iamsid
-
Posts
13 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by iamsid
-
-
Oh, and computer seems to still be running fine. No issues during any of the steps.
-
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:01:25 PM, on 10/18/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)
Boot mode: Normal
Running processes:
C:\Users\sshaffer\Downloads\TwoFingerScroll_1_0_9-MacHater-Mod\TwoFingerScroll.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Everything\Everything.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\CyberLink\PCM4Everio\EverioService.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Citrix\ICA Client\PNAMAIN.EXE
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
C:\Users\sshaffer\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\SSDriver\fi5110\SsWiaChecker.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\Citrix\ICA Client\WFCRUN32.EXE
C:\Users\sshafferMFI\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Users\sshaffer\Desktop\security tools\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 7\SnagItIEAddin.dll
O4 - HKLM\..\Run: [iMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"
O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe /start
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files (x86)\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Everything] "C:\Program Files (x86)\Everything\Everything.exe" -startup
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [EverioService] "C:\Program Files (x86)\CyberLink\PCM4Everio\EverioService.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [KeePass 2 PreLoad] "C:\Program Files (x86)\KeePass\KeePass.exe" --preload
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [scanSnap WIA Service Checker] C:\Windows\SSDriver\fi5110\SsWiaChecker.exe
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [TwoFingerScroll] C:\Users\sshaffer\Downloads\TwoFingerScroll_1_0_9-MacHater-Mod\TwoFingerScroll.exe
O4 - HKCU\..\Run: [7 Taskbar Tweaker] "C:\Users\sshaffer\AppData\Roaming\7 Taskbar Tweaker\7+ Taskbar Tweaker.exe" -hidewnd
O4 - HKUS\S-1-5-21-2108967553-259258955-711445176-1005\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (User 'sshafferMFI')
O4 - HKUS\S-1-5-21-2108967553-259258955-711445176-1005\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime (User 'sshafferMFI')
O4 - S-1-5-21-2108967553-259258955-711445176-1005 Startup: Dropbox.lnk = sshafferMFI\AppData\Roaming\Dropbox\bin\Dropbox.exe (User 'sshafferMFI')
O4 - S-1-5-21-2108967553-259258955-711445176-1005 User Startup: Dropbox.lnk = sshafferMFI\AppData\Roaming\Dropbox\bin\Dropbox.exe (User 'sshafferMFI')
O4 - Startup: Dropbox.lnk = sshaffer\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: MFI-dropbox.lnk = C:\Windows\System32\runas.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Online plug-in.lnk = ?
O4 - Global Startup: ScanSnap Manager.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} (Photo Upload Plugin Class) - http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com//activex/ractrl.cab?lmi=928
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Box Sync Auto-updater (#UpdateService) - Box, Inc. - C:\Program Files\Box Sync\UpdateService.exe
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agr64svc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ElephantDrive-MappedDrive (ElephantDrive-MappedDrive.exe) - ElephantDrive - C:\Program Files (x86)\ElephantDrive\ElephantDrive Desktop\ElephantDesktop-MappedDrive.exe
O23 - Service: ElephantDrive-Service (ElephantDrive-Service.exe) - ElephantDrive - C:\Program Files (x86)\ElephantDrive\ElephantDrive Desktop\ElephantDesktop-Service.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe (file missing)
O23 - Service: HP Power Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Connection Manager 4 Service (hpCMSrv) - Hewlett-Packard Development Company L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
O23 - Service: HP DayStarter Service (HPDayStarterService) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: hpHotkeyMonitor - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service v4 (IntuitUpdateServiceV4) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® Identity Protection Technology Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files (x86)\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: Portrait Displays SDK Service (PdiService) - Portrait Displays, Inc. - C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
O23 - Service: RoxMediaDB12OEM - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmProxy.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vcsFPService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 20335 bytes
-
Malwarebytes Anti-Malware 1.65.1.1000
Database version: v2012.10.18.10
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
sshaffer :: SIRIUSSID [administrator]
10/18/2012 5:58:07 PM
mbam-log-2012-10-18 (17-58-07).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 317383
Time elapsed: 7 minute(s), 27 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
-
Just to be clear, the problem seemed to be fixed after the first ComboFix run (as opposed to the second). Just wanted to clarify my above post and couldn't figure out how to edit it.
-
Computer continues to work well. It went away after the ComboFix run. So far I've had no problems during this process.
Neither ComboFix or TDSSKiller needed to reboot.
Below is the new ComboFix log. Any idea what I had to begin with?
sid
======
ComboFix 12-10-16.02 - sshaffer 10/18/2012 13:01:14.2.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4046.1959 [GMT -5:00]
Running from: c:\users\sshaffer\Desktop\security tools\04-ComboFix.exe
Command switches used :: c:\users\sshaffer\Desktop\security tools\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Resident AV is active
.
.
.
((((((((((((((((((((((((( Files Created from 2012-09-18 to 2012-10-18 )))))))))))))))))))))))))))))))
.
.
2012-10-18 18:10 . 2012-10-18 18:10 -------- d-----w- c:\users\sshafferMFI\AppData\Local\temp
2012-10-18 18:10 . 2012-10-18 18:10 -------- d-----w- c:\users\HelpDesk\AppData\Local\temp
2012-10-18 18:10 . 2012-10-18 18:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-18 17:19 . 2012-10-18 17:19 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2EDF866C-9A6E-44A2-B359-9CDE44B9B2BB}\offreg.dll
2012-10-18 17:18 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2EDF866C-9A6E-44A2-B359-9CDE44B9B2BB}\mpengine.dll
2012-10-17 03:46 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-10-17 00:38 . 2012-10-17 00:38 -------- d-----w- c:\users\sshafferMFI\AppData\Local\VirtualStore
2012-10-14 14:12 . 2012-10-14 14:12 -------- d-----w- c:\users\sshaffer\AppData\Roaming\SUPERAntiSpyware.com
2012-10-14 14:12 . 2012-10-14 14:12 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-10-14 14:12 . 2012-10-14 14:12 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-10-10 18:14 . 2012-10-10 18:14 -------- d-----w- c:\users\sshaffer\AppData\Roaming\C2OutlookExport
2012-10-10 18:14 . 2012-10-10 18:14 -------- d-----w- c:\program files (x86)\CodeTwo
2012-10-10 16:47 . 2012-10-10 16:46 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3B33693D-A3D9-431D-A203-E2BFE82EDA97}\gapaengine.dll
2012-10-10 16:23 . 2012-10-10 16:23 -------- d-----w- c:\windows\Temp7ADA2139-05D7-8850-E7DE-F58DD86F8174-Signatures
2012-10-10 14:33 . 2012-06-09 05:43 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-10-10 14:32 . 2012-09-14 19:19 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-10 14:31 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-10-10 14:28 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll
2012-10-10 14:28 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2012-10-10 14:28 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll
2012-10-02 20:48 . 2012-10-02 21:04 -------- d-----w- c:\users\sshaffer\AppData\Roaming\Audacity
2012-09-28 23:43 . 2012-09-28 23:43 -------- d-----w- c:\users\sshaffer\AppData\Roaming\Fujitsu
2012-09-28 23:43 . 2012-09-28 23:48 -------- d-----w- c:\users\sshaffer\AppData\Roaming\PFU
2012-09-28 23:42 . 2009-09-19 03:01 367616 ----a-w- c:\windows\system32\s1300u-x64.dll
2012-09-28 23:42 . 2009-04-24 01:29 695296 ----a-w- c:\windows\system32\ippi5s1300-x64.dll
2012-09-28 23:42 . 2007-07-27 03:47 351744 ----a-w- c:\windows\system32\s300u-x64.dll
2012-09-28 23:42 . 2007-05-24 00:57 695296 ----a-w- c:\windows\system32\ippi5s300-x64.dll
2012-09-28 23:41 . 2009-04-24 01:29 2873856 ----a-w- c:\windows\system32\ijl5s1300-x64.dll
2012-09-28 23:41 . 2008-04-03 13:08 33280 ----a-w- c:\windows\system32\fj52usb-x64.dll
2012-09-28 23:41 . 2007-08-17 21:33 33280 ----a-w- c:\windows\system32\fjmcusb-x64.dll
2012-09-28 23:41 . 2007-05-24 00:57 2873856 ----a-w- c:\windows\system32\ijl5s300-x64.dll
2012-09-28 23:41 . 2012-09-28 23:42 -------- d-----w- c:\windows\SSDriver
2012-09-28 23:40 . 2012-09-28 23:40 -------- d-----w- c:\program files (x86)\Common Files\PFU
2012-09-28 23:40 . 2012-09-28 23:40 -------- d-----w- c:\program files (x86)\PFU
2012-09-24 22:08 . 2012-09-24 22:08 -------- d-----w- c:\program files\Common Files\Adobe
2012-09-24 22:07 . 2012-09-24 22:07 -------- d-----w- c:\program files\Adobe
2012-09-20 20:23 . 2012-04-24 11:51 476160 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpcpp130.dll
2012-09-20 20:03 . 2012-09-20 20:05 -------- d-----w- C:\Drivers
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-18 13:29 . 2012-04-24 14:04 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-18 13:29 . 2011-10-21 14:41 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-28 05:18 . 2011-10-21 16:04 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-09-07 22:04 . 2011-10-28 21:17 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-31 03:03 . 2012-08-31 03:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-31 03:03 . 2011-04-27 20:25 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-28 19:38 . 2012-03-02 01:44 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-08-20 17:38 . 2012-10-10 14:33 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\sshaffer\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\sshaffer\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\sshaffer\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\sshaffer\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TwoFingerScroll"="c:\users\sshaffer\Downloads\TwoFingerScroll_1_0_9-MacHater-Mod\TwoFingerScroll.exe" [2012-01-13 1471488]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-10-08 5628288]
"7 Taskbar Tweaker"="c:\users\sshaffer\AppData\Roaming\7 Taskbar Tweaker\7+ Taskbar Tweaker.exe" [2012-09-26 213504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IMSS"="c:\program files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2011-01-03 112152]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-01-26 283160]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-11-21 106496]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-08-10 336384]
"QLBController"="c:\program files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe" [2011-07-06 323128]
"OfficeScanNT Monitor"="c:\program files (x86)\Trend Micro\OfficeScan Client\pccntmon.exe" [2009-04-16 1176880]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Everything"="c:\program files (x86)\Everything\Everything.exe" [2009-03-13 602624]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2011-08-11 358336]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"EverioService"="c:\program files (x86)\CyberLink\PCM4Everio\EverioService.exe" [2006-11-23 151552]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"KeePass 2 PreLoad"="c:\program files (x86)\KeePass\KeePass.exe" [2012-05-01 1895424]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"ScanSnap WIA Service Checker"="c:\windows\SSDriver\fi5110\SsWiaChecker.exe" [2009-09-30 86016]
.
c:\users\sshafferMFI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\sshaffer\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\users\sshaffer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\sshaffer\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
MFI-dropbox.lnk - c:\windows\System32\runas.exe [2009-7-13 20480]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-7-29 1132320]
Online plug-in.lnk - c:\windows\Installer\{E5F3D1E9-006E-4435-85D6-483B66376655}\pnaico.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe [2011-12-15 77824]
ScanSnap Manager.lnk - c:\program files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe [2012-9-28 1146880]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-20 116648]
R3 AceecaUSBDx64;AceecaUSBDx64;c:\windows\system32\DRIVERS\AceecaUSBDx64.sys [2011-04-05 66552]
R3 ElephantDrive-Service.exe;ElephantDrive-Service;c:\program files (x86)\ElephantDrive\ElephantDrive Desktop\ElephantDesktop-Service.exe [2011-05-13 118456]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-20 116648]
R3 hpCMSrv;HP Connection Manager 4 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-05-23 1098296]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2011-08-19 351136]
R3 LVUVC64;Logitech Webcam Pro 9000(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2011-08-19 4869024]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-16 115168]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2010-11-07 24176]
R3 RemoteControl-USBLAN;RemoteControl-USBLAN;c:\windows\system32\DRIVERS\rcblan.sys [2007-01-24 46616]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2011-01-15 1116656]
R3 RRNetCap;RRNetCap Service;c:\windows\system32\DRIVERS\rrnetcap.sys [2011-12-09 37480]
R3 SPUVCbv;SPUVCb Driver Service;c:\windows\system32\Drivers\SPUVCbv_x64.sys [2011-01-12 2611704]
R3 TmProxy;OfficeScan NT Proxy Service;c:\program files (x86)\Trend Micro\OfficeScan Client\TmProxy.exe [2009-02-23 865032]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-21 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2011-08-11 91864]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]
S2 8704pdateService;Box Sync Auto-updater;c:\program files\Box Sync\UpdateService.exe [2012-04-24 8704]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2011-10-20 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-10-20 203776]
S2 ElephantDrive-MappedDrive.exe;ElephantDrive-MappedDrive;c:\program files (x86)\ElephantDrive\ElephantDrive Desktop\ElephantDesktop-MappedDrive.exe [2011-05-13 118968]
S2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2011-01-26 131128]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
S2 HPDayStarterService;HP DayStarter Service;c:\program files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe [2011-01-28 133688]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-07-05 227384]
S2 hpHotkeyMonitor;hpHotkeyMonitor;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [2011-07-06 1698360]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-01-26 30520]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-26 13336]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-25 13672]
S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944]
S2 PdiService;Portrait Displays SDK Service;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2011-01-18 113264]
S2 TmFilter;Trend Micro Filter;c:\program files (x86)\Trend Micro\OfficeScan Client\TmXPFlt.sys [2011-07-12 342288]
S2 TmPreFilter;Trend Micro PreFilter;c:\program files (x86)\Trend Micro\OfficeScan Client\TmPreFlt.sys [2011-07-12 42768]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-08-19 450848]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-01-03 2656280]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2011-08-23 3175728]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2011-09-22 645048]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-10-20 9090560]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-10-20 299520]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-10-20 231440]
S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-07-14 344616]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-03-02 39464]
S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [2011-05-04 340656]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2011-10-20 174680]
S3 johci;JMicron 1394 Filter Driver;c:\windows\system32\DRIVERS\johci.sys [2011-10-20 26712]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [2011-09-02 76056]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [2011-09-02 15128]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-10-20 8593920]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248]
S3 RRNetCapMP;RRNetCapMP;c:\windows\system32\DRIVERS\rrnetcap.sys [2011-12-09 37480]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 79987885
*NewlyCreated* - ASWMBR
*Deregistered* - 79987885
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-03-04 17:29 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-20 22:03]
.
2012-10-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-20 22:03]
.
2012-10-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2108967553-259258955-711445176-1001Core.job
- c:\users\sshaffer\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-28 06:15]
.
2012-10-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2108967553-259258955-711445176-1001UA.job
- c:\users\sshaffer\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-28 06:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\000BoxDesktopFileLocked]
@="{C253B817-3A00-475f-A5A3-6F2DD704B48D}"
[HKEY_CLASSES_ROOT\CLSID\{C253B817-3A00-475f-A5A3-6F2DD704B48D}]
2010-11-05 01:57 444752 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\000BoxDesktopNotSynced]
@="{19ACC806-F7AA-46AA-A80A-726A07CA6637}"
[HKEY_CLASSES_ROOT\CLSID\{19ACC806-F7AA-46AA-A80A-726A07CA6637}]
2010-11-05 01:57 444752 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\000BoxDesktopNotSyncedCollabs]
@="{337D9DE0-3F8B-4430-AF0F-FFC24A95AE8F}"
[HKEY_CLASSES_ROOT\CLSID\{337D9DE0-3F8B-4430-AF0F-FFC24A95AE8F}]
2010-11-05 01:57 444752 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\000BoxDesktopSynced]
@="{B7AC9C6D-F15B-4B1A-A88D-F518D13861D9}"
[HKEY_CLASSES_ROOT\CLSID\{B7AC9C6D-F15B-4B1A-A88D-F518D13861D9}]
2010-11-05 01:57 444752 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\000BoxDesktopSyncedCollab]
@="{9E48C232-F601-4E41-BB3E-16CBAF317AA4}"
[HKEY_CLASSES_ROOT\CLSID\{9E48C232-F601-4E41-BB3E-16CBAF317AA4}]
2010-11-05 01:57 444752 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01ElephantIconOverlay]
@="{AFA39CBB-DF66-47f9-A047-47ED25FE655E}"
[HKEY_CLASSES_ROOT\CLSID\{AFA39CBB-DF66-47f9-A047-47ED25FE655E}]
2010-07-10 02:20 244736 ----a-w- c:\program files (x86)\ElephantDrive\ElephantDrive Desktop\IconOverlay-64bit.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02ElephantIconOverlay]
@="{1E519A85-494E-4706-AC87-1CC8BB9CC5DA}"
[HKEY_CLASSES_ROOT\CLSID\{1E519A85-494E-4706-AC87-1CC8BB9CC5DA}]
2010-07-10 02:20 244736 ----a-w- c:\program files (x86)\ElephantDrive\ElephantDrive Desktop\IconOverlay-64bit.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03ElephantIconOverlay]
@="{0E2DD711-458A-4b39-8211-3F5FDAA0539E}"
[HKEY_CLASSES_ROOT\CLSID\{0E2DD711-458A-4b39-8211-3F5FDAA0539E}]
2010-07-10 02:20 244736 ----a-w- c:\program files (x86)\ElephantDrive\ElephantDrive Desktop\IconOverlay-64bit.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\sshafferMFI\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\sshafferMFI\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\sshafferMFI\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\sshafferMFI\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OfficeScanNT Monitor"="-HideWindow" [X]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-10-20 1128448]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
"BoxSyncHelper"="c:\program files\Box Sync\BoxSyncHelper.exe" [2012-04-24 394240]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: google.com\www
Trusted Zone: intuit.com\ttlc
Trusted Zone: rhapsody.com\rhap-app-4-0
Trusted Zone: rhapsody.com\rhapreg
TCP: DhcpNameServer = 66.196.216.10 66.196.212.10
FF - ProfilePath - c:\users\sshaffer\AppData\Roaming\Mozilla\Firefox\Profiles\aubmf11t.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com|http://www.msn.com|http://www.gizmodo.com| http://www.engadget.com
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226} - c:\program files (x86)\InstallShield Installation Information\{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\0b\02\08\13\10\02?"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-10-18 13:14:08
ComboFix-quarantined-files.txt 2012-10-18 18:14
ComboFix2.txt 2012-10-17 00:27
.
Pre-Run: 18,953,613,312 bytes free
Post-Run: 19,333,111,808 bytes free
.
- - End Of File - - 6EA1DCE10387AD453F503F1C3C773BC7
-
==============
TDSSKILLER
==============
10:51:47.0710 1640 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
10:51:48.0130 1640 ============================================================
10:51:48.0130 1640 Current date / time: 2012/10/18 10:51:48.0130
10:51:48.0130 1640 SystemInfo:
10:51:48.0130 1640
10:51:48.0130 1640 OS Version: 6.1.7601 ServicePack: 1.0
10:51:48.0130 1640 Product type: Workstation
10:51:48.0130 1640 ComputerName: SIRIUSSID
10:51:48.0130 1640 UserName: sshaffer
10:51:48.0130 1640 Windows directory: C:\Windows
10:51:48.0130 1640 System windows directory: C:\Windows
10:51:48.0130 1640 Running under WOW64
10:51:48.0130 1640 Processor architecture: Intel x64
10:51:48.0130 1640 Number of processors: 4
10:51:48.0130 1640 Page size: 0x1000
10:51:48.0130 1640 Boot type: Normal boot
10:51:48.0130 1640 ============================================================
10:51:48.0780 1640 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:51:48.0785 1640 ============================================================
10:51:48.0785 1640 \Device\Harddisk0\DR0:
10:51:48.0785 1640 MBR partitions:
10:51:48.0785 1640 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x96000
10:51:48.0785 1640 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x96800, BlocksNum 0x14FF3000
10:51:48.0807 1640 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1508A000, BlocksNum 0xF9A0000
10:51:48.0807 1640 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x24A2A000, BlocksNum 0xA00000
10:51:48.0807 1640 ============================================================
10:51:48.0849 1640 C: <-> \Device\Harddisk0\DR0\Partition2
10:51:48.0873 1640 H: <-> \Device\Harddisk0\DR0\Partition4
10:51:48.0926 1640 D: <-> \Device\Harddisk0\DR0\Partition3
10:51:48.0926 1640 ============================================================
10:51:48.0926 1640 Initialize success
10:51:48.0926 1640 ============================================================
10:52:22.0774 4868 ============================================================
10:52:22.0774 4868 Scan started
10:52:22.0774 4868 Mode: Manual;
10:52:22.0774 4868 ============================================================
10:52:24.0228 4868 ================ Scan system memory ========================
10:52:24.0228 4868 System memory - ok
10:52:24.0228 4868 ================ Scan services =============================
10:52:24.0301 4868 [ 581D88B25C4D4121824FED2CA38E562F ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
10:52:24.0309 4868 !SASCORE - ok
10:52:24.0397 4868 [ 52C4AE4942F0AE3A63D11FA2B4CF32A7 ] #UpdateService C:\Program Files\Box Sync\UpdateService.exe
10:52:24.0403 4868 #UpdateService - ok
10:52:24.0643 4868 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
10:52:24.0646 4868 1394ohci - ok
10:52:24.0679 4868 [ 7A330A42870EB1FA81F88BE514D2D566 ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys
10:52:24.0685 4868 Accelerometer - ok
10:52:24.0792 4868 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
10:52:24.0810 4868 ACDaemon - ok
10:52:24.0861 4868 [ 5677F1633EA1FA5DB3482080A506EA24 ] AceecaUSBDx64 C:\Windows\system32\DRIVERS\AceecaUSBDx64.sys
10:52:24.0869 4868 AceecaUSBDx64 - ok
10:52:24.0901 4868 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
10:52:24.0905 4868 ACPI - ok
10:52:24.0944 4868 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
10:52:24.0949 4868 AcpiPmi - ok
10:52:25.0022 4868 [ 11A52CF7B265631DEEB24C6149309EFF ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
10:52:25.0029 4868 AdobeARMservice - ok
10:52:25.0071 4868 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
10:52:25.0092 4868 adp94xx - ok
10:52:25.0139 4868 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
10:52:25.0158 4868 adpahci - ok
10:52:25.0187 4868 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
10:52:25.0197 4868 adpu320 - ok
10:52:25.0224 4868 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
10:52:25.0225 4868 AeLookupSvc - ok
10:52:25.0290 4868 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Program Files\IDT\WDM\AESTSr64.exe
10:52:25.0298 4868 AESTFilters - ok
10:52:25.0356 4868 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
10:52:25.0556 4868 AFD - ok
10:52:25.0601 4868 [ 48008D4EA73C1058F36D323A644410D4 ] AgereModemAudio C:\Program Files\LSI SoftModem\agr64svc.exe
10:52:25.0602 4868 AgereModemAudio - ok
10:52:25.0633 4868 [ DDF52C4C92D831A4CDB7788B37585E36 ] AgereSoftModem C:\Windows\system32\DRIVERS\agrsm64.sys
10:52:25.0669 4868 AgereSoftModem - ok
10:52:25.0725 4868 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
10:52:25.0732 4868 agp440 - ok
10:52:25.0760 4868 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
10:52:25.0769 4868 ALG - ok
10:52:25.0796 4868 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
10:52:25.0801 4868 aliide - ok
10:52:25.0837 4868 [ 9F822F77D3A7018F5FC28558DCB0A774 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
10:52:25.0849 4868 AMD External Events Utility - ok
10:52:25.0852 4868 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
10:52:25.0858 4868 amdide - ok
10:52:25.0909 4868 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
10:52:25.0916 4868 AmdK8 - ok
10:52:26.0060 4868 [ 45CC3C9D674BBC1703FE58DFB0E53616 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
10:52:26.0283 4868 amdkmdag - ok
10:52:26.0336 4868 [ 469E2BFEDF2A77C1DDDCD9D89E5EA4AA ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
10:52:26.0348 4868 amdkmdap - ok
10:52:26.0366 4868 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
10:52:26.0372 4868 AmdPPM - ok
10:52:26.0403 4868 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
10:52:26.0411 4868 amdsata - ok
10:52:26.0439 4868 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
10:52:26.0449 4868 amdsbs - ok
10:52:26.0466 4868 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
10:52:26.0471 4868 amdxata - ok
10:52:26.0506 4868 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
10:52:26.0513 4868 AppID - ok
10:52:26.0529 4868 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
10:52:26.0534 4868 AppIDSvc - ok
10:52:26.0555 4868 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
10:52:26.0561 4868 Appinfo - ok
10:52:26.0618 4868 [ D8E18021F91AD79CA8491CB5A5DA22D4 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:52:26.0626 4868 Apple Mobile Device - ok
10:52:26.0664 4868 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
10:52:26.0674 4868 AppMgmt - ok
10:52:26.0706 4868 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
10:52:26.0713 4868 arc - ok
10:52:26.0727 4868 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
10:52:26.0734 4868 arcsas - ok
10:52:26.0859 4868 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
10:52:26.0865 4868 aspnet_state - ok
10:52:26.0898 4868 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
10:52:26.0904 4868 AsyncMac - ok
10:52:26.0941 4868 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
10:52:26.0947 4868 atapi - ok
10:52:27.0002 4868 [ DBB487D09F56C674430AC454FD8BCAB9 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
10:52:27.0019 4868 AtiHDAudioService - ok
10:52:27.0054 4868 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:52:27.0085 4868 AudioEndpointBuilder - ok
10:52:27.0103 4868 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
10:52:27.0106 4868 AudioSrv - ok
10:52:27.0168 4868 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
10:52:27.0177 4868 AxInstSV - ok
10:52:27.0229 4868 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
10:52:27.0257 4868 b06bdrv - ok
10:52:27.0323 4868 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
10:52:27.0342 4868 b57nd60a - ok
10:52:27.0416 4868 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
10:52:27.0423 4868 BDESVC - ok
10:52:27.0433 4868 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
10:52:27.0438 4868 Beep - ok
10:52:27.0478 4868 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
10:52:27.0501 4868 BFE - ok
10:52:27.0552 4868 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
10:52:27.0562 4868 BITS - ok
10:52:27.0582 4868 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
10:52:27.0590 4868 blbdrive - ok
10:52:27.0625 4868 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
10:52:27.0641 4868 Bonjour Service - ok
10:52:27.0684 4868 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
10:52:27.0692 4868 bowser - ok
10:52:27.0721 4868 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:52:27.0727 4868 BrFiltLo - ok
10:52:27.0751 4868 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:52:27.0756 4868 BrFiltUp - ok
10:52:27.0812 4868 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
10:52:27.0820 4868 BridgeMP - ok
10:52:27.0864 4868 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
10:52:27.0873 4868 Browser - ok
10:52:27.0892 4868 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
10:52:27.0908 4868 Brserid - ok
10:52:27.0918 4868 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
10:52:27.0925 4868 BrSerWdm - ok
10:52:27.0955 4868 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
10:52:27.0961 4868 BrUsbMdm - ok
10:52:27.0969 4868 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
10:52:27.0974 4868 BrUsbSer - ok
10:52:28.0032 4868 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
10:52:28.0039 4868 BthEnum - ok
10:52:28.0061 4868 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
10:52:28.0070 4868 BTHMODEM - ok
10:52:28.0105 4868 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
10:52:28.0107 4868 BthPan - ok
10:52:28.0167 4868 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
10:52:28.0188 4868 BTHPORT - ok
10:52:28.0243 4868 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
10:52:28.0250 4868 bthserv - ok
10:52:28.0287 4868 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
10:52:28.0296 4868 BTHUSB - ok
10:52:28.0336 4868 [ 7A2CE8C1BF4DAA1F2766E21E9CA11078 ] btwampfl C:\Windows\system32\drivers\btwampfl.sys
10:52:28.0338 4868 btwampfl - ok
10:52:28.0363 4868 [ A75BF6802A967F5AACECC3C67FEBDF55 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
10:52:28.0372 4868 btwaudio - ok
10:52:28.0395 4868 [ D895DC213EDBDA5FCC53AAD1F1E0E63B ] btwavdt C:\Windows\system32\DRIVERS\btwavdt.sys
10:52:28.0406 4868 btwavdt - ok
10:52:28.0472 4868 [ 692F8648D7686D91E34A65AC698019D8 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
10:52:28.0496 4868 btwdins - ok
10:52:28.0538 4868 [ 07096D2BC22CCB6CEA5A532DF0BE8A75 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
10:52:28.0544 4868 btwl2cap - ok
10:52:28.0555 4868 [ 6D7AA2BDE0135599C5F230D69DB3B420 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
10:52:28.0560 4868 btwrchid - ok
10:52:28.0580 4868 catchme - ok
10:52:28.0616 4868 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
10:52:28.0624 4868 cdfs - ok
10:52:28.0662 4868 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
10:52:28.0671 4868 cdrom - ok
10:52:28.0704 4868 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
10:52:28.0711 4868 CertPropSvc - ok
10:52:28.0744 4868 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
10:52:28.0750 4868 circlass - ok
10:52:28.0786 4868 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
10:52:28.0804 4868 CLFS - ok
10:52:28.0859 4868 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:52:28.0868 4868 clr_optimization_v2.0.50727_32 - ok
10:52:28.0901 4868 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:52:28.0911 4868 clr_optimization_v2.0.50727_64 - ok
10:52:28.0983 4868 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:52:28.0995 4868 clr_optimization_v4.0.30319_32 - ok
10:52:29.0010 4868 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:52:29.0020 4868 clr_optimization_v4.0.30319_64 - ok
10:52:29.0041 4868 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
10:52:29.0047 4868 CmBatt - ok
10:52:29.0071 4868 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
10:52:29.0076 4868 cmdide - ok
10:52:29.0106 4868 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
10:52:29.0127 4868 CNG - ok
10:52:29.0167 4868 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
10:52:29.0172 4868 Compbatt - ok
10:52:29.0194 4868 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
10:52:29.0200 4868 CompositeBus - ok
10:52:29.0208 4868 COMSysApp - ok
10:52:29.0229 4868 CpqDfw - ok
10:52:29.0247 4868 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
10:52:29.0252 4868 crcdisk - ok
10:52:29.0299 4868 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
10:52:29.0309 4868 CryptSvc - ok
10:52:29.0335 4868 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
10:52:29.0372 4868 CSC - ok
10:52:29.0390 4868 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
10:52:29.0395 4868 CscService - ok
10:52:29.0428 4868 [ BF62FF663AE55E4ED99DE76881C2C0F1 ] ctxusbm C:\Windows\system32\DRIVERS\ctxusbm.sys
10:52:29.0435 4868 ctxusbm - ok
10:52:29.0465 4868 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
10:52:29.0470 4868 DcomLaunch - ok
10:52:29.0496 4868 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
10:52:29.0498 4868 defragsvc - ok
10:52:29.0532 4868 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
10:52:29.0541 4868 DfsC - ok
10:52:29.0561 4868 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
10:52:29.0574 4868 Dhcp - ok
10:52:29.0606 4868 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
10:52:29.0612 4868 discache - ok
10:52:29.0638 4868 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
10:52:29.0645 4868 Disk - ok
10:52:29.0674 4868 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
10:52:29.0676 4868 Dnscache - ok
10:52:29.0698 4868 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
10:52:29.0708 4868 dot3svc - ok
10:52:29.0731 4868 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
10:52:29.0732 4868 DPS - ok
10:52:29.0765 4868 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
10:52:29.0770 4868 drmkaud - ok
10:52:29.0805 4868 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
10:52:29.0832 4868 DXGKrnl - ok
10:52:29.0870 4868 [ FAF4969BDDEE7786862BBD75F4B499DE ] e1cexpress C:\Windows\system32\DRIVERS\e1c62x64.sys
10:52:29.0891 4868 e1cexpress - ok
10:52:29.0922 4868 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
10:52:29.0930 4868 EapHost - ok
10:52:30.0004 4868 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
10:52:30.0126 4868 ebdrv - ok
10:52:30.0172 4868 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
10:52:30.0179 4868 EFS - ok
10:52:30.0237 4868 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
10:52:30.0274 4868 ehRecvr - ok
10:52:30.0298 4868 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
10:52:30.0309 4868 ehSched - ok
10:52:30.0352 4868 [ E943D9C3F9A26B259C5053B49724E840 ] ElephantDrive-MappedDrive.exe C:\Program Files (x86)\ElephantDrive\ElephantDrive Desktop\ElephantDesktop-MappedDrive.exe
10:52:30.0363 4868 ElephantDrive-MappedDrive.exe - ok
10:52:30.0380 4868 [ EF5ECBCA789C9C63CB5453ACFD25EDAD ] ElephantDrive-Service.exe C:\Program Files (x86)\ElephantDrive\ElephantDrive Desktop\ElephantDesktop-Service.exe
10:52:30.0392 4868 ElephantDrive-Service.exe - ok
10:52:30.0426 4868 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
10:52:30.0447 4868 elxstor - ok
10:52:30.0477 4868 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
10:52:30.0482 4868 ErrDev - ok
10:52:30.0520 4868 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
10:52:30.0530 4868 EventSystem - ok
10:52:30.0560 4868 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
10:52:30.0572 4868 exfat - ok
10:52:30.0589 4868 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
10:52:30.0600 4868 fastfat - ok
10:52:30.0639 4868 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
10:52:30.0646 4868 Fax - ok
10:52:30.0677 4868 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
10:52:30.0683 4868 fdc - ok
10:52:30.0711 4868 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
10:52:30.0716 4868 fdPHost - ok
10:52:30.0723 4868 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
10:52:30.0729 4868 FDResPub - ok
10:52:30.0761 4868 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
10:52:30.0768 4868 FileInfo - ok
10:52:30.0781 4868 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
10:52:30.0788 4868 Filetrace - ok
10:52:30.0839 4868 [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
10:52:30.0877 4868 FLEXnet Licensing Service - ok
10:52:30.0915 4868 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
10:52:30.0921 4868 flpydisk - ok
10:52:30.0949 4868 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
10:52:30.0966 4868 FltMgr - ok
10:52:31.0011 4868 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
10:52:31.0064 4868 FontCache - ok
10:52:31.0112 4868 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:52:31.0120 4868 FontCache3.0.0.0 - ok
10:52:31.0149 4868 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
10:52:31.0155 4868 FsDepends - ok
10:52:31.0196 4868 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
10:52:31.0202 4868 Fs_Rec - ok
10:52:31.0239 4868 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
10:52:31.0253 4868 fvevol - ok
10:52:31.0272 4868 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
10:52:31.0280 4868 gagp30kx - ok
10:52:31.0296 4868 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:52:31.0302 4868 GEARAspiWDM - ok
10:52:31.0330 4868 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
10:52:31.0335 4868 gpsvc - ok
10:52:31.0461 4868 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:52:31.0463 4868 gupdate - ok
10:52:31.0479 4868 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:52:31.0480 4868 gupdatem - ok
10:52:31.0516 4868 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
10:52:31.0533 4868 gusvc - ok
10:52:31.0598 4868 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
10:52:31.0604 4868 hcw85cir - ok
10:52:31.0636 4868 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
10:52:31.0655 4868 HdAudAddService - ok
10:52:31.0687 4868 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
10:52:31.0695 4868 HDAudBus - ok
10:52:31.0710 4868 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
10:52:31.0717 4868 HidBatt - ok
10:52:31.0730 4868 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
10:52:31.0739 4868 HidBth - ok
10:52:31.0764 4868 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
10:52:31.0772 4868 HidIr - ok
10:52:31.0795 4868 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
10:52:31.0801 4868 hidserv - ok
10:52:31.0855 4868 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
10:52:31.0861 4868 HidUsb - ok
10:52:31.0886 4868 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
10:52:31.0894 4868 hkmsvc - ok
10:52:31.0915 4868 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
10:52:31.0926 4868 HomeGroupListener - ok
10:52:31.0956 4868 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
10:52:31.0959 4868 HomeGroupProvider - ok
10:52:32.0019 4868 HP Health Check Service - ok
10:52:32.0097 4868 [ 02C2108111D9656A9729995D2219FB99 ] HP Power Assistant Service C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
10:52:32.0107 4868 HP Power Assistant Service - ok
10:52:32.0166 4868 [ 170233B8D743EFE35F462A5D516B93E3 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
10:52:32.0175 4868 HP Support Assistant Service - ok
10:52:32.0237 4868 [ C5D2F308E1C12A5C328EF549696DBC05 ] hpCMSrv C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
10:52:32.0290 4868 hpCMSrv - ok
10:52:32.0340 4868 [ A9FC4D7EA174BBF5A675B299FFAD80A2 ] HPDayStarterService C:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe
10:52:32.0350 4868 HPDayStarterService - ok
10:52:32.0404 4868 [ D17F9E527F01770BD04A9223BC40EC22 ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
10:52:32.0415 4868 HPDrvMntSvc.exe - ok
10:52:32.0437 4868 [ A4BE23C451ADEB252CD17A0532CAE220 ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys
10:52:32.0443 4868 hpdskflt - ok
10:52:32.0506 4868 [ 7D10E0F2F603A3CE65F0B9750F7ABDB2 ] hpHotkeyMonitor C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe
10:52:32.0588 4868 hpHotkeyMonitor - ok
10:52:32.0620 4868 [ B98EE5D4535A685634B90F7E04DE0DF7 ] HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
10:52:32.0626 4868 HpqKbFiltr - ok
10:52:32.0661 4868 [ 0955C23C041451FB4E7099D6B2CF1C06 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
10:52:32.0670 4868 hpqwmiex - ok
10:52:32.0739 4868 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
10:52:32.0746 4868 HpSAMD - ok
10:52:32.0749 4868 [ A88A45E82BC54BFFB49C63973010226A ] hpsrv C:\Windows\system32\Hpservice.exe
10:52:32.0755 4868 hpsrv - ok
10:52:32.0824 4868 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
10:52:32.0868 4868 HTTP - ok
10:52:32.0914 4868 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
10:52:32.0919 4868 hwpolicy - ok
10:52:32.0953 4868 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
10:52:32.0964 4868 i8042prt - ok
10:52:32.0989 4868 [ D469B77687E12FE43E344806740B624D ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
10:52:32.0991 4868 iaStor - ok
10:52:33.0041 4868 [ 117FF657E0D9BBD61B5C3E71E63D3919 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
10:52:33.0047 4868 IAStorDataMgrSvc - ok
10:52:33.0076 4868 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
10:52:33.0096 4868 iaStorV - ok
10:52:33.0187 4868 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
10:52:33.0216 4868 IDriverT - ok
10:52:33.0318 4868 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:52:33.0343 4868 idsvc - ok
10:52:33.0383 4868 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
10:52:33.0389 4868 iirsp - ok
10:52:33.0419 4868 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
10:52:33.0444 4868 IKEEXT - ok
10:52:33.0481 4868 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
10:52:33.0486 4868 intelide - ok
10:52:33.0509 4868 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
10:52:33.0515 4868 intelppm - ok
10:52:33.0611 4868 [ 1663A135865F0BA6E853353E98E67F2A ] IntuitUpdateServiceV4 C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
10:52:33.0617 4868 IntuitUpdateServiceV4 - ok
10:52:33.0649 4868 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
10:52:33.0657 4868 IPBusEnum - ok
10:52:33.0701 4868 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:52:33.0709 4868 IpFilterDriver - ok
10:52:33.0747 4868 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
10:52:33.0768 4868 iphlpsvc - ok
10:52:33.0816 4868 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
10:52:33.0826 4868 IPMIDRV - ok
10:52:33.0842 4868 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
10:52:33.0851 4868 IPNAT - ok
10:52:33.0890 4868 [ 3C0D4B3E80FC4854CA325DD123CC4DED ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
10:52:33.0899 4868 iPod Service - ok
10:52:33.0965 4868 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
10:52:33.0970 4868 IRENUM - ok
10:52:33.0995 4868 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
10:52:34.0001 4868 isapnp - ok
10:52:34.0014 4868 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
10:52:34.0039 4868 iScsiPrt - ok
10:52:34.0077 4868 [ 6C85719A21B3F62C2C76280F4BD36C7B ] jhi_service C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
10:52:34.0089 4868 jhi_service - ok
10:52:34.0107 4868 [ 665554F9F795446181C70349AFA1B0A4 ] JMCR C:\Windows\system32\DRIVERS\jmcr.sys
10:52:34.0117 4868 JMCR - ok
10:52:34.0154 4868 [ C6A3593D397B111C1DBBC1BE6384B548 ] johci C:\Windows\system32\DRIVERS\johci.sys
10:52:34.0160 4868 johci - ok
10:52:34.0182 4868 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
10:52:34.0182 4868 kbdclass - ok
10:52:34.0216 4868 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
10:52:34.0223 4868 kbdhid - ok
10:52:34.0226 4868 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
10:52:34.0227 4868 KeyIso - ok
10:52:34.0244 4868 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
10:52:34.0252 4868 KSecDD - ok
10:52:34.0261 4868 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
10:52:34.0272 4868 KSecPkg - ok
10:52:34.0297 4868 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
10:52:34.0302 4868 ksthunk - ok
10:52:34.0334 4868 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
10:52:34.0347 4868 KtmRm - ok
10:52:34.0391 4868 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
10:52:34.0418 4868 LanmanServer - ok
10:52:34.0450 4868 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:52:34.0458 4868 LanmanWorkstation - ok
10:52:34.0553 4868 [ 7772DFAB22611050B79504E671B06E6E ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
10:52:34.0567 4868 LBTServ - ok
10:52:34.0626 4868 [ ED7EC050CD6C20E1A93A4DAFB7EFD14D ] LEqdUsb C:\Windows\system32\DRIVERS\LEqdUsb.Sys
10:52:34.0633 4868 LEqdUsb - ok
10:52:34.0652 4868 [ 3267BC698E29474A8381E68904EB0390 ] LHidEqd C:\Windows\system32\DRIVERS\LHidEqd.Sys
10:52:34.0657 4868 LHidEqd - ok
10:52:34.0668 4868 [ 241F2648ADF090E2A10095BD6D6F5DCB ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
10:52:34.0675 4868 LHidFilt - ok
10:52:34.0739 4868 [ C34411A244029F1C08687F7C752C4563 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
10:52:34.0753 4868 LightScribeService - ok
10:52:34.0780 4868 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
10:52:34.0787 4868 lltdio - ok
10:52:34.0810 4868 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
10:52:34.0826 4868 lltdsvc - ok
10:52:34.0841 4868 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
10:52:34.0847 4868 lmhosts - ok
10:52:34.0869 4868 [ 342ED5A4B3326014438F36D22D803737 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
10:52:34.0875 4868 LMouFilt - ok
10:52:34.0931 4868 [ DE75F2EA497DA4B3A764D4EAC43135E9 ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
10:52:34.0952 4868 LMS - ok
10:52:35.0025 4868 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
10:52:35.0034 4868 LSI_FC - ok
10:52:35.0061 4868 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
10:52:35.0070 4868 LSI_SAS - ok
10:52:35.0086 4868 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:52:35.0093 4868 LSI_SAS2 - ok
10:52:35.0097 4868 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:52:35.0105 4868 LSI_SCSI - ok
10:52:35.0120 4868 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
10:52:35.0130 4868 luafv - ok
10:52:35.0170 4868 [ EF2BE2F45D4F06410A3BD2A3467325B0 ] LVRS64 C:\Windows\system32\DRIVERS\lvrs64.sys
10:52:35.0189 4868 LVRS64 - ok
10:52:35.0302 4868 [ AC22F92C6078640FE8A70D662A2F3AD5 ] LVUVC64 C:\Windows\system32\DRIVERS\lvuvc64.sys
10:52:35.0441 4868 LVUVC64 - ok
10:52:35.0472 4868 MCSTRM - ok
10:52:35.0494 4868 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
10:52:35.0502 4868 Mcx2Svc - ok
10:52:35.0561 4868 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
10:52:35.0577 4868 MDM - ok
10:52:35.0595 4868 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
10:52:35.0602 4868 megasas - ok
10:52:35.0629 4868 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
10:52:35.0642 4868 MegaSR - ok
10:52:35.0680 4868 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
10:52:35.0687 4868 MEIx64 - ok
10:52:35.0723 4868 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
10:52:35.0724 4868 MMCSS - ok
10:52:35.0730 4868 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
10:52:35.0737 4868 Modem - ok
10:52:35.0794 4868 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
10:52:35.0794 4868 monitor - ok
10:52:35.0813 4868 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
10:52:35.0821 4868 mouclass - ok
10:52:35.0845 4868 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
10:52:35.0852 4868 mouhid - ok
10:52:35.0886 4868 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
10:52:35.0894 4868 mountmgr - ok
10:52:35.0977 4868 [ 4D7F2682D29B92A6251B17957AA0B985 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
10:52:35.0991 4868 MozillaMaintenance - ok
10:52:36.0066 4868 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
10:52:36.0078 4868 MpFilter - ok
10:52:36.0101 4868 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
10:52:36.0113 4868 mpio - ok
10:52:36.0149 4868 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
10:52:36.0158 4868 mpsdrv - ok
10:52:36.0196 4868 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
10:52:36.0203 4868 MpsSvc - ok
10:52:36.0233 4868 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
10:52:36.0243 4868 MRxDAV - ok
10:52:36.0268 4868 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
10:52:36.0279 4868 mrxsmb - ok
10:52:36.0295 4868 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:52:36.0309 4868 mrxsmb10 - ok
10:52:36.0323 4868 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:52:36.0333 4868 mrxsmb20 - ok
10:52:36.0352 4868 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
10:52:36.0358 4868 msahci - ok
10:52:36.0388 4868 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
10:52:36.0397 4868 msdsm - ok
10:52:36.0421 4868 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
10:52:36.0432 4868 MSDTC - ok
10:52:36.0471 4868 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
10:52:36.0478 4868 Msfs - ok
10:52:36.0490 4868 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
10:52:36.0495 4868 mshidkmdf - ok
10:52:36.0503 4868 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
10:52:36.0508 4868 msisadrv - ok
10:52:36.0543 4868 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
10:52:36.0553 4868 MSiSCSI - ok
10:52:36.0555 4868 msiserver - ok
10:52:36.0584 4868 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
10:52:36.0590 4868 MSKSSRV - ok
10:52:36.0654 4868 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
10:52:36.0654 4868 MsMpSvc - ok
10:52:36.0679 4868 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
10:52:36.0684 4868 MSPCLOCK - ok
10:52:36.0698 4868 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
10:52:36.0702 4868 MSPQM - ok
10:52:36.0736 4868 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
10:52:36.0762 4868 MsRPC - ok
10:52:36.0806 4868 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
10:52:36.0812 4868 mssmbios - ok
10:52:36.0829 4868 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
10:52:36.0833 4868 MSTEE - ok
10:52:36.0849 4868 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
10:52:36.0854 4868 MTConfig - ok
10:52:36.0870 4868 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
10:52:36.0876 4868 Mup - ok
10:52:36.0903 4868 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
10:52:36.0909 4868 napagent - ok
10:52:36.0940 4868 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
10:52:36.0960 4868 NativeWifiP - ok
10:52:36.0996 4868 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
10:52:37.0006 4868 NDIS - ok
10:52:37.0019 4868 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
10:52:37.0026 4868 NdisCap - ok
10:52:37.0050 4868 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
10:52:37.0056 4868 NdisTapi - ok
10:52:37.0072 4868 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
10:52:37.0080 4868 Ndisuio - ok
10:52:37.0096 4868 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
10:52:37.0106 4868 NdisWan - ok
10:52:37.0142 4868 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
10:52:37.0148 4868 NDProxy - ok
10:52:37.0207 4868 [ 76C4D5C98A808D8C8E0C46280036FAF8 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
10:52:37.0213 4868 Net Driver HPZ12 - ok
10:52:37.0255 4868 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
10:52:37.0262 4868 NetBIOS - ok
10:52:37.0286 4868 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
10:52:37.0299 4868 NetBT - ok
10:52:37.0306 4868 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
10:52:37.0307 4868 Netlogon - ok
10:52:37.0333 4868 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
10:52:37.0354 4868 Netman - ok
10:52:37.0380 4868 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:52:37.0390 4868 NetMsmqActivator - ok
10:52:37.0394 4868 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:52:37.0395 4868 NetPipeActivator - ok
10:52:37.0431 4868 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
10:52:37.0435 4868 netprofm - ok
10:52:37.0439 4868 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:52:37.0440 4868 NetTcpActivator - ok
10:52:37.0443 4868 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:52:37.0444 4868 NetTcpPortSharing - ok
10:52:37.0585 4868 [ AC69618DE5BCCE8747C9AB0AAE1003C1 ] NETwNs64 C:\Windows\system32\DRIVERS\NETwNs64.sys
10:52:37.0775 4868 NETwNs64 - ok
10:52:37.0817 4868 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
10:52:37.0823 4868 nfrd960 - ok
10:52:37.0883 4868 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
10:52:37.0892 4868 NisDrv - ok
10:52:37.0934 4868 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe
10:52:37.0944 4868 NisSrv - ok
10:52:37.0982 4868 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
10:52:37.0994 4868 NlaSvc - ok
10:52:38.0006 4868 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
10:52:38.0014 4868 Npfs - ok
10:52:38.0039 4868 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
10:52:38.0044 4868 nsi - ok
10:52:38.0053 4868 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
10:52:38.0059 4868 nsiproxy - ok
10:52:38.0107 4868 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
10:52:38.0146 4868 Ntfs - ok
10:52:38.0217 4868 [ 8FC776AA1FE21FC2742E8C5EE0BC27EC ] ntrtscan C:\Program Files (x86)\Trend Micro\OfficeScan Client\ntrtscan.exe
10:52:38.0231 4868 ntrtscan - ok
10:52:38.0255 4868 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
10:52:38.0260 4868 Null - ok
10:52:38.0301 4868 [ 158AD24745BD85BA9BE3C51C38F48C32 ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
10:52:38.0310 4868 nusb3hub - ok
10:52:38.0325 4868 [ D40A13B2C0891E218F9523B376955DB6 ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
10:52:38.0337 4868 nusb3xhc - ok
10:52:38.0368 4868 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
10:52:38.0380 4868 nvraid - ok
10:52:38.0392 4868 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
10:52:38.0402 4868 nvstor - ok
10:52:38.0428 4868 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
10:52:38.0437 4868 nv_agp - ok
10:52:38.0466 4868 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
10:52:38.0474 4868 ohci1394 - ok
10:52:38.0501 4868 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:52:38.0512 4868 ose - ok
10:52:38.0543 4868 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
10:52:38.0555 4868 p2pimsvc - ok
10:52:38.0572 4868 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
10:52:38.0591 4868 p2psvc - ok
10:52:38.0640 4868 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
10:52:38.0651 4868 Parport - ok
10:52:38.0685 4868 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
10:52:38.0693 4868 partmgr - ok
10:52:38.0748 4868 [ 7C0582921913D00180EC2B8518BA135C ] pbfilter C:\Program Files\PeerBlock\pbfilter.sys
10:52:38.0756 4868 pbfilter - ok
10:52:38.0769 4868 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
10:52:38.0777 4868 PcaSvc - ok
10:52:38.0800 4868 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
10:52:38.0802 4868 pci - ok
10:52:38.0812 4868 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
10:52:38.0816 4868 pciide - ok
10:52:38.0864 4868 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
10:52:38.0880 4868 pcmcia - ok
10:52:38.0897 4868 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
10:52:38.0903 4868 pcw - ok
10:52:38.0955 4868 [ 8F924F00F2F81422FD7C340FDA0E00D8 ] PdiService C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
10:52:38.0966 4868 PdiService - ok
10:52:38.0985 4868 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
10:52:39.0029 4868 PEAUTH - ok
10:52:39.0081 4868 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
10:52:39.0115 4868 PeerDistSvc - ok
10:52:39.0194 4868 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
10:52:39.0203 4868 PerfHost - ok
10:52:39.0263 4868 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
10:52:39.0322 4868 pla - ok
10:52:39.0351 4868 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
10:52:39.0369 4868 PlugPlay - ok
10:52:39.0441 4868 [ D1A4DBB8A29F7FFC78378F47F9EA6B91 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
10:52:39.0447 4868 Pml Driver HPZ12 - ok
10:52:39.0460 4868 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
10:52:39.0466 4868 PNRPAutoReg - ok
10:52:39.0476 4868 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
10:52:39.0478 4868 PNRPsvc - ok
10:52:39.0520 4868 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
10:52:39.0539 4868 PolicyAgent - ok
10:52:39.0570 4868 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
10:52:39.0580 4868 Power - ok
10:52:39.0605 4868 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
10:52:39.0614 4868 PptpMiniport - ok
10:52:39.0630 4868 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
10:52:39.0636 4868 Processor - ok
10:52:39.0675 4868 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
10:52:39.0685 4868 ProfSvc - ok
10:52:39.0697 4868 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
10:52:39.0698 4868 ProtectedStorage - ok
10:52:39.0731 4868 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
10:52:39.0742 4868 Psched - ok
10:52:39.0775 4868 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
10:52:39.0783 4868 PxHlpa64 - ok
10:52:39.0826 4868 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
10:52:39.0871 4868 ql2300 - ok
10:52:39.0905 4868 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
10:52:39.0913 4868 ql40xx - ok
10:52:39.0934 4868 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
10:52:39.0946 4868 QWAVE - ok
10:52:39.0960 4868 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
10:52:39.0967 4868 QWAVEdrv - ok
10:52:39.0983 4868 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
10:52:39.0989 4868 RasAcd - ok
10:52:40.0020 4868 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
10:52:40.0027 4868 RasAgileVpn - ok
10:52:40.0039 4868 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
10:52:40.0048 4868 RasAuto - ok
10:52:40.0071 4868 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
10:52:40.0081 4868 Rasl2tp - ok
10:52:40.0110 4868 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
10:52:40.0123 4868 RasMan - ok
10:52:40.0150 4868 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
10:52:40.0159 4868 RasPppoe - ok
10:52:40.0173 4868 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
10:52:40.0181 4868 RasSstp - ok
10:52:40.0198 4868 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
10:52:40.0214 4868 rdbss - ok
10:52:40.0223 4868 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
10:52:40.0230 4868 rdpbus - ok
10:52:40.0255 4868 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
10:52:40.0259 4868 RDPCDD - ok
10:52:40.0287 4868 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
10:52:40.0303 4868 RDPDR - ok
10:52:40.0321 4868 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
10:52:40.0325 4868 RDPENCDD - ok
10:52:40.0330 4868 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
10:52:40.0334 4868 RDPREFMP - ok
10:52:40.0387 4868 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
10:52:40.0399 4868 RDPWD - ok
10:52:40.0442 4868 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
10:52:40.0456 4868 rdyboost - ok
10:52:40.0485 4868 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
10:52:40.0493 4868 RemoteAccess - ok
10:52:40.0541 4868 [ BFA4873CD96D7144DC0059A70E1E358F ] RemoteControl-USBLAN C:\Windows\system32\DRIVERS\rcblan.sys
10:52:40.0547 4868 RemoteControl-USBLAN - ok
10:52:40.0579 4868 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
10:52:40.0588 4868 RemoteRegistry - ok
10:52:40.0624 4868 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
10:52:40.0631 4868 RFCOMM - ok
10:52:40.0701 4868 [ B216B03852DF788C7E2AFDF6C6E8A9B0 ] RichVideo C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
10:52:40.0738 4868 RichVideo - ok
10:52:40.0833 4868 [ 7566F7C551606D44479A5E22F3405B89 ] RoxMediaDB12OEM C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
10:52:40.0875 4868 RoxMediaDB12OEM - ok
10:52:40.0908 4868 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
10:52:40.0915 4868 RpcEptMapper - ok
10:52:40.0936 4868 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
10:52:40.0942 4868 RpcLocator - ok
10:52:40.0973 4868 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
10:52:40.0976 4868 RpcSs - ok
10:52:41.0014 4868 [ 2ABD2B3BA2EF0C3BA82284C2A5E28675 ] RRNetCap C:\Windows\system32\DRIVERS\rrnetcap.sys
10:52:41.0020 4868 RRNetCap - ok
10:52:41.0023 4868 [ 2ABD2B3BA2EF0C3BA82284C2A5E28675 ] RRNetCapMP C:\Windows\system32\DRIVERS\rrnetcap.sys
10:52:41.0024 4868 RRNetCapMP - ok
10:52:41.0052 4868 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
10:52:41.0060 4868 rspndr - ok
10:52:41.0090 4868 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
10:52:41.0094 4868 s3cap - ok
10:52:41.0114 4868 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
10:52:41.0115 4868 SamSs - ok
10:52:41.0148 4868 [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
10:52:41.0153 4868 SASDIFSV - ok
10:52:41.0167 4868 [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
10:52:41.0172 4868 SASKUTIL - ok
10:52:41.0190 4868 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
10:52:41.0198 4868 sbp2port - ok
10:52:41.0232 4868 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
10:52:41.0243 4868 SCardSvr - ok
10:52:41.0262 4868 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
10:52:41.0268 4868 scfilter - ok
10:52:41.0304 4868 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
10:52:41.0336 4868 Schedule - ok
10:52:41.0378 4868 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
10:52:41.0379 4868 SCPolicySvc - ok
10:52:41.0419 4868 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
10:52:41.0427 4868 sdbus - ok
10:52:41.0448 4868 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
10:52:41.0459 4868 SDRSVC - ok
10:52:41.0486 4868 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
10:52:41.0492 4868 secdrv - ok
10:52:41.0519 4868 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
10:52:41.0525 4868 seclogon - ok
10:52:41.0546 4868 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
10:52:41.0547 4868 SENS - ok
10:52:41.0557 4868 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
10:52:41.0562 4868 SensrSvc - ok
10:52:41.0576 4868 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
10:52:41.0582 4868 Serenum - ok
10:52:41.0588 4868 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
10:52:41.0598 4868 Serial - ok
10:52:41.0624 4868 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
10:52:41.0630 4868 sermouse - ok
10:52:41.0688 4868 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
10:52:41.0695 4868 SessionEnv - ok
10:52:41.0715 4868 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
10:52:41.0721 4868 sffdisk - ok
10:52:41.0737 4868 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
10:52:41.0742 4868 sffp_mmc - ok
10:52:41.0751 4868 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
10:52:41.0757 4868 sffp_sd - ok
10:52:41.0774 4868 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
10:52:41.0780 4868 sfloppy - ok
10:52:41.0819 4868 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
10:52:41.0834 4868 SharedAccess - ok
10:52:41.0861 4868 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:52:41.0877 4868 ShellHWDetection - ok
10:52:41.0897 4868 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:52:41.0903 4868 SiSRaid2 - ok
10:52:41.0918 4868 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
10:52:41.0925 4868 SiSRaid4 - ok
10:52:41.0942 4868 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
10:52:41.0951 4868 Smb - ok
10:52:41.0979 4868 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
10:52:41.0984 4868 SNMPTRAP - ok
10:52:41.0998 4868 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
10:52:42.0003 4868 spldr - ok
10:52:42.0034 4868 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
10:52:42.0058 4868 Spooler - ok
10:52:42.0159 4868 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
10:52:42.0263 4868 sppsvc - ok
10:52:42.0314 4868 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
10:52:42.0320 4868 sppuinotify - ok
10:52:42.0405 4868 [ DC3458CE25D50152CEA22DC8230E5AAD ] SPUVCbv C:\Windows\system32\Drivers\SPUVCbv_x64.sys
10:52:42.0527 4868 SPUVCbv - ok
10:52:42.0571 4868 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
10:52:42.0594 4868 srv - ok
10:52:42.0626 4868 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
10:52:42.0650 4868 srv2 - ok
10:52:42.0661 4868 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
10:52:42.0671 4868 srvnet - ok
10:52:42.0701 4868 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
10:52:42.0704 4868 SSDPSRV - ok
10:52:42.0711 4868 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
10:52:42.0719 4868 SstpSvc - ok
10:52:42.0771 4868 [ A6B2EC3A2B6AD7C3F7B2F3495CADE4C0 ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe
10:52:42.0786 4868 STacSV - ok
10:52:42.0804 4868 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
10:52:42.0810 4868 stexstor - ok
10:52:42.0843 4868 [ EBA98394A7D58F7552C52192BD8FA7E6 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
10:52:42.0879 4868 STHDA - ok
10:52:42.0923 4868 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
10:52:42.0945 4868 stisvc - ok
10:52:42.0978 4868 [ 7731F46EC0D687A931CBA063E8F90EF0 ] stllssvr C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
10:52:42.0989 4868 stllssvr - ok
10:52:43.0024 4868 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
10:52:43.0030 4868 storflt - ok
10:52:43.0043 4868 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
10:52:43.0049 4868 StorSvc - ok
10:52:43.0061 4868 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
10:52:43.0067 4868 storvsc - ok
10:52:43.0084 4868 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
10:52:43.0089 4868 swenum - ok
10:52:43.0116 4868 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
10:52:43.0137 4868 swprv - ok
10:52:43.0184 4868 [ 1BFDD504F8C2E76B74E86CCF11283368 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
10:52:43.0237 4868 SynTP - ok
10:52:43.0281 4868 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
10:52:43.0299 4868 SysMain - ok
10:52:43.0319 4868 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
10:52:43.0327 4868 TabletInputService - ok
10:52:43.0337 4868 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
10:52:43.0353 4868 TapiSrv - ok
10:52:43.0386 4868 [ 4430E9B4C60AAB672D16E801BAD0555E ] tbhsd C:\Windows\system32\drivers\tbhsd.sys
10:52:43.0392 4868 tbhsd - ok
10:52:43.0418 4868 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
10:52:43.0425 4868 TBS - ok
10:52:43.0474 4868 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
10:52:43.0578 4868 Tcpip - ok
10:52:43.0611 4868 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
10:52:43.0619 4868 TCPIP6 - ok
10:52:43.0637 4868 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
10:52:43.0645 4868 tcpipreg - ok
10:52:43.0678 4868 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
10:52:43.0683 4868 TDPIPE - ok
10:52:43.0725 4868 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
10:52:43.0732 4868 TDTCP - ok
10:52:43.0767 4868 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
10:52:43.0776 4868 tdx - ok
10:52:43.0799 4868 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
10:52:43.0805 4868 TermDD - ok
10:52:43.0823 4868 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
10:52:43.0851 4868 TermService - ok
10:52:43.0878 4868 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
10:52:43.0885 4868 Themes - ok
10:52:43.0914 4868 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
10:52:43.0915 4868 THREADORDER - ok
10:52:43.0969 4868 [ 8B97BA7E28BD39A2BC4A2BB66A83FEC0 ] TmFilter C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmXPFlt.sys
10:52:43.0971 4868 TmFilter - ok
10:52:44.0017 4868 [ 111DD96C2CC58ED1135B0743A1164059 ] tmlisten C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmlisten.exe
10:52:44.0025 4868 tmlisten - ok
10:52:44.0057 4868 [ 1889F49A828B1CF0E2866CDD325875B0 ] TmPreFilter C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmPreFlt.sys
10:52:44.0058 4868 TmPreFilter - ok
10:52:44.0082 4868 [ FA404D95C57556E58DE5645E7251E0BC ] TmProxy C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmProxy.exe
10:52:44.0096 4868 TmProxy - ok
10:52:44.0119 4868 [ E3033F9B5CBB5C7C0F9EF75F69BA875B ] tmtdi C:\Windows\system32\DRIVERS\tmtdi.sys
10:52:44.0120 4868 tmtdi - ok
10:52:44.0162 4868 [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM C:\Windows\system32\drivers\tpm.sys
10:52:44.0168 4868 TPM - ok
10:52:44.0205 4868 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
10:52:44.0214 4868 TrkWks - ok
10:52:44.0260 4868 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:52:44.0262 4868 TrustedInstaller - ok
10:52:44.0298 4868 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
10:52:44.0306 4868 tssecsrv - ok
10:52:44.0342 4868 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
10:52:44.0349 4868 TsUsbFlt - ok
10:52:44.0398 4868 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
10:52:44.0408 4868 tunnel - ok
10:52:44.0434 4868 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
10:52:44.0442 4868 uagp35 - ok
10:52:44.0464 4868 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
10:52:44.0480 4868 udfs - ok
10:52:44.0503 4868 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
10:52:44.0510 4868 UI0Detect - ok
10:52:44.0550 4868 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
10:52:44.0557 4868 uliagpkx - ok
10:52:44.0591 4868 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
10:52:44.0597 4868 umbus - ok
10:52:44.0615 4868 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
10:52:44.0620 4868 UmPass - ok
10:52:44.0635 4868 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
10:52:44.0645 4868 UmRdpService - ok
10:52:44.0712 4868 [ 927754ABF077AEB5504BE4E0F2C60C1B ] UMVPFSrv C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
10:52:44.0737 4868 UMVPFSrv - ok
10:52:44.0833 4868 [ 2955A9ADBC618B6A09E3D3BECC3CCB3D ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
10:52:44.0874 4868 UNS - ok
10:52:44.0899 4868 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
10:52:44.0914 4868 upnphost - ok
10:52:44.0950 4868 [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
10:52:44.0958 4868 USBAAPL64 - ok
10:52:44.0989 4868 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
10:52:44.0999 4868 usbaudio - ok
10:52:45.0021 4868 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
10:52:45.0029 4868 usbccgp - ok
10:52:45.0051 4868 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
10:52:45.0060 4868 usbcir - ok
10:52:45.0074 4868 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
10:52:45.0081 4868 usbehci - ok
10:52:45.0102 4868 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
10:52:45.0130 4868 usbhub - ok
10:52:45.0151 4868 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
10:52:45.0157 4868 usbohci - ok
10:52:45.0182 4868 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
10:52:45.0189 4868 usbprint - ok
10:52:45.0242 4868 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
10:52:45.0249 4868 usbscan - ok
10:52:45.0283 4868 [ 4ACEE387FA8FD39F83564FCD2FC234F2 ] usbser C:\Windows\system32\DRIVERS\usbser.sys
10:52:45.0311 4868 usbser - ok
10:52:45.0332 4868 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:52:45.0341 4868 USBSTOR - ok
10:52:45.0357 4868 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
10:52:45.0363 4868 usbuhci - ok
10:52:45.0404 4868 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
10:52:45.0415 4868 usbvideo - ok
10:52:45.0436 4868 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
10:52:45.0442 4868 UxSms - ok
10:52:45.0455 4868 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
10:52:45.0456 4868 VaultSvc - ok
10:52:45.0532 4868 [ 832EFBAC3205B1468E537476BA1EBD52 ] vcsFPService C:\Windows\system32\vcsFPService.exe
10:52:45.0582 4868 vcsFPService - ok
10:52:45.0622 4868 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
10:52:45.0628 4868 vdrvroot - ok
10:52:45.0656 4868 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
10:52:45.0678 4868 vds - ok
10:52:45.0700 4868 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
10:52:45.0706 4868 vga - ok
10:52:45.0719 4868 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
10:52:45.0726 4868 VgaSave - ok
10:52:45.0748 4868 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
10:52:45.0760 4868 vhdmp - ok
10:52:45.0786 4868 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
10:52:45.0791 4868 viaide - ok
10:52:45.0813 4868 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
10:52:45.0825 4868 vmbus - ok
10:52:45.0851 4868 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
10:52:45.0857 4868 VMBusHID - ok
10:52:45.0871 4868 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
10:52:45.0878 4868 volmgr - ok
10:52:45.0907 4868 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
10:52:45.0925 4868 volmgrx - ok
10:52:45.0935 4868 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
10:52:45.0955 4868 volsnap - ok
10:52:46.0002 4868 [ 3B98AB9849754CB88265111422441DF7 ] vpnagent C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
10:52:46.0025 4868 vpnagent - ok
10:52:46.0044 4868 [ 13E6D95E7AC67ABB7A1196557EF8849F ] vpnva C:\Windows\system32\DRIVERS\vpnva64.sys
10:52:46.0050 4868 vpnva - ok
10:52:46.0102 4868 [ 3A5862D9A4FE4BBB2FFA1700E2B21B9B ] VSApiNt C:\Program Files (x86)\Trend Micro\OfficeScan Client\VSApiNt.sys
10:52:46.0111 4868 VSApiNt - ok
10:52:46.0153 4868 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
10:52:46.0163 4868 vsmraid - ok
10:52:46.0204 4868 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
10:52:46.0292 4868 VSS - ok
10:52:46.0300 4868 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
10:52:46.0305 4868 vwifibus - ok
10:52:46.0329 4868 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
10:52:46.0337 4868 vwififlt - ok
10:52:46.0362 4868 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
10:52:46.0367 4868 vwifimp - ok
10:52:46.0403 4868 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
10:52:46.0422 4868 W32Time - ok
10:52:46.0433 4868 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
10:52:46.0440 4868 WacomPen - ok
10:52:46.0468 4868 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
10:52:46.0476 4868 WANARP - ok
10:52:46.0489 4868 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
10:52:46.0490 4868 Wanarpv6 - ok
10:52:46.0550 4868 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
10:52:46.0620 4868 WatAdminSvc - ok
10:52:46.0684 4868 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
10:52:46.0741 4868 wbengine - ok
10:52:46.0774 4868 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
10:52:46.0785 4868 WbioSrvc - ok
10:52:46.0813 4868 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
10:52:46.0832 4868 wcncsvc - ok
10:52:46.0840 4868 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:52:46.0846 4868 WcsPlugInService - ok
10:52:46.0875 4868 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
10:52:46.0881 4868 Wd - ok
10:52:46.0911 4868 [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys
10:52:46.0917 4868 WDC_SAM - ok
10:52:46.0934 4868 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
10:52:46.0956 4868 Wdf01000 - ok
10:52:46.0968 4868 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
10:52:46.0975 4868 WdiServiceHost - ok
10:52:46.0978 4868 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
10:52:46.0979 4868 WdiSystemHost - ok
10:52:46.0990 4868 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
10:52:47.0006 4868 WebClient - ok
10:52:47.0019 4868 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
10:52:47.0030 4868 Wecsvc - ok
10:52:47.0042 4868 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
10:52:47.0049 4868 wercplsupport - ok
10:52:47.0071 4868 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
10:52:47.0073 4868 WerSvc - ok
10:52:47.0102 4868 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
10:52:47.0108 4868 WfpLwf - ok
10:52:47.0118 4868 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
10:52:47.0123 4868 WIMMount - ok
10:52:47.0144 4868 WinDefend - ok
10:52:47.0149 4868 WinHttpAutoProxySvc - ok
10:52:47.0191 4868 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
10:52:47.0202 4868 Winmgmt - ok
10:52:47.0252 4868 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
10:52:47.0353 4868 WinRM - ok
10:52:47.0383 4868 [ FE88B288356E7B47B74B13372ADD906D ] WinUSB C:\Windows\system32\DRIVERS\WinUSB.sys
10:52:47.0384 4868 WinUSB - ok
10:52:47.0425 4868 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
10:52:47.0433 4868 Wlansvc - ok
10:52:47.0525 4868 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
10:52:47.0636 4868 wlidsvc - ok
10:52:47.0674 4868 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
10:52:47.0679 4868 WmiAcpi - ok
10:52:47.0700 4868 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
10:52:47.0713 4868 wmiApSrv - ok
10:52:47.0742 4868 WMPNetworkSvc - ok
10:52:47.0772 4868 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
10:52:47.0778 4868 WPCSvc - ok
10:52:47.0800 4868 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
10:52:47.0808 4868 WPDBusEnum - ok
10:52:47.0840 4868 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
10:52:47.0846 4868 ws2ifsl - ok
10:52:47.0874 4868 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
10:52:47.0882 4868 wscsvc - ok
10:52:47.0913 4868 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
10:52:47.0920 4868 WSDPrintDevice - ok
10:52:47.0922 4868 WSearch - ok
10:52:47.0990 4868 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
10:52:48.0029 4868 wuauserv - ok
10:52:48.0056 4868 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
10:52:48.0066 4868 WudfPf - ok
10:52:48.0089 4868 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
10:52:48.0101 4868 WUDFRd - ok
10:52:48.0120 4868 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
10:52:48.0128 4868 wudfsvc - ok
10:52:48.0148 4868 [ CE8CF9DE9CBFDAA318BD04D8BE3FCADA ] WwanSvc C:\Windows\System32\wwansvc.dll
10:52:48.0160 4868 WwanSvc - ok
10:52:48.0195 4868 ================ Scan global ===============================
10:52:48.0214 4868 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
10:52:48.0261 4868 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
10:52:48.0278 4868 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
10:52:48.0302 4868 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
10:52:48.0328 4868 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
10:52:48.0330 4868 [Global] - ok
10:52:48.0330 4868 ================ Scan MBR ==================================
10:52:48.0343 4868 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
10:52:48.0548 4868 \Device\Harddisk0\DR0 - ok
10:52:48.0548 4868 ================ Scan VBR ==================================
10:52:48.0550 4868 [ 906EECF9519D1612D1D401F9AE339CF1 ] \Device\Harddisk0\DR0\Partition1
10:52:48.0551 4868 \Device\Harddisk0\DR0\Partition1 - ok
10:52:48.0558 4868 [ 92AD0D96EE5559EB4720D42A6C1483E3 ] \Device\Harddisk0\DR0\Partition2
10:52:48.0559 4868 \Device\Harddisk0\DR0\Partition2 - ok
10:52:48.0581 4868 [ 737BF760CC7C7CE6B994E5459D9D372D ] \Device\Harddisk0\DR0\Partition3
10:52:48.0583 4868 \Device\Harddisk0\DR0\Partition3 - ok
10:52:48.0602 4868 [ F3EB5941036DE66CA14D977B48EFE442 ] \Device\Harddisk0\DR0\Partition4
10:52:48.0603 4868 \Device\Harddisk0\DR0\Partition4 - ok
10:52:48.0604 4868 ============================================================
10:52:48.0604 4868 Scan finished
10:52:48.0604 4868 ============================================================
10:52:48.0610 0292 Detected object count: 0
10:52:48.0610 0292 Actual detected object count: 0
==============
aswMBR
==============
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-18 10:55:26
-----------------------------
10:55:26.247 OS Version: Windows x64 6.1.7601 Service Pack 1
10:55:26.247 Number of processors: 4 586 0x2A07
10:55:26.248 ComputerName: SIRIUSSID UserName: sshaffer
10:55:26.861 Initialize success
10:57:53.044 AVAST engine defs: 12101801
10:58:39.874 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
10:58:39.875 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 3
10:58:39.887 Disk 0 MBR read successfully
10:58:39.889 Disk 0 MBR scan
10:58:39.892 Disk 0 Windows 7 default MBR code
10:58:39.895 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 300 MB offset 2048
10:58:39.909 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 172006 MB offset 616448
10:58:39.914 Disk 0 Partition - 00 0F Extended LBA 127809 MB offset 352884736
10:58:39.945 Disk 0 Partition 3 00 0C FAT32 LBA MSDOS5.0 5120 MB offset 614637568
10:58:39.974 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 127808 MB offset 352886784
10:58:39.998 Disk 0 scanning C:\Windows\system32\drivers
10:58:50.579 Service scanning
10:59:10.345 Service TmFilter C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmXPFlt.sys **LOCKED** 32
10:59:10.464 Service TmPreFilter C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmPreFlt.sys **LOCKED** 32
10:59:12.836 Service VSApiNt C:\Program Files (x86)\Trend Micro\OfficeScan Client\VSApiNt.sys **LOCKED** 32
10:59:15.521 Modules scanning
10:59:15.527 Disk 0 trace - called modules:
10:59:15.542 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ACPI.sys iaStor.sys hal.dll
10:59:15.547 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800482d060]
10:59:15.553 3 CLASSPNP.SYS[fffff88001b5743f] -> nt!IofCallDriver -> [0xfffffa8004ad3930]
10:59:15.559 5 hpdskflt.sys[fffff88001afe361] -> nt!IofCallDriver -> [0xfffffa80047bce40]
10:59:15.564 7 ACPI.sys[fffff88000f4a7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800483d050]
10:59:16.601 AVAST engine scan C:\Windows
10:59:20.829 AVAST engine scan C:\Windows\system32
11:03:28.088 AVAST engine scan C:\Windows\system32\drivers
11:03:44.395 AVAST engine scan C:\Users\sshaffer
11:15:09.835 AVAST engine scan C:\ProgramData
11:17:13.068 Scan finished successfully
11:29:01.837 Disk 0 MBR has been saved successfully to "C:\Users\sshaffer\Desktop\security tools\MBR.dat"
11:29:01.844 The log file has been saved successfully to "C:\Users\sshaffer\Desktop\security tools\06-aswMBR.txt"
-
Before I run these - does Anti-Virus need to be disabled (since I've already re-enabled it) - or can these two run with AV still going?
-
Been up and running a few hours and everything seems to be working fine. No more ads anyway. Any idea what exactly happened to me and how it happened?
Log from ComboFix is below.
ComboFix 12-10-16.02 - sshaffer 10/16/2012 19:19:35.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4046.1839 [GMT -5:00]
Running from: c:\users\sshaffer\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\sshaffer\AppData\Roaming\B0ED00
c:\users\sshaffer\AppData\Roaming\JomCap.dll
c:\windows\SysWow64\msstdfmt.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-09-17 to 2012-10-17 )))))))))))))))))))))))))))))))
.
.
2012-10-17 00:25 . 2012-10-17 00:25 -------- d-----w- c:\users\sshafferMFI\AppData\Local\temp
2012-10-17 00:25 . 2012-10-17 00:25 -------- d-----w- c:\users\HelpDesk\AppData\Local\temp
2012-10-17 00:25 . 2012-10-17 00:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-16 17:40 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B039E483-7250-433E-906D-AEEBB9DA0927}\mpengine.dll
2012-10-15 16:09 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-10-14 14:12 . 2012-10-14 14:12 -------- d-----w- c:\users\sshaffer\AppData\Roaming\SUPERAntiSpyware.com
2012-10-14 14:12 . 2012-10-14 14:12 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-10-14 14:12 . 2012-10-14 14:12 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-10-10 18:14 . 2012-10-10 18:14 -------- d-----w- c:\users\sshaffer\AppData\Roaming\C2OutlookExport
2012-10-10 18:14 . 2012-10-10 18:14 -------- d-----w- c:\program files (x86)\CodeTwo
2012-10-10 16:47 . 2012-10-10 16:46 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3B33693D-A3D9-431D-A203-E2BFE82EDA97}\gapaengine.dll
2012-10-10 16:23 . 2012-10-10 16:23 -------- d-----w- c:\windows\Temp7ADA2139-05D7-8850-E7DE-F58DD86F8174-Signatures
2012-10-10 14:33 . 2012-06-09 05:43 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-10-10 14:32 . 2012-09-14 19:19 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-10 14:31 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-10-10 14:28 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll
2012-10-10 14:28 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2012-10-10 14:28 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll
2012-10-02 20:48 . 2012-10-02 21:04 -------- d-----w- c:\users\sshaffer\AppData\Roaming\Audacity
2012-09-28 23:43 . 2012-09-28 23:43 -------- d-----w- c:\users\sshaffer\AppData\Roaming\Fujitsu
2012-09-28 23:43 . 2012-09-28 23:48 -------- d-----w- c:\users\sshaffer\AppData\Roaming\PFU
2012-09-28 23:42 . 2009-09-19 03:01 367616 ----a-w- c:\windows\system32\s1300u-x64.dll
2012-09-28 23:42 . 2009-04-24 01:29 695296 ----a-w- c:\windows\system32\ippi5s1300-x64.dll
2012-09-28 23:42 . 2007-07-27 03:47 351744 ----a-w- c:\windows\system32\s300u-x64.dll
2012-09-28 23:42 . 2007-05-24 00:57 695296 ----a-w- c:\windows\system32\ippi5s300-x64.dll
2012-09-28 23:41 . 2009-04-24 01:29 2873856 ----a-w- c:\windows\system32\ijl5s1300-x64.dll
2012-09-28 23:41 . 2008-04-03 13:08 33280 ----a-w- c:\windows\system32\fj52usb-x64.dll
2012-09-28 23:41 . 2007-08-17 21:33 33280 ----a-w- c:\windows\system32\fjmcusb-x64.dll
2012-09-28 23:41 . 2007-05-24 00:57 2873856 ----a-w- c:\windows\system32\ijl5s300-x64.dll
2012-09-28 23:41 . 2012-09-28 23:42 -------- d-----w- c:\windows\SSDriver
2012-09-28 23:40 . 2012-09-28 23:40 -------- d-----w- c:\program files (x86)\Common Files\PFU
2012-09-28 23:40 . 2012-09-28 23:40 -------- d-----w- c:\program files (x86)\PFU
2012-09-24 22:08 . 2012-09-24 22:08 -------- d-----w- c:\program files\Common Files\Adobe
2012-09-24 22:07 . 2012-09-24 22:07 -------- d-----w- c:\program files\Adobe
2012-09-20 20:23 . 2012-04-24 11:51 476160 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpcpp130.dll
2012-09-20 20:03 . 2012-09-20 20:05 -------- d-----w- C:\Drivers
2012-09-18 05:05 . 2012-09-18 05:05 -------- d-----w- c:\program files (x86)\iTunes Library Updater
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-28 05:18 . 2011-10-21 16:04 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-09-07 22:04 . 2011-10-28 21:17 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-31 03:03 . 2012-08-31 03:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-31 03:03 . 2011-04-27 20:25 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-28 19:38 . 2012-03-02 01:44 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-08-20 17:38 . 2012-10-10 14:33 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\sshaffer\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\sshaffer\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\sshaffer\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\sshaffer\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TwoFingerScroll"="c:\users\sshaffer\Downloads\TwoFingerScroll_1_0_9-MacHater-Mod\TwoFingerScroll.exe" [2012-01-13 1471488]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-10-08 5628288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IMSS"="c:\program files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2011-01-03 112152]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-01-26 283160]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-11-21 106496]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-08-10 336384]
"QLBController"="c:\program files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe" [2011-07-06 323128]
"OfficeScanNT Monitor"="c:\program files (x86)\Trend Micro\OfficeScan Client\pccntmon.exe" [2009-04-16 1176880]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Everything"="c:\program files (x86)\Everything\Everything.exe" [2009-03-13 602624]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2011-08-11 358336]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"EverioService"="c:\program files (x86)\CyberLink\PCM4Everio\EverioService.exe" [2006-11-23 151552]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"KeePass 2 PreLoad"="c:\program files (x86)\KeePass\KeePass.exe" [2012-05-01 1895424]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"ScanSnap WIA Service Checker"="c:\windows\SSDriver\fi5110\SsWiaChecker.exe" [2009-09-30 86016]
.
c:\users\sshafferMFI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\sshaffer\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\users\sshaffer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\sshaffer\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
MFI-dropbox.lnk - c:\windows\System32\runas.exe [2009-7-13 20480]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-7-29 1132320]
Online plug-in.lnk - c:\windows\Installer\{E5F3D1E9-006E-4435-85D6-483B66376655}\pnaico.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe [2011-12-15 77824]
ScanSnap Manager.lnk - c:\program files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe [2012-9-28 1146880]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-20 116648]
R2 TmFilter;Trend Micro Filter;c:\program files (x86)\Trend Micro\OfficeScan Client\TmXPFlt.sys [2011-07-12 342288]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files (x86)\Trend Micro\OfficeScan Client\TmPreFlt.sys [2011-07-12 42768]
R3 AceecaUSBDx64;AceecaUSBDx64;c:\windows\system32\DRIVERS\AceecaUSBDx64.sys [2011-04-05 66552]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-24 253088]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-07-14 344616]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-03-02 39464]
R3 ElephantDrive-Service.exe;ElephantDrive-Service;c:\program files (x86)\ElephantDrive\ElephantDrive Desktop\ElephantDesktop-Service.exe [2011-05-13 118456]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-20 116648]
R3 hpCMSrv;HP Connection Manager 4 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-05-23 1098296]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2011-08-19 351136]
R3 LVUVC64;Logitech Webcam Pro 9000(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2011-08-19 4869024]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-16 115168]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2010-11-07 24176]
R3 RemoteControl-USBLAN;RemoteControl-USBLAN;c:\windows\system32\DRIVERS\rcblan.sys [2007-01-24 46616]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2011-01-15 1116656]
R3 RRNetCap;RRNetCap Service;c:\windows\system32\DRIVERS\rrnetcap.sys [2011-12-09 37480]
R3 SPUVCbv;SPUVCb Driver Service;c:\windows\system32\Drivers\SPUVCbv_x64.sys [2011-01-12 2611704]
R3 TmProxy;OfficeScan NT Proxy Service;c:\program files (x86)\Trend Micro\OfficeScan Client\TmProxy.exe [2009-02-23 865032]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-21 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2011-08-11 91864]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]
S2 8704pdateService;Box Sync Auto-updater;c:\program files\Box Sync\UpdateService.exe [2012-04-24 8704]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2011-10-20 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-10-20 203776]
S2 ElephantDrive-MappedDrive.exe;ElephantDrive-MappedDrive;c:\program files (x86)\ElephantDrive\ElephantDrive Desktop\ElephantDesktop-MappedDrive.exe [2011-05-13 118968]
S2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2011-01-26 131128]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
S2 HPDayStarterService;HP DayStarter Service;c:\program files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe [2011-01-28 133688]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-07-05 227384]
S2 hpHotkeyMonitor;hpHotkeyMonitor;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [2011-07-06 1698360]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-01-26 30520]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-26 13336]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-25 13672]
S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944]
S2 PdiService;Portrait Displays SDK Service;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2011-01-18 113264]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-08-19 450848]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-01-03 2656280]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2011-08-23 3175728]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2011-09-22 645048]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-10-20 9090560]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-10-20 299520]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-10-20 231440]
S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [2011-05-04 340656]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2011-10-20 174680]
S3 johci;JMicron 1394 Filter Driver;c:\windows\system32\DRIVERS\johci.sys [2011-10-20 26712]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [2011-09-02 76056]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [2011-09-02 15128]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-10-20 8593920]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248]
S3 RRNetCapMP;RRNetCapMP;c:\windows\system32\DRIVERS\rrnetcap.sys [2011-12-09 37480]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-03-04 17:29 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-24 14:04]
.
2012-10-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-20 22:03]
.
2012-10-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-20 22:03]
.
2012-10-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2108967553-259258955-711445176-1001Core.job
- c:\users\sshaffer\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-28 06:15]
.
2012-10-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2108967553-259258955-711445176-1001UA.job
- c:\users\sshaffer\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-28 06:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\000BoxDesktopFileLocked]
@="{C253B817-3A00-475f-A5A3-6F2DD704B48D}"
[HKEY_CLASSES_ROOT\CLSID\{C253B817-3A00-475f-A5A3-6F2DD704B48D}]
2010-11-05 01:57 444752 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\000BoxDesktopNotSynced]
@="{19ACC806-F7AA-46AA-A80A-726A07CA6637}"
[HKEY_CLASSES_ROOT\CLSID\{19ACC806-F7AA-46AA-A80A-726A07CA6637}]
2010-11-05 01:57 444752 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\000BoxDesktopNotSyncedCollabs]
@="{337D9DE0-3F8B-4430-AF0F-FFC24A95AE8F}"
[HKEY_CLASSES_ROOT\CLSID\{337D9DE0-3F8B-4430-AF0F-FFC24A95AE8F}]
2010-11-05 01:57 444752 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\000BoxDesktopSynced]
@="{B7AC9C6D-F15B-4B1A-A88D-F518D13861D9}"
[HKEY_CLASSES_ROOT\CLSID\{B7AC9C6D-F15B-4B1A-A88D-F518D13861D9}]
2010-11-05 01:57 444752 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\000BoxDesktopSyncedCollab]
@="{9E48C232-F601-4E41-BB3E-16CBAF317AA4}"
[HKEY_CLASSES_ROOT\CLSID\{9E48C232-F601-4E41-BB3E-16CBAF317AA4}]
2010-11-05 01:57 444752 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01ElephantIconOverlay]
@="{AFA39CBB-DF66-47f9-A047-47ED25FE655E}"
[HKEY_CLASSES_ROOT\CLSID\{AFA39CBB-DF66-47f9-A047-47ED25FE655E}]
2010-07-10 02:20 244736 ----a-w- c:\program files (x86)\ElephantDrive\ElephantDrive Desktop\IconOverlay-64bit.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02ElephantIconOverlay]
@="{1E519A85-494E-4706-AC87-1CC8BB9CC5DA}"
[HKEY_CLASSES_ROOT\CLSID\{1E519A85-494E-4706-AC87-1CC8BB9CC5DA}]
2010-07-10 02:20 244736 ----a-w- c:\program files (x86)\ElephantDrive\ElephantDrive Desktop\IconOverlay-64bit.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03ElephantIconOverlay]
@="{0E2DD711-458A-4b39-8211-3F5FDAA0539E}"
[HKEY_CLASSES_ROOT\CLSID\{0E2DD711-458A-4b39-8211-3F5FDAA0539E}]
2010-07-10 02:20 244736 ----a-w- c:\program files (x86)\ElephantDrive\ElephantDrive Desktop\IconOverlay-64bit.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\sshafferMFI\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\sshafferMFI\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\sshafferMFI\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\sshafferMFI\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OfficeScanNT Monitor"="-HideWindow" [X]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-10-20 1128448]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
"BoxSyncHelper"="c:\program files\Box Sync\BoxSyncHelper.exe" [2012-04-24 394240]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: google.com\www
Trusted Zone: intuit.com\ttlc
Trusted Zone: rhapsody.com\rhap-app-4-0
Trusted Zone: rhapsody.com\rhapreg
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\sshaffer\AppData\Roaming\Mozilla\Firefox\Profiles\aubmf11t.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com|http://www.msn.com|http://www.gizmodo.com| http://www.engadget.com
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226} - c:\program files (x86)\InstallShield Installation Information\{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\0b\02\08\13\10\02?"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-10-16 19:27:51
ComboFix-quarantined-files.txt 2012-10-17 00:27
.
Pre-Run: 23,155,482,624 bytes free
Post-Run: 22,964,023,296 bytes free
.
- - End Of File - - 7FB61AB046BF7F98F255AF4CB0DEDDF1
-
RogueKiller V8.1.1 [10/01/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : sshaffer [Admin rights]
Mode : Remove -- Date : 10/16/2012 09:41:18
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 12 ¤¤¤
[RUN][sUSP PATH] HKCU\[...]\Run : 7 Taskbar Tweaker ("C:\Users\sshaffer\AppData\Roaming\7 Taskbar Tweaker\7 Taskbar Tweaker.exe" -hidewnd) -> DELETED
[RUN][sUSP PATH] HKCU\[...]\Run : cdloader ("C:\Users\sshaffer\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK) -> DELETED
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> REPLACED (1)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
198.15.104.132 www.google-analytics.com.
198.15.104.132 ad-emea.doubleclick.net.
198.15.104.132 www.statcounter.com.
72.29.93.243 www.google-analytics.com.
72.29.93.243 ad-emea.doubleclick.net.
72.29.93.243 www.statcounter.com.
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: WDC WD3200BEKT-60PVMT0 +++++
--- User ---
[MBR] ca45d1d5cbe74fee9263b6b3494825df
[bSP] 270e5d797478a887184f50094096aa5e : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 300 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 616448 | Size: 172006 Mo
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 352884736 | Size: 127809 Mo
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 614637568 | Size: 5120 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
-
Results of screen317's Security Check version 0.99.51
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
(On Access scanning disabled!)
Error obtaining update status for antivirus!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.0.1400
JavaFX 2.1.0
Java 6 Update 29
Java 7 Update 4
Java version out of Date!
Adobe Flash Player 11.2.202.233 Flash Player out of Date!
Adobe Reader X 10.1.1 Adobe Reader out of Date!
Mozilla Firefox (15.0.1)
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.92
Google Chrome 22.0.1229.94
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Trend Micro OfficeScan Client pccntmon.exe
Trend Micro OfficeScan Client ntrtscan.exe
Trend Micro OfficeScan Client tmlisten.exe
Trend Micro OfficeScan Client CNTAoSMgr.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
-
# AdwCleaner v2.005 - Logfile created 10/16/2012 at 09:33:26
# Updated 14/10/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : sshaffer - SIRIUSSID
# Boot Mode : Normal
# Running from : C:\Users\sshaffer\Desktop\security tools\02-adwcleaner.exe
# Option [Delete]
***** [services] *****
***** [Files / Folders] *****
***** [Registry] *****
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BHO.DLL
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
***** [internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Registry is clean.
-\\ Mozilla Firefox v15.0.1 (en-US)
Profile name : default
File : C:\Users\sshaffer\AppData\Roaming\Mozilla\Firefox\Profiles\aubmf11t.default\prefs.js
[OK] File is clean.
-\\ Google Chrome v22.0.1229.94
File : C:\Users\sshaffer\AppData\Local\Google\Chrome\User Data\Default\Preferences
Deleted [l.12] : urls_to_restore_on_startup = [ "hxxps://www.google.com/calendar/render?tab=mc", "hxxps://mail.google.com/mail/?tab=om#inbox", "hxxps://docs.google.com/?tab=mo&authuser=0#home", "hxxps://www.planningcenteronline.com/dashboard/0" ]
Deleted [l.1817] : urls_to_restore_on_startup = [ "hxxps://www.google.com/calendar/render?tab=mc", "hxxps://mail.google.com/mail/?tab=om#inbox", "hxxps://docs.google.com/?tab=mo&authuser=0#home", "hxxps://www.planningcenteronline.com/dashboard/0" ]
*************************
AdwCleaner[s1].txt - [1737 octets] - [16/10/2012 09:33:26]
########## EOF - C:\AdwCleaner[s1].txt - [1797 octets] ##########
-
Any help would be appreciated. Scans of computer with AV software yield no results.
DDS.txt
-------------
DDS (Ver_2012-10-14.05) - NTFS_AMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1
Run by sshaffer at 16:12:56 on 2012-10-15
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4046.1849 [GMT -5:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\vcsFPService.exe
C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files\Box Sync\UpdateService.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\ElephantDrive\ElephantDrive Desktop\ElephantDesktop-MappedDrive.exe
C:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe
C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files (x86)\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Citrix\ICA Client\ssonsvr.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Box Sync\BoxSyncHelper.exe
C:\Users\sshaffer\AppData\Roaming\7 Taskbar Tweaker\7 Taskbar Tweaker.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Users\sshaffer\Downloads\TwoFingerScroll_1_0_9-MacHater-Mod\TwoFingerScroll.exe
C:\Program Files\Logitech\SetPointG\SetPointII.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Citrix\ICA Client\PNAMAIN.EXE
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe
C:\Program Files (x86)\Trend Micro\OfficeScan Client\PccNTMon.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Everything\Everything.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
C:\Program Files (x86)\CyberLink\PCM4Everio\EverioService.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Users\sshaffer\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Windows\SSDriver\fi5110\SsWiaChecker.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\Citrix\ICA Client\WFCRUN32.EXE
C:\Users\sshafferMFI\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Axantum\AxCrypt\AxCrypt.exe
C:\Windows\system32\taskhost.exe
C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files (x86)\TechSmith\SnagIt 7\SnagIt32.exe
C:\Program Files (x86)\TechSmith\SnagIt 7\TSCHelp.exe
C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Windows\splwow64.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\sshaffer\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mWinlogon: Userinit = userinit.exe,
BHO: HelperObject Class: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 7\SnagItBHO.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB: SnagIt: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 7\SnagItIEAddin.dll
uRun: [Google Update] "C:\Users\sshaffer\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [7 Taskbar Tweaker] "C:\Users\sshaffer\AppData\Roaming\7 Taskbar Tweaker\7 Taskbar Tweaker.exe" -hidewnd
uRun: [cdloader] "C:\Users\sshaffer\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [TwoFingerScroll] C:\Users\sshaffer\Downloads\TwoFingerScroll_1_0_9-MacHater-Mod\TwoFingerScroll.exe
uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [iMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"
mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe /start
mRun: [OfficeScanNT Monitor] "C:\Program Files (x86)\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Everything] "C:\Program Files (x86)\Everything\Everything.exe" -startup
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [EverioService] "C:\Program Files (x86)\CyberLink\PCM4Everio\EverioService.exe"
mRun: [HP Software Update] "C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe"
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [KeePass 2 PreLoad] "C:\Program Files (x86)\KeePass\KeePass.exe" --preload
mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun: [scanSnap WIA Service Checker] C:\Windows\SSDriver\fi5110\SsWiaChecker.exe
StartupFolder: C:\Users\sshaffer\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\sshaffer\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\sshaffer\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MFI-DR~1.LNK - C:\Windows\System32\runas.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ONLINE~1.LNK - C:\Windows\Installer\{E5F3D1E9-006E-4435-85D6-483B66376655}\pnaico.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SCANSN~1.LNK - C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: dontdisplaylastusername = dword:1
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {2AB1C516-6654-4D3A-B3D6-2185BBCEB409} - hxxps://portal.oyogeospace.com/+CSCOL+/csvrloader32.cab
DPF: {74233DB3-F72F-44EA-94DC-258A624037E6} - hxxp://geoalt/aspnet_client/Altiris_AppWeaver/6_0_sp3/lib/VSFlex8.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} - hxxp://sidandemily.dyndns.org:206/codebase/DVM_IPCam2.ocx
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CC679CB8-DC4B-458B-B817-D447B3B6AC31} - hxxps://vpn.oyogeospace.com/CACHE/stc/6/binaries/vpnweb.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com//activex/ractrl.cab?lmi=928
DPF: {FDF527BA-DDDA-11D3-AA82-006094EB09CB} - hxxp://geoalt/aspnet_client/Altiris_AppWeaver/6_0_sp3/lib/AeXClipboard.CAB
TCP: NameServer = 10.60.1.20 10.60.0.10
TCP: Interfaces\{2CB29362-7C7F-4213-A9EB-4CB4313DAA39} : DHCPNameServer = 10.60.1.20 10.60.0.10
TCP: Interfaces\{6E8D0226-C778-44F2-9562-B6F5E173582D}\2375942554331323 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{6E8D0226-C778-44F2-9562-B6F5E173582D}\24B44424 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{6E8D0226-C778-44F2-9562-B6F5E173582D}\34641484F4D454 : DHCPNameServer = 10.20.10.54
TCP: Interfaces\{6E8D0226-C778-44F2-9562-B6F5E173582D}\34F62616C647 : DHCPNameServer = 66.196.216.10 66.196.212.10
TCP: Interfaces\{6E8D0226-C778-44F2-9562-B6F5E173582D}\F47414D27657563747 : DHCPNameServer = 10.1.10.1 192.168.10.1
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [OfficeScanNT Monitor] -HideWindow
x64-Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon
x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [boxSyncHelper] "C:\Program Files\Box Sync\BoxSyncHelper.exe"
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 198.15.104.132 www.google-analytics.com.
Hosts: 198.15.104.132 ad-emea.doubleclick.net.
Hosts: 198.15.104.132 www.statcounter.com.
Hosts: 72.29.93.243 www.google-analytics.com.
Hosts: 72.29.93.243 ad-emea.doubleclick.net.
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\sshaffer\AppData\Roaming\Mozilla\Firefox\Profiles\aubmf11t.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com|http://www.msn.com|http://www.gizmodo.com| http://www.engadget.com| http://www.engadget.com/tag/gaming+laptop| http://www.lifehacker.com| http://www.bgr.com/| http://www.rottentomatoes.com/news/| http://www.comingsoon.net/tv/| http://www.slashfilm.com| http://archive.psuplaybook.org/modules.php?name=Headline&file=index3&tpid=1| http://www.amazon.com/gp/feature.html?ie=UTF8&docId=1000677541&tag=gmgamzn-20| http://www.amazon.com/MP3-Music-Download/b/ref=sa_menu_mp3_str1?ie=UTF8&node=163856011| http://www.amazon.com/gp/bestsellers/dmusic/digital-music-album/ref=dm_bb_top_albums?| http://www.amazon.com/gp/bestsellers/dmusic/digital-music-track/ref=dm_bb_top_songs?| http://www.slickdeals.net| http://slickdeals.net/forums/forumdisplay.php?f=9&daysprune=7&icon=23&order=desc&perpage=80&sort=threadstarted| http://slickdeals.net/forums/forumdisplay.php?f=9&daysprune=7&icon=38&order=desc&perpage=80&sort=threadstarted| http://townhall.com/| http://www.ktrh.com/pages/Connected.html?_show| http://www.thefancy.com/|http://www.americasmusiccharts.com/index.cgi?fmt=R3|http://foreclosures.bankofamerica.com/recSearch.aspx?stateName=Texas&cityName=Houston
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10171.dll
FF - plugin: C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\sshaffer\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Users\sshaffer\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\sshaffer\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-10-20 55856]
R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2011-8-10 91864]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-11 140672]
R2 #UpdateService;Box Sync Auto-updater;C:\Program Files\Box Sync\UpdateService.exe [2012-4-23 8704]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-10-20 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-10-20 203776]
R2 ElephantDrive-MappedDrive.exe;ElephantDrive-MappedDrive;C:\Program Files (x86)\ElephantDrive\ElephantDrive Desktop\ElephantDesktop-MappedDrive.exe [2011-5-13 118968]
R2 HP Power Assistant Service;HP Power Assistant Service;C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2011-1-26 131128]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-21 85560]
R2 HPDayStarterService;HP DayStarter Service;C:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe [2011-1-28 133688]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-7-5 227384]
R2 hpHotkeyMonitor;hpHotkeyMonitor;C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [2011-7-6 1698360]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-1-26 30520]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-10-20 13336]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-8-25 13672]
R2 jhi_service;Intel® Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-2-24 212944]
R2 PdiService;Portrait Displays SDK Service;C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2011-10-20 113264]
R2 TmFilter;Trend Micro Filter;C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmXPFlt.sys [2009-5-22 342288]
R2 TmPreFilter;Trend Micro PreFilter;C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmpreflt.sys [2009-5-22 42768]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [2011-8-19 450848]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-10-20 2656280]
R2 vcsFPService;Validity VCS Fingerprint Service;C:\Windows\System32\vcsFPService.exe [2011-8-23 3175728]
R2 vpnagent;Cisco AnyConnect VPN Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2011-9-22 645048]
R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2011-10-20 9090560]
R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2011-10-20 299520]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-10-20 231440]
R3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\System32\drivers\btwampfl.sys [2011-10-20 344616]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2011-10-20 39464]
R3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;C:\Windows\System32\drivers\e1c62x64.sys [2011-10-20 340656]
R3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2011-10-20 174680]
R3 johci;JMicron 1394 Filter Driver;C:\Windows\System32\drivers\johci.sys [2011-10-20 26712]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2011-9-2 76056]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2011-9-2 15128]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2011-10-20 56344]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETwNs64.sys [2011-10-20 8593920]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-12-10 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-12-10 181248]
R3 RRNetCapMP;RRNetCapMP;C:\Windows\System32\drivers\rrnetcap.sys [2011-12-9 37480]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920]
R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
R3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\System32\drivers\WSDPrint.sys [2009-7-13 23040]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-7-20 116648]
S3 AceecaUSBDx64;AceecaUSBDx64;C:\Windows\System32\drivers\AceecaUSBDx64.sys [2011-11-2 66552]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-24 253088]
S3 ElephantDrive-Service.exe;ElephantDrive-Service;C:\Program Files (x86)\ElephantDrive\ElephantDrive Desktop\ElephantDesktop-Service.exe [2011-5-13 118456]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-7-20 116648]
S3 hpCMSrv;HP Connection Manager 4 Service;C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-5-23 1098296]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2011-8-19 351136]
S3 LVUVC64;Logitech Webcam Pro 9000(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2011-8-19 4869024]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-30 114144]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 128456]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
S3 pbfilter;pbfilter;C:\Program Files\PeerBlock\pbfilter.sys [2011-11-8 24176]
S3 RemoteControl-USBLAN;RemoteControl-USBLAN;C:\Windows\System32\drivers\rcblan.sys [2011-12-4 46616]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2011-1-15 1116656]
S3 RRNetCap;RRNetCap Service;C:\Windows\System32\drivers\rrnetcap.sys [2011-12-9 37480]
S3 SPUVCbv;SPUVCb Driver Service;C:\Windows\System32\drivers\SPUVCBv_x64.sys [2011-10-20 2611704]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TmProxy;OfficeScan NT Proxy Service;C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmProxy.exe [2009-2-23 865032]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-10-21 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-8-2 51712]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-10-21 1255736]
.
=============== Created Last 30 ================
.
2012-10-15 18:09:19 9308616 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DB132156-4523-4776-9065-D7D740367ECB}\mpengine.dll
2012-10-15 16:09:40 9308616 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-10-14 14:12:29 -------- d-----w- C:\Users\sshaffer\AppData\Roaming\SUPERAntiSpyware.com
2012-10-14 14:12:25 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-10-14 14:12:25 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-10-10 18:14:34 -------- d-----w- C:\Users\sshaffer\AppData\Roaming\C2OutlookExport
2012-10-10 18:14:05 -------- d-----w- C:\Program Files (x86)\CodeTwo
2012-10-10 16:47:11 972192 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3B33693D-A3D9-431D-A203-E2BFE82EDA97}\gapaengine.dll
2012-10-10 16:23:16 -------- d-----w- C:\Windows\Temp7ADA2139-05D7-8850-E7DE-F58DD86F8174-Signatures
2012-10-10 14:32:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-10-10 14:28:47 503808 ----a-w- C:\Windows\System32\srcore.dll
2012-10-10 14:28:47 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2012-10-10 14:28:30 956928 ----a-w- C:\Windows\System32\localspl.dll
2012-09-28 23:43:58 -------- d-----w- C:\Users\sshaffer\AppData\Roaming\Fujitsu
2012-09-28 23:43:06 -------- d-----w- C:\Users\sshaffer\AppData\Roaming\PFU
2012-09-28 23:42:00 695296 ----a-w- C:\Windows\System32\ippi5s300-x64.dll
2012-09-28 23:42:00 695296 ----a-w- C:\Windows\System32\ippi5s1300-x64.dll
2012-09-28 23:42:00 367616 ----a-w- C:\Windows\System32\s1300u-x64.dll
2012-09-28 23:42:00 351744 ----a-w- C:\Windows\System32\s300u-x64.dll
2012-09-28 23:41:58 33280 ----a-w- C:\Windows\System32\fjmcusb-x64.dll
2012-09-28 23:41:58 33280 ----a-w- C:\Windows\System32\fj52usb-x64.dll
2012-09-28 23:41:58 2873856 ----a-w- C:\Windows\System32\ijl5s300-x64.dll
2012-09-28 23:41:58 2873856 ----a-w- C:\Windows\System32\ijl5s1300-x64.dll
2012-09-28 23:41:41 -------- d-----w- C:\Windows\SSDriver
2012-09-28 23:40:58 -------- d-----w- C:\Program Files (x86)\Common Files\PFU
2012-09-28 23:40:31 -------- d-----w- C:\Program Files (x86)\PFU
2012-09-20 20:23:21 476160 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpcpp130.dll
2012-09-20 20:03:43 -------- d-----w- C:\Drivers
2012-09-18 05:05:06 -------- d-----w- C:\Program Files (x86)\iTunes Library Updater
.
==================== Find3M ====================
.
2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-09-07 22:04:46 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-08-31 18:19:35 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2012-08-31 03:03:48 228768 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2012-08-31 03:03:48 128456 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2012-08-30 18:03:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-08-28 19:38:16 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2012-08-24 18:05:07 220160 ----a-w- C:\Windows\System32\wintrust.dll
2012-08-24 16:57:48 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-08-21 21:01:00 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
2012-08-20 18:48:44 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-08-20 18:48:44 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-08-20 18:48:44 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-08-20 18:48:43 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-08-20 18:48:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-08-20 18:48:35 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2012-08-20 18:46:22 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-08-20 17:40:21 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-08-20 17:38:44 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2012-08-20 17:38:26 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-08-20 17:37:19 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-08-20 17:37:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-08-20 15:38:21 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-08-20 15:38:20 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-08-20 15:33:28 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-08-20 15:33:28 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 15:33:28 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 15:33:28 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-08-11 00:56:03 715776 ----a-w- C:\Windows\System32\kerberos.dll
2012-08-10 23:56:14 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll
2012-08-02 17:58:52 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
2012-08-02 16:57:20 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 16:13:05.50 ===============
Attach.txt
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-10-14.05)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 10/20/2011 2:02:19 PM
System Uptime: 10/14/2012 12:57:20 PM (28 hours ago)
.
Motherboard: Hewlett-Packard | | 1618
Processor: Intel® Core i5-2520M CPU @ 2.50GHz | CPU 1 | 2501/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 168 GiB total, 12.39 GiB free.
D: is FIXED (NTFS) - 125 GiB total, 36.243 GiB free.
E: is CDROM (CDFS)
F: is FIXED (NTFS) - 443 GiB total, 248.3 GiB free.
G: is FIXED (NTFS) - 488 GiB total, 50.523 GiB free.
H: is FIXED (FAT32) - 5 GiB total, 4.979 GiB free.
S: is NetworkDisk (NTFS) - 300 GiB total, 17.956 GiB free.
T: is NetworkDisk (FAT) - 168 GiB total, 12.39 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
PNP Device ID: ROOT\NET\0000
Service: vpnva
.
==== System Restore Points ===================
.
RP221: 10/7/2012 1:57:12 PM - Windows Update
RP222: 10/10/2012 1:21:28 AM - HPSF Restore Point
RP223: 10/10/2012 9:34:03 AM - Windows Update
RP224: 10/10/2012 11:22:12 AM - Windows Update
RP225: 10/10/2012 11:39:03 AM - Windows Update
RP226: 10/10/2012 11:43:10 AM - Windows Update
RP227: 10/10/2012 11:46:05 AM - Windows Update
RP228: 10/10/2012 1:13:52 PM - Installed CodeTwo OutlookExport
RP229: 10/14/2012 12:27:23 AM - Windows Update
.
==== Hosts File Hijack ======================
.
Hosts: 198.15.104.132 www.google-analytics.com.
Hosts: 198.15.104.132 ad-emea.doubleclick.net.
Hosts: 198.15.104.132 www.statcounter.com.
Hosts: 72.29.93.243 www.google-analytics.com.
Hosts: 72.29.93.243 ad-emea.doubleclick.net.
Hosts: 72.29.93.243 www.statcounter.com.
.
==== Installed Programs ======================
.
64 Bit HP CIO Components Installer
7-Zip 9.20 (x64 edition)
7 Taskbar Tweaker v3.1
ABBYY FineReader 8.0 Professional Edition
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Digital Editions
Adobe ExtendScript Toolkit 2
Adobe Flash Player 11 ActiveX 64-bit
Adobe Flash Player 11 Plugin 64-bit
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Photoshop Lightroom 4.1 64-bit
Adobe Reader X (10.1.1)
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Album Art Downloader XUI 0.42.1
Alcor Micro Smart Card Reader Driver
allTunes
Amazon Kindle For PC
Amazon MP3 Downloader 1.0.17
AmoK Exif Sorter 2.5.6 (remove only)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Print Creations
ArcSoft Print Creations - Album Page
ArcSoft Print Creations - Funhouse
ArcSoft Print Creations - Greeting Card
ArcSoft Print Creations - Photo Book
ArcSoft Print Creations - Photo Calendar
ArcSoft Print Creations - Scrapbook
ArcSoft Print Creations - Slimline Card
ATI Catalyst Install Manager
ATI Stream SDK v2 Developer
Attribute Changer 6.20
Audacity 1.3.13 (Unicode)
Audials
AxCrypt 1.7.2687.0
Beyond Compare Version 2.3.1
Beyond Compare Version 3.3.4
Bonjour
Box Sync (64 bit)
Broadcom 2070 Bluetooth 3.0
calibre
Canon MP Navigator EX 1.0
Canon Utilities Solution Menu
CanoScan 8800F
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
Catalyst Control Center Profiles Mobile
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Cisco AnyConnect VPN Client
Citrix online plug-in (PNA)
Citrix online plug-in (SSON)
Citrix Receiver
Citrix Receiver (HDX Flash Redirection)
Citrix Receiver Inside
Citrix Receiver(Aero)
Citrix Receiver(DV)
Citrix Receiver(USB)
CodeTwo OutlookExport
Combined Community Codec Pack 2011-07-30
ComicRack v0.9.142
Compatibility Pack for the 2007 Office system
Copernic Desktop Search - Home
coverXP (remove only)
CutePDF Writer 2.8
D3DX10
DirectX 9 Runtime
Dropbox
Easy HR Word Document Properties
ElephantDrive Desktop
Eraser 6.0.8.2273
eReg
erLT
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSTOOLS
essvatgt
Everything 1.2.1.371
Exact Audio Copy 1.0beta3
Exifer
ExifPro 1.0 Photo Viewer
EZDetach (remove only)
Family Tree Maker 2009
FileZilla Client 3.5.1
Foxit Reader
Free Video Flip and Rotate version 1.8.10
Freedom
GEDxlate version 1.2
Google Chrome
Google Earth
Google Talk Plugin
Google Update Helper
Hewlett-Packard ACLM.NET v1.1.1.0
HP 3D DriveGuard
HP Connection Manager
HP DayStarter
HP ESU for Microsoft Windows 7
HP HD Webcam [Fixed]
HP HotKey Support
HP Media Vault
HP Power Assistant
HP Software Framework
HP Software Update
HP Support Assistant
HP System Default Settings
HP Wallpaper
HP Web Camera
HP Webcam
ID3-TagIT 3
IDT Audio
Intel® Identity Protection Technology 1.1.2.0
Intel® Management Engine Components
Intel® Network Connections Drivers
Intel® Rapid Storage Technology
IP Camera
iSEEK AnswerWorks English Runtime
iTag
iTunes
iTunes Library Updater
iTunesKeys
Java Auto Updater
Java 6 Update 29
Java 7 Update 4
JavaFX 2.1.0
JMicron 1394 Filter Driver
JMicron Flash Media Controller Driver
join.me
KeePass Password Safe 2.19
Kodak EasyShare software
LightScribe System Software
Logitech Harmony Remote Software 7
Logitech SetPoint 6.32
LSI HDA Modem
magicJack
Malwarebytes Anti-Malware version 1.65.0.1400
MediaMonkey 3.2
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office File Validation Add-In
Microsoft Office Professional Edition 2003
Microsoft Office Visio Professional 2003
Microsoft Primary Interoperability Assemblies 2005
Microsoft Pro Photo Tools
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visio Viewer 2010
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft WSE 3.0
Movie Rotator 1.2
Mozilla Firefox 15.0.1 (x86 en-US)
Mozilla Maintenance Service
Mp3tag v2.50
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NEC Electronics USB 3.0 Host Controller Driver
netbrdg
NTI DriveBackup! 4
NTI Shadow 3
ODIR
OfotoXMI
Online Plug-in
Palm
PDF ePub DRM Removal
PDF Settings
PeerBlock 1.1 (r518)
PhotoME
Picasa 3
PowerCinema NE for Everio
PowerDirector Express
PowerProducer
Quicken 2011
QuickTime
RBVirtualFolder64Inst
Remote Control USB Driver
Remove Hidden Data Tool
Renamer (remove only)
Renesas Electronics USB 3.0 Host Controller Driver
Revo Uninstaller 1.93
Rhapsody
Roxio Activation Module
Roxio CinePlayer Decoder Pack
Roxio Express Labeler 3
Roxio MyDVD Business 2010
Roxio Secure Burn
ScanSnap
ScanSnap Manager
SDK
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
SFR
SHASTA
Sigil 0.5.3
SIW version 1.72
skin0001
SKINXSDK
Skype™ 5.5
SnagIt 7
staticcr
SUPERAntiSpyware
Synaptics Pointing Device Driver
SyncBack
TeraCopy 1.22
TreeSize Free V1.77
Trend Micro OfficeScan Client
TurboTax 2011
TurboTax 2011 WinPerFedFormset
TurboTax 2011 WinPerReleaseEngine
TurboTax 2011 WinPerTaxSupport
TurboTax 2011 wrapper
Uninstall 1.0.0.1
Unlocker 1.9.1-x64
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Validity Fingerprint Sensor Driver
VIP Access SDK (1.0.1.5)
VPRINTOL
Vuze
WebSlingPlayer ActiveX
Winamp
Winamp Detector Plug-in
WinDirStat 1.1.2
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WinMerge 2.12.4
WIRELESS
XnView 1.98.2
xplorer² lite 32 bit
.
==== Event Viewer Messages From Past Week ========
.
10/9/2012 8:27:57 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MsMpSvc service.
10/14/2012 12:17:11 PM, Error: Application Popup [56] - Driver USB returned invalid ID for a child device (0).
10/14/2012 11:57:40 AM, Error: Service Control Manager [7000] - The HP Health Check Service service failed to start due to the following error: The system cannot find the file specified.
10/14/2012 11:55:30 AM, Error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified.
10/14/2012 11:49:04 AM, Error: Service Control Manager [7034] - The ElephantDrive-MappedDrive service terminated unexpectedly. It has done this 1 time(s).
10/11/2012 2:49:24 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
10/11/2012 12:06:05 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the hpsrv service.
10/10/2012 11:33:27 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft Security Essentials Client Update Package - KB2754296.
.
==== End Of File ===========================
Infected. Ads in lower left / lower right corner of browser
in Resolved Malware Removal Logs
Posted
Will "fixing" the items listed in category O4 stop them from starting up? Or otherwise affect those programs? A lot of those programs I want running... ituneshelper, everything, 7taskbar, etc....