Jump to content

sunnyleung

Honorary Members
  • Posts

    26
  • Joined

  • Last visited

Everything posted by sunnyleung

  1. Hello Gringo, Thank you for all the effor and hanging in there! I've attached a screenshot of what I see in IE Manage add-ons window. Google is the only search provider I see. When I attempt to add another search engine, ex: bing and remove google, it reverts back to how it looks like in the screenshot after restarting the computer.
  2. ComboFix 12-11-20.02 - Sunny 20/11/2012 19:59:49.6.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.3885.1839 [GMT -8:00] Running from: c:\users\Sunny\Desktop\malware logs\ComboFix.exe Command switches used :: c:\users\Sunny\Desktop\malware logs\CFScript.txt AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C} SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-10-21 to 2012-11-21 ))))))))))))))))))))))))))))))) . . 2012-11-21 04:08 . 2012-11-21 04:08 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp 2012-11-21 04:08 . 2012-11-21 04:08 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-11-21 01:48 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A9492E11-A5AD-4A8D-B21C-F6C197D7FDB9}\mpengine.dll 2012-11-21 01:36 . 2012-11-21 01:36 -------- d-----w- C:\_OTL 2012-11-20 02:00 . 2012-11-20 02:00 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi 2012-11-20 01:41 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-11-18 09:44 . 2012-11-18 09:45 181064 ----a-w- c:\windows\PSEXESVC.EXE 2012-11-18 09:42 . 2012-11-18 09:42 -------- d-----w- C:\RegBackup 2012-11-18 09:40 . 2012-11-18 09:44 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs 2012-11-18 09:40 . 2012-11-18 09:40 -------- d-----w- c:\program files (x86)\Tweaking.com 2012-11-16 02:54 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2012-11-16 02:54 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2012-11-16 02:54 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui 2012-11-16 02:54 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll 2012-11-16 02:45 . 2012-10-08 12:19 17811968 ----a-w- c:\windows\system32\mshtml.dll 2012-11-16 02:45 . 2012-10-08 11:42 10925568 ----a-w- c:\windows\system32\ieframe.dll 2012-11-16 02:42 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys 2012-11-16 02:42 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys 2012-11-16 02:42 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll 2012-11-16 02:42 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll 2012-11-16 02:42 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe 2012-11-16 02:42 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll 2012-11-16 02:42 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll 2012-11-11 22:05 . 2012-11-12 23:56 -------- d-----w- c:\users\Pooh 2012-11-11 20:02 . 2010-01-11 02:40 118784 ----a-w- c:\windows\SysWow64\MSSTDFMT.DLL 2012-11-11 20:02 . 2012-11-11 20:05 -------- d-----w- c:\program files (x86)\SpywareBlaster 2012-11-11 19:59 . 2012-11-11 19:59 -------- d-----w- c:\users\Sunny\AppData\Roaming\SUPERAntiSpyware.com 2012-11-11 19:59 . 2012-11-11 19:59 -------- d-----w- c:\program files\SUPERAntiSpyware 2012-11-11 19:59 . 2012-11-11 19:59 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2012-11-11 19:57 . 2012-11-11 19:57 -------- d-----w- c:\programdata\PC Tools 2012-11-11 19:57 . 2012-11-11 19:57 -------- d-----w- c:\users\Sunny\AppData\Roaming\TestApp 2012-11-11 04:21 . 2012-11-11 04:21 -------- d-----w- c:\programdata\Sophos 2012-11-11 04:21 . 2012-11-11 04:21 73728 ----a-r- c:\users\Sunny\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe 2012-11-11 04:21 . 2012-11-11 04:21 73728 ----a-r- c:\users\Sunny\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe 2012-11-11 04:21 . 2012-11-11 04:21 73728 ----a-r- c:\users\Sunny\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe 2012-11-11 04:21 . 2012-11-11 04:21 -------- d-----w- c:\program files (x86)\Sophos 2012-11-11 04:08 . 2012-11-11 04:08 -------- d-----w- c:\program files (x86)\ESET 2012-11-06 05:42 . 2012-11-06 05:42 -------- d-----w- c:\program files (x86)\Common Files\Java 2012-11-06 05:41 . 2012-11-06 05:41 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll 2012-10-24 06:14 . 2012-10-24 06:14 -------- d-----w- c:\users\Sunny\AppData\Roaming\LavasoftStatistics 2012-10-24 05:39 . 2012-10-24 05:39 -------- d-----w- c:\users\Sunny\AppData\Local\Downloaded Installations 2012-10-24 05:38 . 2012-10-24 05:38 -------- d-----w- c:\users\Sunny\AppData\Local\adawarebp 2012-10-24 05:38 . 2012-11-21 03:19 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection 2012-10-24 05:38 . 2012-10-24 05:38 -------- d-----w- c:\program files (x86)\Toolbar Cleaner 2012-10-24 05:38 . 2012-10-24 05:38 -------- d-----w- c:\program files (x86)\adawaretb 2012-10-24 04:19 . 2012-10-24 05:33 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2012-10-24 04:19 . 2012-10-24 04:23 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-11-21 03:19 . 2012-06-14 16:56 45056 ----a-w- c:\windows\system32\acovcnt.exe 2012-11-16 02:42 . 2011-08-26 03:21 66395536 ----a-w- c:\windows\system32\MRT.exe 2012-11-11 09:04 . 2011-12-27 00:59 88008 ----a-w- c:\windows\system32\LMIRfsClientNP.dll 2012-11-11 09:04 . 2011-12-27 00:59 35240 ----a-w- c:\windows\system32\LMIport.dll 2012-11-11 09:04 . 2011-12-27 00:59 83880 ----a-w- c:\windows\system32\LMIinit.dll 2012-11-06 05:41 . 2011-09-07 07:34 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-10-18 04:35 . 2012-04-06 02:30 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-10-18 04:35 . 2011-09-09 01:34 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-10-04 03:44 . 2012-10-20 19:57 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6AA6ADF4-6FC0-40A8-BA17-F9D90389391B}\gapaengine.dll 2012-10-04 03:44 . 2012-02-11 11:17 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2012-09-30 02:54 . 2012-09-03 19:06 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-14 19:19 . 2012-10-10 03:58 2048 ----a-w- c:\windows\system32\tzres.dll 2012-09-14 18:28 . 2012-10-10 03:58 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-08-31 18:19 . 2012-10-10 03:59 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys 2012-08-31 05:03 . 2012-08-31 05:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys 2012-08-31 05:03 . 2011-04-27 22:25 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys 2012-08-30 18:03 . 2012-10-10 03:59 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-08-30 17:12 . 2012-10-10 03:59 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-08-30 17:12 . 2012-10-10 03:59 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-08-24 18:05 . 2012-10-10 03:59 220160 ----a-w- c:\windows\system32\wintrust.dll 2012-08-24 16:57 . 2012-10-10 03:59 172544 ----a-w- c:\windows\SysWow64\wintrust.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files (x86)\adawaretb\adawareDx.dll" [2012-09-20 87448] . [HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ShowBatteryBar"="c:\program files\BatteryBar\ShowBatteryBar.exe" [2009-05-28 89600] "OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2012-01-21 719672] "Workrave"="c:\program files (x86)\Workrave\lib\workrave.exe" [2011-03-25 3871246] "WLSync"="c:\program files (x86)\Windows Live\Mesh\WLSync.exe" [2012-03-09 1449824] "98E36C341B5CB5AFB17092EB2920E6EA02805BD9._service_run"="c:\users\Sunny\AppData\Local\Google\Chrome\Application\chrome.exe" [2012-10-31 1242136] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] "SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-01 5629312] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files (x86)\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232] "UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504] "UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504] "HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016] "EaseUs Watch"="c:\program files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe" [2011-10-22 70792] "EaseUs Tray"="c:\program files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe" [2011-10-22 743560] "ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-02-04 7350912] "ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-01-05 170624] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280] "Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-03-27 40376] "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-03-26 640440] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208] "vmware-tray"="c:\program files (x86)\VMware\VMware Workstation\vmware-tray.exe" [2009-10-22 129584] "Garmin Lifetime Updater"="c:\program files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe" [2012-01-06 1446760] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888] "Display"="c:\program files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe" [2012-01-24 284024] "XviD Codec"="c:\program files (x86)\XviD\codec.exe" [2012-08-08 606720] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776] "Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2012-08-08 540056] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896] "LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-11-20 2254768] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ APC UPS Status.lnk - c:\program files (x86)\APC\PowerChute Personal Edition\Display.exe [2012-1-24 271736] Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-8-2 1080608] HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-23 270336] SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe [2010-8-17 156952] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux2"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 KMService;KMService;c:\windows\system32\srvany.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944] R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2009-12-28 44032] R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864] R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-07-29 16776] R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-07-29 9096] R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-03-19 1431888] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896] R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832] R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-06-14 16448] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-26 1255736] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464] R4 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2009-12-07 379520] R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-09-17 834544] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2011-10-22 44680] S0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [2011-10-22 50312] S1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2011-10-22 19592] S1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [2011-10-22 189576] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368] S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2012-03-15 224048] S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2012-03-15 130864] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672] S2 APC Data Service;APC Data Service;c:\program files (x86)\APC\PowerChute Personal Edition\dataserv.exe [2012-01-24 21880] S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416] S2 EaseUS Agent;EaseUS Agent;c:\program files (x86)\EaseUS\Todo Backup\bin\Agent.exe [2011-10-22 60552] S2 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe [2011-12-12 8704] S2 Guard Agent;Guard Agent;c:\program files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe [2011-10-22 23176] S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-11-20 2462128] S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-11-11 375728] S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2011-09-16 15928] S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2314240] S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2009-10-22 80944] S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2009-10-22 563760] S3 ALSysIO;ALSysIO;c:\users\Sunny\AppData\Local\Temp\ALSysIO64.sys [x] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-03-04 75816] S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416] S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2012-03-15 147248] S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2012-03-15 166192] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - ALSYSIO . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder . 2012-11-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-213426137-1922756365-3311226018-1001Core.job - c:\users\Sunny\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-02 08:35] . 2012-11-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-213426137-1922756365-3311226018-1001UA.job - c:\users\Sunny\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-02 08:35] . 2012-11-21 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 65ff1bd1-9d9e-4648-88b5-3067be9d6b12.job - c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52] . 2012-11-20 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task e64f2b5f-7d69-4ef3-816d-f223cd72dd81.job - c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2011-09-16 57928] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032] "AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-01-18 324608] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-22 167704] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-22 392472] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-22 416024] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=c:\windows\System32\acaptuser64.dll . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mStart Page = mLocal Page = c:\windows\SYSTEM32\blank.htm LSP: c:\program files (x86)\VMware\VMware Workstation\vsocklib.dll Trusted Zone: mini9 Trusted Zone: pearsoned.com\myitlab TCP: DhcpNameServer = 192.168.1.254 . - - - - ORPHANS REMOVED - - - - . AddRemove-Asus_ULSeries_ScreenSaver - c:\windows\system32\Asus_ULSeries_ScreenSaver.scr . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-11-20 20:12:00 ComboFix-quarantined-files.txt 2012-11-21 04:11 ComboFix2.txt 2012-11-20 02:30 ComboFix3.txt 2012-11-20 01:58 ComboFix4.txt 2012-11-19 01:10 . Pre-Run: 47,921,291,264 bytes free Post-Run: 47,857,442,816 bytes free . - - End Of File - - A5052B7B592833CB604ECE58FB76F5FA
  3. Home page is still set to startsear.info in IE8 after restart!
  4. ========== OTL ========== 64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully. Registry value HKEY_USERS\S-1-5-21-213426137-1922756365-3311226018-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NPSStartup deleted successfully. Registry value HKEY_USERS\S-1-5-21-213426137-1922756365-3311226018-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Akamai NetSession Interface deleted successfully. Registry value HKEY_USERS\S-1-5-21-213426137-1922756365-3311226018-1001\Software\Microsoft\Windows\CurrentVersion\Run\\RESTART_STICKY_NOTES deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully. File Protocol\Handler\livecall - No CLSID value found not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully. File Protocol\Handler\ms-help - No CLSID value found not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully. File Protocol\Handler\msnim - No CLSID value found not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully. File Protocol\Handler\skype4com - No CLSID value found not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully. File Protocol\Handler\wlmailhtml - No CLSID value found not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully. File Protocol\Handler\wlpg - No CLSID value found not found. 64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. ADS C:\ProgramData\Temp:4CF61E54 deleted successfully. ADS C:\ProgramData\Temp:553CA6CA deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. HKU\S-1-5-21-213426137-1922756365-3311226018-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! HKEY_USERS\S-1-5-21-213426137-1922756365-3311226018-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_USERS\S-1-5-21-213426137-1922756365-3311226018-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. ========== FILES ========== < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Users\Sunny\Desktop\malware logs\cmd.bat deleted successfully. C:\Users\Sunny\Desktop\malware logs\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYJAVA] User: All Users User: Default User: Default User User: LogMeInRemoteUser User: Pooh ->Java cache emptied: 0 bytes User: Public User: Sunny ->Java cache emptied: 0 bytes Total Java Files Cleaned = 0.00 mb [EMPTYFLASH] User: All Users User: Default ->Flash cache emptied: 41620 bytes User: Default User ->Flash cache emptied: 0 bytes User: LogMeInRemoteUser ->Flash cache emptied: 41620 bytes User: Pooh ->Flash cache emptied: 42316 bytes User: Public User: Sunny ->Flash cache emptied: 42166 bytes Total Flash Files Cleaned = 0.00 mb OTL by OldTimer - Version 3.2.69.0 log created on 11202012_173626
  5. OTL Extras logfile created on: 11/19/2012 8:44:36 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sunny\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy 3.79 Gb Total Physical Memory | 1.78 Gb Available Physical Memory | 46.99% Memory free 7.59 Gb Paging File | 4.95 Gb Available in Paging File | 65.25% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 218.94 Gb Total Space | 46.01 Gb Free Space | 21.02% Space Free | Partition Type: NTFS Computer Name: UL20FT | User Name: Sunny | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-213426137-1922756365-3311226018-1001\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{026AE696-A905-465A-832A-9344F487C6AE}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{032609E7-98F4-4B0D-96F0-4B44CFC66008}" = lport=137 | protocol=17 | dir=in | app=system | "{03574448-4F44-4E10-8E89-283DD61623A5}" = lport=2869 | protocol=6 | dir=in | app=system | "{07FE1239-A519-4BA8-A6B2-84CAEE798A78}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | "{091F3479-C8A4-4835-AA41-6E04E1353DC2}" = lport=10243 | protocol=6 | dir=in | app=system | "{10F257E2-A008-4ED0-B16A-E5298F0E1FCD}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{12342B58-E6D3-43AF-B1E7-555635FB028E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{1363718C-360B-48DA-AC51-C55967F66AB5}" = rport=139 | protocol=6 | dir=out | app=system | "{147E9B24-ADAA-4692-8BBE-0D31D0FF6C10}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | "{2A9B646E-81C6-4428-94FD-48D742A65A65}" = rport=10243 | protocol=6 | dir=out | app=system | "{4103DA38-727A-402E-B785-CFE63B2E7DD7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{48A4BF68-F641-4D2C-89AA-F21F8DE0B5B9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{4EC73ADA-4957-420B-A138-D7EFF8FAD7C8}" = lport=445 | protocol=6 | dir=in | app=system | "{618B7FC0-0E6F-4AB4-9B0E-2FC6E5627A72}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{61C750D2-8041-479D-9966-8612BDD3EE04}" = lport=5353 | protocol=17 | dir=in | name=java platform se binary | "{78CE45E5-28B2-4ACC-98A5-DF02175760F6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{7A2C4837-C582-45FB-9F6C-1994E6C161EF}" = lport=8182 | protocol=6 | dir=in | name=java platform se binary | "{7E4F6066-DEBA-4BF8-A055-827AB3F2815D}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{A95B0DF4-74B9-4780-B355-267FA250F565}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{ABA864EE-07DA-4942-A747-DD8ADB6EE7A3}" = lport=2869 | protocol=6 | dir=in | app=system | "{C3250D11-7C6A-4710-BB5C-996BFE3C4C44}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{C88EA08C-C823-468C-82C8-C816F1F5B6E8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{CDB1FC0D-0AB1-4F2B-B695-13DC22D71850}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{CE5DF775-816B-405E-84D8-2047A1A41C49}" = lport=138 | protocol=17 | dir=in | app=system | "{D632D717-C935-412E-8944-014ECEA7DBF0}" = rport=445 | protocol=6 | dir=out | app=system | "{EC5982E0-AAC6-4B8C-A24A-927788445DF2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{F1D77A10-7F0E-4638-89DB-11EF9570CBF8}" = lport=139 | protocol=6 | dir=in | app=system | "{F2E8C9E4-8159-415E-BB17-B9E417B95F00}" = rport=137 | protocol=17 | dir=out | app=system | "{F6353F11-25F7-4D9D-A32C-36B3B592FEAF}" = rport=138 | protocol=17 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0001B352-8CBF-430F-8698-BDD69A68C2E9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{0238C6B8-9810-4B04-97F8-8EEAFAC11A03}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{028B0353-032C-4603-B4E4-1C615AD2DB91}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe | "{0B0EC899-AFF0-4BC5-AF63-D360ECADBDD3}" = protocol=6 | dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe | "{0DB780C1-D4C7-437D-B1DC-6C262F2BD496}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{0F0A5D13-1348-44FA-8515-7B234BC1C30A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "{1077EDCC-E7F8-4167-810A-7F4CD10E1347}" = protocol=6 | dir=in | app=c:\program files (x86)\adawaretb\dtuser.exe | "{1873088C-EFA8-4CE4-918D-96C091EEE05D}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\server.exe | "{2127D06B-0C3B-4075-B8A6-65D9AFCA209D}" = protocol=17 | dir=in | app=c:\program files (x86)\easeus\todo backup\bin\agent.exe | "{215131BC-BABF-457E-948D-F17B5EA0F4C1}" = protocol=6 | dir=in | app=c:\program files (x86)\couchpotato\couchpotato.exe | "{23028E6F-60A2-47C7-8A1D-6F13DD3503BD}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{24A729D4-3D7A-46EA-93BB-39EE9BAEF762}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{25DA12E3-DCD3-4762-A2EC-7DFF7D101D3A}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\manager.exe | "{26213E70-844D-4FC6-A525-75EDC91A73AD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{2A9E671C-A6AB-40EF-A2C3-C8363FC312E8}" = protocol=6 | dir=in | app=c:\windows\kmsemulator.exe | "{32178761-BE69-44FD-B9E6-BA1117971F2B}" = protocol=17 | dir=in | app=c:\users\sunny\appdata\local\google\google talk plugin\googletalkplugin.exe | "{32C7746D-F34D-4574-BD30-4A8059548A4D}" = protocol=17 | dir=in | app=c:\program files (x86)\adawaretb\dtuser.exe | "{34CFAE28-5E05-45A8-8D84-D13A79181FDB}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | "{4242DDDD-D8D4-4A84-9189-A4DD7B482E41}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe | "{42BA56F7-1849-497A-86C2-0978D62FD357}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{4561DF2C-6F0E-4870-8789-E6B2D866C2F4}" = protocol=6 | dir=in | app=c:\program files (x86)\easeus\todo backup\bin\agent.exe | "{464820C4-25A4-407F-B147-F7DC63BCA684}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe | "{464CB806-2551-49FF-8904-F2F97AB448A9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{493B26EF-C4B4-4CCB-A4BC-03B86E95E2BD}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{53D91853-74FE-4088-AF00-1E53F6967A14}" = protocol=17 | dir=in | app=c:\program files (x86)\easeus\todo backup\bin\agent.exe | "{54EF6F35-1091-4E81-837B-38F7323C4762}" = protocol=17 | dir=in | app=c:\users\sunny\downloads\sickbeard-win32-alpha-build496\sickbeard.exe | "{562B5F40-51AF-4C11-AC79-B369FD94CF25}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | "{5703DE43-3A18-4A2D-A7A1-3C74C7579757}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe | "{58DB848D-5EBC-464A-BB76-4F41C572482A}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\monitor.exe | "{5CD30065-21C2-4593-A80A-EC3F71B59A42}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | "{5EB01744-C13B-4176-AC1A-BFDA0DB8487F}" = protocol=6 | dir=out | app=system | "{614237DC-2F8A-4AD3-AEE9-E97DF9693827}" = protocol=6 | dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe | "{63257325-1929-4D48-B57C-E1AFEEB42F95}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{678706EF-B8BF-40D1-9AA9-3D0C33F15557}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | "{68A74FD8-B544-4893-AE16-AFBA62DB79EA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe | "{695125F5-FAC2-495B-9C65-9B0B2A9019B4}" = protocol=17 | dir=in | app=c:\program files (x86)\couchpotato\couchpotato.exe | "{6E40FBF6-62C2-49F4-8F88-EDFD10567A4D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe | "{72D40DA9-677A-45BD-BCBF-14B602F91A67}" = protocol=17 | dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe | "{745C7368-774D-4F2F-9D25-1FD0994E2AF4}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "{75E5F4E1-A4B5-4F1A-BA36-A17A983FBBF9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{7ABDBB31-C51E-49C8-871F-FC42E1606A52}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{7F5317E3-0B22-4C24-9B0D-446566F5578D}" = protocol=58 | dir=in | app=system | "{8064A3B7-A77B-43D6-A110-59ACEE0C1E56}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe | "{8C6C6615-D3AC-4085-AC83-404E9CB14BDB}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{8FAA75FC-2950-422E-9B93-43C1E3F63765}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{90683AA7-1C16-4E57-9C84-85CE183242BF}" = protocol=6 | dir=in | app=c:\users\sunny\appdata\local\akamai\netsession_win.exe | "{98DB5565-F147-43DC-8A9D-6F222BB8F0DF}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{9AFF4C92-4E4B-4A62-B98A-2C864355735F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{9BBE5D3C-C4B3-448A-B970-A0E5DA186D6A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{9ECB8F1C-9257-4EF8-A34A-CA9CD3642D99}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\server.exe | "{A045A846-BFE1-4436-A1A3-E830ECF9DB12}" = protocol=6 | dir=in | app=c:\users\sunny\appdata\local\google\google talk plugin\googletalkplugin.exe | "{A2B9EACC-73C9-49D1-9FDD-B9093098F10E}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{A43864B4-3F91-4D97-BE9D-2D937FD94648}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\manager.exe | "{AEB14EF8-D9CB-4A7C-9882-24398D1B6133}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{B08513B9-730D-4FD4-A0C2-A05C4E4F1898}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{B2084398-2777-4DDB-864C-7F48D8D7DC54}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{BD7FC1A8-1DF3-4032-A1E7-4F5C560DB9AA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe | "{BE08B3D3-CE4A-4A7B-80B1-46942C332114}" = protocol=17 | dir=in | app=c:\users\sunny\appdata\local\google\google talk plugin\googletalkplugin.exe | "{BF1A5B4B-B9C3-46BA-803A-AF5C13B86E54}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{C1F11A01-60E8-4314-BCC8-8A8F70CF07B4}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "{C59AFAB9-9F1A-4156-A65B-2A05178B0BBD}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe | "{C5AD3FAB-CC47-4E2D-8D9F-FA2384192489}" = protocol=6 | dir=in | app=c:\users\sunny\appdata\local\google\google talk plugin\googletalkplugin.exe | "{C758D308-5242-4E30-BDA4-7D0D4F79E11E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{CAA7FDD1-671E-4DC6-B22A-051C5DC933B5}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{CAEC1F2A-4184-4B42-A286-43C1D595417A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | "{CAF8794F-E9A2-48CA-B1C0-A4686E708204}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{CB7C63C7-2944-4324-ADE2-F5AF9E5B677D}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | "{D36B8E4D-9D5E-4859-9583-8A5F7CF39583}" = protocol=17 | dir=in | app=c:\windows\kmsemulator.exe | "{D6103E24-3701-4311-9F45-C2F8E6FDC98F}" = protocol=6 | dir=in | app=c:\users\sunny\downloads\sickbeard-win32-alpha-build496\sickbeard.exe | "{D6FAF39B-8C7B-4AD7-9220-8D4758BC279D}" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | "{D96E8FE8-9499-4BE0-A0F0-3051D293E4B9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{DA8911B9-50BC-422E-87FB-DE0AEBE21E6F}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "{DAC4AF61-AC3C-4D14-9C1B-C54F31BF330D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{DDF9EE75-881A-4449-A011-DBBE0C41CA86}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\monitor.exe | "{E897B3D5-F4F2-4EB2-9A7E-E55DEA5103B8}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{E8BFCBBB-751B-4581-992B-D2C473EA2D35}" = protocol=17 | dir=in | app=c:\users\sunny\appdata\local\akamai\netsession_win.exe | "{EB1895E9-C45D-4BA8-8504-B2AAF475F281}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{EBBB5298-86C3-4A12-A226-0C81770AC556}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | "{F0B4EF19-8640-4976-BAED-010806E97DA6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{F11090FB-EA85-4A57-AD21-B1E2DAAC8FBD}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | "{F3EAABCE-3D2E-41F1-B53C-FDC19B068A42}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "{F4F19472-FA61-41BE-A61F-971D6909E9A6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{F7223A69-DD28-4F11-A55F-357FA1772ED7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | "{FADF2C8A-4C0A-46E2-9DC4-F1CA88200F36}" = protocol=6 | dir=in | app=c:\program files (x86)\easeus\todo backup\bin\agent.exe | "{FDFD8931-F7CB-48AF-B973-8A098A298505}" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | "{FE9B25A0-3A1C-4B11-8B58-F1962F7F4129}" = protocol=17 | dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe | "{FECE5F07-1D76-4A96-83D4-7DA15E5B6D3A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | "{FF03F8FE-0828-4BCA-9A68-4C48CF326B6B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | "{FF3091CD-0FD6-453A-8239-78828ED03968}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "TCP Query User{16DB8D82-4310-449E-9E91-BD56F1F1D7EB}C:\program files (x86)\xbmc\xbmc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xbmc\xbmc.exe | "TCP Query User{1C5FE4BA-2E7F-448B-A009-03732EC7052E}C:\users\sunny\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\sunny\appdata\local\akamai\netsession_win.exe | "TCP Query User{29CCD3BE-1588-4065-B081-D4C503FCD74A}C:\program files (x86)\dsnet corp\atube catcher 2.0\yct.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dsnet corp\atube catcher 2.0\yct.exe | "TCP Query User{46F9911B-5B19-4651-8A9E-98B063DA581E}C:\users\sunny\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\sunny\appdata\local\google\chrome\application\chrome.exe | "TCP Query User{51E6F23A-8DFC-49B5-9945-BBA0ED38C31A}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | "TCP Query User{94D7FFEC-788C-4E8B-B6FE-1C655160F383}C:\windows\kmsemulator.exe" = protocol=6 | dir=in | app=c:\windows\kmsemulator.exe | "TCP Query User{AF13A580-9930-4677-BC9B-CC529669B84D}C:\program files (x86)\couchpotato\couchpotato.exe" = protocol=6 | dir=in | app=c:\program files (x86)\couchpotato\couchpotato.exe | "TCP Query User{BA460AEF-A592-4959-807D-B0E85F1A48FE}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe | "TCP Query User{CF7C382C-076E-4525-836E-B46A8CE7B68B}C:\program files (x86)\cisco packet tracer 5.3.3\bin\packettracer5.exe" = protocol=6 | dir=in | app=c:\program files (x86)\cisco packet tracer 5.3.3\bin\packettracer5.exe | "TCP Query User{EC990366-48D8-4D5C-9F09-40E09A5D055F}C:\users\sunny\downloads\sickbeard-win32-alpha-build496\sickbeard.exe" = protocol=6 | dir=in | app=c:\users\sunny\downloads\sickbeard-win32-alpha-build496\sickbeard.exe | "TCP Query User{F573F70D-0804-4ABF-9E09-82E8AF412AED}C:\program files (x86)\maple 15\jre\bin\maple.exe" = protocol=6 | dir=in | app=c:\program files (x86)\maple 15\jre\bin\maple.exe | "UDP Query User{09015B61-4725-4775-8325-A64C4C80A450}C:\program files (x86)\cisco packet tracer 5.3.3\bin\packettracer5.exe" = protocol=17 | dir=in | app=c:\program files (x86)\cisco packet tracer 5.3.3\bin\packettracer5.exe | "UDP Query User{0CDF5B1A-FD50-4AFB-AA01-5AD37E9944F2}C:\program files (x86)\maple 15\jre\bin\maple.exe" = protocol=17 | dir=in | app=c:\program files (x86)\maple 15\jre\bin\maple.exe | "UDP Query User{146B0088-BE78-497C-AB4E-A722EE4A7EED}C:\program files (x86)\dsnet corp\atube catcher 2.0\yct.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dsnet corp\atube catcher 2.0\yct.exe | "UDP Query User{33F22CA5-EF72-41C6-9D18-839D7B76F9A8}C:\windows\kmsemulator.exe" = protocol=17 | dir=in | app=c:\windows\kmsemulator.exe | "UDP Query User{7DFBC332-13F4-4573-AAA4-EC84BA911FC6}C:\users\sunny\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\sunny\appdata\local\google\chrome\application\chrome.exe | "UDP Query User{8E0547A2-EB7F-4607-800F-D01F5CAF4F12}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | "UDP Query User{A6550880-B368-4A88-B3C2-EEE314E34AE7}C:\users\sunny\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\sunny\appdata\local\akamai\netsession_win.exe | "UDP Query User{BAD59F17-A44C-45AA-8D93-EC2D90F0C671}C:\program files (x86)\xbmc\xbmc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xbmc\xbmc.exe | "UDP Query User{CB1FF683-02C6-46DD-950B-75F6F0A79E21}C:\users\sunny\downloads\sickbeard-win32-alpha-build496\sickbeard.exe" = protocol=17 | dir=in | app=c:\users\sunny\downloads\sickbeard-win32-alpha-build496\sickbeard.exe | "UDP Query User{D527C3BA-D5A9-46D5-A659-96EB639D5171}C:\program files (x86)\couchpotato\couchpotato.exe" = protocol=17 | dir=in | app=c:\program files (x86)\couchpotato\couchpotato.exe | "UDP Query User{EB96542E-118C-4496-9AE7-504DDE8FFEC0}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector "{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety "{03AC245F-4C64-425C-89CF-7783C1D3AB2C}" = Microsoft Sync Framework 2.0 Provider Services (x64) ENU "{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64 "{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp 1.0 RC2 "{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety "{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot "{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{31E8F586-4EF7-4500-844D-BA8756474FF1}" = Windows Automated Installation Kit "{4529F749-C362-4119-AFA0-0A3F1CA924AB}" = Autodesk MatchMover 2012 64-bit "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{5267AFF2-6F91-4AE3-9959-7EF03625BA64}" = Microsoft Deployment Toolkit 2012 (6.0.2223.0) "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2 "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources "{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64 "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64) "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources "{88DAAF05-5A72-46D2-A7C5-C3759697E943}" = SyncToy 2.1 (x64) "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8AB2AC00-AFFF-4043-83D9-0086528B337F}" = HP OfficeJet J6400 "{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}" = Microsoft Sync Framework 2.0 Core Components (x64) ENU "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010 "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 "{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}" = ASUS Power4Gear Hybrid "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9E6BB4E4-0B20-4922-AA37-260FA5ACFBA5}" = Autodesk Maya 2012 64-bit "{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software "{AC3E3746-8F18-4F8A-9521-1493022C6E0A}" = Autodesk DirectConnect 2012 64-bit "{AC76BA86-1033-0000-0064-0003D0000004}" = Adobe Acrobat 9 Pro Extended 64-bit Add-On "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B374E6A8-501F-4BC0-BA59-4EE78F06B3B2}" = Oracle VM VirtualBox 4.1.10 "{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}" = SRS Premium Sound Control Panel "{EA234BC3-39FE-4734-B72F-076086889F6D}" = Composite 2012 64-bit "{EB418DDD-5365-4381-87F6-D8BBB21CC1CA}" = Garmin Communicator Plugin x64 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{FC4AD39F-9DCE-4BD0-B7D0-7C81CEB9F04B}" = NVIDIA PhysX Plug-in for Autodesk Maya 2012 64 bit "{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer "0E74EB10C05C955C24243E6D3120CDC972FC5B1D" = Windows Driver Package - Broadcom HIDClass (06/11/2009 6.2.0.9500) "2AA10AB519DC7432D599A0E860206A7DDCC27764" = Windows Driver Package - Broadcom Bluetooth (07/29/2009 6.1.7100.0) "49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) "Autodesk DirectConnect 2012 64-bit" = Autodesk DirectConnect 2012 64-bit "Autodesk Maya 2012 64-bit" = Autodesk Maya 2012 64-bit "BatteryBar" = BatteryBar (remove only) "CCleaner" = CCleaner "F9FD5BBF579A4BFD40D38BE291F731666B27DC28" = Windows Driver Package - Broadcom Bluetooth (07/17/2009 6.2.0.9403) "HP Imaging Device Functions" = HP Imaging Device Functions 13.0 "HP Smart Web Printing" = HP Smart Web Printing 4.51 "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0 "HPExtendedCapabilities" = HP Customer Participation Program 13.0 "HPOCR" = OCR Software by I.R.I.S. 13.0 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2 "Microsoft Security Client" = Microsoft Security Essentials "Recuva" = Recuva "Shop for HP Supplies" = Shop for HP Supplies "SynTPDeinstKey" = Synaptics Pointing Device Driver "USB 2.0 UVC 0.3M WebCam" = USB 2.0 UVC 0.3M WebCam "WinRAR archiver" = WinRAR 4.01 (64-bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}" = tools-freebsd "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = Google Gmail Notifier "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3 "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting "{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0E13CAA3-B5FC-48C0-AA4A-26F5CD0C371C}" = Garmin Lifetime Updater "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime "{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status "{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan "{17079027-EB8A-42C6-9BF8-825B78889F6A}" = Garmin Communicator Plugin "{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin "{197597A7-AD33-4898-9D8E-73066818B464}" = tools-netware "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3 "{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3 "{24A8F35A-5DF5-4E88-9314-6CD6195BB283}" = Java 3D 1.3.1 (OpenGL) Runtime "{26A24AE4-039D-4CA4-87B4-2F83216037FF}" = Java 6 Update 37 "{279D3818-7287-4ab4-A927-542EBEA9E365}" = ProductContext "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3 "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger "{2B81872B-A054-48DA-BE3B-FA5C164C303A}" = ASUS FancyStart "{2E376AD9-5C49-4F7D-A0BA-6A44E8FA5A3B}" = Next Generation Visualisations "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update "{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{35BA2BAF-FFD4-4B12-B42B-AA8CC902CD23}" = Autodesk DirectConnect 2009 "{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2012.0.0 "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg "{43D16DA8-BF42-3C62-89D3-3AD47829DC2E}" = Google Talk Plugin "{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax "{499DED08-6FA8-4749-8E94-8526CC9D1CA8}" = ExpressGate Cloud "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter "{4F3E17F8-F1C8-4A4B-9EB8-1EE2D190CDA9}" = Adobe Setup "{510D2239-6C2E-457B-9590-485EC552D94D}" = Garmin USB Drivers "{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3 "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{5B65EF64-1DFA-414A-8C94-7BB726158E21}" = ControlDeck "{5D934326-165A-413b-B056-26BE1EC082AF}" = J6400 "{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2 "{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components "{6809408A-56A8-4863-A7E9-3723FF8C24A4}" = BPDSoftware_Ini "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All "{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762 "{77663A9E-EDA4-4873-907D-6315E6D0462A}" = 6400_Help "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert "{85C8D391-0EAE-4492-8A0A-2EE8B0B6DA03}" = BPDSoftware "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3 "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support "{8ED262EE-FC73-47A9-BB86-D92223246881}" = PowerChute Personal Edition 3.0.2 "{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010 "{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010 "{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010 "{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010 "{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 "{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010 "{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}_Office14.VISIOR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}_Office14.VISIOR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.VISIOR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.VISIOR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0409-1000-0000000FF1CE}_Office14.VISIOR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 "{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0409-0000-0000000FF1CE}_Office14.VISIOR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010 "{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2010 "{90140000-0054-0409-0000-0000000FF1CE}_Office14.VISIOR_{CDC4310F-8189-485F-B47D-D972217CE173}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1) "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 "{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0409-0000-0000000FF1CE}_Office14.VISIOR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010 "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010 "{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 "{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0115-0409-0000-0000000FF1CE}_Office14.VISIOR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0116-0409-1000-0000000FF1CE}_Office14.VISIOR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010 "{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3 "{91140000-0057-0000-0000-0000000FF1CE}" = Microsoft Office Visio 2010 "{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{01D8AE4B-A04D-47E5-81BF-E3F98B81B8C3}" = Microsoft Visio 2010 Service Pack 1 (SP1) "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings "{976475B8-63E9-4559-BE2C-D26086BE4C40}" = LogMeIn "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}" = VMware Workstation "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A7B8A5E9-CA44-44A0-9393-9EA0FFE4C3FB}" = Alcor Micro USB Card Reader "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}" = tools-solaris "{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package "{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings "{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch "{AC76BA86-1033-F400-7761-000000000004}_951" = Adobe Acrobat 9.5.1 - CPSID_83708 "{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1) "{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0 "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{B829E117-D072-41EA-9606-9826A38D34C1}" = Sophos Virus Removal Tool "{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3 "{BBED4F90-7AE5-40BF-AFB7-1B495692F4AB}" = syncables desktop SE "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations "{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2 "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{CAE017F8-C238-4397-879B-7FBB915D9457}" = LogMeIn Hamachi "{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}" = System Requirements Lab for Intel "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client "{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files "{D39F0676-163E-4595-A917-E28F99BBD4D2}" = ASUS AI Recovery "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings "{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting "{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3 "{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center "{FA30FFD4-8DF3-4B29-9C2C-EE30584CD795}" = bpd_scan "{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows "3DSexVilla2-132.001" = thriXXX 3DSexVilla2-132.001 "AC3Filter_is1" = AC3Filter 1.63b "adawaretb" = Ad-Aware Security Add-on "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe_a04a925a57548091300ada368235fc6" = Adobe Illustrator CS3 "ASUS AP Bank_is1" = ASUS AP Bank "Asus_ULSeries_ScreenSaver" = Asus_ULSeries_ScreenSaver "Cisco Packet Tracer 5.3.3_is1" = Cisco Packet Tracer 5.3.3 "EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 9.1.0 Home Edition "EaseUS Todo Backup Free 3.5_is1" = EaseUS Todo Backup Free 3.5 "ESET Online Scanner" = ESET Online Scanner v3 "HijackThis" = HijackThis 2.0.2 "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "InstallShield_{499DED08-6FA8-4749-8E94-8526CC9D1CA8}" = ExpressGate Cloud "InstallShield_{A7B8A5E9-CA44-44A0-9393-9EA0FFE4C3FB}" = Alcor Micro USB Card Reader "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "LogMeIn Hamachi" = LogMeIn Hamachi "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000 "Maple 15" = Maple 15 (32-bit) "Office14.PROPLUS" = Microsoft Office Professional Plus 2010 "Office14.VISIOR" = Microsoft Visio Professional 2010 "Pearson IT Certification Practice Test_is1" = Pearson IT Certification Practice Test "Picasa 3" = Picasa 3 "RealAlt_is1" = Real Alternative 2.0.2 "SpywareBlaster_is1" = SpywareBlaster 4.6 "Theme Clock - 7_is1" = Theme Clock-7 2.2 "Tweaking.com - Windows Repair (All in One)" = Tweaking.com - Windows Repair (All in One) "uCertify M70-640" = uCeritify M70-640 - TS: Windows Server 2008 Active Directory, Configuring "uTorrent" = µTorrent "VLC media player" = VLC media player 1.1.11 "VMware_Workstation" = VMware Workstation "WhiteCap" = WhiteCap "WinLiveSuite" = Windows Live Essentials "WinPcapInst" = WinPcap 4.1.2 "Workrave_is1" = Workrave 1.9.4 ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-213426137-1922756365-3311226018-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome "XBMC" = XBMC ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 10/14/2012 8:02:19 PM | Computer Name = ul20ft | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 10/14/2012 8:02:19 PM | Computer Name = ul20ft | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 1248 Error - 10/14/2012 8:02:19 PM | Computer Name = ul20ft | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 1248 Error - 10/14/2012 11:34:34 PM | Computer Name = ul20ft | Source = SideBySide | ID = 16842832 Description = Activation context generation failed for "C:\Program Files (x86)\Adobe\Acrobat 9.0\Designer 8.2\FormDesigner.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error - 10/14/2012 11:34:34 PM | Computer Name = ul20ft | Source = SideBySide | ID = 16842832 Description = Activation context generation failed for "C:\Program Files (x86)\Adobe\Acrobat 9.0\Designer 8.2\FormDesigner.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error - 10/14/2012 11:36:14 PM | Computer Name = ul20ft | Source = Application Error | ID = 1000 Description = Faulting application name: hpiscnapp.exe, version: 13.0.0.131, time stamp: 0x4a0c0809 Faulting module name: hpwtiop3.dll, version: 110.0.62.0, time stamp: 0x471c6963 Exception code: 0xc0000005 Fault offset: 0x0004224d Faulting process id: 0x3828 Faulting application start time: 0x01cdaa861aaf19b2 Faulting application path: C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe Faulting module path: C:\Program Files (x86)\HP\Digital Imaging\bin\hpwtiop3.dll Report Id: 77ea5255-1679-11e2-bc31-005056c00008 Error - 10/14/2012 11:37:48 PM | Computer Name = ul20ft | Source = Application Error | ID = 1000 Description = Faulting application name: hpiscnapp.exe, version: 13.0.0.131, time stamp: 0x4a0c0809 Faulting module name: hpwtiop3.dll, version: 110.0.62.0, time stamp: 0x471c6963 Exception code: 0xc0000005 Fault offset: 0x0004224d Faulting process id: 0x45cc Faulting application start time: 0x01cdaa8657c9c79e Faulting application path: C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe Faulting module path: C:\Program Files (x86)\HP\Digital Imaging\bin\hpwtiop3.dll Report Id: b018667c-1679-11e2-bc31-005056c00008 Error - 10/14/2012 11:40:10 PM | Computer Name = ul20ft | Source = Application Error | ID = 1000 Description = Faulting application name: hpiscnapp.exe, version: 13.0.0.131, time stamp: 0x4a0c0809 Faulting module name: hpwtiop3.dll, version: 110.0.62.0, time stamp: 0x471c6963 Exception code: 0xc0000005 Fault offset: 0x0004224d Faulting process id: 0x36d4 Faulting application start time: 0x01cdaa86a23e2a64 Faulting application path: C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe Faulting module path: C:\Program Files (x86)\HP\Digital Imaging\bin\hpwtiop3.dll Report Id: 047629aa-167a-11e2-bc31-005056c00008 Error - 10/16/2012 10:14:44 AM | Computer Name = ul20ft | Source = SideBySide | ID = 16842785 Description = Activation context generation failed for "C:\Program Files\Autodesk\Composite 2012\python\lib\distutils\command\wininst-8_d.exe". Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error - 10/16/2012 10:32:48 AM | Computer Name = ul20ft | Source = SideBySide | ID = 16842785 Description = Activation context generation failed for "C:\Program Files\Autodesk\Composite 2012\python\lib\distutils\command\wininst-8_d.exe". Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found. Please use sxstrace.exe for detailed diagnosis. [ System Events ] Error - 11/19/2012 10:23:31 PM | Computer Name = ul20ft | Source = Service Control Manager | ID = 7034 Description = The EaseUS Agent service terminated unexpectedly. It has done this 4 time(s). Error - 11/19/2012 10:23:33 PM | Computer Name = ul20ft | Source = VDS Basic Provider | ID = 33554433 Description = Error - 11/19/2012 10:23:34 PM | Computer Name = ul20ft | Source = VDS Basic Provider | ID = 33554433 Description = Error - 11/19/2012 10:25:21 PM | Computer Name = ul20ft | Source = Service Control Manager | ID = 7034 Description = The EaseUS Agent service terminated unexpectedly. It has done this 5 time(s). Error - 11/19/2012 10:25:23 PM | Computer Name = ul20ft | Source = VDS Basic Provider | ID = 33554433 Description = Error - 11/19/2012 10:25:24 PM | Computer Name = ul20ft | Source = VDS Basic Provider | ID = 33554433 Description = Error - 11/19/2012 10:26:54 PM | Computer Name = ul20ft | Source = Service Control Manager | ID = 7030 Description = The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error - 11/19/2012 11:15:55 PM | Computer Name = ul20ft | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: SBRE Error - 11/19/2012 11:48:16 PM | Computer Name = ul20ft | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: SBRE Error - 11/19/2012 11:59:21 PM | Computer Name = ul20ft | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: cdrom SBRE < End of report >
  6. OTL logfile created on: 11/19/2012 8:44:36 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sunny\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy 3.79 Gb Total Physical Memory | 1.78 Gb Available Physical Memory | 46.99% Memory free 7.59 Gb Paging File | 4.95 Gb Available in Paging File | 65.25% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 218.94 Gb Total Space | 46.01 Gb Free Space | 21.02% Space Free | Partition Type: NTFS Computer Name: UL20FT | User Name: Sunny | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) PRC - C:\Users\Sunny\Downloads\OTL.exe (OldTimer Tools) PRC - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft) PRC - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.) PRC - C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe (Schneider Electric) PRC - C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe (Schneider Electric) PRC - C:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exe (Schneider Electric) PRC - C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe (Garmin) PRC - C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe (Microsoft) PRC - C:\Program Files (x86)\Auslogics\Auslogics Disk Defrag\DiskDefrag.exe (Auslogics) PRC - C:\Program Files (x86)\EASEUS\Todo Backup\bin\GuardAgent.exe (CHENGDU YIWO Tech Development Co., Ltd) PRC - C:\Program Files (x86)\EASEUS\Todo Backup\bin\TrayNotify.exe (CHENGDU YIWO Tech Development Co., Ltd) PRC - C:\Program Files (x86)\EASEUS\Todo Backup\bin\Agent.exe (CHENGDU YIWO Tech Development Co., Ltd) PRC - C:\Program Files (x86)\EASEUS\Todo Backup\bin\EuWatch.exe (CHENGDU YIWO Tech Development Co., Ltd) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Workrave\lib\Workrave.exe (The Workrave development team) PRC - C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe (asus) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe () PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS) PRC - C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.) PRC - C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc.) PRC - C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.) PRC - C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.) PRC - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.) PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS) PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe () PRC - C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe (Google Inc.) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\2ac9ed65e7a7ccfcc1d4f4967540d993\System.Xml.Linq.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\23de8d00755205c37aa6795b0ce8a42d\System.Xaml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\66694f9192bd0dddc2eaf90fbcbcd555\System.Management.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7c4de95aa433eb8d81a81caf805947a8\PresentationFramework.Aero.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1ec80905a71750be50dfc7981ad5ae28\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53d6d827964619285771ed72332d3659\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\c22857dbcce7e0320350436e80ec8ab1\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\78a485faba9584cfb1a5052a4cbe71e8\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\df5142941549ff71737438c85e565ab3\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\53121a27f94f7335e585384377fc538a\PresentationFramework.Aero.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\ccf3f783590b1747a3593b889bede2fb\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\a7cdf1caedee630b8440fb8e8657aca1\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\06db722a2ddebd960d907c2de6f1cfa7\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\ed7768172bbf30462bc554dee3911540\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Security\471e9622a174c71be1b987575a92a1f6\System.Security.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\0bc033fa805a31e31dc462cfae365478\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\685f73e04393b5342bd1cebe701496ad\mscorlib.ni.dll () MOD - C:\Users\Sunny\AppData\Local\Google\Chrome\Application\23.0.1271.64\ppgooglenaclpluginchrome.dll () MOD - C:\Users\Sunny\AppData\Local\Google\Chrome\Application\23.0.1271.64\pdf.dll () MOD - C:\Users\Sunny\AppData\Local\Google\Chrome\Application\23.0.1271.64\libglesv2.dll () MOD - C:\Users\Sunny\AppData\Local\Google\Chrome\Application\23.0.1271.64\libegl.dll () MOD - C:\Users\Sunny\AppData\Local\Google\Chrome\Application\23.0.1271.64\avutil-51.dll () MOD - C:\Users\Sunny\AppData\Local\Google\Chrome\Application\23.0.1271.64\avformat-54.dll () MOD - C:\Users\Sunny\AppData\Local\Google\Chrome\Application\23.0.1271.64\avcodec-54.dll () MOD - C:\Program Files (x86)\Auslogics\Auslogics Disk Defrag\madExcept_.bpl () MOD - C:\Program Files (x86)\Auslogics\Auslogics Disk Defrag\madBasic_.bpl () MOD - C:\Program Files (x86)\Auslogics\Auslogics Disk Defrag\madDisAsm_.bpl () MOD - C:\Program Files (x86)\Auslogics\Auslogics Disk Defrag\ausshellext.dll () MOD - C:\Program Files (x86)\EASEUS\Todo Backup\bin\CodeLog.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF () MOD - C:\Program Files (x86)\Workrave\lib\gnet-2.0.dll () MOD - C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll () MOD - C:\Program Files (x86)\ASUS\ControlDeck\Volume.dll () MOD - C:\Program Files (x86)\ASUS\ControlDeck\Resolution.dll () MOD - C:\Program Files (x86)\ASUS\ControlDeck\HelpFunc.dll () MOD - C:\Program Files (x86)\ASUS\ControlDeck\Brightness.dll () MOD - C:\Program Files (x86)\Workrave\lib\harpoon.dll () MOD - C:\Program Files (x86)\Workrave\lib\libcairo-2.dll () MOD - C:\Program Files (x86)\Workrave\lib\gtk-2.0\2.10.0\engines\libwimp.dll () MOD - C:\Program Files (x86)\Workrave\lib\libpng14-14.dll () MOD - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe () MOD - C:\Program Files (x86)\Workrave\lib\libfontconfig-1.dll () MOD - C:\Program Files (x86)\Workrave\lib\freetype6.dll () MOD - C:\Program Files (x86)\Workrave\lib\libgio-2.0-0.dll () MOD - C:\Program Files (x86)\Workrave\lib\libpangocairo-1.0-0.dll () MOD - C:\Program Files (x86)\Workrave\lib\libexpat-1.dll () MOD - C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe () MOD - C:\Program Files (x86)\Workrave\lib\zlib1.dll () ========== Services (SafeList) ========== SRV:64bit: - (NisSrv) -- C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) SRV:64bit: - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com) SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Flexera Software, Inc.) SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV:64bit: - (AFBAgent) -- C:\Windows\SysNative\FBAgent.exe (ASUSTeK Computer Inc.) SRV:64bit: - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) SRV - (LMIGuardianSvc) -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe (LogMeIn, Inc.) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (KMService) -- C:\Windows\SysWOW64\srvany.exe () SRV - (APC Data Service) -- C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe (Schneider Electric) SRV - (APC UPS Service) -- C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe (Schneider Electric) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (FreemakeVideoCapture) -- C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe (Microsoft) SRV - (Guard Agent) -- C:\Program Files (x86)\EASEUS\Todo Backup\bin\GuardAgent.exe (CHENGDU YIWO Tech Development Co., Ltd) SRV - (EaseUS Agent) -- C:\Program Files (x86)\EASEUS\Todo Backup\bin\Agent.exe (CHENGDU YIWO Tech Development Co., Ltd) SRV - (LogMeIn) -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe (LogMeIn, Inc.) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (StarWindServiceAE) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind Software) SRV - (ATKGFNEXSrv) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS) SRV - (VMware NAT Service) -- C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.) SRV - (VMAuthdService) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc.) SRV - (VMnetDHCP) -- C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.) SRV - (VMUSBArbService) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.) SRV - (ufad-ws60) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe (VMware, Inc.) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (LMIRfsClientNP) -- C:\Windows\SysNative\LMIRfsClientNP.dll (LogMeIn, Inc.) DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys (Oracle Corporation) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (EUFDDISK) -- C:\Windows\SysNative\drivers\EuFdDisk.sys (CHENGDU YIWO Tech Development Co., Ltd) DRV:64bit: - (EUBKMON) -- C:\Windows\SysNative\drivers\EUBKMON.sys () DRV:64bit: - (EUDSKACS) -- C:\Windows\SysNative\drivers\eudskacs.sys (CHENGDU YIWO Tech Development Co., Ltd) DRV:64bit: - (EUBAKUP) -- C:\Windows\SysNative\drivers\eubakup.sys (CHENGDU YIWO Tech Development Co., Ltd) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.) DRV:64bit: - (LMIRfsDriver) -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys (LogMeIn, Inc.) DRV:64bit: - (lmimirr) -- C:\Windows\SysNative\drivers\lmimirr.sys (LogMeIn, Inc.) DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation) DRV:64bit: - (epmntdrv) -- C:\Windows\SysNative\epmntdrv.sys () DRV:64bit: - (EuGdiDrv) -- C:\Windows\SysNative\EuGdiDrv.sys () DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel® Corporation) DRV:64bit: - (TFsExDisk) -- C:\Windows\SysNative\drivers\TFsExDisk.sys (Teruten Inc) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation) DRV:64bit: - (AmUStor) -- C:\Windows\SysNative\drivers\AmUStor.sys (Alcor Micro, Corp.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (vmci) -- C:\Windows\SysNative\drivers\vmci.sys (VMware, Inc.) DRV:64bit: - (vmkbd) -- C:\Windows\SysNative\drivers\VMkbd.sys (VMware, Inc.) DRV:64bit: - (vmx86) -- C:\Windows\SysNative\drivers\vmx86.sys (VMware, Inc.) DRV:64bit: - (VMnetuserif) -- C:\Windows\SysNative\drivers\vmnetuserif.sys (VMware, Inc.) DRV:64bit: - (hcmon) -- C:\Windows\SysNative\drivers\hcmon.sys (VMware, Inc.) DRV:64bit: - (VMnetBridge) -- C:\Windows\SysNative\drivers\vmnetbridge.sys (VMware, Inc.) DRV:64bit: - (VMnetAdapter) -- C:\Windows\SysNative\drivers\vmnetadapter.sys (VMware, Inc.) DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( ) DRV:64bit: - (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys () DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation) DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation) DRV:64bit: - (SiSGbeLH) -- C:\Windows\SysNative\drivers\SiSG664.sys (Silicon Integrated Systems Corp.) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ATK64AMD.sys (ASUS) DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.) DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation) DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies) DRV - (LMIInfo) -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys (LogMeIn, Inc.) DRV - (epmntdrv) -- C:\Windows\SysWOW64\epmntdrv.sys () DRV - (EuGdiDrv) -- C:\Windows\SysWOW64\EuGdiDrv.sys () DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc) DRV - (cpudrv64) -- C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys () DRV - (vstor2-ws60) -- C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys (VMware, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (ASMMAP64) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys (ASUS) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://startsear.info IE - HKLM\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-213426137-1922756365-3311226018-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com IE - HKU\S-1-5-21-213426137-1922756365-3311226018-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve IE - HKU\S-1-5-21-213426137-1922756365-3311226018-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://startsear.info IE - HKU\S-1-5-21-213426137-1922756365-3311226018-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-213426137-1922756365-3311226018-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.google.com/cse?cx=partner-pub-0236192664760821%3A4680426847&ie=UTF-8&q={searchTerms}&sa=Search&siteurl=startsear.info%2F'>http://www.google.com/cse?cx=partner-pub-0236192664760821%3A4680426847&ie=UTF-8&q={searchTerms}&sa=Search&siteurl=startsear.info%2F IE - HKU\S-1-5-21-213426137-1922756365-3311226018-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Sunny\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Sunny\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Sunny\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Sunny\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/11/14 01:21:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\searchpredict@speedbit.com: C:\Program Files (x86)\SearchPredict\PRFireFox FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}: C:\Program Files (x86)\SpeedBit Video Downloader\SPFireFox FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/11/14 01:21:38 | 000,000,000 | ---D | M] ========== Chrome ========== CHR - homepage: http://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}, CHR - homepage: http://www.google.com/ CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Sunny\AppData\Local\Google\Chrome\Application\23.0.1271.64\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Sunny\AppData\Local\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Sunny\AppData\Local\Google\Chrome\Application\23.0.1271.64\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Sunny\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Sunny\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll CHR - plugin: Java Platform SE 6 U37 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Google Update (Enabled) = C:\Users\Sunny\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll CHR - plugin: Java Deployment Toolkit 6.0.370.6 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll CHR - Extension: Angry Birds = C:\Users\Sunny\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\ CHR - Extension: YouTube = C:\Users\Sunny\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Adblock Plus = C:\Users\Sunny\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3.1_0\ CHR - Extension: Google Search = C:\Users\Sunny\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Google Calendar = C:\Users\Sunny\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0\ CHR - Extension: TinEye Reverse Image Search = C:\Users\Sunny\AppData\Local\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl\1.1.2_0\ CHR - Extension: Checker Plus for Google Calendar\u2122 = C:\Users\Sunny\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkhggnncdpfibdhinjiegagmopldibha\11.4.2_0\ CHR - Extension: Silent Torrent DL = C:\Users\Sunny\AppData\Local\Google\Chrome\User Data\Default\Extensions\kelimlpfljkfdchnmeilfhnafogmcdke\1.0.2_0\ CHR - Extension: Silent Torrent DL = C:\Users\Sunny\AppData\Local\Google\Chrome\User Data\Default\Extensions\kelimlpfljkfdchnmeilfhnafogmcdke\1.0.2_0\.bak CHR - Extension: StayFocusd = C:\Users\Sunny\AppData\Local\Google\Chrome\User Data\Default\Extensions\laankejkbhbdhmipfmgcngdelahlfoji\1.3.7_0\ CHR - Extension: Send from Gmail (by Google) = C:\Users\Sunny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc\1.13_0\ CHR - Extension: Gmail = C:\Users\Sunny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012/11/18 16:51:07 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Ad-Aware Security Add-on) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll () O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-213426137-1922756365-3311226018-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [intelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.) O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe (Google Inc.) O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS) O4 - HKLM..\Run: [Display] C:\Program Files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe (Schneider Electric) O4 - HKLM..\Run: [EaseUs Tray] C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe (CHENGDU YIWO Tech Development Co., Ltd) O4 - HKLM..\Run: [EaseUs Watch] C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe (CHENGDU YIWO Tech Development Co., Ltd) O4 - HKLM..\Run: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe (Garmin) O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [NPSStartup] File not found O4 - HKLM..\Run: [updateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [updateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [vmware-tray] C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.) O4 - HKLM..\Run: [XviD Codec] C:\Program Files (x86)\XviD\codec.exe () O4 - HKU\S-1-5-21-213426137-1922756365-3311226018-1001..\Run: [Akamai NetSession Interface] "C:\Users\Sunny\AppData\Local\Akamai\netsession_win.exe" File not found O4 - HKU\S-1-5-21-213426137-1922756365-3311226018-1001..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found O4 - HKU\S-1-5-21-213426137-1922756365-3311226018-1001..\Run: [showBatteryBar] C:\Program Files\BatteryBar\ShowBatteryBar.exe () O4 - HKU\S-1-5-21-213426137-1922756365-3311226018-1001..\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKU\S-1-5-21-213426137-1922756365-3311226018-1001..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - HKU\S-1-5-21-213426137-1922756365-3311226018-1001..\Run: [Workrave] C:\Program Files (x86)\Workrave\lib\Workrave.exe (The Workrave development team) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-213426137-1922756365-3311226018-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-213426137-1922756365-3311226018-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-213426137-1922756365-3311226018-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll (VMware, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll (VMware, Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-213426137-1922756365-3311226018-1001\..Trusted Domains: mini9 ([]http in Trusted sites) O15 - HKU\S-1-5-21-213426137-1922756365-3311226018-1001\..Trusted Domains: pearsoned.com ([myitlab] http in Trusted sites) O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab (asusTek_sysctrl Class) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {B3E32D88-8E7F-468F-B0E2-3A300FD4A82C} http://myitlab.pearsoned.com/Pegasus/Modules/SIMIntegration/Resources/ax/stub.cab (Enlite 2.x Simulation Engine Installer) O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab (SysInfo Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{484D8135-BFCA-4EE9-90D5-5271DA354B52}: DhcpNameServer = 192.168.1.254 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20:64bit: - AppInit_DLLs: (C:\Windows\System32\acaptuser64.dll) - C:\Windows\SysNative\acaptuser64.dll (Adobe Systems, Inc.) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012/03/19 12:14:27 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/11/19 19:16:03 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012/11/19 18:00:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi [2012/11/19 18:00:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi [2012/11/19 00:29:45 | 000,000,000 | ---D | C] -- C:\Users\Sunny\AppData\Local\{FC2540B2-F1B3-430D-A55E-76830947BA50} [2012/11/18 13:08:45 | 000,000,000 | ---D | C] -- C:\Users\Sunny\Desktop\RK_Quarantine [2012/11/18 12:29:13 | 000,000,000 | ---D | C] -- C:\Users\Sunny\AppData\Local\{26E35A37-723D-47B3-9B6D-796072B8D608} [2012/11/18 01:44:42 | 000,181,064 | ---- | C] (Sysinternals) -- C:\Windows\PSEXESVC.EXE [2012/11/18 01:42:09 | 000,000,000 | ---D | C] -- C:\RegBackup [2012/11/18 01:40:37 | 000,000,000 | ---D | C] -- C:\Tweaking.com_Windows_Repair_Logs [2012/11/18 01:40:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com [2012/11/18 01:40:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tweaking.com [2012/11/17 22:25:41 | 000,000,000 | ---D | C] -- C:\Users\Sunny\Desktop\malware logs [2012/11/17 21:37:23 | 000,000,000 | ---D | C] -- C:\Users\Sunny\AppData\Local\{E7249295-F76C-4A28-9947-7DF9DFB43B39} [2012/11/15 18:54:39 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys [2012/11/15 18:54:39 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll [2012/11/15 18:46:15 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012/11/15 18:46:15 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012/11/15 18:46:12 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012/11/15 18:46:12 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012/11/15 18:46:11 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012/11/15 18:46:11 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012/11/15 18:46:11 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012/11/15 18:46:11 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012/11/15 18:46:09 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012/11/15 18:46:09 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012/11/15 18:46:08 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012/11/15 18:46:08 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012/11/15 18:46:04 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012/11/15 18:46:04 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2012/11/15 18:46:03 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012/11/15 18:42:13 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll [2012/11/15 18:42:12 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll [2012/11/15 18:42:12 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe [2012/11/15 18:42:12 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll [2012/11/14 23:41:45 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll [2012/11/14 23:41:45 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll [2012/11/14 23:41:45 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll [2012/11/14 23:41:41 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll [2012/11/14 23:41:41 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll [2012/11/14 23:41:40 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll [2012/11/14 23:41:40 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll [2012/11/14 23:41:39 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll [2012/11/14 23:41:39 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll [2012/11/14 23:41:27 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll [2012/11/14 23:41:27 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll [2012/11/11 13:45:11 | 000,000,000 | ---D | C] -- C:\Users\Sunny\AppData\Local\{2570D19C-8F71-4EB2-A484-1AAC870E058F} [2012/11/11 12:10:08 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012/11/11 12:10:08 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012/11/11 12:10:08 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012/11/11 12:07:10 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/11/11 12:06:35 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012/11/11 12:02:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster [2012/11/11 12:02:51 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSSTDFMT.DLL [2012/11/11 12:02:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpywareBlaster [2012/11/11 11:59:39 | 000,000,000 | ---D | C] -- C:\Users\Sunny\AppData\Roaming\SUPERAntiSpyware.com [2012/11/11 11:59:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware [2012/11/11 11:59:17 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2012/11/11 11:59:17 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2012/11/11 11:57:23 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools [2012/11/11 11:57:20 | 000,000,000 | ---D | C] -- C:\Users\Sunny\AppData\Roaming\TestApp [2012/11/10 20:21:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos [2012/11/10 20:21:34 | 000,000,000 | ---D | C] -- C:\Users\Sunny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos [2012/11/10 20:21:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos [2012/11/10 20:08:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012/11/06 19:53:21 | 000,000,000 | ---D | C] -- C:\Users\Sunny\AppData\Local\{F15B3215-95E3-4242-BFEB-26F7F5C222AB} [2012/11/05 21:42:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012/11/05 21:41:55 | 000,477,168 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\npdeployJava1.dll [2012/11/05 21:41:55 | 000,157,680 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2012/11/05 21:41:55 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2012/11/05 21:41:55 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2012/11/02 05:04:42 | 000,000,000 | ---D | C] -- C:\Users\Sunny\AppData\Roaming\Mozilla [2012/10/26 16:29:30 | 000,000,000 | ---D | C] -- C:\Users\Sunny\AppData\Local\{49197686-8542-4CC3-B9C1-AE2FE38B4829} [2012/10/24 22:38:38 | 000,000,000 | ---D | C] -- C:\Users\Sunny\AppData\Local\{ED6777A4-B136-4D49-AEE8-DD311ECB3ECE} [2012/10/23 22:14:47 | 000,000,000 | ---D | C] -- C:\Users\Sunny\AppData\Roaming\LavasoftStatistics [2012/10/23 21:39:01 | 000,000,000 | ---D | C] -- C:\Users\Sunny\AppData\Local\Downloaded Installations [2012/10/23 21:38:34 | 000,000,000 | ---D | C] -- C:\Users\Sunny\AppData\Local\adawarebp [2012/10/23 21:38:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection [2012/10/23 21:38:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toolbar Cleaner [2012/10/23 21:38:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\adawaretb [2012/10/23 20:20:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy [2012/10/23 20:19:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2012/10/23 20:19:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy [2012/10/22 03:50:07 | 000,000,000 | ---D | C] -- C:\Users\Sunny\AppData\Local\{FEF0B34E-D92F-4B6D-A56F-42F82079C106} [2012/10/21 18:37:23 | 000,000,000 | ---D | C] -- C:\Users\Sunny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\thriXXX [2012/10/21 18:37:05 | 000,000,000 | ---D | C] -- C:\Users\Sunny\AppData\Roaming\thriXXX [2012/10/21 18:37:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\thriXXX [2012/07/19 16:04:20 | 000,019,832 | ---- | C] (Schneider Electric) -- C:\Users\Sunny\zh_res.dll [2011/12/15 23:54:03 | 013,923,704 | ---- | C] (Schneider Electric) -- C:\Users\Sunny\PCPE Setup.exe [2011/12/15 23:54:03 | 001,079,808 | ---- | C] (Microsoft Corporation) -- C:\Users\Sunny\mfc80u.dll [2011/12/15 23:54:03 | 000,626,688 | ---- | C] (Microsoft Corporation) -- C:\Users\Sunny\msvcr80.dll [2011/12/15 23:54:03 | 000,021,368 | ---- | C] (Schneider Electric) -- C:\Users\Sunny\en_res.dll [2011/12/15 23:54:02 | 000,021,880 | ---- | C] (Schneider Electric) -- C:\Users\Sunny\grm_res.dll [2011/12/15 23:54:02 | 000,021,880 | ---- | C] (Schneider Electric) -- C:\Users\Sunny\fr_res.dll [2011/12/15 23:54:02 | 000,021,368 | ---- | C] (Schneider Electric) -- C:\Users\Sunny\pt_res.dll [2011/12/15 23:54:02 | 000,021,368 | ---- | C] (Schneider Electric) -- C:\Users\Sunny\it_res.dll [2011/12/15 23:54:02 | 000,021,368 | ---- | C] (Schneider Electric) -- C:\Users\Sunny\es_res.dll [2011/12/15 23:54:02 | 000,020,856 | ---- | C] (Schneider Electric) -- C:\Users\Sunny\ru_res.dll [2011/12/15 23:54:02 | 000,020,344 | ---- | C] (Schneider Electric) -- C:\Users\Sunny\jp_res.dll ========== Files - Modified Within 30 Days ========== [2012/11/19 20:06:28 | 000,734,660 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/11/19 20:06:28 | 000,634,462 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/11/19 20:06:28 | 000,113,080 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/11/19 20:06:22 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/11/19 20:06:22 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/11/19 19:59:28 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe [2012/11/19 19:59:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/11/19 19:59:07 | 3055,587,328 | -HS- | M] () -- C:\hiberfil.sys [2012/11/19 19:58:34 | 000,000,020 | ---- | M] () -- C:\Users\Sunny\defogger_reenable [2012/11/19 19:58:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-213426137-1922756365-3311226018-1001UA.job [2012/11/19 18:00:59 | 000,000,928 | ---- | M] () -- C:\Users\Public\Desktop\LogMeIn Hamachi.lnk [2012/11/19 17:30:22 | 000,000,510 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 65ff1bd1-9d9e-4648-88b5-3067be9d6b12.job [2012/11/19 02:00:00 | 000,000,510 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task e64f2b5f-7d69-4ef3-816d-f223cd72dd81.job [2012/11/18 22:58:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-213426137-1922756365-3311226018-1001Core.job [2012/11/18 20:57:14 | 000,000,188 | ---- | M] () -- C:\Users\Sunny\.packettracer [2012/11/18 16:51:07 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012/11/18 01:45:02 | 000,181,064 | ---- | M] (Sysinternals) -- C:\Windows\PSEXESVC.EXE [2012/11/18 01:42:55 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-UL20FT-Microsoft-Windows-7-Home-Premium-(64-bit).dat [2012/11/18 01:40:32 | 000,002,289 | ---- | M] () -- C:\Users\Public\Desktop\Tweaking.com - Windows Repair (All in One).lnk [2012/11/15 19:04:02 | 002,448,016 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/11/11 12:03:30 | 000,000,915 | ---- | M] () -- C:\Users\Sunny\Desktop\Install Combofix.lnk [2012/11/11 12:02:54 | 000,001,081 | ---- | M] () -- C:\Users\Sunny\Desktop\SpywareBlaster.lnk [2012/11/11 11:59:22 | 000,001,810 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2012/11/11 02:07:01 | 000,002,120 | ---- | M] () -- C:\scu.dat [2012/11/11 01:04:46 | 000,088,008 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIRfsClientNP.dll [2012/11/11 01:04:46 | 000,083,880 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIinit.dll [2012/11/11 01:04:46 | 000,035,240 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIport.dll [2012/11/10 20:21:34 | 000,003,205 | ---- | M] () -- C:\Users\Sunny\Desktop\Sophos Virus Removal Tool.lnk [2012/11/09 17:30:29 | 000,002,485 | ---- | M] () -- C:\Users\Sunny\Desktop\Google Chrome.lnk [2012/11/05 21:41:44 | 000,157,680 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2012/11/05 21:41:44 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2012/11/05 21:41:43 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2012/11/05 21:41:42 | 000,477,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\npdeployJava1.dll [2012/11/05 21:41:42 | 000,473,072 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll [2012/10/23 21:37:54 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/10/23 20:20:24 | 000,001,284 | ---- | M] () -- C:\Users\Sunny\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk [2012/10/23 20:20:24 | 000,001,260 | ---- | M] () -- C:\Users\Sunny\Desktop\Spybot - Search & Destroy.lnk ========== Files Created - No Company Name ========== [2012/11/19 19:58:34 | 000,000,020 | ---- | C] () -- C:\Users\Sunny\defogger_reenable [2012/11/18 01:42:55 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-UL20FT-Microsoft-Windows-7-Home-Premium-(64-bit).dat [2012/11/18 01:40:32 | 000,002,289 | ---- | C] () -- C:\Users\Public\Desktop\Tweaking.com - Windows Repair (All in One).lnk [2012/11/15 18:54:42 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012/11/15 18:42:12 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012/11/11 12:10:08 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012/11/11 12:10:08 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012/11/11 12:10:08 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012/11/11 12:10:08 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012/11/11 12:10:08 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012/11/11 12:03:30 | 000,000,915 | ---- | C] () -- C:\Users\Sunny\Desktop\Install Combofix.lnk [2012/11/11 12:02:54 | 000,001,081 | ---- | C] () -- C:\Users\Sunny\Desktop\SpywareBlaster.lnk [2012/11/11 11:59:46 | 000,000,510 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task e64f2b5f-7d69-4ef3-816d-f223cd72dd81.job [2012/11/11 11:59:46 | 000,000,510 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 65ff1bd1-9d9e-4648-88b5-3067be9d6b12.job [2012/11/11 11:59:22 | 000,001,810 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2012/11/10 20:51:39 | 000,002,120 | ---- | C] () -- C:\scu.dat [2012/11/10 20:21:34 | 000,003,205 | ---- | C] () -- C:\Users\Sunny\Desktop\Sophos Virus Removal Tool.lnk [2012/10/23 20:20:24 | 000,001,284 | ---- | C] () -- C:\Users\Sunny\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk [2012/10/23 20:20:24 | 000,001,260 | ---- | C] () -- C:\Users\Sunny\Desktop\Spybot - Search & Destroy.lnk [2012/09/03 06:16:22 | 007,563,528 | ---- | C] () -- C:\Users\Sunny\AppData\Local\census.cache [2012/09/03 06:08:54 | 000,152,849 | ---- | C] () -- C:\Users\Sunny\AppData\Local\ars.cache [2012/09/02 00:37:00 | 000,000,036 | ---- | C] () -- C:\Users\Sunny\AppData\Local\housecall.guid.cache [2012/05/06 21:57:18 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe [2012/04/25 12:34:09 | 000,000,113 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc [2012/03/29 22:08:37 | 000,003,584 | ---- | C] () -- C:\Users\Sunny\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/03/10 15:10:04 | 000,000,188 | ---- | C] () -- C:\Users\Sunny\.packettracer [2012/02/26 23:47:45 | 000,212,992 | ---- | C] () -- C:\Windows\SysWow64\WMIMPLEX.dll [2012/02/26 23:47:45 | 000,031,744 | ---- | C] () -- C:\Windows\SysWow64\maplec.dll [2012/02/26 23:47:45 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\maplecompat.dll [2011/12/28 14:28:57 | 000,000,274 | ---- | C] () -- C:\Windows\TheMatrix.ini [2011/12/25 02:32:52 | 000,000,218 | ---- | C] () -- C:\Users\Sunny\.recently-used.xbel [2011/12/24 02:41:34 | 000,109,216 | ---- | C] () -- C:\Windows\SysWow64\EasyHook64.dll [2011/12/24 02:41:34 | 000,084,480 | ---- | C] () -- C:\Windows\SysWow64\EasyHook32.dll [2011/12/16 15:20:42 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini [2011/12/15 23:54:04 | 013,338,112 | ---- | C] () -- C:\Users\Sunny\PCPE_3.0.1.msi [2011/12/08 18:01:58 | 000,019,840 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll [2011/12/08 18:01:57 | 002,469,760 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe [2011/12/08 18:01:57 | 000,086,408 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe [2011/12/08 18:01:57 | 000,014,216 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys [2011/12/08 18:01:57 | 000,008,456 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys [2011/11/14 01:16:16 | 000,218,253 | ---- | C] () -- C:\Windows\hpwins14.dat [2011/11/14 01:16:16 | 000,000,411 | ---- | C] () -- C:\Windows\hpwmdl14.dat [2011/11/10 03:10:18 | 000,000,000 | ---- | C] () -- C:\Users\Sunny\.recently-used.xbel.4EED4V [2011/11/09 23:46:49 | 000,000,000 | ---- | C] () -- C:\Users\Sunny\.recently-used.xbel.KX0N4V [2011/10/21 17:03:04 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2011/10/18 05:00:21 | 000,000,029 | ---- | C] () -- C:\Windows\devbin.ini [2011/10/13 23:18:16 | 000,000,411 | ---- | C] () -- C:\Windows\hpwmdl14.dat.temp [2011/08/27 02:41:25 | 000,743,446 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011/04/10 10:49:10 | 000,867,020 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin [2011/04/10 10:49:10 | 000,128,204 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin [2011/04/10 10:49:10 | 000,105,608 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin ========== ZeroAccess Check ========== [2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 21:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 20:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 03:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Alternate Data Streams ========== @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:4CF61E54 @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:553CA6CA < End of report >
  7. Startsear.info is still the homepage for IE after restart....
  8. I ran combofix again as instructed with the CFScript.txt option. ComboFix 12-11-19.03 - Sunny 19/11/2012 18:18:09.5.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.3885.1849 [GMT -8:00] Running from: c:\users\Sunny\Desktop\malware logs\ComboFix.exe Command switches used :: c:\users\Sunny\Desktop\malware logs\CFScript.txt AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C} SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-10-20 to 2012-11-20 ))))))))))))))))))))))))))))))) . . 2012-11-20 02:26 . 2012-11-20 02:26 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-11-20 02:26 . 2012-11-20 02:26 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp 2012-11-20 02:00 . 2012-11-20 02:00 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi 2012-11-20 01:41 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6EDE2960-1939-406F-A90D-8769232E68A1}\mpengine.dll 2012-11-19 05:35 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-11-18 09:44 . 2012-11-18 09:45 181064 ----a-w- c:\windows\PSEXESVC.EXE 2012-11-18 09:42 . 2012-11-18 09:42 -------- d-----w- C:\RegBackup 2012-11-18 09:40 . 2012-11-18 09:44 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs 2012-11-18 09:40 . 2012-11-18 09:40 -------- d-----w- c:\program files (x86)\Tweaking.com 2012-11-16 02:54 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2012-11-16 02:54 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2012-11-16 02:54 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui 2012-11-16 02:54 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll 2012-11-16 02:45 . 2012-10-08 12:19 17811968 ----a-w- c:\windows\system32\mshtml.dll 2012-11-16 02:45 . 2012-10-08 11:42 10925568 ----a-w- c:\windows\system32\ieframe.dll 2012-11-16 02:42 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys 2012-11-16 02:42 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys 2012-11-16 02:42 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll 2012-11-16 02:42 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll 2012-11-16 02:42 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe 2012-11-16 02:42 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll 2012-11-16 02:42 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll 2012-11-11 22:05 . 2012-11-12 23:56 -------- d-----w- c:\users\Pooh 2012-11-11 20:02 . 2010-01-11 02:40 118784 ----a-w- c:\windows\SysWow64\MSSTDFMT.DLL 2012-11-11 20:02 . 2012-11-11 20:05 -------- d-----w- c:\program files (x86)\SpywareBlaster 2012-11-11 19:59 . 2012-11-11 19:59 -------- d-----w- c:\users\Sunny\AppData\Roaming\SUPERAntiSpyware.com 2012-11-11 19:59 . 2012-11-11 19:59 -------- d-----w- c:\program files\SUPERAntiSpyware 2012-11-11 19:59 . 2012-11-11 19:59 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2012-11-11 19:57 . 2012-11-11 19:57 -------- d-----w- c:\programdata\PC Tools 2012-11-11 19:57 . 2012-11-11 19:57 -------- d-----w- c:\users\Sunny\AppData\Roaming\TestApp 2012-11-11 04:21 . 2012-11-11 04:21 -------- d-----w- c:\programdata\Sophos 2012-11-11 04:21 . 2012-11-11 04:21 73728 ----a-r- c:\users\Sunny\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe 2012-11-11 04:21 . 2012-11-11 04:21 73728 ----a-r- c:\users\Sunny\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe 2012-11-11 04:21 . 2012-11-11 04:21 73728 ----a-r- c:\users\Sunny\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe 2012-11-11 04:21 . 2012-11-11 04:21 -------- d-----w- c:\program files (x86)\Sophos 2012-11-11 04:08 . 2012-11-11 04:08 -------- d-----w- c:\program files (x86)\ESET 2012-11-06 05:42 . 2012-11-06 05:42 -------- d-----w- c:\program files (x86)\Common Files\Java 2012-11-06 05:41 . 2012-11-06 05:41 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll 2012-10-24 06:14 . 2012-10-24 06:14 -------- d-----w- c:\users\Sunny\AppData\Roaming\LavasoftStatistics 2012-10-24 05:39 . 2012-10-24 05:39 -------- d-----w- c:\users\Sunny\AppData\Local\Downloaded Installations 2012-10-24 05:38 . 2012-10-24 05:38 -------- d-----w- c:\users\Sunny\AppData\Local\adawarebp 2012-10-24 05:38 . 2012-11-20 02:01 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection 2012-10-24 05:38 . 2012-10-24 05:38 -------- d-----w- c:\program files (x86)\Toolbar Cleaner 2012-10-24 05:38 . 2012-10-24 05:38 -------- d-----w- c:\program files (x86)\adawaretb 2012-10-24 04:19 . 2012-10-24 05:33 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2012-10-24 04:19 . 2012-10-24 04:23 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2012-10-22 02:37 . 2012-10-22 02:37 -------- d-----w- c:\users\Sunny\AppData\Roaming\thriXXX 2012-10-22 02:37 . 2012-10-22 02:37 -------- d-----w- c:\program files (x86)\thriXXX . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-11-20 02:01 . 2012-06-14 16:56 45056 ----a-w- c:\windows\system32\acovcnt.exe 2012-11-16 02:42 . 2011-08-26 03:21 66395536 ----a-w- c:\windows\system32\MRT.exe 2012-11-11 09:04 . 2011-12-27 00:59 88008 ----a-w- c:\windows\system32\LMIRfsClientNP.dll 2012-11-11 09:04 . 2011-12-27 00:59 35240 ----a-w- c:\windows\system32\LMIport.dll 2012-11-11 09:04 . 2011-12-27 00:59 83880 ----a-w- c:\windows\system32\LMIinit.dll 2012-11-06 05:41 . 2011-09-07 07:34 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-10-18 04:35 . 2012-04-06 02:30 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-10-18 04:35 . 2011-09-09 01:34 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-10-04 03:44 . 2012-10-20 19:57 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6AA6ADF4-6FC0-40A8-BA17-F9D90389391B}\gapaengine.dll 2012-10-04 03:44 . 2012-02-11 11:17 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2012-09-30 02:54 . 2012-09-03 19:06 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-14 19:19 . 2012-10-10 03:58 2048 ----a-w- c:\windows\system32\tzres.dll 2012-09-14 18:28 . 2012-10-10 03:58 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-08-31 18:19 . 2012-10-10 03:59 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys 2012-08-31 05:03 . 2012-08-31 05:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys 2012-08-31 05:03 . 2011-04-27 22:25 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys 2012-08-30 18:03 . 2012-10-10 03:59 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-08-30 17:12 . 2012-10-10 03:59 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-08-30 17:12 . 2012-10-10 03:59 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-08-24 18:05 . 2012-10-10 03:59 220160 ----a-w- c:\windows\system32\wintrust.dll 2012-08-24 16:57 . 2012-10-10 03:59 172544 ----a-w- c:\windows\SysWow64\wintrust.dll 2012-08-22 18:12 . 2012-09-13 02:32 950128 ----a-w- c:\windows\system32\drivers\ndis.sys 2012-08-22 18:12 . 2012-09-13 02:32 376688 ----a-w- c:\windows\system32\drivers\netio.sys 2012-08-22 18:12 . 2012-09-13 02:32 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files (x86)\adawaretb\adawareDx.dll" [2012-09-20 87448] . [HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ShowBatteryBar"="c:\program files\BatteryBar\ShowBatteryBar.exe" [2009-05-28 89600] "OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2012-01-21 719672] "Workrave"="c:\program files (x86)\Workrave\lib\workrave.exe" [2011-03-25 3871246] "WLSync"="c:\program files (x86)\Windows Live\Mesh\WLSync.exe" [2012-03-09 1449824] "98E36C341B5CB5AFB17092EB2920E6EA02805BD9._service_run"="c:\users\Sunny\AppData\Local\Google\Chrome\Application\chrome.exe" [2012-10-31 1242136] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] "Akamai NetSession Interface"="c:\users\Sunny\AppData\Local\Akamai\netsession_win.exe" [bU] "RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [bU] "SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-01 5629312] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "NPSStartup"="" [bU] "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files (x86)\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232] "UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504] "UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504] "HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016] "EaseUs Watch"="c:\program files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe" [2011-10-22 70792] "EaseUs Tray"="c:\program files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe" [2011-10-22 743560] "ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-02-04 7350912] "ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-01-05 170624] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280] "Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-03-27 40376] "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-03-26 640440] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208] "vmware-tray"="c:\program files (x86)\VMware\VMware Workstation\vmware-tray.exe" [2009-10-22 129584] "Garmin Lifetime Updater"="c:\program files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe" [2012-01-06 1446760] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888] "Display"="c:\program files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe" [2012-01-24 284024] "XviD Codec"="c:\program files (x86)\XviD\codec.exe" [2012-08-08 606720] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776] "Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2012-08-08 540056] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896] "LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-11-20 2254768] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ APC UPS Status.lnk - c:\program files (x86)\APC\PowerChute Personal Edition\Display.exe [2012-1-24 271736] Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-8-2 1080608] HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-23 270336] SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe [2010-8-17 156952] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux2"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 KMService;KMService;c:\windows\system32\srvany.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944] R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2009-12-28 44032] R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864] R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-07-29 16776] R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-07-29 9096] R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-03-19 1431888] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896] R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832] R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-06-14 16448] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-26 1255736] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464] R4 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2009-12-07 379520] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2011-10-22 44680] S0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [2011-10-22 50312] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-09-17 834544] S1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2011-10-22 19592] S1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [2011-10-22 189576] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368] S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2012-03-15 224048] S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2012-03-15 130864] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672] S2 APC Data Service;APC Data Service;c:\program files (x86)\APC\PowerChute Personal Edition\dataserv.exe [2012-01-24 21880] S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416] S2 EaseUS Agent;EaseUS Agent;c:\program files (x86)\EaseUS\Todo Backup\bin\Agent.exe [2011-10-22 60552] S2 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe [2011-12-12 8704] S2 Guard Agent;Guard Agent;c:\program files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe [2011-10-22 23176] S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-11-20 2462128] S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-11-11 375728] S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2011-09-16 15928] S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2314240] S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2009-10-22 80944] S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2009-10-22 563760] S3 ALSysIO;ALSysIO;c:\users\Sunny\AppData\Local\Temp\ALSysIO64.sys [x] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-03-04 75816] S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416] S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2012-03-15 147248] S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2012-03-15 166192] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder . 2012-11-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-213426137-1922756365-3311226018-1001Core.job - c:\users\Sunny\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-02 08:35] . 2012-11-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-213426137-1922756365-3311226018-1001UA.job - c:\users\Sunny\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-02 08:35] . 2012-11-20 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 65ff1bd1-9d9e-4648-88b5-3067be9d6b12.job - c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52] . 2012-11-19 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task e64f2b5f-7d69-4ef3-816d-f223cd72dd81.job - c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2011-09-16 57928] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032] "AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-01-18 324608] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-22 167704] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-22 392472] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-22 416024] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=c:\windows\System32\acaptuser64.dll . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://startsear.info mStart Page = hxxp://startsear.info mLocal Page = c:\windows\SYSTEM32\blank.htm LSP: c:\program files (x86)\VMware\VMware Workstation\vsocklib.dll Trusted Zone: mini9 Trusted Zone: pearsoned.com\myitlab TCP: DhcpNameServer = 192.168.1.254 . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Wow6432Node-HKLM-Run-<NO NAME> - (no file) AddRemove-Asus_ULSeries_ScreenSaver - c:\windows\system32\Asus_ULSeries_ScreenSaver.scr . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-11-19 18:30:34 ComboFix-quarantined-files.txt 2012-11-20 02:30 ComboFix2.txt 2012-11-20 01:58 ComboFix3.txt 2012-11-19 01:10 . Pre-Run: 48,955,105,280 bytes free Post-Run: 48,885,878,784 bytes free . - - End Of File - - A5929A6619D9B4374E09F191885C320E
  9. Restarted the computer. Startsear.info is still homepage in IE.. =(
  10. ComboFix 12-11-19.03 - Sunny 19/11/2012 17:46:31.4.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.3885.1229 [GMT -8:00] Running from: c:\users\Sunny\Desktop\malware logs\ComboFix.exe Command switches used :: c:\users\Sunny\Desktop\malware logs\CFScript.txt AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C} SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-10-20 to 2012-11-20 ))))))))))))))))))))))))))))))) . . 2012-11-20 01:54 . 2012-11-20 01:54 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp 2012-11-20 01:54 . 2012-11-20 01:54 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-11-20 01:41 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6EDE2960-1939-406F-A90D-8769232E68A1}\mpengine.dll 2012-11-19 05:35 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-11-18 09:44 . 2012-11-18 09:45 181064 ----a-w- c:\windows\PSEXESVC.EXE 2012-11-18 09:42 . 2012-11-18 09:42 -------- d-----w- C:\RegBackup 2012-11-18 09:40 . 2012-11-18 09:44 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs 2012-11-18 09:40 . 2012-11-18 09:40 -------- d-----w- c:\program files (x86)\Tweaking.com 2012-11-16 03:04 . 2012-11-16 03:04 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi 2012-11-16 02:54 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2012-11-16 02:54 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2012-11-16 02:54 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui 2012-11-16 02:54 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll 2012-11-16 02:45 . 2012-10-08 12:19 17811968 ----a-w- c:\windows\system32\mshtml.dll 2012-11-16 02:45 . 2012-10-08 11:42 10925568 ----a-w- c:\windows\system32\ieframe.dll 2012-11-16 02:42 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys 2012-11-16 02:42 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys 2012-11-16 02:42 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll 2012-11-16 02:42 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll 2012-11-16 02:42 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe 2012-11-16 02:42 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll 2012-11-16 02:42 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll 2012-11-11 22:05 . 2012-11-12 23:56 -------- d-----w- c:\users\Pooh 2012-11-11 20:02 . 2010-01-11 02:40 118784 ----a-w- c:\windows\SysWow64\MSSTDFMT.DLL 2012-11-11 20:02 . 2012-11-11 20:05 -------- d-----w- c:\program files (x86)\SpywareBlaster 2012-11-11 19:59 . 2012-11-11 19:59 -------- d-----w- c:\users\Sunny\AppData\Roaming\SUPERAntiSpyware.com 2012-11-11 19:59 . 2012-11-11 19:59 -------- d-----w- c:\program files\SUPERAntiSpyware 2012-11-11 19:59 . 2012-11-11 19:59 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2012-11-11 19:57 . 2012-11-11 19:57 -------- d-----w- c:\programdata\PC Tools 2012-11-11 19:57 . 2012-11-11 19:57 -------- d-----w- c:\users\Sunny\AppData\Roaming\TestApp 2012-11-11 04:21 . 2012-11-11 04:21 -------- d-----w- c:\programdata\Sophos 2012-11-11 04:21 . 2012-11-11 04:21 73728 ----a-r- c:\users\Sunny\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe 2012-11-11 04:21 . 2012-11-11 04:21 73728 ----a-r- c:\users\Sunny\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe 2012-11-11 04:21 . 2012-11-11 04:21 73728 ----a-r- c:\users\Sunny\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe 2012-11-11 04:21 . 2012-11-11 04:21 -------- d-----w- c:\program files (x86)\Sophos 2012-11-11 04:08 . 2012-11-11 04:08 -------- d-----w- c:\program files (x86)\ESET 2012-11-06 05:42 . 2012-11-06 05:42 -------- d-----w- c:\program files (x86)\Common Files\Java 2012-11-06 05:41 . 2012-11-06 05:41 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll 2012-10-24 06:14 . 2012-10-24 06:14 -------- d-----w- c:\users\Sunny\AppData\Roaming\LavasoftStatistics 2012-10-24 05:39 . 2012-10-24 05:39 -------- d-----w- c:\users\Sunny\AppData\Local\Downloaded Installations 2012-10-24 05:38 . 2012-10-24 05:38 -------- d-----w- c:\users\Sunny\AppData\Local\adawarebp 2012-10-24 05:38 . 2012-11-19 03:18 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection 2012-10-24 05:38 . 2012-10-24 05:38 -------- d-----w- c:\program files (x86)\Toolbar Cleaner 2012-10-24 05:38 . 2012-10-24 05:38 -------- d-----w- c:\program files (x86)\adawaretb 2012-10-24 04:19 . 2012-10-24 05:33 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2012-10-24 04:19 . 2012-10-24 04:23 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2012-10-22 02:37 . 2012-10-22 02:37 -------- d-----w- c:\users\Sunny\AppData\Roaming\thriXXX 2012-10-22 02:37 . 2012-10-22 02:37 -------- d-----w- c:\program files (x86)\thriXXX . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-11-19 03:18 . 2012-06-14 16:56 45056 ----a-w- c:\windows\system32\acovcnt.exe 2012-11-16 02:42 . 2011-08-26 03:21 66395536 ----a-w- c:\windows\system32\MRT.exe 2012-11-11 09:04 . 2011-12-27 00:59 88008 ----a-w- c:\windows\system32\LMIRfsClientNP.dll 2012-11-11 09:04 . 2011-12-27 00:59 35240 ----a-w- c:\windows\system32\LMIport.dll 2012-11-11 09:04 . 2011-12-27 00:59 83880 ----a-w- c:\windows\system32\LMIinit.dll 2012-11-06 05:41 . 2011-09-07 07:34 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-10-18 04:35 . 2012-04-06 02:30 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-10-18 04:35 . 2011-09-09 01:34 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-10-04 03:44 . 2012-10-20 19:57 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6AA6ADF4-6FC0-40A8-BA17-F9D90389391B}\gapaengine.dll 2012-10-04 03:44 . 2012-02-11 11:17 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2012-09-30 02:54 . 2012-09-03 19:06 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-14 19:19 . 2012-10-10 03:58 2048 ----a-w- c:\windows\system32\tzres.dll 2012-09-14 18:28 . 2012-10-10 03:58 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-08-31 18:19 . 2012-10-10 03:59 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys 2012-08-31 05:03 . 2012-08-31 05:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys 2012-08-31 05:03 . 2011-04-27 22:25 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys 2012-08-30 18:03 . 2012-10-10 03:59 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-08-30 17:12 . 2012-10-10 03:59 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-08-30 17:12 . 2012-10-10 03:59 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-08-24 18:05 . 2012-10-10 03:59 220160 ----a-w- c:\windows\system32\wintrust.dll 2012-08-24 16:57 . 2012-10-10 03:59 172544 ----a-w- c:\windows\SysWow64\wintrust.dll 2012-08-22 18:12 . 2012-09-13 02:32 950128 ----a-w- c:\windows\system32\drivers\ndis.sys 2012-08-22 18:12 . 2012-09-13 02:32 376688 ----a-w- c:\windows\system32\drivers\netio.sys 2012-08-22 18:12 . 2012-09-13 02:32 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files (x86)\adawaretb\adawareDx.dll" [2012-09-20 87448] . [HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ShowBatteryBar"="c:\program files\BatteryBar\ShowBatteryBar.exe" [2009-05-28 89600] "OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2012-01-21 719672] "Workrave"="c:\program files (x86)\Workrave\lib\workrave.exe" [2011-03-25 3871246] "WLSync"="c:\program files (x86)\Windows Live\Mesh\WLSync.exe" [2012-03-09 1449824] "98E36C341B5CB5AFB17092EB2920E6EA02805BD9._service_run"="c:\users\Sunny\AppData\Local\Google\Chrome\Application\chrome.exe" [2012-10-31 1242136] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] "Akamai NetSession Interface"="c:\users\Sunny\AppData\Local\Akamai\netsession_win.exe" [bU] "RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [bU] "SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-01 5629312] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "NPSStartup"="" [bU] "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files (x86)\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232] "UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504] "UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504] "HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016] "EaseUs Watch"="c:\program files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe" [2011-10-22 70792] "EaseUs Tray"="c:\program files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe" [2011-10-22 743560] "ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-02-04 7350912] "ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-01-05 170624] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280] "Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-03-27 40376] "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-03-26 640440] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208] "vmware-tray"="c:\program files (x86)\VMware\VMware Workstation\vmware-tray.exe" [2009-10-22 129584] "Garmin Lifetime Updater"="c:\program files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe" [2012-01-06 1446760] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888] "Display"="c:\program files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe" [2012-01-24 284024] "XviD Codec"="c:\program files (x86)\XviD\codec.exe" [2012-08-08 606720] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776] "Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2012-08-08 540056] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896] "LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-11-16 2254768] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ APC UPS Status.lnk - c:\program files (x86)\APC\PowerChute Personal Edition\Display.exe [2012-1-24 271736] Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-8-2 1080608] HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-23 270336] SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe [2010-8-17 156952] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux2"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 KMService;KMService;c:\windows\system32\srvany.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944] R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2009-12-28 44032] R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864] R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-07-29 16776] R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-07-29 9096] R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-03-19 1431888] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896] R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832] R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-06-14 16448] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-26 1255736] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464] R4 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2009-12-07 379520] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2011-10-22 44680] S0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [2011-10-22 50312] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-09-17 834544] S1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2011-10-22 19592] S1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [2011-10-22 189576] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368] S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2012-03-15 224048] S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2012-03-15 130864] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672] S2 APC Data Service;APC Data Service;c:\program files (x86)\APC\PowerChute Personal Edition\dataserv.exe [2012-01-24 21880] S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416] S2 EaseUS Agent;EaseUS Agent;c:\program files (x86)\EaseUS\Todo Backup\bin\Agent.exe [2011-10-22 60552] S2 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe [2011-12-12 8704] S2 Guard Agent;Guard Agent;c:\program files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe [2011-10-22 23176] S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-11-16 2461104] S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-11-11 375728] S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2011-09-16 15928] S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2314240] S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2009-10-22 80944] S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2009-10-22 563760] S3 ALSysIO;ALSysIO;c:\users\Sunny\AppData\Local\Temp\ALSysIO64.sys [x] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-03-04 75816] S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416] S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2012-03-15 147248] S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2012-03-15 166192] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - 75277145 *NewlyCreated* - ALSYSIO *NewlyCreated* - ASWMBR *Deregistered* - 75277145 *Deregistered* - aswMBR . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder . 2012-11-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-213426137-1922756365-3311226018-1001Core.job - c:\users\Sunny\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-02 08:35] . 2012-11-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-213426137-1922756365-3311226018-1001UA.job - c:\users\Sunny\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-02 08:35] . 2012-11-20 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 65ff1bd1-9d9e-4648-88b5-3067be9d6b12.job - c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52] . 2012-11-19 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task e64f2b5f-7d69-4ef3-816d-f223cd72dd81.job - c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2011-09-16 57928] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032] "AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-01-18 324608] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-22 167704] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-22 392472] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-22 416024] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=c:\windows\System32\acaptuser64.dll . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://startsear.info mStart Page = hxxp://startsear.info mLocal Page = c:\windows\SYSTEM32\blank.htm LSP: c:\program files (x86)\VMware\VMware Workstation\vsocklib.dll Trusted Zone: mini9 Trusted Zone: pearsoned.com\myitlab TCP: DhcpNameServer = 192.168.1.254 . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Wow6432Node-HKLM-Run-<NO NAME> - (no file) AddRemove-Asus_ULSeries_ScreenSaver - c:\windows\system32\Asus_ULSeries_ScreenSaver.scr . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-11-19 17:58:34 ComboFix-quarantined-files.txt 2012-11-20 01:58 ComboFix2.txt 2012-11-19 01:10 . Pre-Run: 48,935,399,424 bytes free Post-Run: 48,947,474,432 bytes free . - - End Of File - - 8310FA87B96F033BD91F40378AA9B853
  11. aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software Run date: 2012-11-19 00:13:46 ----------------------------- 00:13:46.166 OS Version: Windows x64 6.1.7601 Service Pack 1 00:13:46.166 Number of processors: 4 586 0x2505 00:13:46.167 ComputerName: UL20FT UserName: Sunny 00:13:46.514 Initialize success 00:16:01.608 AVAST engine defs: 12111801 00:16:11.524 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 00:16:11.527 Disk 0 Vendor: M4-CT256 000F Size: 244198MB BusType: 3 00:16:11.531 Disk 0 MBR read successfully 00:16:11.535 Disk 0 MBR scan 00:16:11.542 Disk 0 Windows 7 default MBR code 00:16:11.546 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 20002 MB offset 8 00:16:11.556 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 224192 MB offset 40966144 00:16:11.642 Disk 0 scanning C:\Windows\system32\drivers 00:16:22.138 Service scanning 00:16:49.247 Modules scanning 00:16:49.258 Disk 0 trace - called modules: 00:16:49.265 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys sphy.sys hal.dll 00:16:49.272 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003e32060] 00:16:49.606 3 CLASSPNP.SYS[fffff88001fa043f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0xfffffa8003b83050] 00:16:50.024 AVAST engine scan C:\Windows 00:16:55.036 AVAST engine scan C:\Windows\system32 00:21:04.014 AVAST engine scan C:\Windows\system32\drivers 00:21:20.936 AVAST engine scan C:\Users\Sunny 00:30:12.993 File: C:\Users\Sunny\Archive\Archive Documents\2003-2006 Documents\My Received Files\Trojan.Remover.v5.0.6.incl.Keygen.WinAll-LAXiTY\lxttr506\lxtkey.exe **INFECTED** Win32:Trojan-gen 01:03:48.487 AVAST engine scan C:\ProgramData 01:05:24.280 Scan finished successfully 17:38:54.431 Disk 0 MBR has been saved successfully to "C:\Users\Sunny\Desktop\malware logs\MBR.dat" 17:38:54.579 The log file has been saved successfully to "C:\Users\Sunny\Desktop\malware logs\aswMBR.txt"
  12. 00:11:13.0003 8140 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 00:11:13.0452 8140 ============================================================ 00:11:13.0452 8140 Current date / time: 2012/11/19 00:11:13.0452 00:11:13.0452 8140 SystemInfo: 00:11:13.0452 8140 00:11:13.0452 8140 OS Version: 6.1.7601 ServicePack: 1.0 00:11:13.0452 8140 Product type: Workstation 00:11:13.0452 8140 ComputerName: UL20FT 00:11:13.0453 8140 UserName: Sunny 00:11:13.0453 8140 Windows directory: C:\Windows 00:11:13.0453 8140 System windows directory: C:\Windows 00:11:13.0453 8140 Running under WOW64 00:11:13.0453 8140 Processor architecture: Intel x64 00:11:13.0453 8140 Number of processors: 4 00:11:13.0453 8140 Page size: 0x1000 00:11:13.0453 8140 Boot type: Normal boot 00:11:13.0453 8140 ============================================================ 00:11:14.0348 8140 Drive \Device\Harddisk0\DR0 - Size: 0x3B9E656000 (238.47 Gb), SectorSize: 0x200, Cylinders: 0x799A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 00:11:14.0496 8140 ============================================================ 00:11:14.0497 8140 \Device\Harddisk0\DR0: 00:11:14.0497 8140 MBR partitions: 00:11:14.0497 8140 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2711800, BlocksNum 0x1B5E0400 00:11:14.0497 8140 ============================================================ 00:11:14.0499 8140 C: <-> \Device\Harddisk0\DR0\Partition1 00:11:14.0499 8140 ============================================================ 00:11:14.0499 8140 Initialize success 00:11:14.0500 8140 ============================================================ 00:11:54.0864 4280 ============================================================ 00:11:54.0864 4280 Scan started 00:11:54.0864 4280 Mode: Manual; 00:11:54.0864 4280 ============================================================ 00:11:54.0930 4280 ================ Scan system memory ======================== 00:11:54.0930 4280 System memory - ok 00:11:54.0931 4280 ================ Scan services ============================= 00:11:54.0939 4280 [ 581D88B25C4D4121824FED2CA38E562F ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE 00:11:54.0942 4280 !SASCORE - ok 00:11:55.0002 4280 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 00:11:55.0006 4280 1394ohci - ok 00:11:55.0016 4280 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 00:11:55.0022 4280 ACPI - ok 00:11:55.0029 4280 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 00:11:55.0031 4280 AcpiPmi - ok 00:11:55.0040 4280 [ 11A52CF7B265631DEEB24C6149309EFF ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 00:11:55.0042 4280 AdobeARMservice - ok 00:11:55.0055 4280 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys 00:11:55.0063 4280 adp94xx - ok 00:11:55.0072 4280 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys 00:11:55.0078 4280 adpahci - ok 00:11:55.0085 4280 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys 00:11:55.0089 4280 adpu320 - ok 00:11:55.0097 4280 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 00:11:55.0098 4280 AeLookupSvc - ok 00:11:55.0108 4280 [ 2D00D3DADC1D3326BA788EB071F2726E ] AFBAgent C:\Windows\system32\FBAgent.exe 00:11:55.0116 4280 AFBAgent - ok 00:11:55.0128 4280 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys 00:11:55.0134 4280 AFD - ok 00:11:55.0141 4280 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 00:11:55.0144 4280 agp440 - ok 00:11:55.0149 4280 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 00:11:55.0151 4280 ALG - ok 00:11:55.0157 4280 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys 00:11:55.0158 4280 aliide - ok 00:11:55.0172 4280 ALSysIO - ok 00:11:55.0177 4280 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys 00:11:55.0179 4280 amdide - ok 00:11:55.0184 4280 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys 00:11:55.0187 4280 AmdK8 - ok 00:11:55.0193 4280 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys 00:11:55.0195 4280 AmdPPM - ok 00:11:55.0201 4280 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys 00:11:55.0205 4280 amdsata - ok 00:11:55.0213 4280 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys 00:11:55.0216 4280 amdsbs - ok 00:11:55.0222 4280 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys 00:11:55.0224 4280 amdxata - ok 00:11:55.0229 4280 [ 9C7F164B49CADC658D1B3C575782F346 ] AmUStor C:\Windows\system32\drivers\AmUStor.SYS 00:11:55.0231 4280 AmUStor - ok 00:11:55.0238 4280 [ 107AB19CC1D40B9D04537F6EEAAC34C9 ] APC Data Service C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe 00:11:55.0253 4280 APC Data Service - ok 00:11:55.0266 4280 [ C7F8C8080B055B3DE9A8141DFD8E308A ] APC UPS Service C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe 00:11:55.0569 4280 APC UPS Service - ok 00:11:55.0576 4280 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys 00:11:55.0578 4280 AppID - ok 00:11:55.0585 4280 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 00:11:55.0587 4280 AppIDSvc - ok 00:11:55.0593 4280 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll 00:11:55.0595 4280 Appinfo - ok 00:11:55.0602 4280 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 00:11:55.0605 4280 Apple Mobile Device - ok 00:11:55.0615 4280 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys 00:11:55.0618 4280 arc - ok 00:11:55.0624 4280 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys 00:11:55.0627 4280 arcsas - ok 00:11:55.0633 4280 [ 18E5C2F937F9DEB8C282DF66A3761925 ] ASLDRService C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe 00:11:55.0635 4280 ASLDRService - ok 00:11:55.0640 4280 [ 4C016FD76ED5C05E84CA8CAB77993961 ] ASMMAP64 C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys 00:11:55.0641 4280 ASMMAP64 - ok 00:11:55.0647 4280 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 00:11:55.0649 4280 AsyncMac - ok 00:11:55.0654 4280 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys 00:11:55.0656 4280 atapi - ok 00:11:55.0680 4280 [ F8633CDD09647A64EE8DB550630427FF ] athr C:\Windows\system32\DRIVERS\athrx.sys 00:11:55.0698 4280 athr - ok 00:11:55.0705 4280 [ 7910158929571214A959D5A6D16DD9C0 ] ATKGFNEXSrv C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe 00:11:55.0707 4280 ATKGFNEXSrv - ok 00:11:55.0721 4280 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 00:11:55.0730 4280 AudioEndpointBuilder - ok 00:11:55.0742 4280 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll 00:11:55.0748 4280 AudioSrv - ok 00:11:55.0755 4280 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll 00:11:55.0758 4280 AxInstSV - ok 00:11:55.0769 4280 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys 00:11:55.0776 4280 b06bdrv - ok 00:11:55.0786 4280 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 00:11:55.0790 4280 b57nd60a - ok 00:11:55.0799 4280 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 00:11:55.0802 4280 BDESVC - ok 00:11:55.0806 4280 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 00:11:55.0808 4280 Beep - ok 00:11:55.0824 4280 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll 00:11:55.0833 4280 BFE - ok 00:11:55.0850 4280 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll 00:11:55.0875 4280 BITS - ok 00:11:55.0881 4280 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 00:11:55.0883 4280 blbdrive - ok 00:11:55.0893 4280 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 00:11:55.0900 4280 Bonjour Service - ok 00:11:55.0907 4280 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 00:11:55.0909 4280 bowser - ok 00:11:55.0917 4280 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys 00:11:55.0918 4280 BrFiltLo - ok 00:11:55.0924 4280 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys 00:11:55.0925 4280 BrFiltUp - ok 00:11:55.0932 4280 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys 00:11:55.0934 4280 BridgeMP - ok 00:11:55.0941 4280 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll 00:11:55.0943 4280 Browser - ok 00:11:55.0952 4280 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 00:11:55.0956 4280 Brserid - ok 00:11:55.0962 4280 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 00:11:55.0964 4280 BrSerWdm - ok 00:11:55.0969 4280 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 00:11:55.0970 4280 BrUsbMdm - ok 00:11:55.0976 4280 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 00:11:55.0977 4280 BrUsbSer - ok 00:11:55.0983 4280 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys 00:11:55.0985 4280 BTHMODEM - ok 00:11:55.0993 4280 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 00:11:55.0996 4280 bthserv - ok 00:11:56.0012 4280 [ 1E08DC82525282E34AD66FFBA0782565 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe 00:11:56.0022 4280 btwdins - ok 00:11:56.0026 4280 catchme - ok 00:11:56.0033 4280 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 00:11:56.0036 4280 cdfs - ok 00:11:56.0043 4280 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 00:11:56.0046 4280 cdrom - ok 00:11:56.0052 4280 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll 00:11:56.0055 4280 CertPropSvc - ok 00:11:56.0060 4280 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys 00:11:56.0062 4280 circlass - ok 00:11:56.0071 4280 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 00:11:56.0076 4280 CLFS - ok 00:11:56.0084 4280 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 00:11:56.0088 4280 clr_optimization_v2.0.50727_32 - ok 00:11:56.0095 4280 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 00:11:56.0099 4280 clr_optimization_v2.0.50727_64 - ok 00:11:56.0107 4280 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 00:11:56.0113 4280 clr_optimization_v4.0.30319_32 - ok 00:11:56.0121 4280 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 00:11:56.0125 4280 clr_optimization_v4.0.30319_64 - ok 00:11:56.0131 4280 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 00:11:56.0132 4280 CmBatt - ok 00:11:56.0137 4280 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys 00:11:56.0139 4280 cmdide - ok 00:11:56.0150 4280 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys 00:11:56.0156 4280 CNG - ok 00:11:56.0161 4280 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 00:11:56.0163 4280 Compbatt - ok 00:11:56.0169 4280 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys 00:11:56.0170 4280 CompositeBus - ok 00:11:56.0175 4280 COMSysApp - ok 00:11:56.0182 4280 [ 3CA734CE373E5675FBC15CA2C45228E5 ] cpudrv64 C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys 00:11:56.0196 4280 cpudrv64 - ok 00:11:56.0203 4280 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys 00:11:56.0205 4280 crcdisk - ok 00:11:56.0215 4280 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll 00:11:56.0218 4280 CryptSvc - ok 00:11:56.0231 4280 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll 00:11:56.0239 4280 DcomLaunch - ok 00:11:56.0248 4280 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 00:11:56.0252 4280 defragsvc - ok 00:11:56.0258 4280 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 00:11:56.0261 4280 DfsC - ok 00:11:56.0270 4280 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll 00:11:56.0274 4280 Dhcp - ok 00:11:56.0281 4280 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 00:11:56.0282 4280 discache - ok 00:11:56.0289 4280 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys 00:11:56.0291 4280 Disk - ok 00:11:56.0298 4280 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll 00:11:56.0302 4280 Dnscache - ok 00:11:56.0312 4280 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll 00:11:56.0316 4280 dot3svc - ok 00:11:56.0323 4280 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll 00:11:56.0326 4280 DPS - ok 00:11:56.0331 4280 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 00:11:56.0333 4280 drmkaud - ok 00:11:56.0350 4280 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 00:11:56.0367 4280 DXGKrnl - ok 00:11:56.0376 4280 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 00:11:56.0379 4280 EapHost - ok 00:11:56.0390 4280 [ 70B997B168AE99C900B3F6B00FB231D3 ] EaseUS Agent C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe 00:11:56.0456 4280 EaseUS Agent - ok 00:11:56.0501 4280 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys 00:11:56.0539 4280 ebdrv - ok 00:11:56.0546 4280 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe 00:11:56.0549 4280 EFS - ok 00:11:56.0564 4280 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 00:11:56.0573 4280 ehRecvr - ok 00:11:56.0581 4280 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 00:11:56.0584 4280 ehSched - ok 00:11:56.0598 4280 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys 00:11:56.0605 4280 elxstor - ok 00:11:56.0611 4280 [ 9EAFB3B3B60B8AD958985152A9309ACA ] epmntdrv C:\Windows\system32\epmntdrv.sys 00:11:56.0628 4280 epmntdrv - ok 00:11:56.0632 4280 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys 00:11:56.0634 4280 ErrDev - ok 00:11:56.0641 4280 [ AFB8764E629E81E6F4BDD9252B67AEF3 ] EUBAKUP C:\Windows\system32\drivers\eubakup.sys 00:11:56.0656 4280 EUBAKUP - ok 00:11:56.0662 4280 [ 4DC80FC28D27053497ABC7B1C423CAA7 ] EUBKMON C:\Windows\system32\drivers\EUBKMON.sys 00:11:56.0679 4280 EUBKMON - ok 00:11:56.0683 4280 [ 962150F74FF131A330B9C9DD502526AC ] EUDSKACS C:\Windows\system32\drivers\eudskacs.sys 00:11:56.0697 4280 EUDSKACS - ok 00:11:56.0705 4280 [ 1B55D6F38343904F0D26A5B0744B6BD8 ] EUFDDISK C:\Windows\system32\drivers\EuFdDisk.sys 00:11:56.0732 4280 EUFDDISK - ok 00:11:56.0738 4280 [ FB949ED2C93C878A189039F3D7730942 ] EuGdiDrv C:\Windows\system32\EuGdiDrv.sys 00:11:56.0752 4280 EuGdiDrv - ok 00:11:56.0765 4280 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 00:11:56.0772 4280 EventSystem - ok 00:11:56.0779 4280 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 00:11:56.0782 4280 exfat - ok 00:11:56.0791 4280 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 00:11:56.0795 4280 fastfat - ok 00:11:56.0808 4280 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe 00:11:56.0819 4280 Fax - ok 00:11:56.0825 4280 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys 00:11:56.0827 4280 fdc - ok 00:11:56.0832 4280 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 00:11:56.0834 4280 fdPHost - ok 00:11:56.0839 4280 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 00:11:56.0841 4280 FDResPub - ok 00:11:56.0847 4280 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 00:11:56.0849 4280 FileInfo - ok 00:11:56.0855 4280 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 00:11:56.0856 4280 Filetrace - ok 00:11:56.0869 4280 [ F76D04F7413B07DAA029F6520B64B4E8 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe 00:11:56.0988 4280 FLEXnet Licensing Service - ok 00:11:57.0012 4280 [ 5CEE6CD43AE5844C49300EA0B1E557EE ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe 00:11:57.0146 4280 FLEXnet Licensing Service 64 - ok 00:11:57.0152 4280 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 00:11:57.0154 4280 flpydisk - ok 00:11:57.0163 4280 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 00:11:57.0167 4280 FltMgr - ok 00:11:57.0187 4280 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll 00:11:57.0201 4280 FontCache - ok 00:11:57.0207 4280 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 00:11:57.0208 4280 FontCache3.0.0.0 - ok 00:11:57.0213 4280 [ 93B5CD0AC126BE95F65B28AF3D9542DC ] FreemakeVideoCapture C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe 00:11:57.0230 4280 FreemakeVideoCapture - ok 00:11:57.0235 4280 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 00:11:57.0237 4280 FsDepends - ok 00:11:57.0243 4280 [ 07DA62C960DDCCC2D35836AEAB4FC578 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys 00:11:57.0245 4280 fssfltr - ok 00:11:57.0269 4280 [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe 00:11:57.0288 4280 fsssvc - ok 00:11:57.0294 4280 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 00:11:57.0296 4280 Fs_Rec - ok 00:11:57.0304 4280 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 00:11:57.0307 4280 fvevol - ok 00:11:57.0314 4280 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys 00:11:57.0316 4280 gagp30kx - ok 00:11:57.0321 4280 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 00:11:57.0323 4280 GEARAspiWDM - ok 00:11:57.0337 4280 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll 00:11:57.0347 4280 gpsvc - ok 00:11:57.0351 4280 [ A09BD5E75C4BDACA295F9F1D9C5DFE38 ] Guard Agent C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe 00:11:57.0380 4280 Guard Agent - ok 00:11:57.0388 4280 [ CC839E8D766CC31A7710C9F38CF3E375 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe 00:11:57.0392 4280 gusvc - ok 00:11:57.0398 4280 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys 00:11:57.0400 4280 hamachi - ok 00:11:57.0438 4280 [ 848BB54F18819EC6D7B255B38697E239 ] Hamachi2Svc C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe 00:11:57.0688 4280 Hamachi2Svc - ok 00:11:57.0695 4280 [ 8CDAD7B707DDD77D45588F74D59C9AFF ] hcmon C:\Windows\system32\drivers\hcmon.sys 00:11:57.0696 4280 hcmon - ok 00:11:57.0702 4280 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 00:11:57.0704 4280 hcw85cir - ok 00:11:57.0714 4280 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 00:11:57.0720 4280 HdAudAddService - ok 00:11:57.0727 4280 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys 00:11:57.0730 4280 HDAudBus - ok 00:11:57.0736 4280 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys 00:11:57.0739 4280 HECIx64 - ok 00:11:57.0745 4280 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys 00:11:57.0747 4280 HidBatt - ok 00:11:57.0754 4280 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys 00:11:57.0756 4280 HidBth - ok 00:11:57.0762 4280 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys 00:11:57.0765 4280 HidIr - ok 00:11:57.0770 4280 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll 00:11:57.0773 4280 hidserv - ok 00:11:57.0778 4280 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 00:11:57.0780 4280 HidUsb - ok 00:11:57.0787 4280 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll 00:11:57.0791 4280 hkmsvc - ok 00:11:57.0800 4280 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll 00:11:57.0805 4280 HomeGroupListener - ok 00:11:57.0812 4280 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 00:11:57.0817 4280 HomeGroupProvider - ok 00:11:57.0830 4280 [ 08457D8F8149757C70CEA59C71EC5D27 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll 00:11:58.0005 4280 hpqcxs08 - ok 00:11:58.0012 4280 [ 75CC8C5146A3FB76221A7606628778D5 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll 00:11:58.0152 4280 hpqddsvc - ok 00:11:58.0158 4280 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 00:11:58.0161 4280 HpSAMD - ok 00:11:58.0182 4280 [ F37882F128EFACEFE353E0BAE2766909 ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL 00:11:58.0262 4280 HPSLPSVC - ok 00:11:58.0276 4280 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys 00:11:58.0286 4280 HTTP - ok 00:11:58.0293 4280 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 00:11:58.0295 4280 hwpolicy - ok 00:11:58.0302 4280 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys 00:11:58.0305 4280 i8042prt - ok 00:11:58.0318 4280 [ 42E00996DFC13C46366689C0EA8ABC5E ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys 00:11:58.0323 4280 iaStor - ok 00:11:58.0333 4280 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 00:11:58.0339 4280 iaStorV - ok 00:11:58.0355 4280 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 00:11:58.0366 4280 idsvc - ok 00:11:58.0529 4280 [ 0089B53F1BEFD34B7D8CA4AB021335FA ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys 00:11:58.0668 4280 igfx - ok 00:11:58.0678 4280 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys 00:11:58.0680 4280 iirsp - ok 00:11:58.0695 4280 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll 00:11:58.0707 4280 IKEEXT - ok 00:11:58.0714 4280 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys 00:11:58.0717 4280 Impcd - ok 00:11:58.0754 4280 [ 257CE93C4C83A869F67C8121A34D57EC ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys 00:11:58.0781 4280 IntcAzAudAddService - ok 00:11:58.0792 4280 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys 00:11:58.0797 4280 IntcDAud - ok 00:11:58.0802 4280 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys 00:11:58.0803 4280 intelide - ok 00:11:58.0809 4280 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 00:11:58.0811 4280 intelppm - ok 00:11:58.0818 4280 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 00:11:58.0821 4280 IPBusEnum - ok 00:11:58.0827 4280 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 00:11:58.0829 4280 IpFilterDriver - ok 00:11:58.0841 4280 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 00:11:58.0849 4280 iphlpsvc - ok 00:11:58.0856 4280 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 00:11:58.0858 4280 IPMIDRV - ok 00:11:58.0864 4280 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 00:11:58.0867 4280 IPNAT - ok 00:11:58.0885 4280 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 00:11:58.0897 4280 iPod Service - ok 00:11:58.0905 4280 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 00:11:58.0909 4280 IRENUM - ok 00:11:58.0918 4280 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 00:11:58.0922 4280 isapnp - ok 00:11:58.0932 4280 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 00:11:58.0937 4280 iScsiPrt - ok 00:11:58.0942 4280 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 00:11:58.0944 4280 kbdclass - ok 00:11:58.0949 4280 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 00:11:58.0951 4280 kbdhid - ok 00:11:58.0957 4280 [ E63EF8C3271D014F14E2469CE75FECB4 ] kbfiltr C:\Windows\system32\DRIVERS\kbfiltr.sys 00:11:58.0958 4280 kbfiltr - ok 00:11:58.0963 4280 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe 00:11:58.0965 4280 KeyIso - ok 00:11:58.0969 4280 KMService - ok 00:11:58.0977 4280 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 00:11:58.0979 4280 KSecDD - ok 00:11:58.0987 4280 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 00:11:58.0990 4280 KSecPkg - ok 00:11:58.0995 4280 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 00:11:58.0996 4280 ksthunk - ok 00:11:59.0005 4280 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 00:11:59.0011 4280 KtmRm - ok 00:11:59.0017 4280 [ 48686C29856F46443952A831424F8D6F ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys 00:11:59.0019 4280 L1C - ok 00:11:59.0028 4280 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll 00:11:59.0033 4280 LanmanServer - ok 00:11:59.0040 4280 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 00:11:59.0044 4280 LanmanWorkstation - ok 00:11:59.0053 4280 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 00:11:59.0055 4280 lltdio - ok 00:11:59.0064 4280 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 00:11:59.0069 4280 lltdsvc - ok 00:11:59.0075 4280 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 00:11:59.0077 4280 lmhosts - ok 00:11:59.0087 4280 [ 7109163D8027076D2680CFC4E80E2A28 ] LMIGuardianSvc C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe 00:11:59.0146 4280 LMIGuardianSvc - ok 00:11:59.0151 4280 [ 0317335B15FF3BDA8E10197E3434CFC0 ] LMIInfo C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys 00:11:59.0153 4280 LMIInfo - ok 00:11:59.0158 4280 [ 413ECDCFAD9A82804D3674C8D7EEC24E ] lmimirr C:\Windows\system32\DRIVERS\lmimirr.sys 00:11:59.0159 4280 lmimirr - ok 00:11:59.0164 4280 LMIRfsClientNP - ok 00:11:59.0172 4280 [ C57D3FAA50E6F395759FFB7C709BD944 ] LMIRfsDriver C:\Windows\system32\drivers\LMIRfsDriver.sys 00:11:59.0173 4280 LMIRfsDriver - ok 00:11:59.0181 4280 [ A1C148801B4AF64847AEB9F3AD9594EF ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe 00:11:59.0270 4280 LMS - ok 00:11:59.0281 4280 [ D3760BC17E1755091B7120CF32DBF56B ] LogMeIn C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe 00:11:59.0286 4280 LogMeIn - ok 00:11:59.0296 4280 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys 00:11:59.0301 4280 LSI_FC - ok 00:11:59.0308 4280 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys 00:11:59.0310 4280 LSI_SAS - ok 00:11:59.0316 4280 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys 00:11:59.0318 4280 LSI_SAS2 - ok 00:11:59.0325 4280 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys 00:11:59.0328 4280 LSI_SCSI - ok 00:11:59.0334 4280 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 00:11:59.0336 4280 luafv - ok 00:11:59.0342 4280 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 00:11:59.0345 4280 Mcx2Svc - ok 00:11:59.0350 4280 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys 00:11:59.0352 4280 megasas - ok 00:11:59.0361 4280 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys 00:11:59.0365 4280 MegaSR - ok 00:11:59.0374 4280 Microsoft SharePoint Workspace Audit Service - ok 00:11:59.0380 4280 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 00:11:59.0383 4280 MMCSS - ok 00:11:59.0388 4280 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 00:11:59.0390 4280 Modem - ok 00:11:59.0395 4280 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 00:11:59.0396 4280 monitor - ok 00:11:59.0403 4280 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 00:11:59.0405 4280 mouclass - ok 00:11:59.0410 4280 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 00:11:59.0412 4280 mouhid - ok 00:11:59.0418 4280 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 00:11:59.0420 4280 mountmgr - ok 00:11:59.0429 4280 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys 00:11:59.0432 4280 MpFilter - ok 00:11:59.0439 4280 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys 00:11:59.0442 4280 mpio - ok 00:11:59.0448 4280 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 00:11:59.0450 4280 mpsdrv - ok 00:11:59.0465 4280 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll 00:11:59.0477 4280 MpsSvc - ok 00:11:59.0486 4280 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 00:11:59.0490 4280 MRxDAV - ok 00:11:59.0499 4280 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 00:11:59.0503 4280 mrxsmb - ok 00:11:59.0514 4280 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 00:11:59.0519 4280 mrxsmb10 - ok 00:11:59.0528 4280 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 00:11:59.0532 4280 mrxsmb20 - ok 00:11:59.0540 4280 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys 00:11:59.0542 4280 msahci - ok 00:11:59.0549 4280 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys 00:11:59.0552 4280 msdsm - ok 00:11:59.0560 4280 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 00:11:59.0565 4280 MSDTC - ok 00:11:59.0582 4280 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 00:11:59.0588 4280 Msfs - ok 00:11:59.0597 4280 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 00:11:59.0598 4280 mshidkmdf - ok 00:11:59.0606 4280 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 00:11:59.0608 4280 msisadrv - ok 00:11:59.0618 4280 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 00:11:59.0623 4280 MSiSCSI - ok 00:11:59.0629 4280 msiserver - ok 00:11:59.0637 4280 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 00:11:59.0639 4280 MSKSSRV - ok 00:11:59.0645 4280 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe 00:11:59.0647 4280 MsMpSvc - ok 00:11:59.0653 4280 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 00:11:59.0655 4280 MSPCLOCK - ok 00:11:59.0661 4280 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 00:11:59.0663 4280 MSPQM - ok 00:11:59.0674 4280 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 00:11:59.0679 4280 MsRPC - ok 00:11:59.0687 4280 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys 00:11:59.0689 4280 mssmbios - ok 00:11:59.0694 4280 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 00:11:59.0696 4280 MSTEE - ok 00:11:59.0700 4280 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys 00:11:59.0701 4280 MTConfig - ok 00:11:59.0707 4280 [ 032D35C996F21D19A205A7C8F0B76F3C ] MTsensor C:\Windows\system32\DRIVERS\ATK64AMD.sys 00:11:59.0708 4280 MTsensor - ok 00:11:59.0714 4280 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 00:11:59.0716 4280 Mup - ok 00:11:59.0726 4280 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll 00:11:59.0734 4280 napagent - ok 00:11:59.0743 4280 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 00:11:59.0748 4280 NativeWifiP - ok 00:11:59.0764 4280 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys 00:11:59.0775 4280 NDIS - ok 00:11:59.0781 4280 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 00:11:59.0783 4280 NdisCap - ok 00:11:59.0788 4280 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 00:11:59.0790 4280 NdisTapi - ok 00:11:59.0795 4280 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 00:11:59.0797 4280 Ndisuio - ok 00:11:59.0805 4280 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 00:11:59.0808 4280 NdisWan - ok 00:11:59.0813 4280 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 00:11:59.0815 4280 NDProxy - ok 00:11:59.0823 4280 [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll 00:11:59.0826 4280 Net Driver HPZ12 - ok 00:11:59.0831 4280 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 00:11:59.0833 4280 NetBIOS - ok 00:11:59.0841 4280 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 00:11:59.0845 4280 NetBT - ok 00:11:59.0851 4280 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe 00:11:59.0853 4280 Netlogon - ok 00:11:59.0862 4280 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 00:11:59.0868 4280 Netman - ok 00:11:59.0879 4280 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 00:11:59.0886 4280 netprofm - ok 00:11:59.0892 4280 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 00:11:59.0895 4280 NetTcpPortSharing - ok 00:11:59.0901 4280 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys 00:11:59.0903 4280 nfrd960 - ok 00:11:59.0911 4280 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys 00:11:59.0913 4280 NisDrv - ok 00:11:59.0925 4280 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe 00:11:59.0930 4280 NisSrv - ok 00:11:59.0939 4280 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll 00:11:59.0944 4280 NlaSvc - ok 00:11:59.0950 4280 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 00:11:59.0951 4280 Npfs - ok 00:11:59.0957 4280 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 00:11:59.0960 4280 nsi - ok 00:11:59.0965 4280 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 00:11:59.0967 4280 nsiproxy - ok 00:11:59.0995 4280 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 00:12:00.0014 4280 Ntfs - ok 00:12:00.0019 4280 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 00:12:00.0021 4280 Null - ok 00:12:00.0028 4280 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys 00:12:00.0031 4280 nvraid - ok 00:12:00.0039 4280 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys 00:12:00.0042 4280 nvstor - ok 00:12:00.0049 4280 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 00:12:00.0052 4280 nv_agp - ok 00:12:00.0058 4280 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 00:12:00.0061 4280 ohci1394 - ok 00:12:00.0068 4280 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 00:12:00.0072 4280 ose - ok 00:12:00.0140 4280 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 00:12:00.0199 4280 osppsvc - ok 00:12:00.0213 4280 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 00:12:00.0219 4280 p2pimsvc - ok 00:12:00.0230 4280 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 00:12:00.0238 4280 p2psvc - ok 00:12:00.0244 4280 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys 00:12:00.0247 4280 Parport - ok 00:12:00.0254 4280 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys 00:12:00.0256 4280 partmgr - ok 00:12:00.0264 4280 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 00:12:00.0268 4280 PcaSvc - ok 00:12:00.0275 4280 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys 00:12:00.0279 4280 pci - ok 00:12:00.0284 4280 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys 00:12:00.0286 4280 pciide - ok 00:12:00.0294 4280 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys 00:12:00.0298 4280 pcmcia - ok 00:12:00.0305 4280 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 00:12:00.0307 4280 pcw - ok 00:12:00.0320 4280 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 00:12:00.0328 4280 PEAUTH - ok 00:12:00.0360 4280 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 00:12:00.0362 4280 PerfHost - ok 00:12:00.0393 4280 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll 00:12:00.0410 4280 pla - ok 00:12:00.0421 4280 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 00:12:00.0428 4280 PlugPlay - ok 00:12:00.0435 4280 [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll 00:12:00.0438 4280 Pml Driver HPZ12 - ok 00:12:00.0444 4280 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 00:12:00.0448 4280 PNRPAutoReg - ok 00:12:00.0458 4280 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 00:12:00.0462 4280 PNRPsvc - ok 00:12:00.0468 4280 [ 4F0878FD62D5F7444C5F1C4C66D9D293 ] Point64 C:\Windows\system32\DRIVERS\point64.sys 00:12:00.0470 4280 Point64 - ok 00:12:00.0482 4280 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 00:12:00.0489 4280 PolicyAgent - ok 00:12:00.0499 4280 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll 00:12:00.0503 4280 Power - ok 00:12:00.0509 4280 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 00:12:00.0512 4280 PptpMiniport - ok 00:12:00.0517 4280 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys 00:12:00.0520 4280 Processor - ok 00:12:00.0527 4280 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll 00:12:00.0532 4280 ProfSvc - ok 00:12:00.0538 4280 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe 00:12:00.0540 4280 ProtectedStorage - ok 00:12:00.0548 4280 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys 00:12:00.0551 4280 Psched - ok 00:12:00.0576 4280 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys 00:12:00.0595 4280 ql2300 - ok 00:12:00.0603 4280 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys 00:12:00.0606 4280 ql40xx - ok 00:12:00.0616 4280 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 00:12:00.0622 4280 QWAVE - ok 00:12:00.0627 4280 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 00:12:00.0629 4280 QWAVEdrv - ok 00:12:00.0634 4280 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 00:12:00.0636 4280 RasAcd - ok 00:12:00.0642 4280 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 00:12:00.0644 4280 RasAgileVpn - ok 00:12:00.0650 4280 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 00:12:00.0654 4280 RasAuto - ok 00:12:00.0660 4280 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 00:12:00.0663 4280 Rasl2tp - ok 00:12:00.0671 4280 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll 00:12:00.0678 4280 RasMan - ok 00:12:00.0684 4280 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 00:12:00.0686 4280 RasPppoe - ok 00:12:00.0692 4280 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 00:12:00.0694 4280 RasSstp - ok 00:12:00.0703 4280 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 00:12:00.0707 4280 rdbss - ok 00:12:00.0712 4280 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 00:12:00.0714 4280 rdpbus - ok 00:12:00.0719 4280 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 00:12:00.0720 4280 RDPCDD - ok 00:12:00.0728 4280 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 00:12:00.0729 4280 RDPENCDD - ok 00:12:00.0737 4280 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 00:12:00.0738 4280 RDPREFMP - ok 00:12:00.0745 4280 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 00:12:00.0749 4280 RDPWD - ok 00:12:00.0758 4280 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 00:12:00.0761 4280 rdyboost - ok 00:12:00.0768 4280 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 00:12:00.0771 4280 RemoteAccess - ok 00:12:00.0778 4280 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 00:12:00.0782 4280 RemoteRegistry - ok 00:12:00.0789 4280 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 00:12:00.0792 4280 RpcEptMapper - ok 00:12:00.0797 4280 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 00:12:00.0799 4280 RpcLocator - ok 00:12:00.0810 4280 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll 00:12:00.0816 4280 RpcSs - ok 00:12:00.0823 4280 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 00:12:00.0825 4280 rspndr - ok 00:12:00.0830 4280 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe 00:12:00.0832 4280 SamSs - ok 00:12:00.0837 4280 [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS 00:12:00.0838 4280 SASDIFSV - ok 00:12:00.0842 4280 [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS 00:12:00.0843 4280 SASKUTIL - ok 00:12:00.0850 4280 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 00:12:00.0853 4280 sbp2port - ok 00:12:00.0859 4280 SBRE - ok 00:12:00.0870 4280 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 00:12:00.0876 4280 SCardSvr - ok 00:12:00.0881 4280 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 00:12:00.0883 4280 scfilter - ok 00:12:00.0900 4280 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll 00:12:00.0914 4280 Schedule - ok 00:12:00.0926 4280 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll 00:12:00.0928 4280 SCPolicySvc - ok 00:12:00.0937 4280 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll 00:12:00.0942 4280 SDRSVC - ok 00:12:00.0948 4280 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 00:12:00.0949 4280 secdrv - ok 00:12:00.0955 4280 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll 00:12:00.0958 4280 seclogon - ok 00:12:00.0963 4280 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll 00:12:00.0966 4280 SENS - ok 00:12:00.0972 4280 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 00:12:00.0975 4280 SensrSvc - ok 00:12:00.0980 4280 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 00:12:00.0982 4280 Serenum - ok 00:12:00.0988 4280 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys 00:12:00.0990 4280 Serial - ok 00:12:00.0995 4280 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys 00:12:00.0996 4280 sermouse - ok 00:12:01.0010 4280 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll 00:12:01.0014 4280 SessionEnv - ok 00:12:01.0019 4280 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 00:12:01.0021 4280 sffdisk - ok 00:12:01.0026 4280 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 00:12:01.0027 4280 sffp_mmc - ok 00:12:01.0032 4280 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 00:12:01.0033 4280 sffp_sd - ok 00:12:01.0039 4280 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys 00:12:01.0040 4280 sfloppy - ok 00:12:01.0050 4280 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll 00:12:01.0056 4280 SharedAccess - ok 00:12:01.0065 4280 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll 00:12:01.0072 4280 ShellHWDetection - ok 00:12:01.0077 4280 [ 1BC348CF6BAA90EC8E533EF6E6A69933 ] SiSGbeLH C:\Windows\system32\DRIVERS\SiSG664.sys 00:12:01.0079 4280 SiSGbeLH - ok 00:12:01.0084 4280 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys 00:12:01.0087 4280 SiSRaid2 - ok 00:12:01.0092 4280 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys 00:12:01.0095 4280 SiSRaid4 - ok 00:12:01.0101 4280 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe 00:12:01.0105 4280 SkypeUpdate - ok 00:12:01.0112 4280 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 00:12:01.0114 4280 Smb - ok 00:12:01.0125 4280 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 00:12:01.0128 4280 SNMPTRAP - ok 00:12:01.0154 4280 [ A415C67B40DFB903ACCC1D40FBEE3269 ] SNP2UVC C:\Windows\system32\DRIVERS\snp2uvc.sys 00:12:01.0175 4280 SNP2UVC - ok 00:12:01.0181 4280 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 00:12:01.0182 4280 spldr - ok 00:12:01.0194 4280 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe 00:12:01.0202 4280 Spooler - ok 00:12:01.0250 4280 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe 00:12:01.0293 4280 sppsvc - ok 00:12:01.0301 4280 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 00:12:01.0305 4280 sppuinotify - ok 00:12:01.0323 4280 [ 602884696850C86434530790B110E8EB ] sptd C:\Windows\system32\Drivers\sptd.sys 00:12:01.0323 4280 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850C86434530790B110E8EB 00:12:01.0325 4280 sptd ( LockedFile.Multi.Generic ) - warning 00:12:01.0325 4280 sptd - detected LockedFile.Multi.Generic (1) 00:12:01.0337 4280 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys 00:12:01.0344 4280 srv - ok 00:12:01.0354 4280 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 00:12:01.0360 4280 srv2 - ok 00:12:01.0367 4280 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 00:12:01.0371 4280 srvnet - ok 00:12:01.0379 4280 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 00:12:01.0383 4280 SSDPSRV - ok 00:12:01.0390 4280 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 00:12:01.0393 4280 SstpSvc - ok 00:12:01.0403 4280 [ E5C796B621F6FBA8616511063D7F0FFE ] StarWindServiceAE C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe 00:12:01.0409 4280 StarWindServiceAE - ok 00:12:01.0415 4280 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys 00:12:01.0417 4280 stexstor - ok 00:12:01.0423 4280 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys 00:12:01.0424 4280 StillCam - ok 00:12:01.0436 4280 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll 00:12:01.0445 4280 stisvc - ok 00:12:01.0450 4280 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys 00:12:01.0451 4280 swenum - ok 00:12:01.0463 4280 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 00:12:01.0471 4280 swprv - ok 00:12:01.0480 4280 [ 01A658167619075BAAD31C96074C0B38 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys 00:12:01.0484 4280 SynTP - ok 00:12:01.0512 4280 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll 00:12:01.0534 4280 SysMain - ok 00:12:01.0541 4280 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll 00:12:01.0545 4280 TabletInputService - ok 00:12:01.0554 4280 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll 00:12:01.0560 4280 TapiSrv - ok 00:12:01.0567 4280 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 00:12:01.0571 4280 TBS - ok 00:12:01.0603 4280 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 00:12:01.0631 4280 Tcpip - ok 00:12:01.0662 4280 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 00:12:01.0676 4280 TCPIP6 - ok 00:12:01.0685 4280 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 00:12:01.0688 4280 tcpipreg - ok 00:12:01.0695 4280 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 00:12:01.0697 4280 TDPIPE - ok 00:12:01.0702 4280 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 00:12:01.0704 4280 TDTCP - ok 00:12:01.0710 4280 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 00:12:01.0712 4280 tdx - ok 00:12:01.0718 4280 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys 00:12:01.0720 4280 TermDD - ok 00:12:01.0734 4280 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll 00:12:01.0744 4280 TermService - ok 00:12:01.0749 4280 [ 48D9D00C2E0E72C3D4F52772C80355F6 ] TFsExDisk C:\Windows\System32\Drivers\TFsExDisk.sys 00:12:01.0765 4280 TFsExDisk - ok 00:12:01.0771 4280 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 00:12:01.0775 4280 Themes - ok 00:12:01.0781 4280 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 00:12:01.0783 4280 THREADORDER - ok 00:12:01.0795 4280 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 00:12:01.0799 4280 TrkWks - ok 00:12:01.0806 4280 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 00:12:01.0810 4280 TrustedInstaller - ok 00:12:01.0818 4280 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 00:12:01.0820 4280 tssecsrv - ok 00:12:01.0826 4280 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 00:12:01.0828 4280 TsUsbFlt - ok 00:12:01.0834 4280 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 00:12:01.0836 4280 tunnel - ok 00:12:01.0842 4280 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys 00:12:01.0844 4280 uagp35 - ok 00:12:01.0853 4280 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 00:12:01.0858 4280 udfs - ok 00:12:01.0868 4280 [ 3F2D08B07CF67CB37E669A93E59A508C ] ufad-ws60 C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe 00:12:01.0873 4280 ufad-ws60 - ok 00:12:01.0884 4280 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 00:12:01.0888 4280 UI0Detect - ok 00:12:01.0894 4280 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 00:12:01.0896 4280 uliagpkx - ok 00:12:01.0901 4280 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 00:12:01.0904 4280 umbus - ok 00:12:01.0909 4280 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys 00:12:01.0910 4280 UmPass - ok 00:12:01.0943 4280 [ 41118D920B2B268C0ADC36421248CDCF ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe 00:12:01.0970 4280 UNS - ok 00:12:01.0981 4280 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 00:12:01.0988 4280 upnphost - ok 00:12:01.0994 4280 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys 00:12:01.0996 4280 USBAAPL64 - ok 00:12:02.0003 4280 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys 00:12:02.0006 4280 usbaudio - ok 00:12:02.0012 4280 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 00:12:02.0015 4280 usbccgp - ok 00:12:02.0022 4280 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys 00:12:02.0025 4280 usbcir - ok 00:12:02.0030 4280 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys 00:12:02.0032 4280 usbehci - ok 00:12:02.0042 4280 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 00:12:02.0047 4280 usbhub - ok 00:12:02.0053 4280 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys 00:12:02.0055 4280 usbohci - ok 00:12:02.0061 4280 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 00:12:02.0063 4280 usbprint - ok 00:12:02.0071 4280 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 00:12:02.0074 4280 USBSTOR - ok 00:12:02.0079 4280 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 00:12:02.0081 4280 usbuhci - ok 00:12:02.0089 4280 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys 00:12:02.0092 4280 usbvideo - ok 00:12:02.0098 4280 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 00:12:02.0101 4280 UxSms - ok 00:12:02.0106 4280 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe 00:12:02.0108 4280 VaultSvc - ok 00:12:02.0116 4280 [ 81952471021F6A6F56DDA6ED6B5DD638 ] VBoxDrv C:\Windows\system32\DRIVERS\VBoxDrv.sys 00:12:02.0120 4280 VBoxDrv - ok 00:12:02.0128 4280 [ C9F86AEB504355541EC9820E3155E253 ] VBoxNetAdp C:\Windows\system32\DRIVERS\VBoxNetAdp.sys 00:12:02.0130 4280 VBoxNetAdp - ok 00:12:02.0138 4280 [ 64715CE639D05D753BCD86F5ABF4D82A ] VBoxNetFlt C:\Windows\system32\DRIVERS\VBoxNetFlt.sys 00:12:02.0141 4280 VBoxNetFlt - ok 00:12:02.0147 4280 [ EDEB78B6A969107A66A5AF145AC0A43F ] VBoxUSBMon C:\Windows\system32\DRIVERS\VBoxUSBMon.sys 00:12:02.0150 4280 VBoxUSBMon - ok 00:12:02.0156 4280 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 00:12:02.0157 4280 vdrvroot - ok 00:12:02.0169 4280 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe 00:12:02.0177 4280 vds - ok 00:12:02.0183 4280 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 00:12:02.0184 4280 vga - ok 00:12:02.0190 4280 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 00:12:02.0192 4280 VgaSave - ok 00:12:02.0200 4280 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 00:12:02.0204 4280 vhdmp - ok 00:12:02.0209 4280 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys 00:12:02.0210 4280 viaide - ok 00:12:02.0216 4280 [ 85A0E62AC295B2958070EBF60CED22BC ] VMAuthdService C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe 00:12:02.0218 4280 VMAuthdService - ok 00:12:02.0225 4280 [ CDAA992C18F3F3612444C818A478CF57 ] vmci C:\Windows\system32\drivers\vmci.sys 00:12:02.0227 4280 vmci - ok 00:12:02.0233 4280 [ EA9C266CD4B4BB7C7D818C1C27461959 ] vmkbd C:\Windows\system32\drivers\VMkbd.sys 00:12:02.0235 4280 vmkbd - ok 00:12:02.0241 4280 [ 9D54F1339E78C95BF3D9939EBCB66378 ] VMnetAdapter C:\Windows\system32\DRIVERS\vmnetadapter.sys 00:12:02.0242 4280 VMnetAdapter - ok 00:12:02.0249 4280 [ FB54EF3AA613D2832FD3812E7CB2FC75 ] VMnetBridge C:\Windows\system32\DRIVERS\vmnetbridge.sys 00:12:02.0251 4280 VMnetBridge - ok 00:12:02.0256 4280 VMnetDHCP - ok 00:12:02.0263 4280 [ 479948EB42E189C076B45EBAF2D12BBC ] VMnetuserif C:\Windows\system32\drivers\vmnetuserif.sys 00:12:02.0264 4280 VMnetuserif - ok 00:12:02.0277 4280 [ 346AF8B2BE7E2E349B0FCA70C55CAC03 ] VMUSBArbService C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe 00:12:02.0284 4280 VMUSBArbService - ok 00:12:02.0292 4280 VMware NAT Service - ok 00:12:02.0299 4280 [ 05645D6651CA7A02298AAE475BBCAD6E ] vmx86 C:\Windows\system32\drivers\vmx86.sys 00:12:02.0301 4280 vmx86 - ok 00:12:02.0307 4280 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys 00:12:02.0309 4280 volmgr - ok 00:12:02.0319 4280 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 00:12:02.0325 4280 volmgrx - ok 00:12:02.0335 4280 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys 00:12:02.0339 4280 volsnap - ok 00:12:02.0347 4280 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys 00:12:02.0350 4280 vsmraid - ok 00:12:02.0375 4280 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe 00:12:02.0395 4280 VSS - ok 00:12:02.0402 4280 [ 69F57E89E6EBC5012D210527AF005A70 ] vstor2-ws60 C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys 00:12:02.0404 4280 vstor2-ws60 - ok 00:12:02.0409 4280 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys 00:12:02.0411 4280 vwifibus - ok 00:12:02.0418 4280 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys 00:12:02.0420 4280 vwififlt - ok 00:12:02.0426 4280 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys 00:12:02.0427 4280 vwifimp - ok 00:12:02.0437 4280 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 00:12:02.0444 4280 W32Time - ok 00:12:02.0453 4280 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys 00:12:02.0455 4280 WacomPen - ok 00:12:02.0461 4280 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 00:12:02.0464 4280 WANARP - ok 00:12:02.0469 4280 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 00:12:02.0471 4280 Wanarpv6 - ok 00:12:02.0491 4280 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe 00:12:02.0506 4280 WatAdminSvc - ok 00:12:02.0530 4280 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe 00:12:02.0553 4280 wbengine - ok 00:12:02.0562 4280 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 00:12:02.0567 4280 WbioSrvc - ok 00:12:02.0577 4280 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll 00:12:02.0584 4280 wcncsvc - ok 00:12:02.0590 4280 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 00:12:02.0594 4280 WcsPlugInService - ok 00:12:02.0599 4280 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys 00:12:02.0600 4280 Wd - ok 00:12:02.0606 4280 [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys 00:12:02.0608 4280 WDC_SAM - ok 00:12:02.0623 4280 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 00:12:02.0633 4280 Wdf01000 - ok 00:12:02.0642 4280 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 00:12:02.0647 4280 WdiServiceHost - ok 00:12:02.0655 4280 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 00:12:02.0658 4280 WdiSystemHost - ok 00:12:02.0669 4280 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll 00:12:02.0676 4280 WebClient - ok 00:12:02.0685 4280 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 00:12:02.0691 4280 Wecsvc - ok 00:12:02.0697 4280 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 00:12:02.0701 4280 wercplsupport - ok 00:12:02.0707 4280 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 00:12:02.0711 4280 WerSvc - ok 00:12:02.0716 4280 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 00:12:02.0718 4280 WfpLwf - ok 00:12:02.0725 4280 [ 52DED146E4797E6CCF94799E8E22BB2A ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys 00:12:02.0729 4280 WimFltr - ok 00:12:02.0734 4280 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 00:12:02.0736 4280 WIMMount - ok 00:12:02.0740 4280 WinDefend - ok 00:12:02.0748 4280 WinHttpAutoProxySvc - ok 00:12:02.0761 4280 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 00:12:02.0765 4280 Winmgmt - ok 00:12:02.0795 4280 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll 00:12:02.0821 4280 WinRM - ok 00:12:02.0832 4280 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 00:12:02.0834 4280 WinUsb - ok 00:12:02.0851 4280 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 00:12:02.0864 4280 Wlansvc - ok 00:12:02.0872 4280 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe 00:12:02.0874 4280 wlcrasvc - ok 00:12:02.0910 4280 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 00:12:02.0938 4280 wlidsvc - ok 00:12:02.0944 4280 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 00:12:02.0946 4280 WmiAcpi - ok 00:12:02.0958 4280 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 00:12:02.0961 4280 wmiApSrv - ok 00:12:02.0966 4280 WMPNetworkSvc - ok 00:12:02.0975 4280 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 00:12:02.0980 4280 WPCSvc - ok 00:12:02.0986 4280 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 00:12:02.0991 4280 WPDBusEnum - ok 00:12:02.0996 4280 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 00:12:02.0998 4280 ws2ifsl - ok 00:12:03.0005 4280 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll 00:12:03.0009 4280 wscsvc - ok 00:12:03.0014 4280 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys 00:12:03.0016 4280 WSDPrintDevice - ok 00:12:03.0022 4280 WSearch - ok 00:12:03.0063 4280 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 00:12:03.0095 4280 wuauserv - ok 00:12:03.0103 4280 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 00:12:03.0105 4280 WudfPf - ok 00:12:03.0115 4280 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 00:12:03.0119 4280 WUDFRd - ok 00:12:03.0127 4280 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 00:12:03.0131 4280 wudfsvc - ok 00:12:03.0139 4280 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll 00:12:03.0147 4280 WwanSvc - ok 00:12:03.0171 4280 ================ Scan global =============================== 00:12:03.0175 4280 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 00:12:03.0182 4280 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll 00:12:03.0192 4280 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll 00:12:03.0199 4280 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 00:12:03.0210 4280 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 00:12:03.0216 4280 [Global] - ok 00:12:03.0216 4280 ================ Scan MBR ================================== 00:12:03.0220 4280 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 00:12:03.0354 4280 \Device\Harddisk0\DR0 - ok 00:12:03.0355 4280 ================ Scan VBR ================================== 00:12:03.0358 4280 [ 7A360C572BD4314ED620C02D137F0334 ] \Device\Harddisk0\DR0\Partition1 00:12:03.0361 4280 \Device\Harddisk0\DR0\Partition1 - ok 00:12:03.0361 4280 ============================================================ 00:12:03.0361 4280 Scan finished 00:12:03.0361 4280 ============================================================ 00:12:03.0375 4960 Detected object count: 1 00:12:03.0375 4960 Actual detected object count: 1 00:12:20.0583 4960 sptd ( LockedFile.Multi.Generic ) - skipped by user 00:12:20.0583 4960 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
  13. Completed the last 2 items. Restarted IE and it was back to the default asus notebook website. Restarted the computer and ran IE again.and startsear.info is the homepage once again.... =(
  14. Combofix took a while to complete. I had to run it twice. First time the computer went to sleep. I started combofix again after disabling sleep on the computer. Restarted the computer and opened up IE. Startsear.info is still the homepage. Computer is running about the same as before completing the scans..
  15. ComboFix 12-11-16.02 - Sunny 18/11/2012 16:13:57.3.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.3885.2268 [GMT -8:00] Running from: c:\users\Sunny\Desktop\malware logs\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C} SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\msvcr71.dll . ---- Previous Run ------- . c:\esupport\eDriver\Software\ASUS\MultiFrame\XP32_Vista32_Vista64_Win7_32_Win7_64_1.0.0021\Desktop_.ini c:\programdata\FullRemove.exe c:\users\Sunny\ResourceReader.dll c:\windows\SysWow64\Packet.dll c:\windows\SysWow64\pthreadVC.dll c:\windows\SysWow64\wpcap.dll . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_NPF -------\Service_npf . . ((((((((((((((((((((((((( Files Created from 2012-10-19 to 2012-11-19 ))))))))))))))))))))))))))))))) . . 2012-11-19 00:51 . 2012-11-19 00:51 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp 2012-11-19 00:51 . 2012-11-19 00:51 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-11-18 10:14 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{01F3B262-4A85-44BA-AD3B-6DB519D1A6AD}\mpengine.dll 2012-11-18 09:44 . 2012-11-18 09:45 181064 ----a-w- c:\windows\PSEXESVC.EXE 2012-11-18 09:42 . 2012-11-18 09:42 -------- d-----w- C:\RegBackup 2012-11-18 09:40 . 2012-11-18 09:44 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs 2012-11-18 09:40 . 2012-11-18 09:40 -------- d-----w- c:\program files (x86)\Tweaking.com 2012-11-18 05:41 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-11-16 03:04 . 2012-11-16 03:04 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi 2012-11-16 02:54 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2012-11-16 02:54 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2012-11-16 02:54 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui 2012-11-16 02:54 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll 2012-11-16 02:45 . 2012-10-08 12:19 17811968 ----a-w- c:\windows\system32\mshtml.dll 2012-11-16 02:45 . 2012-10-08 11:42 10925568 ----a-w- c:\windows\system32\ieframe.dll 2012-11-16 02:42 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys 2012-11-16 02:42 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys 2012-11-16 02:42 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll 2012-11-16 02:42 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll 2012-11-16 02:42 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe 2012-11-16 02:42 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll 2012-11-16 02:42 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll 2012-11-11 22:05 . 2012-11-12 23:56 -------- d-----w- c:\users\Pooh 2012-11-11 20:02 . 2010-01-11 02:40 118784 ----a-w- c:\windows\SysWow64\MSSTDFMT.DLL 2012-11-11 20:02 . 2012-11-11 20:05 -------- d-----w- c:\program files (x86)\SpywareBlaster 2012-11-11 19:59 . 2012-11-11 19:59 -------- d-----w- c:\users\Sunny\AppData\Roaming\SUPERAntiSpyware.com 2012-11-11 19:59 . 2012-11-11 19:59 -------- d-----w- c:\program files\SUPERAntiSpyware 2012-11-11 19:59 . 2012-11-11 19:59 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2012-11-11 19:57 . 2012-11-11 19:57 -------- d-----w- c:\programdata\PC Tools 2012-11-11 19:57 . 2012-11-11 19:57 -------- d-----w- c:\users\Sunny\AppData\Roaming\TestApp 2012-11-11 04:21 . 2012-11-11 04:21 -------- d-----w- c:\programdata\Sophos 2012-11-11 04:21 . 2012-11-11 04:21 73728 ----a-r- c:\users\Sunny\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe 2012-11-11 04:21 . 2012-11-11 04:21 73728 ----a-r- c:\users\Sunny\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe 2012-11-11 04:21 . 2012-11-11 04:21 73728 ----a-r- c:\users\Sunny\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe 2012-11-11 04:21 . 2012-11-11 04:21 -------- d-----w- c:\program files (x86)\Sophos 2012-11-11 04:08 . 2012-11-11 04:08 -------- d-----w- c:\program files (x86)\ESET 2012-11-06 05:42 . 2012-11-06 05:42 -------- d-----w- c:\program files (x86)\Common Files\Java 2012-11-06 05:41 . 2012-11-06 05:41 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll 2012-10-24 06:14 . 2012-10-24 06:14 -------- d-----w- c:\users\Sunny\AppData\Roaming\LavasoftStatistics 2012-10-24 05:39 . 2012-10-24 05:39 -------- d-----w- c:\users\Sunny\AppData\Local\Downloaded Installations 2012-10-24 05:38 . 2012-10-24 05:38 -------- d-----w- c:\users\Sunny\AppData\Local\adawarebp 2012-10-24 05:38 . 2012-11-18 21:18 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection 2012-10-24 05:38 . 2012-10-24 05:38 -------- d-----w- c:\program files (x86)\Toolbar Cleaner 2012-10-24 05:38 . 2012-10-24 05:38 -------- d-----w- c:\program files (x86)\adawaretb 2012-10-24 04:19 . 2012-10-24 05:33 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2012-10-24 04:19 . 2012-10-24 04:23 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2012-10-22 02:37 . 2012-10-22 02:37 -------- d-----w- c:\users\Sunny\AppData\Roaming\thriXXX 2012-10-22 02:37 . 2012-10-22 02:37 -------- d-----w- c:\program files (x86)\thriXXX 2012-10-20 19:57 . 2012-10-04 03:44 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6AA6ADF4-6FC0-40A8-BA17-F9D90389391B}\gapaengine.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-11-19 00:10 . 2012-06-14 16:56 45056 ----a-w- c:\windows\system32\acovcnt.exe 2012-11-16 02:42 . 2011-08-26 03:21 66395536 ----a-w- c:\windows\system32\MRT.exe 2012-11-11 09:04 . 2011-12-27 00:59 88008 ----a-w- c:\windows\system32\LMIRfsClientNP.dll 2012-11-11 09:04 . 2011-12-27 00:59 35240 ----a-w- c:\windows\system32\LMIport.dll 2012-11-11 09:04 . 2011-12-27 00:59 83880 ----a-w- c:\windows\system32\LMIinit.dll 2012-11-06 05:41 . 2011-09-07 07:34 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-10-18 04:35 . 2012-04-06 02:30 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-10-18 04:35 . 2011-09-09 01:34 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-10-04 03:44 . 2012-02-11 11:17 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2012-09-30 02:54 . 2012-09-03 19:06 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-14 19:19 . 2012-10-10 03:58 2048 ----a-w- c:\windows\system32\tzres.dll 2012-09-14 18:28 . 2012-10-10 03:58 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-08-31 18:19 . 2012-10-10 03:59 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys 2012-08-31 05:03 . 2012-08-31 05:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys 2012-08-31 05:03 . 2011-04-27 22:25 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys 2012-08-30 18:03 . 2012-10-10 03:59 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-08-30 17:12 . 2012-10-10 03:59 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-08-30 17:12 . 2012-10-10 03:59 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-08-24 18:05 . 2012-10-10 03:59 220160 ----a-w- c:\windows\system32\wintrust.dll 2012-08-24 16:57 . 2012-10-10 03:59 172544 ----a-w- c:\windows\SysWow64\wintrust.dll 2012-08-22 18:12 . 2012-09-13 02:32 950128 ----a-w- c:\windows\system32\drivers\ndis.sys 2012-08-22 18:12 . 2012-09-13 02:32 376688 ----a-w- c:\windows\system32\drivers\netio.sys 2012-08-22 18:12 . 2012-09-13 02:32 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS 2012-08-21 21:01 . 2012-09-25 23:59 245760 ----a-w- c:\windows\system32\OxpsConverter.exe 2012-08-21 20:01 . 2012-09-22 03:28 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2012-08-21 20:01 . 2011-08-28 20:17 125872 ----a-w- c:\windows\system32\GEARAspi64.dll 2012-08-21 20:01 . 2011-08-28 20:17 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}] 2012-09-20 20:06 87448 ----a-w- c:\program files (x86)\adawaretb\adawareDx.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files (x86)\adawaretb\adawareDx.dll" [2012-09-20 87448] . [HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ShowBatteryBar"="c:\program files\BatteryBar\ShowBatteryBar.exe" [2009-05-28 89600] "OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2012-01-21 719672] "Workrave"="c:\program files (x86)\Workrave\lib\workrave.exe" [2011-03-25 3871246] "WLSync"="c:\program files (x86)\Windows Live\Mesh\WLSync.exe" [2012-03-09 1449824] "98E36C341B5CB5AFB17092EB2920E6EA02805BD9._service_run"="c:\users\Sunny\AppData\Local\Google\Chrome\Application\chrome.exe" [2012-10-31 1242136] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] "Akamai NetSession Interface"="c:\users\Sunny\AppData\Local\Akamai\netsession_win.exe" [bU] "RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [bU] "SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-01 5629312] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "NPSStartup"="" [bU] "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files (x86)\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232] "UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504] "UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504] "HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016] "EaseUs Watch"="c:\program files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe" [2011-10-22 70792] "EaseUs Tray"="c:\program files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe" [2011-10-22 743560] "ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-02-04 7350912] "ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-01-05 170624] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280] "Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-03-27 40376] "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-03-26 640440] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208] "vmware-tray"="c:\program files (x86)\VMware\VMware Workstation\vmware-tray.exe" [2009-10-22 129584] "Garmin Lifetime Updater"="c:\program files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe" [2012-01-06 1446760] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888] "Display"="c:\program files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe" [2012-01-24 284024] "XviD Codec"="c:\program files (x86)\XviD\codec.exe" [2012-08-08 606720] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776] "Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2012-08-08 540056] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896] "LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-11-16 2254768] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ APC UPS Status.lnk - c:\program files (x86)\APC\PowerChute Personal Edition\Display.exe [2012-1-24 271736] Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-8-2 1080608] HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-23 270336] SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe [2010-8-17 156952] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux2"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 KMService;KMService;c:\windows\system32\srvany.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944] R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2009-12-28 44032] R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864] R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-07-29 16776] R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-07-29 9096] R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-03-19 1431888] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896] R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832] R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-06-14 16448] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-26 1255736] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464] R4 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2009-12-07 379520] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2011-10-22 44680] S0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [2011-10-22 50312] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-09-17 834544] S1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2011-10-22 19592] S1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [2011-10-22 189576] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368] S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2012-03-15 224048] S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2012-03-15 130864] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672] S2 APC Data Service;APC Data Service;c:\program files (x86)\APC\PowerChute Personal Edition\dataserv.exe [2012-01-24 21880] S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416] S2 EaseUS Agent;EaseUS Agent;c:\program files (x86)\EaseUS\Todo Backup\bin\Agent.exe [2011-10-22 60552] S2 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe [2011-12-12 8704] S2 Guard Agent;Guard Agent;c:\program files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe [2011-10-22 23176] S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-11-16 2461104] S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-11-11 375728] S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2011-09-16 15928] S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2314240] S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2009-10-22 80944] S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2009-10-22 563760] S3 ALSysIO;ALSysIO;c:\users\Sunny\AppData\Local\Temp\ALSysIO64.sys [x] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-03-04 75816] S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416] S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2012-03-15 147248] S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2012-03-15 166192] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder . 2012-11-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-213426137-1922756365-3311226018-1001Core.job - c:\users\Sunny\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-02 08:35] . 2012-11-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-213426137-1922756365-3311226018-1001UA.job - c:\users\Sunny\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-02 08:35] . 2012-11-18 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 65ff1bd1-9d9e-4648-88b5-3067be9d6b12.job - c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52] . 2012-11-18 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task e64f2b5f-7d69-4ef3-816d-f223cd72dd81.job - c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2011-09-16 57928] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032] "AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-01-18 324608] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-22 167704] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-22 392472] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-22 416024] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=c:\windows\System32\acaptuser64.dll . ------- Supplementary Scan ------- . uStart Page = hxxp://startsear.info uLocal Page = c:\windows\system32\blank.htm mStart Page = hxxp://startsear.info mLocal Page = c:\windows\SYSTEM32\blank.htm IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Append to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert link target to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105 LSP: c:\program files (x86)\VMware\VMware Workstation\vsocklib.dll Trusted Zone: mini9 Trusted Zone: pearsoned.com\myitlab TCP: DhcpNameServer = 192.168.1.254 . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Wow6432Node-HKLM-Run-<NO NAME> - (no file) Toolbar-Locked - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe AddRemove-Asus_ULSeries_ScreenSaver - c:\windows\system32\Asus_ULSeries_ScreenSaver.scr AddRemove-uCertify M70-640 - c:\program files (x86)\uCertify\uninstall.exe AddRemove-uCertify M70-640 - c:\program files (x86)\uCertify\uninstall.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-11-18 17:10:02 ComboFix-quarantined-files.txt 2012-11-19 01:09 . Pre-Run: 50,661,801,984 bytes free Post-Run: 50,129,670,144 bytes free . - - End Of File - - 2BA683A5ADC54B5FBE6315CEEF82C132
  16. Startsear.info is still showing up as the homepage in IE after restart.
  17. RogueKiller V8.3.0 [Nov 18 2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website: http://tigzy.geekstogo.com/roguekiller.php Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Sunny [Admin rights] Mode : Scan -- Date : 11/18/2012 13:09:38 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 6 ¤¤¤ [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND [HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: M4-CT256M4SSD2 +++++ --- User --- [MBR] e7c22b1c855cc2899ffb274315e7959e [bSP] bd6d9d0f8771f1111364206a33070549 : Windows 7/8 MBR Code Partition table: 0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 8 | Size: 20002 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 40966144 | Size: 224192 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1]_S_11182012_02d1309.txt >> RKreport[1]_S_11182012_02d1309.txt
  18. RogueKiller V8.3.0 [Nov 18 2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website: http://tigzy.geekstogo.com/roguekiller.php Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Sunny [Admin rights] Mode : Remove -- Date : 11/18/2012 13:09:54 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 4 ¤¤¤ [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2) [HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1) [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: M4-CT256M4SSD2 +++++ --- User --- [MBR] e7c22b1c855cc2899ffb274315e7959e [bSP] bd6d9d0f8771f1111364206a33070549 : Windows 7/8 MBR Code Partition table: 0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 8 | Size: 20002 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 40966144 | Size: 224192 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[2]_D_11182012_02d1309.txt >> RKreport[1]_S_11182012_02d1309.txt ; RKreport[2]_D_11182012_02d1309.txt
  19. # AdwCleaner v2.008 - Logfile created 11/18/2012 at 13:04:34 # Updated 17/11/2012 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Sunny - UL20FT # Boot Mode : Normal # Running from : C:\Users\Sunny\Downloads\adwcleaner (1).exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** ***** [Registry] ***** Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 Replaced : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://startsear.info --> hxxp://www.google.com -\\ Google Chrome v23.0.1271.64 File : C:\Users\Sunny\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. File : C:\Users\Pooh\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [7344 octets] - [11/11/2012 14:01:23] AdwCleaner[R2].txt - [7404 octets] - [11/11/2012 14:02:04] AdwCleaner[s2].txt - [7673 octets] - [11/11/2012 14:02:36] AdwCleaner[s3].txt - [1386 octets] - [18/11/2012 13:04:34] ########## EOF - C:\AdwCleaner[s3].txt - [1446 octets] ##########
  20. Results of screen317's Security Check version 0.99.54 Windows 7 Service Pack 1 x64 (UAC is disabled!) ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Microsoft Security Essentials (On Access scanning disabled!) Error obtaining update status for antivirus! `````````Anti-malware/Other Utilities Check:````````` Ad-Aware Out of date HijackThis installed! SpywareBlaster 4.6 Spybot - Search & Destroy Malwarebytes Anti-Malware version 1.65.1.1000 HijackThis 2.0.2 Java 3D 1.3.1 (OpenGL) Runtime Java 6 Update 37 Java version out of Date! Adobe Flash Player 11.4.402.287 Adobe Reader X 10.1.1 Adobe Reader out of Date! Google Chrome 21.0.1180.83 Google Chrome 21.0.1180.89 Google Chrome 22.0.1229.79 Google Chrome 22.0.1229.92 Google Chrome 22.0.1229.94 Google Chrome 23.0.1271.64 Google Chrome plugins... ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe Ad-Aware AAWService.exe is disabled! Ad-Aware AAWTray.exe is disabled! `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log``````````````````````
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.