\Microsoft IntelliPoint
.
==================== Find3M ====================
.
2012-05-27 03:00:09 70304 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-27 03:00:09 419488 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-05-27 03:00:04 8744608 ----a-w- C:\windows\SysWow64\FlashPlayerInstaller.exe
2012-05-18 02:06:48 2311680 ----a-w- C:\windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-05-15 01:32:20 3144192 ----a-w- C:\windows\System32\win32k.sys
2012-05-04 10:52:22 5505392 ----a-w- C:\windows\System32\ntoskrnl.exe
2012-05-04 10:08:16 3958128 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:08:15 3902320 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2012-04-28 03:50:40 204800 ----a-w- C:\windows\System32\drivers\rdpwd.sys
2012-04-26 05:34:38 76288 ----a-w- C:\windows\System32\rdpwsx.dll
2012-04-26 05:34:37 149504 ----a-w- C:\windows\System32\rdpcorekmts.dll
2012-04-26 05:28:32 9216 ----a-w- C:\windows\System32\rdrmemptylst.exe
2012-04-24 05:59:45 182272 ----a-w- C:\windows\System32\cryptsvc.dll
2012-04-24 05:59:45 1460224 ----a-w- C:\windows\System32\crypt32.dll
2012-04-24 05:59:45 140288 ----a-w- C:\windows\System32\cryptnet.dll
2012-04-24 04:47:04 139264 ----a-w- C:\windows\SysWow64\cryptsvc.dll
2012-04-24 04:47:04 103936 ----a-w- C:\windows\SysWow64\cryptnet.dll
2012-04-24 04:47:03 1156608 ----a-w- C:\windows\SysWow64\crypt32.dll
2012-04-07 12:18:36 3213824 ----a-w- C:\windows\System32\msi.dll
2012-04-07 11:34:37 2342400 ----a-w- C:\windows\SysWow64\msi.dll
.
============= FINISH: 13:04:50.54 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 12/1/2011 4:54:30 PM
System Uptime: 6/20/2012 9:15:53 PM (232 hours ago)
.
Motherboard: LENOVO | | MoutCook
Processor: Intel® Pentium® CPU P6200 @ 2.13GHz | CPU 1 | 917/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 254 GiB total, 183.276 GiB free.
D: is FIXED (NTFS) - 29 GiB total, 28.907 GiB free.
E: is Removable
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP153: 5/31/2012 10:51:21 PM - Windows Update
RP154: 6/1/2012 10:53:02 PM - Windows Update
RP155: 6/2/2012 10:52:24 PM - Windows Update
RP156: 6/4/2012 3:00:13 AM - Windows Update
RP157: 6/4/2012 7:12:02 PM - Windows Update
RP158: 6/5/2012 1:52:52 AM - Windows Update
RP159: 6/6/2012 9:27:39 PM - Windows Update
RP160: 6/14/2012 3:00:25 AM - Windows Update
RP161: 6/21/2012 7:37:48 AM - Scheduled Checkpoint
RP162: 6/29/2012 7:10:25 AM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
µTorrent
Adobe AIR
Adobe Reader 9.0.1
Apple Application Support
Apple Software Update
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
Best Buy pc app
BioExcess
BlackBerry Desktop Software 6.1
Brother MFL-Pro Suite DCP-7060D
CyberLink YouCam
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Energy Management
File Shredder 2.0
FormatFactory 2.95
Free Video to MP3 Converter version 5.0.2.1125
GOM Player
Google Chrome
Intel® Control Center
Intel® Graphics Media Accelerator Driver
Intel® Management Engine Components
Intel® Rapid Storage Technology
Internet Banking Payment Assistant 2.2
Java Auto Updater
Java 6 Update 30
Junk Mail filter update
Lenovo EasyCamera
Lenovo OneKey Recovery
Lenovo Security Suite
Lenovo_Wireless_Driver
Malwarebytes Anti-Malware version 1.61.0.1400
Mesh Runtime
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB973685)
Nokia Internet Modem
Nuance PaperPort 12
Nuance PDF Viewer Plus
PartyPoker
PokerStars
Power2Go
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Scansoft PDF Professional
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Skype™ 5.5
Spybot - Search & Destroy
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553092)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
6/30/2012 12:56:09 PM, Error: Service Control Manager [7003] - The DHCP Client service depends the following service: Tdx. This service might not be installed.
6/30/2012 12:56:09 PM, Error: Service Control Manager [7001] - The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: The dependency service does not exist or has been marked for deletion.
6/27/2012 9:48:08 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NlaSvc service.
.
==== End Of File ===========================
Thank you in advance!
I feel I should let you know that the internet is not completely dead on the infected laptop.. when it connects to networks it connects as "limited connectivity". Any idea why this is? And it is not the wireless network itself, because I brought this laptop to my friends house and it displays the same limited connectivity when using their wifi, while other computers connect just fine to my home and friends network. Here are the logs:
Can't remove Trojan.Dropper.BCMiner
in Resolved Malware Removal Logs
Posted
Here is the Combofix log!
ComboFix 12-07-06.02 - Angelo 07/07/2012 14:23:23.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1845.874 [GMT -4:00]
Running from: c:\users\Angelo\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\Installer\{61fcaa24-ffd0-4994-b381-d5a0462b6125}\@
c:\windows\Installer\{61fcaa24-ffd0-4994-b381-d5a0462b6125}\L\00000004.@
c:\windows\Installer\{61fcaa24-ffd0-4994-b381-d5a0462b6125}\L\1afb2d56
c:\windows\Installer\{61fcaa24-ffd0-4994-b381-d5a0462b6125}\L\201d3dde
c:\windows\Installer\{61fcaa24-ffd0-4994-b381-d5a0462b6125}\n
c:\windows\Installer\{61fcaa24-ffd0-4994-b381-d5a0462b6125}\U\00000004.@
c:\windows\Installer\{61fcaa24-ffd0-4994-b381-d5a0462b6125}\U\00000008.@
c:\windows\Installer\{61fcaa24-ffd0-4994-b381-d5a0462b6125}\U\000000cb.@
c:\windows\Installer\{61fcaa24-ffd0-4994-b381-d5a0462b6125}\U\80000000.@
c:\windows\Installer\{61fcaa24-ffd0-4994-b381-d5a0462b6125}\U\80000032.@
c:\windows\Installer\{61fcaa24-ffd0-4994-b381-d5a0462b6125}\U\80000064.@
c:\windows\s.bat
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_{79007602-0CDB-4405-9DBF-1257BB3226EE}
.
.
((((((((((((((((((((((((( Files Created from 2012-06-07 to 2012-07-07 )))))))))))))))))))))))))))))))
.
.
2012-06-17 20:02 . 2012-06-17 21:06 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-06-17 20:02 . 2012-06-17 20:02 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-06-17 19:36 . 2012-06-17 19:36 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-06-17 19:36 . 2012-06-17 19:36 588728 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-06-17 19:36 . 2012-06-17 19:36 43960 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-06-17 19:36 . 2012-06-17 19:36 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-06-17 19:36 . 2012-06-17 19:36 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-06-16 21:21 . 2012-06-16 21:21 -------- d-----w- c:\users\Angelo\AppData\Roaming\Malwarebytes
2012-06-16 21:21 . 2012-06-16 21:21 -------- d-----w- c:\programdata\Malwarebytes
2012-06-16 21:21 . 2012-06-16 21:21 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-16 21:21 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-14 00:51 . 2012-05-02 05:32 208896 ----a-w- c:\windows\system32\profsvc.dll
2012-06-08 02:50 . 2012-06-08 02:50 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-27 03:00 . 2012-05-27 01:59 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-27 03:00 . 2011-12-04 12:03 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-27 03:00 . 2012-05-27 03:00 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-05-08 17:02 . 2012-06-07 01:29 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F1C44406-B880-42FE-9618-85D975AEF2B3}\mpengine.dll
2012-05-08 17:02 . 2012-06-05 05:54 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-03 284696]
"IMSS"="c:\program files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2009-09-30 111640]
"332BigDog"="c:\program files (x86)\USB Camera2\VM332_STI.EXE" [2010-01-19 536576]
"VitaKeyTSR"="c:\program files (x86)\EgisTec BioExcess\EgisTSR.exe" [2010-05-28 376176]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-12-03 35184]
"UCam_Menu"="c:\program files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"YouCam Mirror Tray icon"="c:\program files (x86)\Lenovo\YouCam\YouCamTray.exe" [2010-03-02 171104]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-03-10 407920]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-03-10 201584]
"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]
"NokiaInternetModem_AppStart.exe"="c:\program files (x86)\Nokia\Nokia Internet Modem\NokiaInternetModem_AppStart.exe" [2010-10-05 137728]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-09-01 90448]
"IndexSearch"="c:\program files (x86)\Nuance\PaperPort\IndexSearch.exe" [2010-03-09 46368]
"PaperPort PTD"="c:\program files (x86)\Nuance\PaperPort\pptd40nt.exe" [2010-03-09 29984]
"PPort12reminder"="c:\program files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" [2010-02-09 328992]
"PDFHook"="c:\program files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe" [2010-03-06 636192]
"PDF5 Registry Controller"="c:\program files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe" [2010-03-06 62752]
"ControlCenter4"="c:\program files (x86)\ControlCenter4\BrCcBoot.exe" [2010-10-26 139264]
"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2010-06-10 2621440]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 KMService;KMService;c:\windows\system32\srvany.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-27 257696]
R3 InputFilter_Hid_FlexDef2b;Siliten HID Devices(FlexDef2b) Driver Service;c:\windows\system32\DRIVERS\InputFilter_FlexDef2b.sys [2010-06-19 17920]
R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-06-10 270848]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-17 129976]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 nokia_cs1x_cdc_acm;Nokia Internet Stick CDC-ACM driver;c:\windows\system32\DRIVERS\nokia_cs1x_cdc_acm.sys [2010-04-22 98304]
R3 nokia_cs1x_cdc_ecm;nokia_cs1x_cdc_ecm;c:\windows\system32\DRIVERS\nokia_cs1x_cdc_ecm.sys [2010-04-22 53760]
R3 nokia_cs1x_cpo;Nokia Internet Stick Mass Storage Device;c:\windows\system32\DRIVERS\nokia_cs1x_cpo.sys [2010-04-22 13824]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-03-24 243744]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-03 1255736]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 121840]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys [2010-01-15 39008]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2011-03-19 22576]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2011-03-19 20016]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2011-03-19 60464]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 EgisTec Data Security Service;EgisTec Data Security Service;c:\program files (x86)\EgisTec BioExcess\EgisDSService.exe [2010-05-28 314736]
S2 EgisTec Service;EgisTec Service;c:\program files (x86)\EgisTec BioExcess\EgisService.exe [2010-05-28 709488]
S2 FPSensor;EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys);c:\windows\system32\Drivers\FPSensor.sys [2011-03-19 35888]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-03 13336]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [2010-03-09 144672]
S2 RtLedService;RtLedService Installer;c:\program files\Realtek\RtLED\RtLEDService.exe [2010-02-05 311296]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-09-30 2320920]
S2 UsbService;Eltima Usb to Ethernet Connector;c:\program files (x86)\ASUS\Printer Utilities\UsbService64.exe [2009-05-05 326656]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2009-10-19 28176]
S3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe [2010-01-25 245760]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-03-26 162304]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-02-22 75304]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
S3 nokia_cs1x_dc_enum;Nokia Internet Stick DC Enumerator;c:\windows\system32\DRIVERS\nokia_cs1x_dc_enum.sys [2010-04-22 97280]
S3 vm332avs;Lenovo Camera2;c:\windows\system32\Drivers\vm332avs.sys [2010-05-11 229488]
S3 vuhub;Virtual Usb Hub;c:\windows\system32\DRIVERS\vuhub.sys [2007-12-17 47616]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-27 03:00]
.
2012-07-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2591753365-2526377709-281079065-1000Core.job
- c:\users\Angelo\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-01 22:04]
.
2012-07-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2591753365-2526377709-281079065-1000UA.job
- c:\users\Angelo\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-01 22:04]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-02 10821224]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\utility.exe" [2010-04-12 4462496]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2010-03-18 7056800]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-09-01 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-09-01 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-09-01 416024]
"Eraser"="c:\progra~1\Eraser\Eraser.exe" [2011-11-05 980368]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"combofix"="c:\combofix\CF2977.3XE" [2009-07-14 344576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://lenovo.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Angelo\AppData\Roaming\Mozilla\Firefox\Profiles\zwmj45cc.default\
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-VeriFaceManager - c:\program files (x86)\Lenovo\VeriFace\PManage.exe
SafeBoot-MsMpSvc
HKLM-Run-ETDWare - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-Best Buy pc app - c:\programdata\{FEC7DA28-87AB-47BB-8C6C-FFE15BF1037D}\Best Buy pc app Setup.exe
AddRemove-{FBBC4667-2521-4E78-B1BD-8706F774549B} - c:\programdata\{FEC7DA28-87AB-47BB-8C6C-FFE15BF1037D}\Best Buy pc app Setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\ControlCenter4\BrCtrlCntr.exe
c:\program files (x86)\ControlCenter4\BrCcUxSys.exe
.
**************************************************************************
.
Completion time: 2012-07-07 14:35:43 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-07 18:35
.
Pre-Run: 198,565,834,752 bytes free
Post-Run: 197,854,912,512 bytes free
.
- - End Of File - - 722633FA474AD8C1C8B7496FD7A2156B