infectedturtle Posted May 8, 2012 ID:549656 Share Posted May 8, 2012 Hi,I cannot for the life of me find the problem. I am having one of those re-direct things. I have scanned with MB and MSE and found nothing. The following are my logs, any help would be great.Thanks..DDS (Ver_2011-08-26.01) - NTFSAMD64Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.0.0Run by Lucas at 21:45:35 on 2012-05-07Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6092.3593 [GMT -7:00].AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exeC:\Windows\system32\svchost.exe -k RPCSSC:\Program Files\Microsoft Security Client\MsMpEng.exeC:\Windows\system32\atiesrxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Program Files\IDT\WDM\STacSV64.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\Hpservice.exeC:\Windows\system32\WUDFHost.exeC:\Windows\system32\atieclxx.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\WLANExt.exeC:\Windows\system32\conhost.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k WbioSvcGroupC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files\SUPERAntiSpyware\SASCORE64.EXEC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files\IDT\WDM\AESTSr64.exeC:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Windows\SysWOW64\astsrv.exeC:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Windows\system32\svchost.exe -k bthsvcsC:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exeC:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exeC:\Program Files\Intel\WiFi\bin\EvtEng.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exeC:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exeC:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exeC:\Windows\system32\msiexec.exeC:\Windows\system32\nlsInterface.exeC:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exeC:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exeC:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exeC:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Program Files (x86)\Intel\Bluetooth\obexsrv.exeC:\Windows\system32\wbem\unsecapp.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\taskhost.exeC:\Windows\system32\taskeng.exeC:\Program Files (x86)\HP SimplePass 2011\TouchControl.exeC:\Program Files\Core Temp\Core Temp.exeC:\Windows\System32\rundll32.exeC:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exeC:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\system32\wbem\unsecapp.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Windows\System32\rundll32.exeC:\Windows\System32\igfxtray.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exeC:\Program Files\IDT\WDM\sttray64.exeC:\Program Files\Microsoft Security Client\msseces.exeC:\Apps\envyTouchPad.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exeC:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exeC:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXEC:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exeC:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exeC:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exeC:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exeC:\Program Files (x86)\iTunes\iTunesHelper.exeC:\Windows\system32\SearchIndexer.exeC:\Users\Lucas\AppData\Roaming\Dropbox\bin\Dropbox.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files (x86)\Launchy\Launchy.exeC:\Windows\System32\svchost.exe -k LocalServicePeerNetC:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exeC:\Program Files (x86)\Intel\Bluetooth\mediasrv.exeC:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exeC:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exeC:\Users\Lucas\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Lucas\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Lucas\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Lucas\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Lucas\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Lucas\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Lucas\AppData\Local\Google\Chrome\Application\chrome.exeC:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exeC:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exeC:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exeC:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exeC:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exeC:\Windows\system32\sppsvc.exeC:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exeC:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exeC:\Windows\system32\wbengine.exeC:\Windows\system32\vssvc.exeC:\Windows\System32\svchost.exe -k swprvC:\Windows\System32\vds.exeC:\Windows\servicing\TrustedInstaller.exeC:\Windows\SysWOW64\NOTEPAD.EXEC:\Windows\system32\DllHost.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exeC:\Windows\SysWOW64\cmd.exeC:\Windows\system32\conhost.exeC:\Windows\SysWOW64\cscript.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp://www.google.com/uInternet Settings,ProxyOverride = *.localmWinlogon: Userinit=userinit.exe,BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO: TrueSuite Website Log On: {8590886e-ec8c-43c1-a32c-e4c2b0b6395b} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dllBHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dllBHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLLBHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dllBHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dllTB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dlluRun: [envyTouchPad] C:\Apps\envyTouchPad.exeuRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRunmRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exemRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"mRun: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exemRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRunmRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exemRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbyloginmRun: [FLxHCIm] "C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\i386_host\FLxHCIm.exe"mRun: [<NO NAME>]mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exemRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exemRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"StartupFolder: C:\Users\Lucas\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Lucas\AppData\Roaming\Dropbox\bin\Dropbox.exeStartupFolder: C:\Users\Lucas\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Launchy.lnk - C:\Program Files (x86)\Launchy\Launchy.exeuPolicies-explorer: HideSCAHealth = 1 (0x1)mPolicies-explorer: NoActiveDesktop = 1 (0x1)mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)mPolicies-system: EnableLUA = 0 (0x0)mPolicies-system: EnableUIADesktopToggle = 0 (0x0)mPolicies-system: PromptOnSecureDesktop = 0 (0x0)IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dllIE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dllTrusted Zone: box.net\wwwTrusted Zone: intuit.com\ttlcDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cabDPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cabTCP: Interfaces\{4AC4F20E-8141-4819-BD8A-793CD83A10FA}\05447425F45505 : DhcpNameServer = 192.168.2.254TCP: Interfaces\{4AC4F20E-8141-4819-BD8A-793CD83A10FA}\35550554250273431343 : DhcpNameServer = 10.10.1.1TCP: Interfaces\{4AC4F20E-8141-4819-BD8A-793CD83A10FA}\86F6E6B66723 : DhcpNameServer = 209.18.47.61 209.18.47.62TCP: Interfaces\{4AC4F20E-8141-4819-BD8A-793CD83A10FA}\C696E6B6379737 : DhcpNameServer = 192.168.0.1 192.168.0.1TCP: Interfaces\{AF6477D5-C2C1-4A4A-958E-A9DEC6AA64BC} : DhcpNameServer = 10.10.1.1Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLLBHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO-X64: AcroIEHelperStub - No FileBHO-X64: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dllBHO-X64: TSBHO Class - No FileBHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dllBHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLLBHO-X64: URLRedirectionBHO - No FileBHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dllBHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dllBHO-X64: SmartSelect - No FileTB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dllmRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exemRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"mRun-x64: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exemRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRunmRun-x64: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exemRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbyloginmRun-x64: [FLxHCIm] "C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\i386_host\FLxHCIm.exe"mRun-x64: [(Default)]mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exemRun-x64: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exemRun-x64: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"Hosts: 10.10.1.50 echo.================= FIREFOX ===================.FF - ProfilePath - C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\3s2yhtu7.default\FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLLFF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLLFF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dllFF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dllFF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dllFF - plugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npdeployJava1.dllFF - plugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dllFF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dllFF - plugin: C:\Users\Lucas\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dllFF - plugin: C:\Users\Lucas\AppData\Roaming\Mozilla\plugins\npgoogletalk.dllFF - plugin: C:\Users\Lucas\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dllFF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll.============= SERVICES / DRIVERS ===============.R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-7-18 146816]R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-1-8 89600]R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-8-31 1166848]R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-1-24 901184]R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-1-24 991296]R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-6-3 134928]R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-7-20 260424]R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-21 85560]R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-9-1 227896]R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-7-11 26680]R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-8-9 13592]R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-1-8 2413056]R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-8-25 13672]R2 nlscc;Nalpeiron X64 Service;C:\Windows\system32\nlsInterface.exe --> C:\Windows\system32\nlsInterface.exe [?]R2 NovacomD;Palm Novacom;C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe [2011-3-15 71168]R2 SplashtopRemoteService;Splashtop® Remote Service;C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2012-2-9 531328]R2 SSUService;Splashtop Software Updater Service;C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2012-3-14 370504]R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-8-9 2656280]R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;C:\Windows\system32\DRIVERS\AMPPAL.sys --> C:\Windows\system32\DRIVERS\AMPPAL.sys [?]R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-1-24 1298496]R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]R3 hpCMSrv;HP Connection Manager 4.0 Service;C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-2-15 1071160]R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]R3 intelkmd;intelkmd;C:\Windows\system32\DRIVERS\igdpmd64.sys --> C:\Windows\system32\DRIVERS\igdpmd64.sys [?]R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]R3 wdkmd;Intel WiDi KMD;C:\Windows\system32\DRIVERS\WDKMD.sys --> C:\Windows\system32\DRIVERS\WDKMD.sys [?]S2 CLKMSVC10_38F51D56;CyberLink Product - 2012/01/08 22:36:48;C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2011-2-24 241648]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-3 257696]S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;C:\Windows\system32\DRIVERS\amppal.sys --> C:\Windows\system32\DRIVERS\amppal.sys [?]S3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\system32\DRIVERS\btmaux.sys --> C:\Windows\system32\DRIVERS\btmaux.sys [?]S3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\system32\drivers\btwampfl.sys --> C:\Windows\system32\drivers\btwampfl.sys [?]S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864]S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudbus.sys --> C:\Windows\system32\DRIVERS\ssudbus.sys [?]S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-3-17 129976]S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-7-27 340240]S3 Nbdrv;NetBalancer;C:\Windows\system32\DRIVERS\nbdrv.sys --> C:\Windows\system32\DRIVERS\nbdrv.sys [?]S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudmdm.sys --> C:\Windows\system32\DRIVERS\ssudmdm.sys [?]S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?].=============== Created Last 30 ================.2012-05-07 17:43:26 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AE2D88D5-D09F-42D6-8C84-D965EB4F2FC9}\offreg.dll2012-05-07 14:57:14 8917360 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AE2D88D5-D09F-42D6-8C84-D965EB4F2FC9}\mpengine.dll2012-05-06 22:19:50 8917360 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2012-05-01 10:00:50 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client2012-04-17 06:40:47 -------- d-----w- C:\Program Files (x86)\OpenDNS Updater2012-04-17 06:16:09 -------- d-----w- C:\Users\Lucas\AppData\Roaming\OpenDNS Updater2012-04-17 05:39:39 99384 ----a-w- C:\Windows\System32\drivers\ssudbus.sys2012-04-17 05:39:39 203320 ----a-w- C:\Windows\System32\drivers\ssudmdm.sys2012-04-17 03:31:40 332288 ----a-w- C:\Windows\System32\uxtheme.dll.backup2012-04-17 03:31:38 2851840 ----a-w- C:\Windows\System32\themeui.dll.backup2012-04-17 03:31:35 44544 ----a-w- C:\Windows\System32\themeservice.dll.backup2012-04-12 03:57:54 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe2012-04-12 03:57:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe2012-04-12 03:57:53 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe2012-04-12 03:55:26 81408 ----a-w- C:\Windows\System32\imagehlp.dll2012-04-12 03:55:26 5120 ----a-w- C:\Windows\SysWow64\wmi.dll2012-04-12 03:55:26 5120 ----a-w- C:\Windows\System32\wmi.dll2012-04-12 03:55:26 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys2012-04-12 03:55:26 220672 ----a-w- C:\Windows\System32\wintrust.dll2012-04-12 03:55:26 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll2012-04-12 03:55:26 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll2012-04-10 04:04:44 -------- d-----w- C:\Users\Lucas\AppData\Roaming\ASUS WebStorage2012-04-10 04:04:41 -------- d-----w- C:\ProgramData\ASUS WebStorage2012-04-10 04:04:23 -------- d-----w- C:\Users\Lucas\AppData\Roaming\ASUS2012-04-10 04:04:15 -------- d-----w- C:\Program Files (x86)\ASUS2012-04-10 04:03:49 -------- d-----w- C:\Program Files\ASUS2012-04-10 04:03:16 -------- d-----w- C:\Program Files (x86)\MSXML 4.02012-04-10 04:01:47 -------- d-----w- C:\Users\Lucas\AppData\Roaming\eCareme.==================== Find3M ====================.2012-05-06 23:55:24 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2012-05-06 23:55:24 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2012-05-06 23:55:09 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe2012-04-04 22:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys2012-03-29 05:11:22 4659712 ----a-w- C:\Windows\SysWow64\Redemption.dll2012-03-29 05:11:06 45320 ----a-w- C:\Windows\SysWow64\MAMACExtract.dll2012-03-29 05:11:02 821824 ----a-w- C:\Windows\SysWow64\dgderapi.dll2012-03-22 19:12:12 4435968 ----a-w- C:\Windows\SysWow64\GPhotos.scr2012-03-21 03:44:12 98688 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys2012-03-21 03:44:12 203888 ----a-w- C:\Windows\System32\drivers\MpFilter.sys2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll2012-02-17 04:58:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys2012-02-17 04:57:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys2012-02-15 18:01:50 52736 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys2012-02-15 18:01:50 4547944 ----a-w- C:\Windows\System32\usbaaplrc.dll2012-02-14 19:09:44 1070352 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll.============= FINISH: 21:45:51.26 ===============Attach.zip Link to post Share on other sites More sharing options...
MrCharlie Posted May 8, 2012 ID:549733 Share Posted May 8, 2012 Welcome to the forum.Please remove any usb or external drives from the computer before you run this scan!Please download and run RogueKiller.For Windows XP, double-click to start.For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.Click Scan to scan the system (don't run any other options, they're not all bad!)Post back the report.MrC Link to post Share on other sites More sharing options...
infectedturtle Posted May 8, 2012 Author ID:549775 Share Posted May 8, 2012 Thank you for the quick reply.RogueKiller V7.4.4 [05/08/2012] by Tigzymail: tigzyRK<at>gmail<dot>comFeedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/Blog: http://tigzyrk.blogspot.comOperating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser: Lucas [Admin rights]Mode: Scan -- Date: 05/08/2012 08:41:41¤¤¤ Bad processes: 0 ¤¤¤¤¤¤ Registry Entries: 6 ¤¤¤[bLACKLIST DLL] HKUS\S-1-5-19[...]\Run : Update (rundll32.exe "C:\Users\Lucas\AppData\Roaming\.minecraft\.minecraft\ulbzyvwiq.dll",DllRegisterServer) -> FOUND[bLACKLIST DLL] HKUS\S-1-5-20[...]\Run : Update (rundll32.exe "C:\Users\Lucas\AppData\Roaming\.minecraft\.minecraft\ulbzyvwiq.dll",DllRegisterServer) -> FOUND[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND¤¤¤ Particular Files / Folders: ¤¤¤¤¤¤ Driver: [NOT LOADED] ¤¤¤¤¤¤ Infection : ¤¤¤¤¤¤ HOSTS File: ¤¤¤10.10.1.50 echo¤¤¤ MBR Check: ¤¤¤+++++ PhysicalDrive0: TOSHIBA MK7575GSX +++++--- User ---[MBR] b27ea8f791f5b651de5b587eaa78abc7[bSP] 6abcc5b31419a117d0832257e7d591e9 : Linux MBR CodePartition table:0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 190000 Mo2 - [XXXXXX] EXTEN (0x05) [VISIBLE] Offset (sectors): 389531646 | Size: 525203 MoUser = LL1 ... OK!User = LL2 ... OK!Finished : << RKreport[1].txt >>RKreport[1].txt Link to post Share on other sites More sharing options...
MrCharlie Posted May 8, 2012 ID:549778 Share Posted May 8, 2012 OK, run RogueKiller again and click ScanWhen the scan completes > click on the Registry Entries: tabPut a check next to all of these and uncheck the rest:¤¤¤ Registry Entries: 6 ¤¤¤[bLACKLIST DLL] HKUS\S-1-5-19[...]\Run : Update (rundll32.exe "C:\Users\Lucas\AppData\Roaming\.minecraft\.minecraft\ulbzyvwiq.dll",DllRegisterServer) -> FOUND[bLACKLIST DLL] HKUS\S-1-5-20[...]\Run : Update (rundll32.exe "C:\Users\Lucas\AppData\Roaming\.minecraft\.minecraft\ulbzyvwiq.dll",DllRegisterServer) -> FOUND[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUNDNow click Delete on the left hand column.-------------------------Next....Please make sure system restore is running and create a new restore point before continuing.XP <===> Vista & W7XP users > please back up the registry using ERUNT.-----------------------------------------Please download and run TDSSKiller to your desktop as outlined below:Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.For Windows XP, double-click to start.For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.-------------------------Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.------------------------Click the Start Scan button.-----------------------If a suspicious object is detected, the default action will be Skip, click on ContinueIf you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please chooseSkip and click on ContinueAny entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.----------------------If malicious objects are found, they will show in the Scan results and offer three (3) options.Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.--------------------A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.-------------------Here's a summary of what to do if you would like to print it out:If a suspicious object is detected, the default action will be Skip, click on ContinueIf you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please chooseSkip and click on ContinueAny entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.If malicious objects are found, they will show in the Scan results and offer three (3) options.Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.MrC Link to post Share on other sites More sharing options...
infectedturtle Posted May 8, 2012 Author ID:549817 Share Posted May 8, 2012 Hello,No objects found via TDSS killer, only some unsigned drivers.11:43:12.0277 3800 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:1811:43:13.0971 3800 ============================================================11:43:13.0971 3800 Current date / time: 2012/05/08 11:43:13.097111:43:13.0971 3800 SystemInfo:11:43:13.0971 3800 11:43:13.0972 3800 OS Version: 6.1.7601 ServicePack: 1.011:43:13.0972 3800 Product type: Workstation11:43:13.0972 3800 ComputerName: DEATHWING11:43:13.0972 3800 UserName: Lucas11:43:13.0972 3800 Windows directory: C:\Windows11:43:13.0972 3800 System windows directory: C:\Windows11:43:13.0972 3800 Running under WOW6411:43:13.0972 3800 Processor architecture: Intel x6411:43:13.0972 3800 Number of processors: 811:43:13.0972 3800 Page size: 0x100011:43:13.0972 3800 Boot type: Normal boot11:43:13.0972 3800 ============================================================11:43:14.0419 3800 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x0000004011:43:14.0424 3800 ============================================================11:43:14.0424 3800 \Device\Harddisk0\DR0:11:43:14.0424 3800 MBR partitions:11:43:14.0424 3800 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x6380011:43:14.0424 3800 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x1731800011:43:14.0468 3800 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x273A1800, BlocksNum 0x301A480011:43:14.0468 3800 ============================================================11:43:14.0497 3800 C: <-> \Device\Harddisk0\DR0\Partition111:43:14.0536 3800 D: <-> \Device\Harddisk0\DR0\Partition211:43:14.0536 3800 ============================================================11:43:14.0536 3800 Initialize success11:43:14.0536 3800 ============================================================11:43:35.0546 4324 ============================================================11:43:35.0546 4324 Scan started11:43:35.0546 4324 Mode: Manual; SigCheck; TDLFS;11:43:35.0546 4324 ============================================================11:43:35.0840 4324 !SASCORE (6b9a496ed67631da8adb802461876c36) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE11:43:35.0874 4324 !SASCORE - ok11:43:36.0148 4324 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys11:43:36.0179 4324 1394ohci - ok11:43:36.0205 4324 Accelerometer (5c368f4b04ed2a923e6afca2d37baff5) C:\Windows\system32\DRIVERS\Accelerometer.sys11:43:36.0277 4324 Accelerometer - ok11:43:36.0304 4324 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys11:43:36.0319 4324 ACPI - ok11:43:36.0355 4324 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys11:43:36.0382 4324 AcpiPmi - ok11:43:36.0460 4324 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe11:43:36.0468 4324 AdobeARMservice - ok11:43:36.0541 4324 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe11:43:36.0553 4324 AdobeFlashPlayerUpdateSvc - ok11:43:36.0595 4324 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys11:43:36.0613 4324 adp94xx - ok11:43:36.0664 4324 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys11:43:36.0679 4324 adpahci - ok11:43:36.0688 4324 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys11:43:36.0701 4324 adpu320 - ok11:43:36.0724 4324 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll11:43:36.0757 4324 AeLookupSvc - ok11:43:36.0877 4324 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe11:43:36.0899 4324 AESTFilters - ok11:43:36.0941 4324 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys11:43:36.0971 4324 AFD - ok11:43:37.0021 4324 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys11:43:37.0031 4324 agp440 - ok11:43:37.0071 4324 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe11:43:37.0093 4324 ALG - ok11:43:37.0119 4324 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys11:43:37.0128 4324 aliide - ok11:43:37.0207 4324 ALSysIO - ok11:43:37.0243 4324 AMD External Events Utility (46052887a640397a834cfa61d607bfc5) C:\Windows\system32\atiesrxx.exe11:43:37.0270 4324 AMD External Events Utility - ok11:43:37.0308 4324 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys11:43:37.0318 4324 amdide - ok11:43:37.0345 4324 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys11:43:37.0373 4324 AmdK8 - ok11:43:37.0689 4324 amdkmdag (f419e5cc07decdab85e4e6adab1dbb49) C:\Windows\system32\DRIVERS\atikmdag.sys11:43:37.0912 4324 amdkmdag - ok11:43:38.0030 4324 amdkmdap (a2f3f99349169d53e91a953a6f539635) C:\Windows\system32\DRIVERS\atikmpag.sys11:43:38.0059 4324 amdkmdap - ok11:43:38.0092 4324 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys11:43:38.0113 4324 AmdPPM - ok11:43:38.0158 4324 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys11:43:38.0169 4324 amdsata - ok11:43:38.0198 4324 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys11:43:38.0216 4324 amdsbs - ok11:43:38.0233 4324 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys11:43:38.0242 4324 amdxata - ok11:43:38.0288 4324 AMPPAL (7d9e301ab3247765702d0b65e2e47e50) C:\Windows\system32\DRIVERS\AMPPAL.sys11:43:38.0315 4324 AMPPAL - ok11:43:38.0331 4324 AMPPALP (7d9e301ab3247765702d0b65e2e47e50) C:\Windows\system32\DRIVERS\amppal.sys11:43:38.0342 4324 AMPPALP - ok11:43:38.0449 4324 AMPPALR3 (576134e43169810b560f0bb6fdee13f5) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe11:43:38.0478 4324 AMPPALR3 - ok11:43:38.0597 4324 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys11:43:38.0630 4324 AppID - ok11:43:38.0661 4324 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll11:43:38.0693 4324 AppIDSvc - ok11:43:38.0729 4324 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll11:43:38.0767 4324 Appinfo - ok11:43:38.0850 4324 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe11:43:38.0858 4324 Apple Mobile Device - ok11:43:38.0890 4324 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys11:43:38.0901 4324 arc - ok11:43:38.0917 4324 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys11:43:38.0927 4324 arcsas - ok11:43:39.0021 4324 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe11:43:39.0031 4324 aspnet_state - ok11:43:39.0039 4324 astcc - ok11:43:39.0061 4324 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys11:43:39.0093 4324 AsyncMac - ok11:43:39.0149 4324 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys11:43:39.0158 4324 atapi - ok11:43:39.0224 4324 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll11:43:39.0266 4324 AudioEndpointBuilder - ok11:43:39.0271 4324 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll11:43:39.0309 4324 AudioSrv - ok11:43:39.0383 4324 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll11:43:39.0399 4324 AxInstSV - ok11:43:39.0448 4324 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys11:43:39.0475 4324 b06bdrv - ok11:43:39.0506 4324 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys11:43:39.0521 4324 b57nd60a - ok11:43:39.0607 4324 BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys11:43:39.0638 4324 BCM43XX - ok11:43:39.0677 4324 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll11:43:39.0695 4324 BDESVC - ok11:43:39.0763 4324 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys11:43:39.0807 4324 Beep - ok11:43:39.0874 4324 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll11:43:39.0915 4324 BFE - ok11:43:39.0962 4324 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll11:43:40.0012 4324 BITS - ok11:43:40.0081 4324 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys11:43:40.0092 4324 blbdrive - ok11:43:40.0209 4324 Bluetooth Device Monitor (c440483a5ce0e0ab03a79a33ace35d91) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe11:43:40.0223 4324 Bluetooth Device Monitor ( UnsignedFile.Multi.Generic ) - warning11:43:40.0223 4324 Bluetooth Device Monitor - detected UnsignedFile.Multi.Generic (1)11:43:40.0284 4324 Bluetooth Media Service (c8ab8ca3557cce041ac4c88e76afbad0) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe11:43:40.0316 4324 Bluetooth Media Service ( UnsignedFile.Multi.Generic ) - warning11:43:40.0316 4324 Bluetooth Media Service - detected UnsignedFile.Multi.Generic (1)11:43:40.0371 4324 Bluetooth OBEX Service (df83fb0eb35c91339f1c84c6cf426100) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe11:43:40.0391 4324 Bluetooth OBEX Service ( UnsignedFile.Multi.Generic ) - warning11:43:40.0391 4324 Bluetooth OBEX Service - detected UnsignedFile.Multi.Generic (1)11:43:40.0467 4324 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe11:43:40.0482 4324 Bonjour Service - ok11:43:40.0599 4324 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys11:43:40.0622 4324 bowser - ok11:43:40.0660 4324 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys11:43:40.0673 4324 BrFiltLo - ok11:43:40.0675 4324 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys11:43:40.0688 4324 BrFiltUp - ok11:43:40.0722 4324 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll11:43:40.0763 4324 Browser - ok11:43:40.0785 4324 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys11:43:40.0816 4324 Brserid - ok11:43:40.0820 4324 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys11:43:40.0842 4324 BrSerWdm - ok11:43:40.0870 4324 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys11:43:40.0892 4324 BrUsbMdm - ok11:43:40.0915 4324 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys11:43:40.0937 4324 BrUsbSer - ok11:43:40.0981 4324 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys11:43:41.0005 4324 BthEnum - ok11:43:41.0055 4324 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys11:43:41.0079 4324 BTHMODEM - ok11:43:41.0122 4324 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys11:43:41.0149 4324 BthPan - ok11:43:41.0189 4324 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys11:43:41.0218 4324 BTHPORT - ok11:43:41.0261 4324 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll11:43:41.0310 4324 bthserv - ok11:43:41.0399 4324 BTHSSecurityMgr (9e2af97302b9f4bf97e952a865eb31ae) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe11:43:41.0408 4324 BTHSSecurityMgr - ok11:43:41.0418 4324 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys11:43:41.0429 4324 BTHUSB - ok11:43:41.0474 4324 btmaux (ba554bfcbf21201d310738a42c9c19e1) C:\Windows\system32\DRIVERS\btmaux.sys11:43:41.0482 4324 btmaux - ok11:43:41.0533 4324 btwampfl (7a2ce8c1bf4daa1f2766e21e9ca11078) C:\Windows\system32\drivers\btwampfl.sys11:43:41.0548 4324 btwampfl - ok11:43:41.0550 4324 btwaudio - ok11:43:41.0554 4324 btwavdt - ok11:43:41.0557 4324 btwl2cap - ok11:43:41.0560 4324 btwrchid - ok11:43:41.0587 4324 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys11:43:41.0630 4324 cdfs - ok11:43:41.0661 4324 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys11:43:41.0673 4324 cdrom - ok11:43:41.0721 4324 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll11:43:41.0763 4324 CertPropSvc - ok11:43:41.0810 4324 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys11:43:41.0832 4324 circlass - ok11:43:41.0885 4324 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys11:43:41.0901 4324 CLFS - ok11:43:42.0031 4324 CLKMSVC10_38F51D56 (524dc3807cb1746225f9d26add19c319) C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe11:43:42.0043 4324 CLKMSVC10_38F51D56 - ok11:43:42.0102 4324 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe11:43:42.0111 4324 clr_optimization_v2.0.50727_32 - ok11:43:42.0175 4324 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe11:43:42.0184 4324 clr_optimization_v2.0.50727_64 - ok11:43:42.0265 4324 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe11:43:42.0275 4324 clr_optimization_v4.0.30319_32 - ok11:43:42.0303 4324 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe11:43:42.0313 4324 clr_optimization_v4.0.30319_64 - ok11:43:42.0391 4324 clwvd (50f92c943f18b070f166d019dfab3d9a) C:\Windows\system32\DRIVERS\clwvd.sys11:43:42.0399 4324 clwvd - ok11:43:42.0426 4324 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys11:43:42.0438 4324 CmBatt - ok11:43:42.0446 4324 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys11:43:42.0455 4324 cmdide - ok11:43:42.0505 4324 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys11:43:42.0537 4324 CNG - ok11:43:42.0576 4324 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys11:43:42.0585 4324 Compbatt - ok11:43:42.0612 4324 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys11:43:42.0642 4324 CompositeBus - ok11:43:42.0655 4324 COMSysApp - ok11:43:42.0725 4324 cpudrv64 (3ca734ce373e5675fbc15ca2c45228e5) C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys11:43:42.0733 4324 cpudrv64 - ok11:43:42.0767 4324 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys11:43:42.0777 4324 crcdisk - ok11:43:42.0819 4324 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll11:43:42.0862 4324 CryptSvc - ok11:43:42.0903 4324 CVirtA (44bddeb03c84a1c993c992ffb5700357) C:\Windows\system32\DRIVERS\CVirtA64.sys11:43:42.0912 4324 CVirtA - ok11:43:42.0993 4324 CVPND (66257cb4e4fb69887cddc71663741435) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe11:43:43.0022 4324 CVPND - ok11:43:43.0145 4324 CVPNDRVA (cc8e52daa9826064ba464dbe531f2bb5) C:\Windows\system32\Drivers\CVPNDRVA.sys11:43:43.0156 4324 CVPNDRVA - ok11:43:43.0212 4324 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll11:43:43.0270 4324 DcomLaunch - ok11:43:43.0303 4324 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll11:43:43.0351 4324 defragsvc - ok11:43:43.0390 4324 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys11:43:43.0432 4324 DfsC - ok11:43:43.0467 4324 dg_ssudbus (113212d25d0c9bb8901a9833774da97f) C:\Windows\system32\DRIVERS\ssudbus.sys11:43:43.0478 4324 dg_ssudbus - ok11:43:43.0517 4324 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll11:43:43.0560 4324 Dhcp - ok11:43:43.0593 4324 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys11:43:43.0626 4324 discache - ok11:43:43.0666 4324 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys11:43:43.0676 4324 Disk - ok11:43:43.0725 4324 DNE (05cb5910b3ca6019fc3cca815ee06ffb) C:\Windows\system32\DRIVERS\dne64x.sys11:43:43.0734 4324 DNE - ok11:43:43.0777 4324 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll11:43:43.0798 4324 Dnscache - ok11:43:43.0835 4324 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll11:43:43.0878 4324 dot3svc - ok11:43:43.0902 4324 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll11:43:43.0950 4324 DPS - ok11:43:43.0996 4324 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys11:43:44.0026 4324 drmkaud - ok11:43:44.0069 4324 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys11:43:44.0091 4324 DXGKrnl - ok11:43:44.0122 4324 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll11:43:44.0171 4324 EapHost - ok11:43:44.0285 4324 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys11:43:44.0342 4324 ebdrv - ok11:43:44.0435 4324 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe11:43:44.0458 4324 EFS - ok11:43:44.0522 4324 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe11:43:44.0552 4324 ehRecvr - ok11:43:44.0573 4324 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe11:43:44.0585 4324 ehSched - ok11:43:44.0667 4324 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys11:43:44.0686 4324 elxstor - ok11:43:44.0689 4324 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys11:43:44.0701 4324 ErrDev - ok11:43:44.0775 4324 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll11:43:44.0828 4324 EventSystem - ok11:43:44.0982 4324 EvtEng (e3a96d5ae6e5c7b5472011ba77353368) C:\Program Files\Intel\WiFi\bin\EvtEng.exe11:43:45.0016 4324 EvtEng - ok11:43:45.0127 4324 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys11:43:45.0162 4324 exfat - ok11:43:45.0185 4324 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys11:43:45.0227 4324 fastfat - ok11:43:45.0287 4324 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe11:43:45.0322 4324 Fax - ok11:43:45.0360 4324 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys11:43:45.0386 4324 fdc - ok11:43:45.0421 4324 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll11:43:45.0455 4324 fdPHost - ok11:43:45.0470 4324 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll11:43:45.0503 4324 FDResPub - ok11:43:45.0514 4324 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys11:43:45.0524 4324 FileInfo - ok11:43:45.0545 4324 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys11:43:45.0578 4324 Filetrace - ok11:43:45.0595 4324 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys11:43:45.0617 4324 flpydisk - ok11:43:45.0640 4324 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys11:43:45.0654 4324 FltMgr - ok11:43:45.0715 4324 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll11:43:45.0754 4324 FontCache - ok11:43:45.0823 4324 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe11:43:45.0832 4324 FontCache3.0.0.0 - ok11:43:45.0916 4324 FPLService (0798b9b20cb43057aa8d122090fc9d8c) C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe11:43:45.0927 4324 FPLService - ok11:43:46.0003 4324 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys11:43:46.0013 4324 FsDepends - ok11:43:46.0044 4324 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys11:43:46.0054 4324 Fs_Rec - ok11:43:46.0093 4324 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys11:43:46.0108 4324 fvevol - ok11:43:46.0138 4324 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys11:43:46.0148 4324 gagp30kx - ok11:43:46.0171 4324 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys11:43:46.0179 4324 GEARAspiWDM - ok11:43:46.0222 4324 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll11:43:46.0268 4324 gpsvc - ok11:43:46.0328 4324 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe11:43:46.0339 4324 gusvc - ok11:43:46.0382 4324 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys11:43:46.0403 4324 hcw85cir - ok11:43:46.0441 4324 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys11:43:46.0460 4324 HdAudAddService - ok11:43:46.0508 4324 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys11:43:46.0537 4324 HDAudBus - ok11:43:46.0555 4324 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys11:43:46.0566 4324 HidBatt - ok11:43:46.0599 4324 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys11:43:46.0614 4324 HidBth - ok11:43:46.0617 4324 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys11:43:46.0631 4324 HidIr - ok11:43:46.0656 4324 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll11:43:46.0703 4324 hidserv - ok11:43:46.0750 4324 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys11:43:46.0761 4324 HidUsb - ok11:43:46.0779 4324 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll11:43:46.0812 4324 hkmsvc - ok11:43:46.0841 4324 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll11:43:46.0869 4324 HomeGroupListener - ok11:43:46.0896 4324 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll11:43:46.0924 4324 HomeGroupProvider - ok11:43:47.0032 4324 HP Support Assistant Service (170233b8d743efe35f462a5d516b93e3) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe11:43:47.0039 4324 HP Support Assistant Service - ok11:43:47.0135 4324 hpCMSrv (e040f0064d39f73bb4995d494f3dcbb8) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe11:43:47.0161 4324 hpCMSrv - ok11:43:47.0243 4324 HPDrvMntSvc.exe (b19ff523b533a3f198b9239e1749c940) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe11:43:47.0254 4324 HPDrvMntSvc.exe - ok11:43:47.0349 4324 hpdskflt (4e0bec0f78096ffd6d3314b497fc49d3) C:\Windows\system32\DRIVERS\hpdskflt.sys11:43:47.0357 4324 hpdskflt - ok11:43:47.0414 4324 hpqwmiex (01091b900e15878b4434f9c726c4541d) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe11:43:47.0437 4324 hpqwmiex - ok11:43:47.0467 4324 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys11:43:47.0478 4324 HpSAMD - ok11:43:47.0494 4324 hpsrv (fc7c13b5a9e9be23b7ae72bbc7fdb278) C:\Windows\system32\Hpservice.exe11:43:47.0502 4324 hpsrv - ok11:43:47.0573 4324 HPWMISVC (491ce9b6321fb74e4b37af2c47f98434) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe11:43:47.0580 4324 HPWMISVC - ok11:43:47.0612 4324 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys11:43:47.0670 4324 HTTP - ok11:43:47.0693 4324 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys11:43:47.0702 4324 hwpolicy - ok11:43:47.0734 4324 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys11:43:47.0746 4324 i8042prt - ok11:43:47.0786 4324 iaStor (2fdaec4b02729c48c0fd1b0b4695995b) C:\Windows\system32\DRIVERS\iaStor.sys11:43:47.0802 4324 iaStor - ok11:43:47.0900 4324 IAStorDataMgrSvc (d41861e56e7552c13674d7f147a02464) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe11:43:47.0908 4324 IAStorDataMgrSvc - ok11:43:47.0956 4324 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys11:43:47.0973 4324 iaStorV - ok11:43:48.0114 4324 IconMan_R (d72bf0ae484f88399e8343e821c10d6a) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe11:43:48.0152 4324 IconMan_R ( UnsignedFile.Multi.Generic ) - warning11:43:48.0152 4324 IconMan_R - detected UnsignedFile.Multi.Generic (1)11:43:48.0262 4324 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe11:43:48.0285 4324 idsvc - ok11:43:48.0374 4324 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys11:43:48.0383 4324 iirsp - ok11:43:48.0438 4324 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll11:43:48.0492 4324 IKEEXT - ok11:43:48.0541 4324 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys11:43:48.0555 4324 IntcDAud - ok11:43:48.0576 4324 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys11:43:48.0586 4324 intelide - ok11:43:48.0979 4324 intelkmd (6383899c5f964d71b0f96b81fbe59bb8) C:\Windows\system32\DRIVERS\igdpmd64.sys11:43:49.0261 4324 intelkmd - ok11:43:49.0376 4324 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys11:43:49.0399 4324 intelppm - ok11:43:49.0483 4324 IntuitUpdateServiceV4 (1663a135865f0ba6e853353e98e67f2a) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe11:43:49.0490 4324 IntuitUpdateServiceV4 - ok11:43:49.0516 4324 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll11:43:49.0566 4324 IPBusEnum - ok11:43:49.0588 4324 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys11:43:49.0621 4324 IpFilterDriver - ok11:43:49.0647 4324 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll11:43:49.0686 4324 iphlpsvc - ok11:43:49.0712 4324 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys11:43:49.0731 4324 IPMIDRV - ok11:43:49.0752 4324 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys11:43:49.0785 4324 IPNAT - ok11:43:49.0893 4324 iPod Service (755e4ba6dce627a2683bb7640553c8d6) C:\Program Files\iPod\bin\iPodService.exe11:43:49.0916 4324 iPod Service - ok11:43:49.0952 4324 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys11:43:49.0967 4324 IRENUM - ok11:43:49.0984 4324 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys11:43:49.0995 4324 isapnp - ok11:43:50.0021 4324 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys11:43:50.0035 4324 iScsiPrt - ok11:43:50.0065 4324 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys11:43:50.0074 4324 kbdclass - ok11:43:50.0106 4324 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys11:43:50.0118 4324 kbdhid - ok11:43:50.0147 4324 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe11:43:50.0158 4324 KeyIso - ok11:43:50.0178 4324 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys11:43:50.0189 4324 KSecDD - ok11:43:50.0205 4324 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys11:43:50.0216 4324 KSecPkg - ok11:43:50.0233 4324 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys11:43:50.0275 4324 ksthunk - ok11:43:50.0304 4324 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll11:43:50.0343 4324 KtmRm - ok11:43:50.0394 4324 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll11:43:50.0441 4324 LanmanServer - ok11:43:50.0460 4324 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll11:43:50.0494 4324 LanmanWorkstation - ok11:43:50.0524 4324 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys11:43:50.0557 4324 lltdio - ok11:43:50.0589 4324 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll11:43:50.0635 4324 lltdsvc - ok11:43:50.0652 4324 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll11:43:50.0685 4324 lmhosts - ok11:43:50.0784 4324 LMS (d7e0bed3ea21d7bddd410ade51708d90) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe11:43:50.0796 4324 LMS - ok11:43:50.0830 4324 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys11:43:50.0841 4324 LSI_FC - ok11:43:50.0848 4324 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys11:43:50.0859 4324 LSI_SAS - ok11:43:50.0877 4324 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys11:43:50.0887 4324 LSI_SAS2 - ok11:43:50.0893 4324 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys11:43:50.0904 4324 LSI_SCSI - ok11:43:50.0923 4324 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys11:43:50.0968 4324 luafv - ok11:43:50.0998 4324 massfilter_hs - ok11:43:51.0023 4324 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll11:43:51.0044 4324 Mcx2Svc - ok11:43:51.0070 4324 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys11:43:51.0080 4324 megasas - ok11:43:51.0121 4324 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys11:43:51.0141 4324 MegaSR - ok11:43:51.0186 4324 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys11:43:51.0195 4324 MEIx64 - ok11:43:51.0219 4324 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll11:43:51.0268 4324 MMCSS - ok11:43:51.0295 4324 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys11:43:51.0337 4324 Modem - ok11:43:51.0354 4324 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys11:43:51.0376 4324 monitor - ok11:43:51.0416 4324 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys11:43:51.0425 4324 mouclass - ok11:43:51.0452 4324 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys11:43:51.0474 4324 mouhid - ok11:43:51.0503 4324 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys11:43:51.0514 4324 mountmgr - ok11:43:51.0612 4324 MozillaMaintenance (1144c543625a904f836605d0902f8255) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe11:43:51.0622 4324 MozillaMaintenance - ok11:43:51.0682 4324 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys11:43:51.0695 4324 MpFilter - ok11:43:51.0709 4324 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys11:43:51.0721 4324 mpio - ok11:43:51.0754 4324 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys11:43:51.0789 4324 mpsdrv - ok11:43:51.0843 4324 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll11:43:51.0902 4324 MpsSvc - ok11:43:51.0924 4324 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys11:43:51.0946 4324 MRxDAV - ok11:43:51.0974 4324 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys11:43:51.0999 4324 mrxsmb - ok11:43:52.0019 4324 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys11:43:52.0033 4324 mrxsmb10 - ok11:43:52.0047 4324 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys11:43:52.0058 4324 mrxsmb20 - ok11:43:52.0084 4324 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys11:43:52.0093 4324 msahci - ok11:43:52.0111 4324 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys11:43:52.0122 4324 msdsm - ok11:43:52.0152 4324 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe11:43:52.0169 4324 MSDTC - ok11:43:52.0190 4324 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys11:43:52.0222 4324 Msfs - ok11:43:52.0259 4324 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys11:43:52.0301 4324 mshidkmdf - ok11:43:52.0313 4324 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys11:43:52.0322 4324 msisadrv - ok11:43:52.0345 4324 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll11:43:52.0389 4324 MSiSCSI - ok11:43:52.0392 4324 msiserver - ok11:43:52.0426 4324 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys11:43:52.0470 4324 MSKSSRV - ok11:43:52.0538 4324 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) C:\Program Files\Microsoft Security Client\MsMpEng.exe11:43:52.0547 4324 MsMpSvc - ok11:43:52.0582 4324 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys11:43:52.0629 4324 MSPCLOCK - ok11:43:52.0645 4324 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys11:43:52.0687 4324 MSPQM - ok11:43:52.0709 4324 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys11:43:52.0724 4324 MsRPC - ok11:43:52.0736 4324 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys11:43:52.0745 4324 mssmbios - ok11:43:52.0766 4324 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys11:43:52.0807 4324 MSTEE - ok11:43:52.0810 4324 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys11:43:52.0821 4324 MTConfig - ok11:43:52.0837 4324 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys11:43:52.0846 4324 Mup - ok11:43:52.0916 4324 MyWiFiDHCPDNS (8f57db74bf5407a4cda6c8b005dc8dd0) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe11:43:52.0929 4324 MyWiFiDHCPDNS - ok11:43:52.0975 4324 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll11:43:53.0019 4324 napagent - ok11:43:53.0083 4324 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys11:43:53.0114 4324 NativeWifiP - ok11:43:53.0142 4324 Nbdrv (37bfe7ce56133f2e8e90ef68157d73c8) C:\Windows\system32\DRIVERS\nbdrv.sys11:43:53.0159 4324 Nbdrv - ok11:43:53.0221 4324 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys11:43:53.0246 4324 NDIS - ok11:43:53.0278 4324 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys11:43:53.0325 4324 NdisCap - ok11:43:53.0351 4324 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys11:43:53.0384 4324 NdisTapi - ok11:43:53.0400 4324 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys11:43:53.0442 4324 Ndisuio - ok11:43:53.0458 4324 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys11:43:53.0498 4324 NdisWan - ok11:43:53.0518 4324 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys11:43:53.0551 4324 NDProxy - ok11:43:53.0594 4324 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys11:43:53.0626 4324 NetBIOS - ok11:43:53.0648 4324 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys11:43:53.0682 4324 NetBT - ok11:43:53.0714 4324 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe11:43:53.0724 4324 Netlogon - ok11:43:53.0763 4324 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll11:43:53.0808 4324 Netman - ok11:43:53.0900 4324 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe11:43:53.0909 4324 NetMsmqActivator - ok11:43:53.0921 4324 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe11:43:53.0929 4324 NetPipeActivator - ok11:43:53.0967 4324 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll11:43:54.0022 4324 netprofm - ok11:43:54.0025 4324 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe11:43:54.0034 4324 NetTcpActivator - ok11:43:54.0036 4324 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe11:43:54.0045 4324 NetTcpPortSharing - ok11:43:54.0357 4324 NETwNs64 (50ad7f7040c22bb7caa59a0880875a21) C:\Windows\system32\DRIVERS\NETwNs64.sys11:43:54.0550 4324 NETwNs64 - ok11:43:54.0666 4324 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys11:43:54.0676 4324 nfrd960 - ok11:43:54.0708 4324 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys11:43:54.0718 4324 NisDrv - ok11:43:54.0798 4324 NisSrv (10a43829a9e606af3eef25a1c1665923) C:\Program Files\Microsoft Security Client\NisSrv.exe11:43:54.0812 4324 NisSrv - ok11:43:54.0845 4324 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll11:43:54.0888 4324 NlaSvc - ok11:43:54.0965 4324 nlscc (40777bd92d73a8ff3b252e4f4881e672) C:\Windows\system32\nlsInterface.exe11:43:54.0986 4324 nlscc ( UnsignedFile.Multi.Generic ) - warning11:43:54.0986 4324 nlscc - detected UnsignedFile.Multi.Generic (1)11:43:55.0047 4324 NovacomD (1e8281a0bc4358cf816754e0a195d329) C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe11:43:55.0059 4324 NovacomD ( UnsignedFile.Multi.Generic ) - warning11:43:55.0059 4324 NovacomD - detected UnsignedFile.Multi.Generic (1)11:43:55.0085 4324 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys11:43:55.0117 4324 Npfs - ok11:43:55.0150 4324 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll11:43:55.0190 4324 nsi - ok11:43:55.0200 4324 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys11:43:55.0241 4324 nsiproxy - ok11:43:55.0308 4324 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys11:43:55.0347 4324 Ntfs - ok11:43:55.0445 4324 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys11:43:55.0477 4324 Null - ok11:43:55.0517 4324 nusb3hub (9a33100ac62a0463c49e47ee8e77083a) C:\Windows\system32\DRIVERS\nusb3hub.sys11:43:55.0537 4324 nusb3hub - ok11:43:55.0568 4324 nusb3xhc (87c321f7bee646b7ec6eedd6eb725741) C:\Windows\system32\DRIVERS\nusb3xhc.sys11:43:55.0580 4324 nusb3xhc - ok11:43:55.0626 4324 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys11:43:55.0643 4324 NVENETFD - ok11:43:55.0670 4324 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys11:43:55.0682 4324 nvraid - ok11:43:55.0704 4324 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys11:43:55.0716 4324 nvstor - ok11:43:55.0741 4324 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys11:43:55.0752 4324 nv_agp - ok11:43:55.0764 4324 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys11:43:55.0776 4324 ohci1394 - ok11:43:55.0834 4324 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE11:43:55.0844 4324 ose - ok11:43:56.0040 4324 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE11:43:56.0151 4324 osppsvc - ok11:43:56.0267 4324 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll11:43:56.0288 4324 p2pimsvc - ok11:43:56.0319 4324 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll11:43:56.0336 4324 p2psvc - ok11:43:56.0394 4324 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys11:43:56.0406 4324 Parport - ok11:43:56.0421 4324 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys11:43:56.0431 4324 partmgr - ok11:43:56.0466 4324 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll11:43:56.0492 4324 PcaSvc - ok11:43:56.0509 4324 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys11:43:56.0520 4324 pci - ok11:43:56.0551 4324 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys11:43:56.0561 4324 pciide - ok11:43:56.0571 4324 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys11:43:56.0584 4324 pcmcia - ok11:43:56.0596 4324 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys11:43:56.0605 4324 pcw - ok11:43:56.0633 4324 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys11:43:56.0686 4324 PEAUTH - ok11:43:56.0742 4324 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe11:43:56.0769 4324 PerfHost - ok11:43:56.0837 4324 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll11:43:56.0895 4324 pla - ok11:43:56.0940 4324 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll11:43:56.0963 4324 PlugPlay - ok11:43:56.0985 4324 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll11:43:56.0996 4324 PNRPAutoReg - ok11:43:57.0022 4324 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll11:43:57.0036 4324 PNRPsvc - ok11:43:57.0078 4324 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll11:43:57.0126 4324 PolicyAgent - ok11:43:57.0158 4324 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll11:43:57.0206 4324 Power - ok11:43:57.0281 4324 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys11:43:57.0323 4324 PptpMiniport - ok11:43:57.0339 4324 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys11:43:57.0367 4324 Processor - ok11:43:57.0394 4324 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll11:43:57.0430 4324 ProfSvc - ok11:43:57.0448 4324 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe11:43:57.0459 4324 ProtectedStorage - ok11:43:57.0504 4324 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys11:43:57.0544 4324 Psched - ok11:43:57.0621 4324 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys11:43:57.0658 4324 ql2300 - ok11:43:57.0761 4324 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys11:43:57.0773 4324 ql40xx - ok11:43:57.0813 4324 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll11:43:57.0833 4324 QWAVE - ok11:43:57.0845 4324 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys11:43:57.0876 4324 QWAVEdrv - ok11:43:57.0879 4324 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys11:43:57.0915 4324 RasAcd - ok11:43:57.0954 4324 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys11:43:57.0987 4324 RasAgileVpn - ok11:43:58.0020 4324 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll11:43:58.0054 4324 RasAuto - ok11:43:58.0068 4324 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys11:43:58.0101 4324 Rasl2tp - ok11:43:58.0126 4324 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll11:43:58.0163 4324 RasMan - ok11:43:58.0187 4324 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys11:43:58.0229 4324 RasPppoe - ok11:43:58.0248 4324 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys11:43:58.0291 4324 RasSstp - ok11:43:58.0322 4324 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys11:43:58.0358 4324 rdbss - ok11:43:58.0373 4324 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys11:43:58.0386 4324 rdpbus - ok11:43:58.0396 4324 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys11:43:58.0428 4324 RDPCDD - ok11:43:58.0459 4324 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys11:43:58.0500 4324 RDPENCDD - ok11:43:58.0530 4324 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys11:43:58.0563 4324 RDPREFMP - ok11:43:58.0608 4324 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys11:43:58.0621 4324 RDPWD - ok11:43:58.0655 4324 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys11:43:58.0667 4324 rdyboost - ok11:43:58.0831 4324 RegSrvc (fd11c1287d38a46fb72353e14d50089c) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe11:43:58.0855 4324 RegSrvc - ok11:43:58.0885 4324 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll11:43:58.0932 4324 RemoteAccess - ok11:43:58.0958 4324 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll11:43:59.0002 4324 RemoteRegistry - ok11:43:59.0065 4324 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys11:43:59.0093 4324 RFCOMM - ok11:43:59.0096 4324 RimUsb - ok11:43:59.0134 4324 RimVSerPort (4aafffa67ac4dfa3d9985d78573887e2) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys11:43:59.0143 4324 RimVSerPort - ok11:43:59.0181 4324 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys11:43:59.0214 4324 ROOTMODEM - ok11:43:59.0234 4324 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll11:43:59.0284 4324 RpcEptMapper - ok11:43:59.0306 4324 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe11:43:59.0317 4324 RpcLocator - ok11:43:59.0345 4324 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll11:43:59.0382 4324 RpcSs - ok11:43:59.0421 4324 RSPCIESTOR (1f5e7af59b390261a85f5bedb1bb88b3) C:\Windows\system32\DRIVERS\RtsPStor.sys11:43:59.0433 4324 RSPCIESTOR - ok11:43:59.0467 4324 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys11:43:59.0499 4324 rspndr - ok11:43:59.0525 4324 RTL8167 (ed5873f7dfb2f96d37f13322211b6bdc) C:\Windows\system32\DRIVERS\Rt64win7.sys11:43:59.0538 4324 RTL8167 - ok11:43:59.0558 4324 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe11:43:59.0569 4324 SamSs - ok11:43:59.0623 4324 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS11:43:59.0630 4324 SASDIFSV - ok11:43:59.0637 4324 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS11:43:59.0643 4324 SASKUTIL - ok11:43:59.0663 4324 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys11:43:59.0674 4324 sbp2port - ok11:43:59.0708 4324 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll11:43:59.0743 4324 SCardSvr - ok11:43:59.0765 4324 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys11:43:59.0806 4324 scfilter - ok11:43:59.0850 4324 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll11:43:59.0898 4324 Schedule - ok11:43:59.0932 4324 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll11:43:59.0963 4324 SCPolicySvc - ok11:43:59.0992 4324 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys11:44:00.0013 4324 sdbus - ok11:44:00.0037 4324 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll11:44:00.0049 4324 SDRSVC - ok11:44:00.0079 4324 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys11:44:00.0118 4324 secdrv - ok11:44:00.0134 4324 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll11:44:00.0166 4324 seclogon - ok11:44:00.0188 4324 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll11:44:00.0221 4324 SENS - ok11:44:00.0264 4324 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll11:44:00.0287 4324 SensrSvc - ok11:44:00.0314 4324 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys11:44:00.0332 4324 Serenum - ok11:44:00.0352 4324 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys11:44:00.0378 4324 Serial - ok11:44:00.0396 4324 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys11:44:00.0413 4324 sermouse - ok11:44:00.0442 4324 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll11:44:00.0483 4324 SessionEnv - ok11:44:00.0494 4324 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys11:44:00.0507 4324 sffdisk - ok11:44:00.0518 4324 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys11:44:00.0531 4324 sffp_mmc - ok11:44:00.0535 4324 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys11:44:00.0560 4324 sffp_sd - ok11:44:00.0568 4324 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys11:44:00.0579 4324 sfloppy - ok11:44:00.0622 4324 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll11:44:00.0659 4324 SharedAccess - ok11:44:00.0685 4324 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll11:44:00.0730 4324 ShellHWDetection - ok11:44:00.0752 4324 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys11:44:00.0761 4324 SiSRaid2 - ok11:44:00.0775 4324 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys11:44:00.0786 4324 SiSRaid4 - ok11:44:00.0805 4324 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys11:44:00.0846 4324 Smb - ok11:44:00.0882 4324 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe11:44:00.0900 4324 SNMPTRAP - ok11:44:00.0984 4324 SplashtopRemoteService (ccf611a259882d8cf4dbabae2341ee31) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe11:44:00.0998 4324 SplashtopRemoteService - ok11:44:01.0014 4324 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys11:44:01.0023 4324 spldr - ok11:44:01.0066 4324 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe11:44:01.0106 4324 Spooler - ok11:44:01.0216 4324 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe11:44:01.0307 4324 sppsvc - ok11:44:01.0388 4324 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll11:44:01.0421 4324 sppuinotify - ok11:44:01.0474 4324 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys11:44:01.0490 4324 srv - ok11:44:01.0519 4324 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys11:44:01.0548 4324 srv2 - ok11:44:01.0592 4324 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS11:44:01.0607 4324 SrvHsfHDA - ok11:44:01.0671 4324 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS11:44:01.0703 4324 SrvHsfV92 - ok11:44:01.0829 4324 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS11:44:01.0850 4324 SrvHsfWinac - ok11:44:01.0886 4324 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys11:44:01.0898 4324 srvnet - ok11:44:01.0945 4324 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll11:44:01.0992 4324 SSDPSRV - ok11:44:02.0015 4324 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll11:44:02.0050 4324 SstpSvc - ok11:44:02.0085 4324 ssudmdm (78cd64791f8634cf7b582fd085e57c4b) C:\Windows\system32\DRIVERS\ssudmdm.sys11:44:02.0097 4324 ssudmdm - ok11:44:02.0166 4324 SSUService (1cfa4a1f3c7bb4c8f299e00428eb8677) C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe11:44:02.0178 4324 SSUService - ok11:44:02.0279 4324 STacSV (20e27aa5bcc01c2149830c05fe22f675) C:\Program Files\IDT\WDM\STacSV64.exe11:44:02.0295 4324 STacSV - ok11:44:02.0329 4324 Steam Client Service - ok11:44:02.0353 4324 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys11:44:02.0363 4324 stexstor - ok11:44:02.0411 4324 STHDA (beb37ce4e7456f5efa52d783d1e06d8c) C:\Windows\system32\DRIVERS\stwrt64.sys11:44:02.0431 4324 STHDA - ok11:44:02.0491 4324 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll11:44:02.0515 4324 stisvc - ok11:44:02.0536 4324 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys11:44:02.0545 4324 swenum - ok11:44:02.0639 4324 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe11:44:02.0653 4324 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning11:44:02.0653 4324 SwitchBoard - detected UnsignedFile.Multi.Generic (1)11:44:02.0698 4324 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll11:44:02.0754 4324 swprv - ok11:44:02.0814 4324 SynTP (ac3cc98b1bdb6540021d3ffb105ac2b9) C:\Windows\system32\DRIVERS\SynTP.sys11:44:02.0827 4324 SynTP - ok11:44:02.0902 4324 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll11:44:02.0943 4324 SysMain - ok11:44:03.0023 4324 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll11:44:03.0046 4324 TabletInputService - ok11:44:03.0077 4324 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll11:44:03.0121 4324 TapiSrv - ok11:44:03.0137 4324 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll11:44:03.0170 4324 TBS - ok11:44:03.0294 4324 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys11:44:03.0338 4324 Tcpip - ok11:44:03.0493 4324 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys11:44:03.0529 4324 TCPIP6 - ok11:44:03.0628 4324 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys11:44:03.0667 4324 tcpipreg - ok11:44:03.0681 4324 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys11:44:03.0706 4324 TDPIPE - ok11:44:03.0731 4324 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys11:44:03.0749 4324 TDTCP - ok11:44:03.0766 4324 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys11:44:03.0806 4324 tdx - ok11:44:03.0831 4324 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys11:44:03.0840 4324 TermDD - ok11:44:03.0884 4324 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll11:44:03.0938 4324 TermService - ok11:44:03.0954 4324 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll11:44:03.0971 4324 Themes - ok11:44:03.0997 4324 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll11:44:04.0031 4324 THREADORDER - ok11:44:04.0070 4324 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll11:44:04.0116 4324 TrkWks - ok11:44:04.0157 4324 truecrypt (ea43de1743c1ba0d2d17b8db90c91d88) C:\Windows\system32\drivers\truecrypt.sys11:44:04.0169 4324 truecrypt - ok11:44:04.0220 4324 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe11:44:04.0261 4324 TrustedInstaller - ok11:44:04.0283 4324 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys11:44:04.0332 4324 tssecsrv - ok11:44:04.0358 4324 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys11:44:04.0368 4324 TsUsbFlt - ok11:44:04.0372 4324 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys11:44:04.0396 4324 TsUsbGD - ok11:44:04.0441 4324 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys11:44:04.0489 4324 tunnel - ok11:44:04.0510 4324 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys11:44:04.0520 4324 uagp35 - ok11:44:04.0544 4324 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys11:44:04.0590 4324 udfs - ok11:44:04.0616 4324 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe11:44:04.0628 4324 UI0Detect - ok11:44:04.0647 4324 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys11:44:04.0657 4324 uliagpkx - ok11:44:04.0687 4324 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys11:44:04.0705 4324 umbus - ok11:44:04.0730 4324 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys11:44:04.0741 4324 UmPass - ok11:44:04.0894 4324 UNS (a678e5ddd974903dd71f503bdcaca218) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe11:44:04.0950 4324 UNS - ok11:44:05.0045 4324 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll11:44:05.0092 4324 upnphost - ok11:44:05.0146 4324 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys11:44:05.0155 4324 USBAAPL64 - ok11:44:05.0193 4324 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys11:44:05.0204 4324 usbccgp - ok11:44:05.0243 4324 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys11:44:05.0257 4324 usbcir - ok11:44:05.0277 4324 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys11:44:05.0294 4324 usbehci - ok11:44:05.0341 4324 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys11:44:05.0367 4324 usbhub - ok11:44:05.0379 4324 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys11:44:05.0399 4324 usbohci - ok11:44:05.0414 4324 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys11:44:05.0436 4324 usbprint - ok11:44:05.0471 4324 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys11:44:05.0485 4324 usbscan - ok11:44:05.0509 4324 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS11:44:05.0534 4324 USBSTOR - ok11:44:05.0558 4324 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys11:44:05.0582 4324 usbuhci - ok11:44:05.0610 4324 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys11:44:05.0625 4324 usbvideo - ok11:44:05.0657 4324 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll11:44:05.0691 4324 UxSms - ok11:44:05.0714 4324 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe11:44:05.0724 4324 VaultSvc - ok11:44:05.0782 4324 VBoxDrv (c30f3d43ceb6f79ade9b805387e5f63c) C:\Windows\system32\DRIVERS\VBoxDrv.sys11:44:05.0792 4324 VBoxDrv - ok11:44:05.0825 4324 VBoxNetAdp (8acf22b86ce4e85c23e3e9513bf45c37) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys11:44:05.0835 4324 VBoxNetAdp - ok11:44:05.0852 4324 VBoxNetFlt (7b657669c53a0e6583f07ebaa303d9ea) C:\Windows\system32\DRIVERS\VBoxNetFlt.sys11:44:05.0862 4324 VBoxNetFlt - ok11:44:05.0912 4324 VBoxUSBMon (cf3ee68cd9723e9f21e3198a0f690400) C:\Windows\system32\DRIVERS\VBoxUSBMon.sys11:44:05.0921 4324 VBoxUSBMon - ok11:44:05.0942 4324 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys11:44:05.0951 4324 vdrvroot - ok11:44:05.0991 4324 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe11:44:06.0037 4324 vds - ok11:44:06.0068 4324 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys11:44:06.0080 4324 vga - ok11:44:06.0092 4324 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys11:44:06.0136 4324 VgaSave - ok11:44:06.0145 4324 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys11:44:06.0158 4324 vhdmp - ok11:44:06.0168 4324 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys11:44:06.0177 4324 viaide - ok11:44:06.0207 4324 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys11:44:06.0216 4324 volmgr - ok11:44:06.0240 4324 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys11:44:06.0254 4324 volmgrx - ok11:44:06.0286 4324 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys11:44:06.0300 4324 volsnap - ok11:44:06.0331 4324 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys11:44:06.0343 4324 vsmraid - ok11:44:06.0413 4324 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe11:44:06.0482 4324 VSS - ok11:44:06.0599 4324 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys11:44:06.0630 4324 vwifibus - ok11:44:06.0720 4324 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys11:44:06.0736 4324 vwififlt - ok11:44:06.0764 4324 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys11:44:06.0780 4324 vwifimp - ok11:44:06.0840 4324 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll11:44:06.0879 4324 W32Time - ok11:44:06.0914 4324 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys11:44:06.0940 4324 WacomPen - ok11:44:06.0974 4324 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys11:44:07.0075 4324 WANARP - ok11:44:07.0078 4324 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys11:44:07.0110 4324 Wanarpv6 - ok11:44:07.0205 4324 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe11:44:07.0237 4324 WatAdminSvc - ok11:44:07.0304 4324 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe11:44:07.0343 4324 wbengine - ok11:44:07.0426 4324 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll11:44:07.0445 4324 WbioSrvc - ok11:44:07.0467 4324 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll11:44:07.0504 4324 wcncsvc - ok11:44:07.0522 4324 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll11:44:07.0533 4324 WcsPlugInService - ok11:44:07.0583 4324 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys11:44:07.0592 4324 Wd - ok11:44:07.0622 4324 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys11:44:07.0631 4324 WDC_SAM - ok11:44:07.0660 4324 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys11:44:07.0681 4324 Wdf01000 - ok11:44:07.0694 4324 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll11:44:07.0725 4324 WdiServiceHost - ok11:44:07.0728 4324 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll11:44:07.0745 4324 WdiSystemHost - ok11:44:07.0778 4324 wdkmd (5e1640435dd54d00451156ca5340b109) C:\Windows\system32\DRIVERS\WDKMD.sys11:44:07.0786 4324 wdkmd - ok11:44:07.0813 4324 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll11:44:07.0846 4324 WebClient - ok11:44:07.0870 4324 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll11:44:07.0913 4324 Wecsvc - ok11:44:07.0933 4324 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll11:44:07.0967 4324 wercplsupport - ok11:44:07.0995 4324 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll11:44:08.0029 4324 WerSvc - ok11:44:08.0064 4324 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys11:44:08.0096 4324 WfpLwf - ok11:44:08.0113 4324 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys11:44:08.0123 4324 WIMMount - ok11:44:08.0127 4324 WinHttpAutoProxySvc - ok11:44:08.0184 4324 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll11:44:08.0220 4324 Winmgmt - ok11:44:08.0307 4324 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll11:44:08.0369 4324 WinRM - ok11:44:08.0498 4324 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys11:44:08.0512 4324 WinUsb - ok11:44:08.0573 4324 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll11:44:08.0616 4324 Wlansvc - ok11:44:08.0650 4324 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys11:44:08.0672 4324 WmiAcpi - ok11:44:08.0725 4324 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe11:44:08.0739 4324 wmiApSrv - ok11:44:08.0795 4324 WMPNetworkSvc - ok11:44:08.0827 4324 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll11:44:08.0839 4324 WPCSvc - ok11:44:08.0856 4324 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll11:44:08.0870 4324 WPDBusEnum - ok11:44:08.0895 4324 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys11:44:08.0927 4324 ws2ifsl - ok11:44:09.0023 4324 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll11:44:09.0052 4324 wscsvc - ok11:44:09.0054 4324 WSearch - ok11:44:09.0134 4324 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll11:44:09.0200 4324 wuauserv - ok11:44:09.0308 4324 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys11:44:09.0347 4324 WudfPf - ok11:44:09.0373 4324 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys11:44:09.0418 4324 WUDFRd - ok11:44:09.0448 4324 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll11:44:09.0483 4324 wudfsvc - ok11:44:09.0505 4324 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll11:44:09.0532 4324 WwanSvc - ok11:44:09.0560 4324 zgwhsdiag - ok11:44:09.0577 4324 zgwhsmdm - ok11:44:09.0593 4324 zgwhsnmea - ok11:44:09.0635 4324 MBR (0x1B8) (8e734bd7aa1d4f7e9af58df495f6cf9e) \Device\Harddisk0\DR011:44:10.0460 4324 \Device\Harddisk0\DR0 - ok11:44:10.0488 4324 Boot (0x1200) (f7892f1f5ae02a59377ba863a97ea31b) \Device\Harddisk0\DR0\Partition011:44:10.0489 4324 \Device\Harddisk0\DR0\Partition0 - ok11:44:10.0503 4324 Boot (0x1200) (02fd3463f94d61e0293f2b1345fa46fd) \Device\Harddisk0\DR0\Partition111:44:10.0505 4324 \Device\Harddisk0\DR0\Partition1 - ok11:44:10.0530 4324 Boot (0x1200) (b8cb82190b3c52f53d0bba8cdad91fde) \Device\Harddisk0\DR0\Partition211:44:10.0531 4324 \Device\Harddisk0\DR0\Partition2 - ok11:44:10.0532 4324 ============================================================11:44:10.0532 4324 Scan finished11:44:10.0532 4324 ============================================================11:44:10.0538 6900 Detected object count: 711:44:10.0538 6900 Actual detected object count: 711:45:16.0117 6900 Bluetooth Device Monitor ( UnsignedFile.Multi.Generic ) - skipped by user11:45:16.0117 6900 Bluetooth Device Monitor ( UnsignedFile.Multi.Generic ) - User select action: Skip11:45:16.0118 6900 Bluetooth Media Service ( UnsignedFile.Multi.Generic ) - skipped by user11:45:16.0118 6900 Bluetooth Media Service ( UnsignedFile.Multi.Generic ) - User select action: Skip11:45:16.0119 6900 Bluetooth OBEX Service ( UnsignedFile.Multi.Generic ) - skipped by user11:45:16.0119 6900 Bluetooth OBEX Service ( UnsignedFile.Multi.Generic ) - User select action: Skip11:45:16.0120 6900 IconMan_R ( UnsignedFile.Multi.Generic ) - skipped by user11:45:16.0120 6900 IconMan_R ( UnsignedFile.Multi.Generic ) - User select action: Skip11:45:16.0121 6900 nlscc ( UnsignedFile.Multi.Generic ) - skipped by user11:45:16.0121 6900 nlscc ( UnsignedFile.Multi.Generic ) - User select action: Skip11:45:16.0122 6900 NovacomD ( UnsignedFile.Multi.Generic ) - skipped by user11:45:16.0122 6900 NovacomD ( UnsignedFile.Multi.Generic ) - User select action: Skip11:45:16.0123 6900 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user11:45:16.0123 6900 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip11:45:43.0925 5072 Deinitialize success Link to post Share on other sites More sharing options...
MrCharlie Posted May 8, 2012 ID:549818 Share Posted May 8, 2012 OK......Please download and run ComboFix.The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.Please visit this webpage for download links, and instructions for running ComboFixhttp://www.bleepingc...to-use-combofixEnsure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Information on disabling your malware programs can be found Here.Make sure you run ComboFix from your desktop. Please include the C:\ComboFix.txt in your next reply for further review.Note:If you get the message Illegal operation attempted on registry key that has been marked for deletion. after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.MrC Link to post Share on other sites More sharing options...
infectedturtle Posted May 8, 2012 Author ID:549822 Share Posted May 8, 2012 Yikes, Combofix is usually an end of the line kind of thing in my experience, is there a reason this is seeming to be so difficult to get rid of? Is it that we don't know exactly what is wrong? I will run it and let you know but in my experience combofix has been for the severe infections. Link to post Share on other sites More sharing options...
MrCharlie Posted May 8, 2012 ID:549856 Share Posted May 8, 2012 Please run ComboFix as outlined.....MrC Link to post Share on other sites More sharing options...
infectedturtle Posted May 9, 2012 Author ID:549936 Share Posted May 9, 2012 It run before when I wasn't home as it disconnected my Splashtop Remote, and did not save in C:\ as it said it did. Here is the re-run:ComboFix 12-05-08.02 - Lucas 05/08/2012 19:27:15.2.8 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6092.3627 [GMT -7:00]Running from: c:\users\Lucas\Desktop\ComboFix.exeAV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((( Files Created from 2012-04-09 to 2012-05-09 )))))))))))))))))))))))))))))))..2012-05-09 02:32 . 2012-05-09 02:32 -------- d-----w- c:\users\Default\AppData\Local\temp2012-05-08 16:03 . 2012-05-08 16:03 -------- d-----w- c:\users\Lucas\AppData\Local\Splashtop2012-05-07 17:43 . 2012-05-07 17:43 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AE2D88D5-D09F-42D6-8C84-D965EB4F2FC9}\offreg.dll2012-05-07 14:57 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AE2D88D5-D09F-42D6-8C84-D965EB4F2FC9}\mpengine.dll2012-05-06 22:19 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2012-05-04 07:41 . 2012-05-04 07:41 -------- d-----w- c:\users\Lucas\AppData\Roaming\dvdcss2012-05-01 10:00 . 2012-05-01 10:00 -------- d-----w- c:\program files (x86)\Microsoft Security Client2012-04-17 06:40 . 2012-04-17 06:51 -------- d-----w- c:\program files (x86)\OpenDNS Updater2012-04-17 06:16 . 2012-04-17 06:16 -------- d-----w- c:\users\Lucas\AppData\Roaming\OpenDNS Updater2012-04-17 05:39 . 2012-02-24 09:14 99384 ----a-w- c:\windows\system32\drivers\ssudbus.sys2012-04-17 05:39 . 2012-02-24 09:14 203320 ----a-w- c:\windows\system32\drivers\ssudmdm.sys2012-04-17 03:31 . 2009-07-14 01:41 332288 ----a-w- c:\windows\system32\uxtheme.dll.backup2012-04-17 03:31 . 2010-11-21 03:23 2851840 ----a-w- c:\windows\system32\themeui.dll.backup2012-04-17 03:31 . 2009-07-14 01:41 44544 ----a-w- c:\windows\system32\themeservice.dll.backup2012-04-12 03:57 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe2012-04-12 03:57 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe2012-04-12 03:57 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe2012-04-12 03:57 . 2012-04-12 03:57 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help2012-04-12 03:55 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys2012-04-12 03:55 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll2012-04-12 03:55 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll2012-04-12 03:55 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll2012-04-12 03:55 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll2012-04-12 03:55 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll2012-04-12 03:55 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll2012-04-10 04:04 . 2012-04-10 04:04 -------- d-----w- c:\users\Lucas\AppData\Roaming\ASUS WebStorage2012-04-10 04:04 . 2012-04-10 04:04 -------- d-----w- c:\programdata\ASUS WebStorage2012-04-10 04:04 . 2012-04-10 04:06 -------- d-----w- c:\users\Lucas\AppData\Roaming\ASUS2012-04-10 04:04 . 2012-04-10 04:06 -------- d-----w- c:\program files (x86)\ASUS2012-04-10 04:03 . 2012-04-10 04:03 -------- d-----w- c:\program files\ASUS2012-04-10 04:03 . 2012-04-10 04:03 -------- d-----w- c:\program files (x86)\MSXML 4.02012-04-10 04:01 . 2012-04-10 04:01 -------- d-----w- c:\users\Lucas\AppData\Roaming\eCareme...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2012-05-06 23:55 . 2012-04-04 04:42 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2012-05-06 23:55 . 2011-08-14 19:59 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2012-05-06 23:55 . 2012-04-04 04:55 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe2012-04-04 22:56 . 2011-12-24 07:03 24904 ----a-w- c:\windows\system32\drivers\mbam.sys2012-03-29 05:11 . 2012-02-22 04:06 4659712 ----a-w- c:\windows\SysWow64\Redemption.dll2012-03-29 05:11 . 2012-03-29 05:11 45320 ----a-w- c:\windows\SysWow64\MAMACExtract.dll2012-03-29 05:11 . 2012-02-22 04:06 821824 ----a-w- c:\windows\SysWow64\dgderapi.dll2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\SysWow64\GPhotos.scr2012-03-21 03:44 . 2011-04-27 23:25 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys2012-03-21 03:44 . 2011-04-18 21:18 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys2012-03-11 22:54 . 2012-02-04 10:11 1626 ----a-w- c:\users\Lucas\AppData\Local\auto_install.bat2012-03-11 22:54 . 2012-02-04 10:11 1481 ----a-w- c:\users\Lucas\AppData\Local\dc.bat2012-03-11 22:54 . 2012-02-04 10:11 1288 ----a-w- c:\users\Lucas\AppData\Local\cc.bat2012-02-17 06:38 . 2012-03-15 06:00 1031680 ----a-w- c:\windows\system32\rdpcore.dll2012-02-17 05:34 . 2012-03-15 06:00 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll2012-02-17 04:58 . 2012-03-15 06:00 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys2012-02-17 04:57 . 2012-03-15 06:00 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys2012-02-15 18:01 . 2012-02-15 18:01 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys2012-02-15 18:01 . 2012-02-15 18:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll2012-02-14 19:09 . 2012-02-14 19:09 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX2012-02-10 14:39 . 2012-02-10 14:39 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{41EF12EC-2857-4EAC-8891-1C8836ABE417}\gapaengine.dll2012-02-10 06:36 . 2012-03-15 06:00 1544192 ----a-w- c:\windows\system32\DWrite.dll2012-02-10 05:38 . 2012-03-15 06:00 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll2012-02-09 04:26 . 2012-02-09 04:26 45056 ----a-r- c:\users\Lucas\AppData\Roaming\Microsoft\Installer\{90932C65-D68E-4257-AEE8-EBBFC36AC601}\NewShortcut9_2F6B7414C56A4A8F8A759ACC21BA185D.exe2012-02-09 04:26 . 2012-02-09 04:26 45056 ----a-r- c:\users\Lucas\AppData\Roaming\Microsoft\Installer\{90932C65-D68E-4257-AEE8-EBBFC36AC601}\NewShortcut8_5DF58E2DB9BC441F8ACA06CDD068ADBD.exe2012-02-09 04:26 . 2012-02-09 04:26 45056 ----a-r- c:\users\Lucas\AppData\Roaming\Microsoft\Installer\{90932C65-D68E-4257-AEE8-EBBFC36AC601}\NewShortcut7_5DF58E2DB9BC441F8ACA06CDD068ADBD.exe2012-02-09 04:26 . 2012-02-09 04:26 90112 ----a-r- c:\users\Lucas\AppData\Roaming\Microsoft\Installer\{90932C65-D68E-4257-AEE8-EBBFC36AC601}\ARPPRODUCTICON.exe2012-02-09 04:26 . 2012-02-09 04:26 45056 ----a-r- c:\users\Lucas\AppData\Roaming\Microsoft\Installer\{90932C65-D68E-4257-AEE8-EBBFC36AC601}\NewShortcut6_5DF58E2DB9BC441F8ACA06CDD068ADBD.exe2012-02-09 04:26 . 2012-02-09 04:26 45056 ----a-r- c:\users\Lucas\AppData\Roaming\Microsoft\Installer\{90932C65-D68E-4257-AEE8-EBBFC36AC601}\NewShortcut5_5DF58E2DB9BC441F8ACA06CDD068ADBD.exe2012-02-09 04:26 . 2012-02-09 04:26 45056 ----a-r- c:\users\Lucas\AppData\Roaming\Microsoft\Installer\{90932C65-D68E-4257-AEE8-EBBFC36AC601}\NewShortcut4_5DF58E2DB9BC441F8ACA06CDD068ADBD.exe2012-02-09 04:26 . 2012-02-09 04:26 45056 ----a-r- c:\users\Lucas\AppData\Roaming\Microsoft\Installer\{90932C65-D68E-4257-AEE8-EBBFC36AC601}\NewShortcut3_5DF58E2DB9BC441F8ACA06CDD068ADBD.exe2012-02-09 04:26 . 2012-02-09 04:26 45056 ----a-r- c:\users\Lucas\AppData\Roaming\Microsoft\Installer\{90932C65-D68E-4257-AEE8-EBBFC36AC601}\NewShortcut2_5DF58E2DB9BC441F8ACA06CDD068ADBD.exe2012-02-09 04:26 . 2012-02-09 04:26 45056 ----a-r- c:\users\Lucas\AppData\Roaming\Microsoft\Installer\{90932C65-D68E-4257-AEE8-EBBFC36AC601}\NewShortcut1_5DF58E2DB9BC441F8ACA06CDD068ADBD.exe..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]@="{C5994560-53D9-4125-87C9-F193FC689CB2}"[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]@="{C5994561-53D9-4125-87C9-F193FC689CB2}"[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]@="{C5994562-53D9-4125-87C9-F193FC689CB2}"[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]@="{C5994563-53D9-4125-87C9-F193FC689CB2}"[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]@="{C5994564-53D9-4125-87C9-F193FC689CB2}"[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]@="{C5994565-53D9-4125-87C9-F193FC689CB2}"[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]@="{C5994566-53D9-4125-87C9-F193FC689CB2}"[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]@="{C5994567-53D9-4125-87C9-F193FC689CB2}"[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]@="{C5994568-53D9-4125-87C9-F193FC689CB2}"[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]2011-02-18 05:12 94208 ----a-w- c:\users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]2011-02-18 05:12 94208 ----a-w- c:\users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]2011-02-18 05:12 94208 ----a-w- c:\users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]2011-02-18 05:12 94208 ----a-w- c:\users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"envyTouchPad"="c:\apps\envyTouchPad.exe" [2011-06-17 402944]"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2012-01-09 113288]"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-02-15 94264]"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-29 336384]"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]"FLxHCIm"="c:\program files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\i386_host\FLxHCIm.exe" [2011-05-13 38912]"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2011-07-11 574008]"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2011-03-30 87336]"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-07 421736].c:\users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - c:\users\Lucas\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-4-26 27264496]Launchy.lnk - c:\program files (x86)\Launchy\Launchy.exe [2012-2-25 405504].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0)"PromptOnSecureDesktop"= 0 (0x0).[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]@="Service".R2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-01-24 901184]R2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-01-24 991296]R2 CLKMSVC10_38F51D56;CyberLink Product - 2012/01/08 22:36;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2011-02-25 241648]R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-06 257696]R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [x]R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-01-24 1298496]R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [x]R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864]R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]R3 massfilter_hs;ZTE HandSet Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys [x]R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-24 129976]R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-07-28 340240]R3 Nbdrv;NetBalancer;c:\windows\system32\DRIVERS\nbdrv.sys [x]R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-27 291696]R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]R3 zgwhsdiag;ZTE WCDMA Handset Diagnostic Port;c:\windows\system32\DRIVERS\zgwhsdiag.sys [x]R3 zgwhsmdm;ZTE WCDMA Handset USB Modem;c:\windows\system32\DRIVERS\zgwhsmdm.sys [x]R3 zgwhsnmea;WCDMA Handset NMEA Port;c:\windows\system32\DRIVERS\zgwhsnmea.sys [x]S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-07-19 146816]S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2012-01-09 89600]S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-09-01 1166848]S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-06-03 134928]S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-07-20 260424]S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-09-02 227896]S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-07-11 26680]S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592]S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-01-09 2413056]S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-26 13672]S2 nlscc;Nalpeiron X64 Service;c:\windows\system32\nlsInterface.exe [x]S2 NovacomD;Palm Novacom;c:\program files\Palm, Inc\novacomd\amd64\novacomd.exe [2011-03-15 71168]S2 SplashtopRemoteService;Splashtop® Remote Service;c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2012-02-09 531328]S2 SSUService;Splashtop Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2012-03-15 370504]S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-24 2656280]S3 ALSysIO;ALSysIO;c:\users\Lucas\AppData\Local\Temp\ALSysIO64.sys [x]S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [x]S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]S3 hpCMSrv;HP Connection Manager 4.0 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-02-15 1071160]S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x]S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]..--- Other Services/Drivers In Memory ---.*NewlyCreated* - 45281131*Deregistered* - 45281131*Deregistered* - CLKMDRV10_38F51D56.Contents of the 'Scheduled Tasks' folder.2012-05-09 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 23:55].2012-05-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1039735209-2586580631-372817727-1001Core.job- c:\users\Lucas\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-10 06:15].2012-05-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1039735209-2586580631-372817727-1001UA.job- c:\users\Lucas\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-10 06:15]..--------- x86-64 -----------..[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]@="{C5994560-53D9-4125-87C9-F193FC689CB2}"[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]@="{C5994561-53D9-4125-87C9-F193FC689CB2}"[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]@="{C5994562-53D9-4125-87C9-F193FC689CB2}"[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]@="{C5994563-53D9-4125-87C9-F193FC689CB2}"[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]@="{C5994564-53D9-4125-87C9-F193FC689CB2}"[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]@="{C5994565-53D9-4125-87C9-F193FC689CB2}"[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]@="{C5994566-53D9-4125-87C9-F193FC689CB2}"[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]@="{C5994567-53D9-4125-87C9-F193FC689CB2}"[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]@="{C5994568-53D9-4125-87C9-F193FC689CB2}"[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]2011-02-18 05:12 97792 ----a-w- c:\users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]2011-02-18 05:12 97792 ----a-w- c:\users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]2011-02-18 05:12 97792 ----a-w- c:\users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]2011-02-18 05:12 97792 ----a-w- c:\users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-01-24 10355200]"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-16 168216]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-16 392472]"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-16 416024]"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-07-28 1935120]"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-01-09 1128448]"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 1271168].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmuStart Page = hxxp://www.google.com/mLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = *.localIE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105Trusted Zone: box.net\wwwTrusted Zone: intuit.com\ttlcTCP: DhcpNameServer = 10.10.1.1FF - ProfilePath - c:\users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\3s2yhtu7.default\FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/..--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]@Denied: (2) (LocalSystem)"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90, 43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc, 1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7"{8590886E-EC8C-43C1-A32C-E4C2B0B6395B}"=hex:51,66,7a,6c,4c,1d,38,12,00,8b,83, 81,be,a2,af,06,dc,3a,a7,82,b5,e8,7d,4f"{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f, aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0, b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd"{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,38,12,89,1d,84, f0,92,94,3d,05,e6,72,25,1d,8b,b8,e4,63.[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]@Denied: (2) (LocalSystem)"Timestamp"=hex:8f,f1,96,74,17,cd,cc,01.[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]@Denied: (2) (LocalSystem)"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,99,3f,18,39,7c,e9,4e,44,98,02,77,\"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,99,3f,18,39,7c,e9,4e,44,98,02,77,\.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]"Version"=hex:4c,78,f1,91,2b,8c,74,9a,be,26,86,c9,8f,aa,fc,08,68,77,a3,e5,67, 64,1f,06,f8,ab,66,35,71,0f,8b,8f,51,7d,40,ce,99,7c,60,35,5b,2b,5b,ce,8c,33,\.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.11".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]@Denied: (A 2) (Everyone)@="IFlashBroker4".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]@Denied: (A) (Everyone)"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}".[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]@Denied: (A) (Everyone).[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]"Key"="ActionsPane3""Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2012-05-08 19:33:39ComboFix-quarantined-files.txt 2012-05-09 02:33ComboFix2.txt 2012-05-08 19:19.Pre-Run: 81,303,101,440 bytes freePost-Run: 81,232,728,064 bytes free.- - End Of File - - 775983A175C6601C43E401CA1D52E4A7 Link to post Share on other sites More sharing options...
infectedturtle Posted May 9, 2012 Author ID:549939 Share Posted May 9, 2012 Found the file for the first run:ComboFix 12-05-08.02 - Lucas 05/08/2012 12:10:36.1.8 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6092.3709 [GMT -7:00]Running from: c:\users\Lucas\Desktop\ComboFix.exeAV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\programdata\458ffeq4p6hr700641uc:\programdata\Roamingc:\windows\system32\drivers\etc\hosts.icsc:\windows\SysWow64\muzapp.exec:\windows\SysWow64\system32c:\windows\SysWow64\system32\3DAudio.axc:\windows\SysWow64\system32\avrt.dllc:\windows\SysWow64\system32\cis-2.4.dllc:\windows\SysWow64\system32\issacapi_bs-2.3.dllc:\windows\SysWow64\system32\issacapi_pe-2.3.dllc:\windows\SysWow64\system32\issacapi_se-2.3.dllc:\windows\SysWow64\system32\MACXMLProto.dllc:\windows\SysWow64\system32\MaDRM.dllc:\windows\SysWow64\system32\MaJGUILib.dllc:\windows\SysWow64\system32\MAMACExtract.dllc:\windows\SysWow64\system32\MASetupCleaner.exec:\windows\SysWow64\system32\MaXMLProto.dllc:\windows\SysWow64\system32\mfplat.dllc:\windows\SysWow64\system32\MK_Lyric.dllc:\windows\SysWow64\system32\MSCLib.dllc:\windows\SysWow64\system32\MSFLib.dllc:\windows\SysWow64\system32\MSLUR71.dllc:\windows\SysWow64\system32\msvcp60.dllc:\windows\SysWow64\system32\MTTELECHIP.dllc:\windows\SysWow64\system32\MTXSYNCICON.dllc:\windows\SysWow64\system32\muzaf1.dllc:\windows\SysWow64\system32\muzapp.dllc:\windows\SysWow64\system32\muzapp.exec:\windows\SysWow64\system32\muzdecode.axc:\windows\SysWow64\system32\muzeffect.axc:\windows\SysWow64\system32\muzmp4sp.axc:\windows\SysWow64\system32\muzmpgsp.axc:\windows\SysWow64\system32\muzoggsp.axc:\windows\SysWow64\system32\muzwmts.dllc:\windows\SysWow64\system32\psapi.dll.----- File Replicators -----.c:\program files (x86)\Git\libexec\git-core\git-add.exec:\program files (x86)\Git\libexec\git-core\git-annotate.exec:\program files (x86)\Git\libexec\git-core\git-apply.exec:\program files (x86)\Git\libexec\git-core\git-archive.exec:\program files (x86)\Git\libexec\git-core\git-bisect--helper.exec:\program files (x86)\Git\libexec\git-core\git-blame.exec:\program files (x86)\Git\libexec\git-core\git-branch.exec:\program files (x86)\Git\libexec\git-core\git-bundle.exec:\program files (x86)\Git\libexec\git-core\git-cat-file.exec:\program files (x86)\Git\libexec\git-core\git-check-attr.exec:\program files (x86)\Git\libexec\git-core\git-check-ref-format.exec:\program files (x86)\Git\libexec\git-core\git-checkout-index.exec:\program files (x86)\Git\libexec\git-core\git-checkout.exec:\program files (x86)\Git\libexec\git-core\git-cherry-pick.exec:\program files (x86)\Git\libexec\git-core\git-cherry.exec:\program files (x86)\Git\libexec\git-core\git-clean.exec:\program files (x86)\Git\libexec\git-core\git-clone.exec:\program files (x86)\Git\libexec\git-core\git-commit-tree.exec:\program files (x86)\Git\libexec\git-core\git-commit.exec:\program files (x86)\Git\libexec\git-core\git-config.exec:\program files (x86)\Git\libexec\git-core\git-count-objects.exec:\program files (x86)\Git\libexec\git-core\git-describe.exec:\program files (x86)\Git\libexec\git-core\git-diff-files.exec:\program files (x86)\Git\libexec\git-core\git-diff-index.exec:\program files (x86)\Git\libexec\git-core\git-diff-tree.exec:\program files (x86)\Git\libexec\git-core\git-diff.exec:\program files (x86)\Git\libexec\git-core\git-fast-export.exec:\program files (x86)\Git\libexec\git-core\git-fetch-pack.exec:\program files (x86)\Git\libexec\git-core\git-fetch.exec:\program files (x86)\Git\libexec\git-core\git-fmt-merge-msg.exec:\program files (x86)\Git\libexec\git-core\git-for-each-ref.exec:\program files (x86)\Git\libexec\git-core\git-format-patch.exec:\program files (x86)\Git\libexec\git-core\git-fsck-objects.exec:\program files (x86)\Git\libexec\git-core\git-fsck.exec:\program files (x86)\Git\libexec\git-core\git-gc.exec:\program files (x86)\Git\libexec\git-core\git-get-tar-commit-id.exec:\program files (x86)\Git\libexec\git-core\git-grep.exec:\program files (x86)\Git\libexec\git-core\git-hash-object.exec:\program files (x86)\Git\libexec\git-core\git-help.exec:\program files (x86)\Git\libexec\git-core\git-index-pack.exec:\program files (x86)\Git\libexec\git-core\git-init-db.exec:\program files (x86)\Git\libexec\git-core\git-init.exec:\program files (x86)\Git\libexec\git-core\git-log.exec:\program files (x86)\Git\libexec\git-core\git-ls-files.exec:\program files (x86)\Git\libexec\git-core\git-ls-remote.exec:\program files (x86)\Git\libexec\git-core\git-ls-tree.exec:\program files (x86)\Git\libexec\git-core\git-mailinfo.exec:\program files (x86)\Git\libexec\git-core\git-mailsplit.exec:\program files (x86)\Git\libexec\git-core\git-merge-base.exec:\program files (x86)\Git\libexec\git-core\git-merge-file.exec:\program files (x86)\Git\libexec\git-core\git-merge-index.exec:\program files (x86)\Git\libexec\git-core\git-merge-ours.exec:\program files (x86)\Git\libexec\git-core\git-merge-recursive.exec:\program files (x86)\Git\libexec\git-core\git-merge-subtree.exec:\program files (x86)\Git\libexec\git-core\git-merge-tree.exec:\program files (x86)\Git\libexec\git-core\git-merge.exec:\program files (x86)\Git\libexec\git-core\git-mktag.exec:\program files (x86)\Git\libexec\git-core\git-mktree.exec:\program files (x86)\Git\libexec\git-core\git-mv.exec:\program files (x86)\Git\libexec\git-core\git-name-rev.exec:\program files (x86)\Git\libexec\git-core\git-notes.exec:\program files (x86)\Git\libexec\git-core\git-pack-objects.exec:\program files (x86)\Git\libexec\git-core\git-pack-redundant.exec:\program files (x86)\Git\libexec\git-core\git-pack-refs.exec:\program files (x86)\Git\libexec\git-core\git-patch-id.exec:\program files (x86)\Git\libexec\git-core\git-peek-remote.exec:\program files (x86)\Git\libexec\git-core\git-prune-packed.exec:\program files (x86)\Git\libexec\git-core\git-prune.exec:\program files (x86)\Git\libexec\git-core\git-push.exec:\program files (x86)\Git\libexec\git-core\git-read-tree.exec:\program files (x86)\Git\libexec\git-core\git-receive-pack.exec:\program files (x86)\Git\libexec\git-core\git-reflog.exec:\program files (x86)\Git\libexec\git-core\git-remote-ext.exec:\program files (x86)\Git\libexec\git-core\git-remote-fd.exec:\program files (x86)\Git\libexec\git-core\git-remote.exec:\program files (x86)\Git\libexec\git-core\git-replace.exec:\program files (x86)\Git\libexec\git-core\git-repo-config.exec:\program files (x86)\Git\libexec\git-core\git-rerere.exec:\program files (x86)\Git\libexec\git-core\git-reset.exec:\program files (x86)\Git\libexec\git-core\git-rev-list.exec:\program files (x86)\Git\libexec\git-core\git-rev-parse.exec:\program files (x86)\Git\libexec\git-core\git-revert.exec:\program files (x86)\Git\libexec\git-core\git-rm.exec:\program files (x86)\Git\libexec\git-core\git-send-pack.exec:\program files (x86)\Git\libexec\git-core\git-shortlog.exec:\program files (x86)\Git\libexec\git-core\git-show-branch.exec:\program files (x86)\Git\libexec\git-core\git-show-ref.exec:\program files (x86)\Git\libexec\git-core\git-show.exec:\program files (x86)\Git\libexec\git-core\git-stage.exec:\program files (x86)\Git\libexec\git-core\git-status.exec:\program files (x86)\Git\libexec\git-core\git-stripspace.exec:\program files (x86)\Git\libexec\git-core\git-symbolic-ref.exec:\program files (x86)\Git\libexec\git-core\git-tag.exec:\program files (x86)\Git\libexec\git-core\git-tar-tree.exec:\program files (x86)\Git\libexec\git-core\git-unpack-file.exec:\program files (x86)\Git\libexec\git-core\git-unpack-objects.exec:\program files (x86)\Git\libexec\git-core\git-update-index.exec:\program files (x86)\Git\libexec\git-core\git-update-ref.exec:\program files (x86)\Git\libexec\git-core\git-update-server-info.exec:\program files (x86)\Git\libexec\git-core\git-upload-archive.exec:\program files (x86)\Git\libexec\git-core\git-var.exec:\program files (x86)\Git\libexec\git-core\git-verify-pack.exec:\program files (x86)\Git\libexec\git-core\git-verify-tag.exec:\program files (x86)\Git\libexec\git-core\git-whatchanged.exec:\program files (x86)\Git\libexec\git-core\git-write-tree.exec:\program files (x86)\Git\libexec\git-core\git.exec:\windows\Installer\{00A53800-BA75-3E9E-BD52-10171E5640B6}\ARPPRODUCTICON.exec:\windows\Installer\{04098274-E98C-86E3-1B2C-50E32E561DF5}\ARPPRODUCTICON.exec:\windows\Installer\{0502C9CA-D1A3-B741-2F0B-A4E6CDDFEF0E}\ARPPRODUCTICON.exec:\windows\Installer\{28B14C2C-B62F-E50C-EECD-97FF3C1ED3CE}\ARPPRODUCTICON.exec:\windows\Installer\{2D049D1D-CA58-9652-B7C6-19CB98649923}\ARPPRODUCTICON.exec:\windows\Installer\{33DFAA69-9EF2-F12B-C6F5-4AF9FD445CF6}\ARPPRODUCTICON.exec:\windows\Installer\{44E3AB6B-453B-8DAE-9777-1C48F5AB8965}\NewShortcut2_3B1A0823966A48909E77539C330FBF6E.exec:\windows\Installer\{44E3AB6B-453B-8DAE-9777-1C48F5AB8965}\NewShortcut3_3B1A0823966A48909E77539C330FBF6E.exec:\windows\Installer\{44E3AB6B-453B-8DAE-9777-1C48F5AB8965}\NewShortcut4_3B1A0823966A48909E77539C330FBF6E.exec:\windows\Installer\{44E3AB6B-453B-8DAE-9777-1C48F5AB8965}\NewShortcut5_3B1A0823966A48909E77539C330FBF6E.exec:\windows\Installer\{480DCAD1-8670-66EA-8EBA-178047059A13}\ARPPRODUCTICON.exec:\windows\Installer\{49033FF4-8C1C-0EB9-C0A6-4691CB18D0A4}\ARPPRODUCTICON.exec:\windows\Installer\{4EA540A5-03BD-9B22-A3DD-E7BDCD879D70}\ARPPRODUCTICON.exec:\windows\Installer\{5E58CCDF-4A36-453F-A091-DA8F8D1643B5}\ARPPRODUCTICON.exec:\windows\Installer\{60070423-DE0B-59FF-D4B7-16BDB8957864}\ARPPRODUCTICON.exec:\windows\Installer\{74FBB537-8915-329D-393E-FDB7DC69A339}\ARPPRODUCTICON.exec:\windows\Installer\{755F4903-030D-B017-30F2-4D5BE92C8D38}\ARPPRODUCTICON.exec:\windows\Installer\{896C4E12-4857-9715-9F9D-249561D2D7EE}\ARPPRODUCTICON.exec:\windows\Installer\{8D0A0350-B509-B362-4827-63E4C6520E7B}\NewShortcut2_3B1A0823966A48909E77539C330FBF6E.exec:\windows\Installer\{8D0A0350-B509-B362-4827-63E4C6520E7B}\NewShortcut3_3B1A0823966A48909E77539C330FBF6E.exec:\windows\Installer\{8D0A0350-B509-B362-4827-63E4C6520E7B}\NewShortcut4_3B1A0823966A48909E77539C330FBF6E.exec:\windows\Installer\{8D0A0350-B509-B362-4827-63E4C6520E7B}\NewShortcut5_3B1A0823966A48909E77539C330FBF6E.exec:\windows\Installer\{968298EC-86D4-8F84-5ABC-E976C5CDA417}\ARPPRODUCTICON.exec:\windows\Installer\{A79024ED-1969-334A-1ED6-16753F9DE377}\ARPPRODUCTICON.exec:\windows\Installer\{BBDD3C95-E069-E346-6D1B-CC76AE448550}\ARPPRODUCTICON.exec:\windows\Installer\{C27D5B91-DA53-3AEB-5CD5-5F6E0C87459A}\ARPPRODUCTICON.exec:\windows\Installer\{C27D5B91-DA53-3AEB-5CD5-5F6E0C87459A}\NewShortcut2_3B1A0823966A48909E77539C330FBF6E.exec:\windows\Installer\{C27D5B91-DA53-3AEB-5CD5-5F6E0C87459A}\NewShortcut3_3B1A0823966A48909E77539C330FBF6E.exec:\windows\Installer\{C27D5B91-DA53-3AEB-5CD5-5F6E0C87459A}\NewShortcut4_3B1A0823966A48909E77539C330FBF6E.exec:\windows\Installer\{C27D5B91-DA53-3AEB-5CD5-5F6E0C87459A}\NewShortcut5_3B1A0823966A48909E77539C330FBF6E.exec:\windows\Installer\{C57C21C0-CE1B-26D5-1215-B26862051F6F}\ARPPRODUCTICON.exec:\windows\Installer\{C86CB1B1-4BD0-7BFB-88CF-76762C8CE1D3}\ARPPRODUCTICON.exec:\windows\Installer\{CD05F1BC-FC63-1E93-4094-82BC33662E76}\ARPPRODUCTICON.exec:\windows\Installer\{D61F78AF-A111-9DAE-8368-E3230B168F03}\ARPPRODUCTICON.exec:\windows\Installer\{D629D8F0-CA96-11ED-FEAC-38C95F24F4E3}\ARPPRODUCTICON.exec:\windows\Installer\{D8CABEA0-CAFB-9320-5F46-EAF31535203F}\ARPPRODUCTICON.exec:\windows\Installer\{F9941E63-AB58-1382-BC5D-545C4A2AA9B1}\ARPPRODUCTICON.exec:\windows\Installer\{FC3FEC23-8BBB-CA39-DD99-C981F25A5D39}\ARPPRODUCTICON.exec:\windows\Installer\{FC8292ED-7E61-4370-15D1-60171263AA1D}\ARPPRODUCTICON.exe..((((((((((((((((((((((((( Files Created from 2012-04-08 to 2012-05-08 )))))))))))))))))))))))))))))))..2012-05-08 19:17 . 2012-05-08 19:17 -------- d-----w- c:\users\Default\AppData\Local\temp2012-05-08 16:03 . 2012-05-08 16:03 -------- d-----w- c:\users\Lucas\AppData\Local\Splashtop2012-05-07 17:43 . 2012-05-07 17:43 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AE2D88D5-D09F-42D6-8C84-D965EB4F2FC9}\offreg.dll2012-05-07 14:57 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AE2D88D5-D09F-42D6-8C84-D965EB4F2FC9}\mpengine.dll2012-05-06 22:19 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2012-05-04 07:41 . 2012-05-04 07:41 -------- d-----w- c:\users\Lucas\AppData\Roaming\dvdcss2012-05-01 10:00 . 2012-05-01 10:00 -------- d-----w- c:\program files (x86)\Microsoft Security Client2012-04-17 06:40 . 2012-04-17 06:51 -------- d-----w- c:\program files (x86)\OpenDNS Updater2012-04-17 06:16 . 2012-04-17 06:16 -------- d-----w- c:\users\Lucas\AppData\Roaming\OpenDNS Updater2012-04-17 05:39 . 2012-02-24 09:14 99384 ----a-w- c:\windows\system32\drivers\ssudbus.sys2012-04-17 05:39 . 2012-02-24 09:14 203320 ----a-w- c:\windows\system32\drivers\ssudmdm.sys2012-04-17 03:31 . 2009-07-14 01:41 332288 ----a-w- c:\windows\system32\uxtheme.dll.backup2012-04-17 03:31 . 2010-11-21 03:23 2851840 ----a-w- c:\windows\system32\themeui.dll.backup2012-04-17 03:31 . 2009-07-14 01:41 44544 ----a-w- c:\windows\system32\themeservice.dll.backup2012-04-12 03:57 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe2012-04-12 03:57 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe2012-04-12 03:57 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe2012-04-12 03:57 . 2012-04-12 03:57 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help2012-04-12 03:55 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys2012-04-12 03:55 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll2012-04-12 03:55 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll2012-04-12 03:55 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll2012-04-12 03:55 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll2012-04-12 03:55 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll2012-04-12 03:55 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll2012-04-10 04:04 . 2012-04-10 04:04 -------- d-----w- c:\users\Lucas\AppData\Roaming\ASUS WebStorage2012-04-10 04:04 . 2012-04-10 04:04 -------- d-----w- c:\programdata\ASUS WebStorage2012-04-10 04:04 . 2012-04-10 04:06 -------- d-----w- c:\users\Lucas\AppData\Roaming\ASUS2012-04-10 04:04 . 2012-04-10 04:06 -------- d-----w- c:\program files (x86)\ASUS2012-04-10 04:03 . 2012-04-10 04:03 -------- d-----w- c:\program files\ASUS2012-04-10 04:03 . 2012-04-10 04:03 -------- d-----w- c:\program files (x86)\MSXML 4.02012-04-10 04:01 . 2012-04-10 04:01 -------- d-----w- c:\users\Lucas\AppData\Roaming\eCareme...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2012-05-06 23:55 . 2012-04-04 04:42 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2012-05-06 23:55 . 2011-08-14 19:59 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2012-05-06 23:55 . 2012-04-04 04:55 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe2012-04-04 22:56 . 2011-12-24 07:03 24904 ----a-w- c:\windows\system32\drivers\mbam.sys2012-03-29 05:11 . 2012-02-22 04:06 4659712 ----a-w- c:\windows\SysWow64\Redemption.dll2012-03-29 05:11 . 2012-03-29 05:11 45320 ----a-w- c:\windows\SysWow64\MAMACExtract.dll2012-03-29 05:11 . 2012-02-22 04:06 821824 ----a-w- c:\windows\SysWow64\dgderapi.dll2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\SysWow64\GPhotos.scr2012-03-21 03:44 . 2011-04-27 23:25 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys2012-03-21 03:44 . 2011-04-18 21:18 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys2012-03-11 22:54 . 2012-02-04 10:11 1626 ----a-w- c:\users\Lucas\AppData\Local\auto_install.bat2012-03-11 22:54 . 2012-02-04 10:11 1481 ----a-w- c:\users\Lucas\AppData\Local\dc.bat2012-03-11 22:54 . 2012-02-04 10:11 1288 ----a-w- c:\users\Lucas\AppData\Local\cc.bat2012-02-17 06:38 . 2012-03-15 06:00 1031680 ----a-w- c:\windows\system32\rdpcore.dll2012-02-17 05:34 . 2012-03-15 06:00 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll2012-02-17 04:58 . 2012-03-15 06:00 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys2012-02-17 04:57 . 2012-03-15 06:00 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys2012-02-15 18:01 . 2012-02-15 18:01 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys2012-02-15 18:01 . 2012-02-15 18:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll2012-02-14 19:09 . 2012-02-14 19:09 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX2012-02-10 14:39 . 2012-02-10 14:39 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{41EF12EC-2857-4EAC-8891-1C8836ABE417}\gapaengine.dll2012-02-10 06:36 . 2012-03-15 06:00 1544192 ----a-w- c:\windows\system32\DWrite.dll2012-02-10 05:38 . 2012-03-15 06:00 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll2012-02-09 04:26 . 2012-02-09 04:26 45056 ----a-r- c:\users\Lucas\AppData\Roaming\Microsoft\Installer\{90932C65-D68E-4257-AEE8-EBBFC36AC601}\NewShortcut9_2F6B7414C56A4A8F8A759ACC21BA185D.exe2012-02-09 04:26 . 2012-02-09 04:26 45056 ----a-r- c:\users\Lucas\AppData\Roaming\Microsoft\Installer\{90932C65-D68E-4257-AEE8-EBBFC36AC601}\NewShortcut8_5DF58E2DB9BC441F8ACA06CDD068ADBD.exe2012-02-09 04:26 . 2012-02-09 04:26 45056 ----a-r- c:\users\Lucas\AppData\Roaming\Microsoft\Installer\{90932C65-D68E-4257-AEE8-EBBFC36AC601}\NewShortcut7_5DF58E2DB9BC441F8ACA06CDD068ADBD.exe2012-02-09 04:26 . 2012-02-09 04:26 90112 ----a-r- c:\users\Lucas\AppData\Roaming\Microsoft\Installer\{90932C65-D68E-4257-AEE8-EBBFC36AC601}\ARPPRODUCTICON.exe2012-02-09 04:26 . 2012-02-09 04:26 45056 ----a-r- c:\users\Lucas\AppData\Roaming\Microsoft\Installer\{90932C65-D68E-4257-AEE8-EBBFC36AC601}\NewShortcut6_5DF58E2DB9BC441F8ACA06CDD068ADBD.exe2012-02-09 04:26 . 2012-02-09 04:26 45056 ----a-r- c:\users\Lucas\AppData\Roaming\Microsoft\Installer\{90932C65-D68E-4257-AEE8-EBBFC36AC601}\NewShortcut5_5DF58E2DB9BC441F8ACA06CDD068ADBD.exe2012-02-09 04:26 . 2012-02-09 04:26 45056 ----a-r- c:\users\Lucas\AppData\Roaming\Microsoft\Installer\{90932C65-D68E-4257-AEE8-EBBFC36AC601}\NewShortcut4_5DF58E2DB9BC441F8ACA06CDD068ADBD.exe2012-02-09 04:26 . 2012-02-09 04:26 45056 ----a-r- c:\users\Lucas\AppData\Roaming\Microsoft\Installer\{90932C65-D68E-4257-AEE8-EBBFC36AC601}\NewShortcut3_5DF58E2DB9BC441F8ACA06CDD068ADBD.exe2012-02-09 04:26 . 2012-02-09 04:26 45056 ----a-r- c:\users\Lucas\AppData\Roaming\Microsoft\Installer\{90932C65-D68E-4257-AEE8-EBBFC36AC601}\NewShortcut2_5DF58E2DB9BC441F8ACA06CDD068ADBD.exe2012-02-09 04:26 . 2012-02-09 04:26 45056 ----a-r- c:\users\Lucas\AppData\Roaming\Microsoft\Installer\{90932C65-D68E-4257-AEE8-EBBFC36AC601}\NewShortcut1_5DF58E2DB9BC441F8ACA06CDD068ADBD.exe..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]@="{C5994560-53D9-4125-87C9-F193FC689CB2}"[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]@="{C5994561-53D9-4125-87C9-F193FC689CB2}"[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]@="{C5994562-53D9-4125-87C9-F193FC689CB2}"[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]@="{C5994563-53D9-4125-87C9-F193FC689CB2}"[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]@="{C5994564-53D9-4125-87C9-F193FC689CB2}"[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]@="{C5994565-53D9-4125-87C9-F193FC689CB2}"[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]@="{C5994566-53D9-4125-87C9-F193FC689CB2}"[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]@="{C5994567-53D9-4125-87C9-F193FC689CB2}"[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]@="{C5994568-53D9-4125-87C9-F193FC689CB2}"[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]2011-02-18 05:12 94208 ----a-w- c:\users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]2011-02-18 05:12 94208 ----a-w- c:\users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]2011-02-18 05:12 94208 ----a-w- c:\users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]2011-02-18 05:12 94208 ----a-w- c:\users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"envyTouchPad"="c:\apps\envyTouchPad.exe" [2011-06-17 402944]"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2012-01-09 113288]"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-02-15 94264]"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-29 336384]"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]"FLxHCIm"="c:\program files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\i386_host\FLxHCIm.exe" [2011-05-13 38912]"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2011-07-11 574008]"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2011-03-30 87336]"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-07 421736].c:\users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - c:\users\Lucas\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-4-26 27264496]Launchy.lnk - c:\program files (x86)\Launchy\Launchy.exe [2012-2-25 405504].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0)"PromptOnSecureDesktop"= 0 (0x0).[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]@="Service".R2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-01-24 901184]R2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-01-24 991296]R2 CLKMSVC10_38F51D56;CyberLink Product - 2012/01/08 22:36;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2011-02-25 241648]R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-06 257696]R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [x]R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-01-24 1298496]R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [x]R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864]R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]R3 massfilter_hs;ZTE HandSet Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys [x]R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-24 129976]R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-07-28 340240]R3 Nbdrv;NetBalancer;c:\windows\system32\DRIVERS\nbdrv.sys [x]R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-27 291696]R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]R3 zgwhsdiag;ZTE WCDMA Handset Diagnostic Port;c:\windows\system32\DRIVERS\zgwhsdiag.sys [x]R3 zgwhsmdm;ZTE WCDMA Handset USB Modem;c:\windows\system32\DRIVERS\zgwhsmdm.sys [x]R3 zgwhsnmea;WCDMA Handset NMEA Port;c:\windows\system32\DRIVERS\zgwhsnmea.sys [x]S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-07-19 146816]S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2012-01-09 89600]S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-09-01 1166848]S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-06-03 134928]S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-07-20 260424]S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-09-02 227896]S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-07-11 26680]S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592]S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-01-09 2413056]S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-26 13672]S2 nlscc;Nalpeiron X64 Service;c:\windows\system32\nlsInterface.exe [x]S2 NovacomD;Palm Novacom;c:\program files\Palm, Inc\novacomd\amd64\novacomd.exe [2011-03-15 71168]S2 SplashtopRemoteService;Splashtop® Remote Service;c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2012-02-09 531328]S2 SSUService;Splashtop Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2012-03-15 370504]S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-24 2656280]S3 ALSysIO;ALSysIO;c:\users\Lucas\AppData\Local\Temp\ALSysIO64.sys [x]S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [x]S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]S3 hpCMSrv;HP Connection Manager 4.0 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-02-15 1071160]S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x]S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]..--- Other Services/Drivers In Memory ---.*NewlyCreated* - 45281131*Deregistered* - 45281131*Deregistered* - CLKMDRV10_38F51D56.Contents of the 'Scheduled Tasks' folder.2012-05-08 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 23:55].2012-05-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1039735209-2586580631-372817727-1001Core.job- c:\users\Lucas\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-10 06:15].2012-05-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1039735209-2586580631-372817727-1001UA.job- c:\users\Lucas\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-10 06:15]..--------- x86-64 -----------..[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]@="{C5994560-53D9-4125-87C9-F193FC689CB2}"[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]@="{C5994561-53D9-4125-87C9-F193FC689CB2}"[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]@="{C5994562-53D9-4125-87C9-F193FC689CB2}"[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]@="{C5994563-53D9-4125-87C9-F193FC689CB2}"[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]@="{C5994564-53D9-4125-87C9-F193FC689CB2}"[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]@="{C5994565-53D9-4125-87C9-F193FC689CB2}"[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]@="{C5994566-53D9-4125-87C9-F193FC689CB2}"[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]@="{C5994567-53D9-4125-87C9-F193FC689CB2}"[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]@="{C5994568-53D9-4125-87C9-F193FC689CB2}"[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]2011-02-18 05:12 97792 ----a-w- c:\users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]2011-02-18 05:12 97792 ----a-w- c:\users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]2011-02-18 05:12 97792 ----a-w- c:\users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]2011-02-18 05:12 97792 ----a-w- c:\users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-01-24 10355200]"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-16 168216]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-16 392472]"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-16 416024]"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-07-28 1935120]"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-01-09 1128448]"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 1271168].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]"LoadAppInit_DLLs"=0x0.------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmuStart Page = hxxp://www.google.com/mLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = *.localIE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105Trusted Zone: box.net\wwwTrusted Zone: intuit.com\ttlcTCP: DhcpNameServer = 10.10.1.1FF - ProfilePath - c:\users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\3s2yhtu7.default\FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/.- - - - ORPHANS REMOVED - - - -.HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exeAddRemove-dBpoweramp DSP Effects - c:\windows\system32\SpoonUninstall.exeAddRemove-dBpoweramp m4a Codec - c:\windows\system32\SpoonUninstall.exeAddRemove-dBpoweramp Midi Decoder - c:\windows\system32\SpoonUninstall.exeAddRemove-dBpoweramp Music Converter - c:\windows\system32\SpoonUninstall.exe...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]@Denied: (2) (LocalSystem)"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90, 43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc, 1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7"{8590886E-EC8C-43C1-A32C-E4C2B0B6395B}"=hex:51,66,7a,6c,4c,1d,38,12,00,8b,83, 81,be,a2,af,06,dc,3a,a7,82,b5,e8,7d,4f"{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f, aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0, b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd"{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,38,12,89,1d,84, f0,92,94,3d,05,e6,72,25,1d,8b,b8,e4,63.[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]@Denied: (2) (LocalSystem)"Timestamp"=hex:8f,f1,96,74,17,cd,cc,01.[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]@Denied: (2) (LocalSystem)"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,99,3f,18,39,7c,e9,4e,44,98,02,77,\"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,99,3f,18,39,7c,e9,4e,44,98,02,77,\.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]"Version"=hex:4c,78,f1,91,2b,8c,74,9a,be,26,86,c9,8f,aa,fc,08,68,77,a3,e5,67, 64,1f,06,f8,ab,66,35,71,0f,8b,8f,51,7d,40,ce,99,7c,60,35,5b,2b,5b,ce,8c,33,\.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.11".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]@Denied: (A 2) (Everyone)@="IFlashBroker4".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]@Denied: (A) (Everyone)"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}".[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]@Denied: (A) (Everyone).[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]"Key"="ActionsPane3""Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2012-05-08 12:19:19ComboFix-quarantined-files.txt 2012-05-08 19:19.Pre-Run: 81,889,263,616 bytes freePost-Run: 81,236,934,656 bytes free.- - End Of File - - 4BC7FE9EDE7CB692B5116452E675A398 Link to post Share on other sites More sharing options...
MrCharlie Posted May 9, 2012 ID:549977 Share Posted May 9, 2012 Please Update and run a Quick Scan with MBAM, post the report.Make sure that everything is checked, and click Remove Selected.Please let me know how it is, MrC Link to post Share on other sites More sharing options...
infectedturtle Posted May 9, 2012 Author ID:549981 Share Posted May 9, 2012 Found this and removing now. Log will be posted below. It's odd that MBAM didn't detect this before right? Or was the system so heavily messed up it prevented MBAM from detecting it? I want to try to figure out how we knew the steps to take so that in future I can be better informed. Also, do you think my passwords have been risked?Malwarebytes Anti-Malware 1.61.0.1400www.malwarebytes.orgDatabase version: v2012.05.08.02Windows 7 Service Pack 1 x64 NTFSInternet Explorer 9.0.8112.16421Lucas :: DEATHWING [administrator]5/8/2012 8:14:04 PMmbam-log-2012-05-08 (20-14-04).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 201952Time elapsed: 2 minute(s), 51 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 1C:\Users\Lucas\AppData\Roaming\.minecraft\.minecraft\sqduxv.dll (Trojan.Happili.XGen) -> Quarantined and deleted successfully.(end) Link to post Share on other sites More sharing options...
infectedturtle Posted May 9, 2012 Author ID:549984 Share Posted May 9, 2012 Mr. Charlie, it appears that we are still infected. Link to post Share on other sites More sharing options...
MrCharlie Posted May 9, 2012 ID:550004 Share Posted May 9, 2012 RogueKiller found similar malware before:[bLACKLIST DLL] HKUS\S-1-5-19[...]\Run : Update (rundll32.exe "C:\Users\Lucas\AppData\Roaming\.minecraft\.minecraft\ulbzyvwiq.dll",DllRegisterServer) -> FOUND[bLACKLIST DLL] HKUS\S-1-5-20[...]\Run : Update (rundll32.exe "C:\Users\Lucas\AppData\Roaming\.minecraft\.minecraft\ulbzyvwiq.dll",DllRegisterServer) -> FOUNDPlease run another scan with RogueKiller and post the log, MrC Link to post Share on other sites More sharing options...
infectedturtle Posted May 9, 2012 Author ID:550064 Share Posted May 9, 2012 RogueKiller V7.4.4 [05/08/2012] by Tigzymail: tigzyRK<at>gmail<dot>comFeedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/Blog: http://tigzyrk.blogspot.comOperating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser: Lucas [Admin rights]Mode: Scan -- Date: 05/09/2012 07:26:55¤¤¤ Bad processes: 0 ¤¤¤¤¤¤ Registry Entries: 2 ¤¤¤[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND¤¤¤ Particular Files / Folders: ¤¤¤¤¤¤ Driver: [NOT LOADED] ¤¤¤¤¤¤ Infection : ¤¤¤¤¤¤ HOSTS File: ¤¤¤127.0.0.1 localhost¤¤¤ MBR Check: ¤¤¤+++++ PhysicalDrive0: TOSHIBA MK7575GSX +++++--- User ---[MBR] b27ea8f791f5b651de5b587eaa78abc7[bSP] 6abcc5b31419a117d0832257e7d591e9 : Linux MBR CodePartition table:0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 190000 Mo2 - [XXXXXX] EXTEN (0x05) [VISIBLE] Offset (sectors): 389531646 | Size: 525203 MoUser = LL1 ... OK!User = LL2 ... OK!Finished : << RKreport[1].txt >>RKreport[1].txt Link to post Share on other sites More sharing options...
MrCharlie Posted May 9, 2012 ID:550081 Share Posted May 9, 2012 OK...that looks fine.-------------------------Please download Listparts64Run the tool, click Scan and post the log (Result.txt) it makes-----------------------Download aswMBR to your desktop.http://public.avast.com/~gmerek/aswMBR.exeDouble click the aswMBR.exe to run it.If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".Click the "Scan" button to start scan.On completion of the scan click "Save log", save it to your desktop and post in your next reply.NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it. Please zip it up and attach it to your next post. (MBR.dat) MrC Link to post Share on other sites More sharing options...
infectedturtle Posted May 9, 2012 Author ID:550094 Share Posted May 9, 2012 ListParts by Farbar Version: 12-03-2012 03Ran by Lucas (administrator) on 09-05-2012 at 09:39:38Windows 7 (X64)Running From: D:\DropboxLanguage: 0409************************************************************========================= Memory info ======================Percentage of memory in use: 36%Total physical RAM: 6091.86 MBAvailable physical RAM: 3850.05 MBTotal Pagefile: 12181.91 MBAvailable Pagefile: 9340.02 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.89 MB======================= Partitions =========================1 Drive c: () (Fixed) (Total:185.55 GB) (Free:73.96 GB) NTFS ==>[system with boot components (obtained from reading drive)]2 Drive d: () (Fixed) (Total:384.82 GB) (Free:336.3 GB) NTFS4 Drive v: (Videos) (Network) (Total:465.76 GB) (Free:81.54 GB) NTFS Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 698 GB 2048 KB Partitions of Disk 0:=============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 199 MB 1024 KB Partition 2 Primary 185 GB 200 MB Partition 0 Extended 512 GB 185 GB Partition 3 Logical 122 GB 185 GB Partition 4 Logical 6144 MB 307 GB Partition 5 Logical 384 GB 313 GB======================================================================================================Disk: 0Partition 1Type : 07Hidden: NoActive: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- --------* Volume 1 SYSTEM NTFS Partition 199 MB Healthy System (partition with boot components) ======================================================================================================Disk: 0Partition 2Type : 07Hidden: NoActive: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- --------* Volume 2 C NTFS Partition 185 GB Healthy Boot ======================================================================================================Disk: 0Partition 3Type : 83Hidden: YesActive: NoThere is no volume associated with this partition.======================================================================================================Disk: 0Partition 4Type : 82Hidden: YesActive: NoThere is no volume associated with this partition.======================================================================================================Disk: 0Partition 5Type : 07Hidden: NoActive: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- --------* Volume 3 D NTFS Partition 384 GB Healthy ======================================================================================================****** End Of Log ******aswMBR version 0.9.9.1665 Copyright© 2011 AVAST SoftwareRun date: 2012-05-09 09:40:51-----------------------------09:40:51.036 OS Version: Windows x64 6.1.7601 Service Pack 109:40:51.037 Number of processors: 8 586 0x2A0709:40:51.037 ComputerName: DEATHWING UserName: Lucas09:40:51.686 Initialize success10:00:45.624 AVAST engine defs: 1205090010:05:17.355 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-110:05:17.357 Disk 0 Vendor: TOSHIBA_ GT00 Size: 715404MB BusType: 310:05:17.363 Disk 0 MBR read successfully10:05:17.365 Disk 0 MBR scan10:05:17.369 Disk 0 unknown MBR code10:05:17.382 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 204810:05:17.397 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 190000 MB offset 40960010:05:17.402 Disk 0 Partition - 00 05 Extended 525203 MB offset 38953164610:05:17.416 Disk 0 Partition 3 00 83 Linux 125000 MB offset 38953164810:05:17.421 Disk 0 Partition - 00 05 Extended 6145 MB offset 64553164810:05:17.453 Disk 0 scanning C:\Windows\system32\drivers10:05:24.895 Service scanning10:05:57.217 Modules scanning10:05:57.225 Disk 0 trace - called modules:10:05:57.266 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys iaStor.sys hal.dll10:05:57.271 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006b65790]10:05:57.276 3 CLASSPNP.SYS[fffff88001d5343f] -> nt!IofCallDriver -> [0xfffffa8006a7ab10]10:05:57.285 5 hpdskflt.sys[fffff88001cfa189] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800692e050]10:05:57.944 AVAST engine scan C:\Windows10:05:59.777 AVAST engine scan C:\Windows\system3210:08:18.624 AVAST engine scan C:\Windows\system32\drivers10:08:27.503 AVAST engine scan C:\Users\Lucas10:14:44.918 AVAST engine scan C:\ProgramData10:17:23.418 Scan finished successfully10:44:10.001 Disk 0 MBR has been saved successfully to "C:\Users\Lucas\Desktop\MBR.dat"10:44:10.006 The log file has been saved successfully to "C:\Users\Lucas\Desktop\aswMBR.txt"MBR.zip Link to post Share on other sites More sharing options...
infectedturtle Posted May 9, 2012 Author ID:550095 Share Posted May 9, 2012 I am dual booting Ubuntu Natively fyi, so the extended partition contains a 122 GB ext4, 6GB Swap and, the rest as NTFS Media storage. Link to post Share on other sites More sharing options...
MrCharlie Posted May 9, 2012 ID:550098 Share Posted May 9, 2012 I was just checking for any active hidden partitions > There's noneThe aswMBR scan is clean as well as the MBR.Please do this......Please Update and run a Quick Scan with MBAM, post the report.Make sure that everything is checked, and click Remove Selected.-----------------------Then...Please download OTL from one of the links below:http://oldtimer.geekstogo.com/OTL.exehttp://oldtimer.geekstogo.com/OTL.com (<---renamed version)Save it to your desktop.Double click on the icon on your desktop.Click the Scan All Users checkbox.Push the Quick Scan button.The scan will take about 10 minutes...depends on your hard drive size.Two reports will open, copy and paste them in a reply here: (or attach them as .txt files)OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedMrC Link to post Share on other sites More sharing options...
infectedturtle Posted May 10, 2012 Author ID:550235 Share Posted May 10, 2012 OTL logfile created on: 5/9/2012 8:36:01 PM - Run 1OTL by OldTimer - Version 3.2.42.3 Folder = C:\Users\Lucas\Desktop64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstationInternet Explorer (Version = 9.0.8112.16421)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy5.95 Gb Total Physical Memory | 3.04 Gb Available Physical Memory | 51.15% Memory free11.90 Gb Paging File | 8.50 Gb Available in Paging File | 71.43% Paging File freePaging file location(s): ?:\pagefile.sys [binary data]%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 185.55 Gb Total Space | 73.48 Gb Free Space | 39.60% Space Free | Partition Type: NTFSDrive D: | 384.82 Gb Total Space | 336.30 Gb Free Space | 87.39% Space Free | Partition Type: NTFSDrive V: | 465.76 Gb Total Space | 81.28 Gb Free Space | 17.45% Space Free | Partition Type: NTFSComputer Name: DEATHWING | User Name: Lucas | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit ScansCompany Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days========== Processes (SafeList) ==========PRC - [2012/05/09 20:35:04 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Lucas\Desktop\OTL.exePRC - [2012/05/09 09:38:23 | 004,731,392 | ---- | M] (AVAST Software) -- D:\Dropbox\aswMBR.exePRC - [2012/05/04 11:41:36 | 027,087,944 | ---- | M] (Dropbox, Inc.) -- C:\Users\Lucas\AppData\Roaming\Dropbox\bin\Dropbox.exePRC - [2012/03/14 22:20:30 | 000,370,504 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exePRC - [2012/02/15 10:32:12 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exePRC - [2012/02/09 13:44:10 | 000,531,328 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exePRC - [2012/02/09 13:44:06 | 002,509,184 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exePRC - [2012/02/09 13:43:46 | 002,029,952 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\DataProxy.exePRC - [2012/01/08 23:08:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exePRC - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exePRC - [2011/09/01 18:06:50 | 000,227,896 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exePRC - [2011/08/25 18:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exePRC - [2011/08/19 15:48:44 | 000,379,960 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exePRC - [2011/07/20 05:07:50 | 000,260,424 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exePRC - [2011/07/20 05:07:32 | 000,653,128 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exePRC - [2011/07/20 05:07:06 | 000,142,664 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exePRC - [2011/07/11 15:04:44 | 000,574,008 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exePRC - [2011/07/11 15:04:44 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exePRC - [2011/06/16 20:49:40 | 000,402,944 | ---- | M] () -- C:\Apps\envyTouchPad.exePRC - [2011/05/20 11:10:26 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exePRC - [2011/05/20 11:10:12 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exePRC - [2011/03/30 15:01:10 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exePRC - [2011/03/08 12:21:10 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exePRC - [2011/02/15 15:48:52 | 001,071,160 | ---- | M] (Hewlett-Packard Development Company L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exePRC - [2011/01/24 15:34:06 | 000,991,296 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exePRC - [2011/01/24 15:34:04 | 001,298,496 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exePRC - [2011/01/24 15:33:30 | 000,901,184 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exePRC - [2011/01/24 15:33:24 | 000,979,008 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exePRC - [2010/12/23 18:25:02 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exePRC - [2010/12/23 18:24:58 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exePRC - [2010/11/10 20:28:40 | 000,405,504 | ---- | M] () -- C:\Program Files (x86)\Launchy\Launchy.exePRC - [2010/11/01 18:35:30 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\ASTSRV.EXEPRC - [2010/03/23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe========== Modules (No Company Name) ==========MOD - [2012/04/27 19:07:01 | 000,444,400 | ---- | M] () -- C:\Users\Lucas\AppData\Local\Google\Chrome\Application\18.0.1025.168\ppgooglenaclpluginchrome.dllMOD - [2012/04/27 19:06:59 | 003,915,248 | ---- | M] () -- C:\Users\Lucas\AppData\Local\Google\Chrome\Application\18.0.1025.168\pdf.dllMOD - [2012/04/27 19:05:45 | 000,544,240 | ---- | M] () -- C:\Users\Lucas\AppData\Local\Google\Chrome\Application\18.0.1025.168\libglesv2.dllMOD - [2012/04/27 19:05:44 | 000,117,744 | ---- | M] () -- C:\Users\Lucas\AppData\Local\Google\Chrome\Application\18.0.1025.168\libegl.dllMOD - [2012/04/27 19:05:34 | 000,122,880 | ---- | M] () -- C:\Users\Lucas\AppData\Local\Google\Chrome\Application\18.0.1025.168\avutil-51.dllMOD - [2012/04/27 19:05:33 | 000,220,672 | ---- | M] () -- C:\Users\Lucas\AppData\Local\Google\Chrome\Application\18.0.1025.168\avformat-53.dllMOD - [2012/04/27 19:05:32 | 001,747,456 | ---- | M] () -- C:\Users\Lucas\AppData\Local\Google\Chrome\Application\18.0.1025.168\avcodec-53.dllMOD - [2012/04/27 18:09:18 | 008,743,584 | ---- | M] () -- C:\Users\Lucas\AppData\Local\Google\Chrome\Application\18.0.1025.168\gcswf32.dllMOD - [2012/04/12 19:48:35 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\0642b0c04fa10e6986baf58cf1580879\IAStorUtil.ni.dllMOD - [2012/04/12 06:41:40 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\507b4ca18da9d2fde2e51a1f04593443\System.Web.ni.dllMOD - [2012/04/12 06:41:04 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\262285b3d0afafc5059f3fe9be69bff5\System.Windows.Forms.ni.dllMOD - [2012/04/12 06:40:56 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8177623eac8f15cf95b587625439eac7\System.Drawing.ni.dllMOD - [2012/04/11 21:02:15 | 013,197,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\bf4d4ad3e86281bc3924d74f4e716322\System.Windows.Forms.ni.dllMOD - [2012/04/11 21:02:06 | 001,665,536 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\ab9feeb2817859457fc06c4c06f32fe1\System.Drawing.ni.dllMOD - [2012/03/11 15:40:54 | 007,070,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\9bf91363906fc418ea34b30d7bf825b9\System.Core.ni.dllMOD - [2012/03/11 15:40:45 | 009,092,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\26430b84dfd15f788b0e39dce71ef5d1\System.ni.dllMOD - [2012/03/11 15:40:39 | 014,414,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\fe6b346d83857a3f02bda63332e66642\mscorlib.ni.dllMOD - [2012/02/15 08:09:11 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dllMOD - [2012/02/15 08:08:27 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dllMOD - [2012/02/15 08:08:21 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dllMOD - [2012/02/15 08:08:18 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dllMOD - [2012/02/15 08:08:17 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dllMOD - [2012/02/09 10:25:14 | 000,071,352 | ---- | M] () -- C:\Program Files\TortoiseGit\bin\zlib132.dllMOD - [2012/02/09 10:25:08 | 000,227,512 | ---- | M] () -- C:\Program Files\TortoiseGit\bin\libgit232.dllMOD - [2012/01/08 23:14:35 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\91fa5cc7230b88e3e42b3bccd198f681\IAStorCommon.ni.dllMOD - [2011/10/15 18:33:43 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dllMOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dllMOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dllMOD - [2011/06/16 20:49:40 | 000,402,944 | ---- | M] () -- C:\Apps\envyTouchPad.exeMOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODFMOD - [2010/11/10 20:28:40 | 000,405,504 | ---- | M] () -- C:\Program Files (x86)\Launchy\Launchy.exeMOD - [2010/11/05 16:08:00 | 000,118,784 | ---- | M] () -- C:\Program Files (x86)\Launchy\plugins\calcy.dllMOD - [2010/11/05 16:03:42 | 000,122,880 | ---- | M] () -- C:\Program Files (x86)\Launchy\plugins\weby.dllMOD - [2010/08/24 19:40:48 | 000,106,496 | ---- | M] () -- C:\Program Files (x86)\Launchy\plugins\runner.dllMOD - [2010/08/24 19:40:48 | 000,030,208 | ---- | M] () -- C:\Program Files (x86)\Launchy\plugins\gcalc.dllMOD - [2010/08/24 19:40:22 | 000,043,520 | ---- | M] () -- C:\Program Files (x86)\Launchy\plugins\verby.dllMOD - [2010/08/24 19:40:08 | 000,110,592 | ---- | M] () -- C:\Program Files (x86)\Launchy\plugins\controly.dllMOD - [2009/12/17 01:18:48 | 000,233,472 | ---- | M] () -- C:\Program Files (x86)\Launchy\imageformats\qmng4.dllMOD - [2009/12/16 23:13:02 | 008,314,880 | ---- | M] () -- C:\Program Files (x86)\Launchy\QtGui4.dllMOD - [2009/12/16 22:56:22 | 000,712,704 | ---- | M] () -- C:\Program Files (x86)\Launchy\QtNetwork4.dllMOD - [2009/12/16 22:54:46 | 002,236,416 | ---- | M] () -- C:\Program Files (x86)\Launchy\QtCore4.dll========== Win32 Services (SafeList) ==========SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)SRV:64bit: - [2012/01/08 23:14:50 | 000,301,568 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)SRV:64bit: - [2012/01/08 23:14:48 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)SRV:64bit: - [2011/08/31 19:08:08 | 001,166,848 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)SRV:64bit: - [2011/07/27 22:04:48 | 001,517,328 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel®SRV:64bit: - [2011/07/27 21:48:34 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)SRV:64bit: - [2011/07/27 21:44:18 | 000,844,560 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel®SRV:64bit: - [2011/07/18 17:01:47 | 000,146,816 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)SRV:64bit: - [2011/06/03 13:51:38 | 000,134,928 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr) Intel® Centrino® Wireless Bluetooth®SRV:64bit: - [2011/05/13 18:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)SRV:64bit: - [2011/05/08 17:25:40 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)SRV:64bit: - [2011/03/15 16:35:18 | 000,071,168 | ---- | M] (Palm) [Auto | Running] -- C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe -- (NovacomD)SRV:64bit: - [2010/11/01 18:35:30 | 000,072,192 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysNative\nlsInterface.EXE -- (nlscc)SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)SRV - [2012/05/06 16:55:24 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)SRV - [2012/04/23 19:57:16 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)SRV - [2012/03/14 22:20:30 | 000,370,504 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe -- (SSUService)SRV - [2012/02/09 13:44:10 | 000,531,328 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe -- (SplashtopRemoteService)SRV - [2012/01/08 23:13:14 | 002,413,056 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)SRV - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)SRV - [2011/09/01 18:06:50 | 000,227,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)SRV - [2011/08/25 18:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)SRV - [2011/08/14 15:39:51 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)SRV - [2011/07/20 05:07:50 | 000,260,424 | ---- | M] (HP) [Auto | Running] -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe -- (FPLService)SRV - [2011/07/11 15:04:44 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)SRV - [2011/06/21 15:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)SRV - [2011/05/20 11:10:26 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®SRV - [2011/02/24 22:34:42 | 000,241,648 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe -- (CLKMSVC10_38F51D56)SRV - [2011/02/15 15:48:52 | 001,071,160 | ---- | M] (Hewlett-Packard Development Company L.P.) [On_Demand | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe -- (hpCMSrv)SRV - [2011/01/24 15:34:06 | 000,991,296 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)SRV - [2011/01/24 15:34:04 | 001,298,496 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)SRV - [2011/01/24 15:33:30 | 000,901,184 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)SRV - [2010/12/23 18:25:02 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®SRV - [2010/12/23 18:24:58 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®SRV - [2010/11/01 18:35:30 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\ASTSRV.EXE -- (astcc)SRV - [2010/03/23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)========== Driver Services (SafeList) ==========DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)DRV:64bit: - [2012/02/24 02:14:42 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.)DRV:64bit: - [2012/02/24 02:14:42 | 000,099,384 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)DRV:64bit: - [2012/01/08 23:14:50 | 000,528,384 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)DRV:64bit: - [2012/01/08 23:13:14 | 000,338,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)DRV:64bit: - [2012/01/08 23:09:02 | 008,604,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel®DRV:64bit: - [2012/01/08 23:08:17 | 000,208,896 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)DRV:64bit: - [2012/01/08 23:08:17 | 000,091,648 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)DRV:64bit: - [2011/12/19 13:45:22 | 000,146,736 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)DRV:64bit: - [2011/10/14 04:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)DRV:64bit: - [2011/08/09 23:28:26 | 000,230,352 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)DRV:64bit: - [2011/08/08 08:32:08 | 000,299,008 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)DRV:64bit: - [2011/08/08 08:32:08 | 000,299,008 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)DRV:64bit: - [2011/07/22 09:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)DRV:64bit: - [2011/07/20 15:58:22 | 000,044,032 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)DRV:64bit: - [2011/07/12 14:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)DRV:64bit: - [2011/05/20 10:53:44 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)DRV:64bit: - [2011/05/18 17:57:32 | 000,041,256 | ---- | M] (SeriousBit) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nbdrv.sys -- (Nbdrv)DRV:64bit: - [2011/05/13 18:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)DRV:64bit: - [2011/05/13 18:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)DRV:64bit: - [2011/05/08 17:58:06 | 009,259,520 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)DRV:64bit: - [2011/05/08 16:50:14 | 000,301,568 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)DRV:64bit: - [2011/04/16 02:08:26 | 012,228,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)DRV:64bit: - [2011/02/16 18:11:08 | 000,428,136 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)DRV:64bit: - [2011/02/16 17:46:36 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)DRV:64bit: - [2011/01/24 02:24:52 | 000,058,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)DRV:64bit: - [2010/11/20 20:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)DRV:64bit: - [2010/11/20 20:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)DRV:64bit: - [2010/11/20 20:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)DRV:64bit: - [2010/10/19 17:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®DRV:64bit: - [2010/10/15 02:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®DRV:64bit: - [2010/07/28 09:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)DRV:64bit: - [2010/07/14 07:25:38 | 000,344,616 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)DRV:64bit: - [2010/03/23 13:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)DRV:64bit: - [2010/02/08 08:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)DRV:64bit: - [2009/07/13 17:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)DRV:64bit: - [2009/06/10 14:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)DRV:64bit: - [2009/06/10 14:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)DRV:64bit: - [2009/06/10 14:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)DRV:64bit: - [2009/06/10 13:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)DRV:64bit: - [2009/06/10 13:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)DRV:64bit: - [2008/11/16 18:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)DRV - [2009/12/18 11:58:52 | 000,017,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys -- (cpudrv64)DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)========== Standard Registry (SafeList) ==================== Internet Explorer ==========IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRCIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmIE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRCIE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-21-1039735209-2586580631-372817727-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/IE - HKU\S-1-5-21-1039735209-2586580631-372817727-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-USIE - HKU\S-1-5-21-1039735209-2586580631-372817727-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 78 67 C5 4F 21 57 CC 01 [binary data]IE - HKU\S-1-5-21-1039735209-2586580631-372817727-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE - HKU\S-1-5-21-1039735209-2586580631-372817727-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-21-1039735209-2586580631-372817727-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local========== FireFox ==========FF - prefs.js..browser.startup.homepage: "http://www.google.com/"FF - user.js - File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.2.1: C:\Windows\system32\npDeployJava1.dll File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.2.0: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not foundFF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Lucas\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Lucas\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Lucas\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Lucas\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/04/13 19:32:12 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/04/23 19:57:17 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\pluginsFF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/02/25 21:02:02 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins[2011/08/09 23:39:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lucas\AppData\Roaming\Mozilla\Extensions[2012/05/01 23:28:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\3s2yhtu7.default\extensions[2012/04/28 13:20:02 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\3s2yhtu7.default\extensions\https-everywhere@eff.org[2012/02/25 21:03:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions[2011/08/10 00:00:18 | 000,000,000 | ---D | M] (TrueSuite Website Logon) -- C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com[2012/04/23 19:57:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions[2012/03/10 18:27:42 | 001,331,409 | ---- | M] () (No name found) -- C:\USERS\LUCAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3S2YHTU7.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI[2012/03/10 18:27:42 | 000,195,719 | ---- | M] () (No name found) -- C:\USERS\LUCAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3S2YHTU7.DEFAULT\EXTENSIONS\ISREADITLATER@IDEASHOWER.COM.XPI[2012/03/10 18:27:42 | 000,113,603 | ---- | M] () (No name found) -- C:\USERS\LUCAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3S2YHTU7.DEFAULT\EXTENSIONS\NOSQUINT@URANDOM.CA.XPI[2012/04/23 19:57:16 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll[2012/03/10 18:23:43 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml[2012/03/10 18:23:43 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml========== Chrome ==========CHR - default_search_provider: Google (Enabled)CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewerCHR - plugin: Native Client (Enabled) = C:\Users\Lucas\AppData\Local\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dllCHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Lucas\AppData\Local\Google\Chrome\Application\18.0.1025.168\pdf.dllCHR - plugin: Shockwave Flash (Enabled) = C:\Users\Lucas\AppData\Local\Google\Chrome\Application\18.0.1025.168\gcswf32.dllCHR - plugin: Shockwave Flash (Disabled) = C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dllCHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dllCHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dllCHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dllCHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dllCHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dllCHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dllCHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dllCHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dllCHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dllCHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Lucas\AppData\Roaming\Mozilla\plugins\npgoogletalk.dllCHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Lucas\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dllCHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLLCHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLLCHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dllCHR - plugin: Java Platform SE 7 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dllCHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dllCHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dllCHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dllCHR - plugin: Google Update (Enabled) = C:\Users\Lucas\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dllCHR - Extension: Google Docs = C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\5.3.2_0\CHR - Extension: YouTube = C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\CHR - Extension: Adblock Plus (Beta) = C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\CHR - Extension: Google Search = C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\CHR - Extension: Google Calendar = C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0\CHR - Extension: Aside = C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkhbmdeeajbgkdpaiencghlmbgbkpdaa\1.1_0\CHR - Extension: Google Chrome to Phone Extension = C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco\2.3.1_0\CHR - Extension: SABconnect++ = C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\okphadhbbjadcifjplhifajfacbkkbod\0.5.8_0\CHR - Extension: Weather Underground = C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjejbgheonogbpfkkjigbmahaljipoej\1.6_0\CHR - Extension: Gmail = C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\O1 HOSTS File: ([2012/05/08 12:17:11 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hostsO1 - Hosts: 127.0.0.1 localhostO2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)O4:64bit: - HKLM..\Run: [bTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)O4:64bit: - HKLM..\Run: [intelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not foundO4 - HKLM..\Run: [FLxHCIm] C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\i386_host\FLxHCIm.exe (Windows ® Win 7 DDK provider)O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)O4 - HKLM..\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company L.P.)O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)O4 - HKLM..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)O4 - HKU\S-1-5-21-1039735209-2586580631-372817727-1001..\Run: [envyTouchPad] C:\Apps\envyTouchPad.exe ()O4 - Startup: C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Lucas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)O4 - Startup: C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Launchy.lnk = C:\Program Files (x86)\Launchy\Launchy.exe ()O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions presentO6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-21-1039735209-2586580631-372817727-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-21-1039735209-2586580631-372817727-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-21-1039735209-2586580631-372817727-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not foundO8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)O15 - HKU\S-1-5-21-1039735209-2586580631-372817727-1001\..Trusted Domains: box.net ([www] https in Trusted sites)O15 - HKU\S-1-5-21-1039735209-2586580631-372817727-1001\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 10.2.0)O16:64bit: - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0)O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Reg Error: Key error.)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.10.1.1O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AF6477D5-C2C1-4A4A-958E-A9DEC6AA64BC}: DhcpNameServer = 10.10.1.1O18:64bit: - Protocol\Handler\msdaipp - No CLSID value foundO18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value foundO18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value foundO18:64bit: - Protocol\Handler\ms-help - No CLSID value foundO18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not foundO20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not foundO20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)O32 - HKLM CDRom: AutoRun - 1O34 - HKLM BootExecute: (autocheck autochk *)O35:64bit: - HKLM\..comfile [open] -- "%1" %*O35:64bit: - HKLM\..exefile [open] -- "%1" %*O35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*O37 - HKLM\...com [@ = ComFile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)========== Files/Folders - Created Within 30 Days ==========[2012/05/09 20:35:47 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Lucas\Desktop\OTL.exe[2012/05/08 21:06:45 | 000,000,000 | ---D | C] -- C:\Users\Lucas\AppData\Local\Microsoft Games[2012/05/08 20:13:02 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN[2012/05/08 19:33:40 | 000,000,000 | ---D | C] -- C:\Windows\temp[2012/05/08 12:09:45 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe[2012/05/08 12:09:45 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe[2012/05/08 12:09:45 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe[2012/05/08 12:09:42 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT[2012/05/08 12:09:39 | 000,000,000 | ---D | C] -- C:\Qoobox[2012/05/08 12:08:58 | 004,487,872 | R--- | C] (Swearware) -- C:\Users\Lucas\Desktop\ComboFix.exe[2012/05/08 09:03:30 | 000,000,000 | ---D | C] -- C:\Users\Lucas\AppData\Local\Splashtop[2012/05/08 08:41:07 | 000,000,000 | ---D | C] -- C:\Users\Lucas\Desktop\RK_Quarantine[2012/05/04 00:41:48 | 000,000,000 | ---D | C] -- C:\Users\Lucas\AppData\Roaming\dvdcss[2012/05/01 03:00:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client[2012/04/16 23:40:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenDNS Updater[2012/04/16 23:16:09 | 000,000,000 | ---D | C] -- C:\Users\Lucas\AppData\Roaming\OpenDNS Updater[2012/04/16 22:39:39 | 000,203,320 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudmdm.sys[2012/04/16 22:39:39 | 000,099,384 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudbus.sys[2012/04/16 20:15:43 | 000,000,000 | ---D | C] -- C:\Users\Lucas\Desktop\Bilbo[2012/04/09 21:04:48 | 000,000,000 | ---D | C] -- C:\Users\Lucas\Documents\Asus WebStorage[2012/04/09 21:04:44 | 000,000,000 | ---D | C] -- C:\Users\Lucas\AppData\Roaming\ASUS WebStorage[2012/04/09 21:04:41 | 000,000,000 | ---D | C] -- C:\ProgramData\ASUS WebStorage[2012/04/09 21:04:23 | 000,000,000 | ---D | C] -- C:\Users\Lucas\AppData\Roaming\ASUS[2012/04/09 21:04:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASUS[2012/04/09 21:03:49 | 000,000,000 | ---D | C] -- C:\Program Files\ASUS[2012/04/09 21:03:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0[2012/04/09 21:01:47 | 000,000,000 | ---D | C] -- C:\Users\Lucas\AppData\Roaming\eCareme[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]========== Files - Modified Within 30 Days ==========[2012/05/09 20:35:04 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Lucas\Desktop\OTL.exe[2012/05/09 20:10:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1039735209-2586580631-372817727-1001UA.job[2012/05/09 20:10:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1039735209-2586580631-372817727-1001Core.job[2012/05/09 19:55:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job[2012/05/09 10:44:10 | 000,000,512 | ---- | M] () -- C:\Users\Lucas\Desktop\MBR.dat[2012/05/09 08:32:11 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0[2012/05/09 08:32:11 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0[2012/05/09 06:34:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat[2012/05/08 21:42:37 | 000,000,600 | ---- | M] () -- C:\Users\Lucas\AppData\Local\PUTTY.RND[2012/05/08 20:23:59 | 003,055,138 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat[2012/05/08 20:23:59 | 000,956,682 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat[2012/05/08 20:23:59 | 000,006,618 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI[2012/05/08 20:20:08 | 495,865,855 | -HS- | M] () -- C:\hiberfil.sys[2012/05/08 20:14:50 | 000,001,050 | ---- | M] () -- C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk[2012/05/08 12:17:11 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts[2012/05/08 12:08:38 | 004,487,872 | R--- | M] (Swearware) -- C:\Users\Lucas\Desktop\ComboFix.exe[2012/05/01 03:00:57 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif[2012/05/01 03:00:51 | 000,006,584 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI[2012/04/17 19:32:49 | 000,001,456 | ---- | M] () -- C:\Users\Lucas\AppData\Local\Adobe Save for Web 12.0 Prefs[2012/04/16 22:38:54 | 000,001,977 | ---- | M] () -- C:\Users\Lucas\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]========== Files Created - No Company Name ==========[2012/05/09 10:44:10 | 000,000,512 | ---- | C] () -- C:\Users\Lucas\Desktop\MBR.dat[2012/05/08 12:09:45 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe[2012/05/08 12:09:45 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe[2012/05/08 12:09:45 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe[2012/05/08 12:09:45 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe[2012/05/08 12:09:45 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe[2012/02/21 07:48:57 | 000,000,600 | ---- | C] () -- C:\Users\Lucas\AppData\Roaming\winscp.rnd[2012/02/18 18:00:01 | 000,000,614 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc[2012/02/04 03:11:04 | 000,001,626 | ---- | C] () -- C:\Users\Lucas\AppData\Local\auto_install.bat[2012/02/04 03:11:04 | 000,001,481 | ---- | C] () -- C:\Users\Lucas\AppData\Local\dc.bat[2012/02/04 03:11:04 | 000,001,288 | ---- | C] () -- C:\Users\Lucas\AppData\Local\cc.bat[2012/01/17 22:00:26 | 000,000,079 | ---- | C] () -- C:\Users\Lucas\AppData\Local\CrystalDiskMark30.ini[2011/12/23 23:56:46 | 000,008,846 | -HS- | C] () -- C:\Users\Lucas\AppData\Local\458ffeq4p6hr700641u[2011/12/16 00:33:54 | 000,153,076 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat[2011/12/09 21:24:34 | 000,002,655 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Midi Decoder.dat[2011/12/09 21:16:16 | 000,013,082 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp DSP Effects.dat[2011/12/09 21:16:08 | 000,017,950 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.dat[2011/11/29 17:38:18 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe[2011/11/29 17:38:12 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll[2011/11/29 17:38:12 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll[2011/11/29 17:38:12 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll[2011/11/29 17:38:12 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll[2011/11/17 00:24:08 | 000,005,632 | ---- | C] () -- C:\Users\Lucas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[2011/10/29 22:48:26 | 000,003,232 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp m4a Codec.dat[2011/10/29 22:48:08 | 000,225,656 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe[2011/10/16 14:01:55 | 000,000,166 | ---- | C] () -- C:\Users\Lucas\AppData\Roaming\Battery Meter_Settings.ini[2011/09/24 21:20:22 | 000,001,456 | ---- | C] () -- C:\Users\Lucas\AppData\Local\Adobe Save for Web 12.0 Prefs[2011/09/14 11:47:40 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll[2011/09/10 20:02:31 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI[2011/09/09 16:59:16 | 000,000,600 | ---- | C] () -- C:\Users\Lucas\AppData\Local\PUTTY.RND[2011/09/05 00:19:56 | 000,000,176 | ---- | C] () -- C:\Windows\explorer.exe.config[2011/08/14 15:34:02 | 000,000,412 | ---- | C] () -- C:\Users\Lucas\AppData\Roaming\All CPU Meter_Settings.ini[2011/08/12 23:47:26 | 000,003,155 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat[2011/08/09 23:39:06 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat[2011/08/09 23:07:41 | 000,006,584 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI[2011/08/09 04:53:48 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin[2011/08/09 04:43:10 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin[2011/08/09 04:43:08 | 000,003,155 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat[2011/04/16 02:05:50 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin[2011/04/16 01:59:48 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll[2011/04/16 01:33:40 | 013,359,616 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll[2011/03/25 18:16:08 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin[2011/02/09 21:03:48 | 000,000,326 | ---- | C] () -- C:\Windows\primopdf.ini========== LOP Check ==========[2011/10/16 13:47:56 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\onOne Software[2011/10/16 13:47:56 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\onOne Software[2012/04/17 23:42:58 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\.minecraft[2012/04/09 21:06:22 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\ASUS[2012/04/09 21:04:44 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\ASUS WebStorage[2011/12/09 21:15:22 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Audacity[2011/09/10 21:55:22 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\calibre[2011/10/18 20:59:10 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\CanuckSoftware[2011/09/24 21:54:34 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1[2011/09/10 19:30:40 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\com.adobe.dmp.contentviewer[2011/09/09 12:56:00 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant[2012/02/22 07:38:24 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\DiskAid[2012/03/19 20:39:14 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Downloaded Installations[2012/05/09 14:15:46 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Dropbox[2012/04/09 21:01:47 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\eCareme[2011/09/24 21:20:44 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\EPSON[2012/03/11 18:39:05 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\FileZilla[2011/11/14 22:27:48 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\FlixsterCollections[2011/12/09 00:32:08 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\FreeCommander[2011/08/09 23:39:40 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\GlarySoft[2011/09/04 22:17:31 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\gtk-2.0[2011/10/05 22:16:34 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\HandBrake[2011/08/14 15:48:38 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\IDT[2011/12/04 20:38:37 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\ImgBurn[2011/08/27 17:17:27 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Jason Robitaille[2011/12/16 00:53:37 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\JasonRobitaille[2012/02/25 21:19:34 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Launchy[2011/10/13 11:39:04 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\LockHunter[2012/03/21 07:16:26 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Mp3tag[2011/10/13 11:55:32 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\MusicBrainz[2011/08/14 15:43:43 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Notepad++[2011/10/16 13:48:05 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\onOne Software[2012/04/16 23:16:09 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\OpenDNS Updater[2011/09/10 20:02:31 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\PACE Anti-Piracy[2012/04/09 21:05:37 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\PrimoPDF[2012/02/18 19:42:55 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\pymclevel[2012/01/25 21:09:01 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\redsn0w[2012/04/16 22:37:23 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Samsung[2011/08/12 21:20:11 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\SeriousBit[2011/09/28 20:56:23 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1[2011/08/09 22:22:19 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Synaptics[2011/08/12 23:21:14 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\SystemRequirementsLab[2012/04/29 20:08:37 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\TeraCopy[2011/12/04 19:11:55 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Thunderbird[2011/08/14 14:41:27 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\TightVNC[2011/09/09 18:08:37 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\TrueCrypt[2012/05/07 21:32:36 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\uTorrent[2011/12/09 21:17:38 | 000,032,634 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT========== Purity Check ==================== Alternate Data Streams ==========@Alternate Data Stream - 1211 bytes -> C:\ProgramData\Microsoft:ao1VlNx8YbGrn9Wv1Onms6MKZd@Alternate Data Stream - 1062 bytes -> C:\ProgramData\Microsoft:wXz4oHAJVT4QGLZeJNjw8iHdTa< End of report > Link to post Share on other sites More sharing options...
infectedturtle Posted May 10, 2012 Author ID:550236 Share Posted May 10, 2012 OTL Extras logfile created on: 5/9/2012 8:36:01 PM - Run 1OTL by OldTimer - Version 3.2.42.3 Folder = C:\Users\Lucas\Desktop64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstationInternet Explorer (Version = 9.0.8112.16421)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy5.95 Gb Total Physical Memory | 3.04 Gb Available Physical Memory | 51.15% Memory free11.90 Gb Paging File | 8.50 Gb Available in Paging File | 71.43% Paging File freePaging file location(s): ?:\pagefile.sys [binary data]%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 185.55 Gb Total Space | 73.48 Gb Free Space | 39.60% Space Free | Partition Type: NTFSDrive D: | 384.82 Gb Total Space | 336.30 Gb Free Space | 87.39% Space Free | Partition Type: NTFSDrive V: | 465.76 Gb Total Space | 81.28 Gb Free Space | 17.45% Space Free | Partition Type: NTFSComputer Name: DEATHWING | User Name: Lucas | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit ScansCompany Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days========== Extra Registry (SafeList) ==================== File Associations ==========64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)[HKEY_USERS\S-1-5-21-1039735209-2586580631-372817727-1001\SOFTWARE\Classes\<extension>].html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)========== Shell Spawning ==========64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*exefile [open] -- "%1" %*helpfile [open] -- Reg Error: Key error.htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %lscrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()Directory [bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Directory [git_shell] -- wscript "C:\Program Files (x86)\Git\Git Bash.vbs" "%1"Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [explore] -- Reg Error: Value error.Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)exefile [open] -- "%1" %*helpfile [open] -- Reg Error: Key error.piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %lscrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()Directory [bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Directory [git_shell] -- wscript "C:\Program Files (x86)\Git\Git Bash.vbs" "%1"Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [explore] -- Reg Error: Value error.Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)========== Security Center Settings ==========64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"cval" = 1"FirewallDisableNotify" = 0"AntiVirusDisableNotify" = 0"UpdatesDisableNotify" = 064bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]"AntiVirusOverride" = 0"AntiSpywareOverride" = 0"FirewallOverride" = 064bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"FirewallDisableNotify" = 0"AntiVirusDisableNotify" = 0"UpdatesDisableNotify" = 0[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]========== System Restore Settings ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]"DisableSR" = 0========== Firewall Settings ==========64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile][HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile][HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]"EnableFirewall" = 1"DisableNotifications" = 0[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]"EnableFirewall" = 1"DisableNotifications" = 0[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]"EnableFirewall" = 1"DisableNotifications" = 0========== Authorized Applications List ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]========== Vista Active Open Ports Exception List ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{07D49986-0F1A-45EC-A280-BA1E1BFCA5D5}" = rport=445 | protocol=6 | dir=out | app=system | "{0E547AD4-6C7D-4922-B0A5-57AA32EF4210}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | "{1F6D502C-2C4E-4458-B162-5F8517D27BBB}" = rport=137 | protocol=17 | dir=out | app=system | "{41B34316-FA7D-432B-9A5E-73C2242E7EFF}" = lport=139 | protocol=6 | dir=in | app=system | "{51BC914D-F727-4CC5-BF5D-E19340C09CB9}" = lport=10243 | protocol=6 | dir=in | app=system | "{69047C5D-1F28-4D19-96F8-826821DBC526}" = lport=445 | protocol=6 | dir=in | app=system | "{74E8E680-3E8B-433B-8861-9A3D3E80E179}" = lport=2869 | protocol=6 | dir=in | app=system | "{7EC1554B-4196-45A1-8680-67748C427655}" = rport=10243 | protocol=6 | dir=out | app=system | "{8AE60E59-2B45-47D7-ABB5-0356FB9EE0B3}" = lport=137 | protocol=17 | dir=in | app=system | "{95A2FD3C-5F06-48C8-BF89-9D845DFA1A21}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{98A86C84-D4CD-4E09-9B69-6AE3A3B57E0A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{9952FB3F-F5BB-48F9-B8F7-44BE8C168CC7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{9DA80E49-0E77-437A-8EF9-78B7ED46A596}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{A69A412E-0C74-423D-9B94-8D75F294D6BF}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{A8DD4062-C724-46BE-A078-760C18609C13}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{AD3283D1-98F0-461B-816B-A7220ABDFFC7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{B011C823-BEF8-471A-9441-6FEE9D680D4F}" = rport=139 | protocol=6 | dir=out | app=system | "{BD336E05-35AF-4E31-A90F-E7E6FC940E6B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{C1EA5AA9-D05F-4EC7-8F35-20BE2CB12619}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{CA101BE4-0B88-46A5-A1AB-F726B82D613D}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service v4\intuitupdater.exe | "{CE90214D-703F-41F0-B80A-217E0D4885A3}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{D35FB18C-6703-4C3D-B692-2997BBC4F26D}" = lport=138 | protocol=17 | dir=in | app=system | "{DC2D579D-3726-44FB-81CC-10625884C111}" = rport=138 | protocol=17 | dir=out | app=system | "{DEF646C2-C0CF-4802-B1B2-600D3AB5B28F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{F1F20752-9FF5-4A46-A21C-9E8977C0EA7F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{FFBB33F3-CA20-4F89-B901-C0DB6BAF09A7}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service v4\intuitupdateservice.exe | ========== Vista Active Application Exception List ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{03D79D47-765C-4C44-8716-98EDA7F0B05F}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | "{0755C145-E940-4A0F-81F3-AC938D5E838C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe | "{076D6C45-551D-4A5F-BB33-EE2C703E4768}" = protocol=17 | dir=in | app=c:\users\lucas\appdata\local\google\google talk plugin\googletalkplugin.exe | "{0A5AD457-2F44-4605-96C7-7C37996E20FA}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{0D69519C-73E2-4B26-A72B-860A679824FC}" = protocol=6 | dir=in | app=c:\program files (x86)\tightvnc\vncviewer.exe | "{0EC6CFBE-78EE-4085-8466-95C43BE081F3}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe | "{16214C53-3B30-43B3-9C15-BABBF9FC6FEE}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{165EE9F6-7E9C-4596-9711-7C918ECA35DB}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "{19A3DDE1-B234-412B-AB80-E6D5D6C89789}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{1E79C1D1-AFD5-479B-8E26-0FA730F091AC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{1F312B0F-523F-4657-8908-B1F9B39B1BF3}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | "{21E0959A-EEB6-4E22-AF03-F109DCED3CD0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{24C638BB-4651-42AA-A593-E7E01293DEC0}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{2B800D48-E6C2-4398-B637-AD00A2BB6E4D}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | "{3C3B3988-5CEF-464B-A775-80E4EEAAA75B}" = protocol=17 | dir=in | app=c:\users\lucas\appdata\roaming\dropbox\bin\dropbox.exe | "{3E2BF12D-4D24-4389-8407-2A4E0F62AEA9}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "{3E9B38BA-1BCE-4153-AFE0-1FFAFDBA117F}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{4244EDDD-2E43-4893-A2B9-A08C1F50DAA0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{4280E864-B11B-4E01-88AD-CFC7288033D1}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe | "{4BD35305-41A5-4013-985C-E4C19AFE795D}" = protocol=6 | dir=in | app=c:\users\lucas\appdata\roaming\dropbox\bin\dropbox.exe | "{4D7DF199-37B3-488B-8793-29B57CC9C48D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{52B082D7-88F9-4138-B651-B671088F3F6A}" = protocol=6 | dir=in | app=c:\users\lucas\appdata\local\google\google talk plugin\googletalkplugin.exe | "{53F1D0AD-E211-48F4-9960-3AD539A18A98}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\snuggle truck\snuggle truck.exe | "{555358B1-1C58-49EA-AFAE-D6F3DCA356F0}" = dir=in | app=c:\program files (x86)\splashtop\splashtop remote\server\dataproxy.exe | "{5857BE5D-093C-41DC-A65C-9856DA064D8A}" = protocol=17 | dir=in | app=c:\users\lucas\appdata\local\google\google talk plugin\googletalkplugin.exe | "{62BB5FC2-6854-4FB6-8785-3AC24715CAE7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{64BFF7EE-E9DF-4148-89EC-E691EFB09D99}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{6DFA3FB7-5DC4-49DC-B596-884D8A0AFF01}" = protocol=6 | dir=in | app=c:\users\lucas\appdata\local\google\google talk plugin\googletalkplugin.exe | "{6E14714F-017B-4A6F-8C9F-282524C31493}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{74E41ADC-B2D3-4449-873B-E15D955A693F}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{7A92038B-D1B9-408F-9A1C-DD6B59D958B7}" = dir=in | app=c:\program files (x86)\intel corporation\intel wireless display\widiapp.exe | "{7F27402E-9AD7-420A-8765-2EBA15B42C83}" = protocol=6 | dir=in | app=c:\windows\system32\java.exe | "{8189EA91-D5A8-4784-B1E5-77BB4914B61C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe | "{83D90476-0F73-418D-B83E-9A40B42E14E7}" = dir=in | app=c:\program files (x86)\splashtop\splashtop remote\server\srfeature.exe | "{860D8CF8-FFD2-40EA-9DD7-BB2E3616C472}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\snuggle truck\snuggle truck.exe | "{878187EE-E950-4AA6-A4B8-5023B2E32A46}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{88959DEC-CBBF-4BC3-B9BE-D4C13EB11F49}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{8BF12400-7337-4C04-9433-775863E3A22C}" = protocol=17 | dir=in | app=c:\program files (x86)\tightvnc\vncviewer.exe | "{8D1E7393-C817-4116-BE65-C8FB6304FAF0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{8DF5B141-B7C6-4F69-A4DB-9FD206752E0D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{906F72CD-2DEF-4897-B9C4-E9D8ED128840}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{94A2A794-CCB3-4818-9F69-C4022B1D959D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{953F23BD-4876-4FFC-83ED-67903CDBE8FA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{954D4F35-40C2-484B-AF95-9FB034F6FB8D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{95A8ED67-1A2A-4DC3-BF54-372CCFBE7B0A}" = dir=in | app=c:\program files (x86)\splashtop\splashtop remote\server\inputserv.exe | "{95B84ED9-4916-4B87-84FD-F80E391725C4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{9852AEDE-5D97-4E47-8C1C-C2E547422E1E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe | "{9F02C85D-441E-47C7-9C53-83C9A9B0FC94}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{9F9C8142-1340-4B00-B83E-DE76BD2E4571}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{A0AF4E54-C6D3-482F-9E1D-D15A8EEBA2A8}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | "{B1D0C305-A779-4741-AA36-2037EEEC6A1F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe | "{B2EF2011-5C1E-4AC6-9258-D165A3548E24}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{B6042080-540C-4DC9-80B0-81A77B93C014}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{BA2CAB99-FEC0-48F2-AFE7-E42377A63E5A}" = dir=in | app=c:\program files (x86)\splashtop\splashtop remote\server\srlogin.exe | "{CAAD8350-BF6B-4930-BFEB-E6ACA4A2B80B}" = protocol=6 | dir=out | app=system | "{CDDF97B1-9C14-4D05-A30D-26485B383479}" = protocol=17 | dir=in | app=c:\windows\system32\java.exe | "{CF22F183-A128-4612-9F8A-7DAFFE2CC8BD}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | "{D2868EE2-D511-436A-B284-328F92ABE627}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{D3FE344F-395F-4600-8ABA-4CAFB78895C2}" = dir=in | app=c:\program files (x86)\splashtop\splashtop remote\server\srserver.exe | "{DCBB9DBD-1A05-431D-9F00-9D2B500D738C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\omghahalol\counter-strike source\hl2.exe | "{DDB38C2E-D5EB-405F-B627-1DAE330B165D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{E7197AB7-6BAB-4F7A-8A50-ADB613FFA1A8}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{EF652DEE-35FA-4F77-BFC5-DEC6978F5713}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\omghahalol\counter-strike source\hl2.exe | "{F6F3A91A-A946-4980-B80C-478B3E49419A}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{FE4845ED-11BE-4716-8A38-521EB6DF6DFB}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "TCP Query User{2CB272B9-BD52-4273-9336-2E22F0589C06}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe | "TCP Query User{91C08A13-C715-47BF-9320-D403AE710D75}C:\program files (x86)\calibre2\calibre.exe" = protocol=6 | dir=in | app=c:\program files (x86)\calibre2\calibre.exe | "TCP Query User{A477644C-926E-4231-8251-A2D7B9C9A953}C:\program files (x86)\musicbrainz picard\picard.exe" = protocol=6 | dir=in | app=c:\program files (x86)\musicbrainz picard\picard.exe | "TCP Query User{ECB7B1E9-D27A-44A2-B990-312A29AD0AC2}C:\program files (x86)\steam\steamapps\omghahalol\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\omghahalol\counter-strike source\hl2.exe | "TCP Query User{F55B1B18-36AB-45C4-A306-76EEBB9B0033}C:\users\lucas\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\lucas\appdata\roaming\dropbox\bin\dropbox.exe | "UDP Query User{25C05CE1-D6C2-4B8C-B9AC-25DAF847DE1A}C:\program files (x86)\steam\steamapps\omghahalol\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\omghahalol\counter-strike source\hl2.exe | "UDP Query User{B4804827-2ACF-44A8-B98E-539D297590C5}C:\users\lucas\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\lucas\appdata\roaming\dropbox\bin\dropbox.exe | "UDP Query User{C31320E2-4838-4F1F-BD2C-2CFD5056104A}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe | "UDP Query User{EA63E4F3-A1AB-4607-870D-34645A20E634}C:\program files (x86)\musicbrainz picard\picard.exe" = protocol=17 | dir=in | app=c:\program files (x86)\musicbrainz picard\picard.exe | "UDP Query User{F428297E-1B32-4804-B150-A16912D4F33F}C:\program files (x86)\calibre2\calibre.exe" = protocol=17 | dir=in | app=c:\program files (x86)\calibre2\calibre.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ==========64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)"{054EF02F-95D8-48F4-9EEB-2F9CE3072ED8}" = AuthenTec TrueAPI"{07E570C2-CEFF-4AA4-BDA7-DA2B4CDD3E62}" = Fresco Logic USB3.0 Host Controller"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp version 0.99.8"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)"{25FBDA9A-E868-4B3B-B9FF-D923818511A1}" = Intel® PROSet/Wireless WiFi Software"{26A24AE4-039D-4CA4-87B4-2F86417002FF}" = Java 7 Update 2 (64-bit)"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel® Wireless Display"{3156336D-8E44-3671-A6FE-AE51D3D6564E}" = Microsoft Windows SDK for Windows 7 (7.1)"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64"{467D5E81-8349-4892-9E81-C3674ED8E451}" = Cisco Systems VPN Client 5.0.07.0290"{49033FF4-8C1C-0EB9-C0A6-4691CB18D0A4}" = ccc-utility64"{4BDE7544-0A08-4AD9-8A8F-4B7944471C36}" = iTunes"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime"{5601F151-A69F-4E30-8C60-37928124CD07}" = HP 3D DriveGuard"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161"{64A3A4F4-B792-11D6-A78A-00B0D0170020}" = Java SE Development Kit 7 Update 2 (64-bit)"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour"{79174AF2-6CB1-42F5-981E-66DCA49391D0}" = Validity WBF DDK"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64"{9B2C4509-2B9F-4303-BA74-E2F9BB773F03}" = Oracle VM VirtualBox 4.1.8"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64"{B0F1D023-EF17-43DF-A702-25E0FFFE4129}" = TortoiseGit 1.7.7.0 (64 bit)"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support"{BA9A297F-0198-4EE8-90CB-F5036C180E1D}" = Novacomd"{C27D5B91-DA53-3AEB-5CD5-5F6E0C87459A}" = AMD Catalyst Install Manager"{C7B40C35-85AE-4303-9EEA-1A1EA779664D}" = Intel® PROSet/Wireless Software for Bluetooth® Technology"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319"{DBFC6AAE-DCCB-4C23-B01C-3EDDDC03298B}" = Debugging Tools for Windows (x64)"{EA01EDC3-CFB8-47DA-8C74-53069EB0BD00}" = ASUS Android USB Drivers"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile"332CCC08910F1AE2E4D90D25DEDE87E3EF797832" = Windows Driver Package - Palm (WinUSB) Palm Devices (10/09/2009 1.0.1)"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit"CCleaner" = CCleaner"Defraggler" = Defraggler"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended"Microsoft Security Client" = Microsoft Security Essentials"ProInst" = Intel PROSet Wireless"SDKSetup_7.1.7600.0.30514" = Microsoft Windows SDK for Windows 7 (7.1)"SynTPDeinstKey" = Synaptics TouchPad Driver"TeraCopy_is1" = TeraCopy 2.2[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{00A53800-BA75-3E9E-BD52-10171E5640B6}" = CCC Help Greek"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam"{0296D4D2-DA68-2DFD-5AC1-6FB04354A86E}" = PX Profile Update"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86"{04098274-E98C-86E3-1B2C-50E32E561DF5}" = CCC Help Korean"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam"{0502C9CA-D1A3-B741-2F0B-A4E6CDDFEF0E}" = CCC Help Norwegian"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86"{0E33EC53-22CE-426C-A88B-2AAC231BAC85}" = Catalyst Control Center - Branding"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86"{163A486D-BE65-487E-98D9-F5298F3D5E15}" = PhotoTools 2.5"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319"{1C34B2AF-0D61-1784-8BC8-219F969BEFD6}" = PX Profile Update"{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1" = Geeks3D.com FurMark 1.9.1"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java 6 Update 29"{26A24AE4-039D-4CA4-87B4-2F83217000FF}" = Java 7"{285F722C-0E45-47DE-B38E-5B3B10FA4A7C}" = HP Quick Launch"{28B14C2C-B62F-E50C-EECD-97FF3C1ED3CE}" = CCC Help French"{28FE073B-1230-4BF6-830C-7434FD0C0069}" = HP Software Framework"{2D049D1D-CA58-9652-B7C6-19CB98649923}" = CCC Help Dutch"{2EFEAD58-3311-4B2B-9D8A-8D663581D109}" = Splashtop Streamer"{32A3A4F4-B792-11D6-A78A-00B0D0160270}" = Java SE Development Kit 6 Update 27"{33DFAA69-9EF2-F12B-C6F5-4AF9FD445CF6}" = CCC Help Swedish"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology"{4741965C-AFD0-4D00-81D1-1039F96D4DC3}" = HP SimplePass 2011"{480DCAD1-8670-66EA-8EBA-178047059A13}" = CCC Help German"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater"{4E33D05D-76CF-5D3C-4D5D-7727530FA161}" = Adobe Content Viewer"{4EA540A5-03BD-9B22-A3DD-E7BDCD879D70}" = CCC Help Finnish"{53CF3920-648B-4F99-8D05-6A6C5298F57B}" = Adobe Creative Suite 5.5 Design Standard"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver"{55B6344C-AE4F-4DA8-BF32-D7AE0CB4D2BE}_is1" = theRenamer 7.57"{5B46CEC7-DAD0-46A2-BCD6-B46A3CFD9B61}" = Intel® Wireless Display"{5E58CCDF-4A36-453F-A091-DA8F8D1643B5}" = CCC Help Danish"{60070423-DE0B-59FF-D4B7-16BDB8957864}" = CCC Help Portuguese"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.1.0"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable"{74FBB537-8915-329D-393E-FDB7DC69A339}" = CCC Help Japanese"{755F4903-030D-B017-30F2-4D5BE92C8D38}" = CCC Help Italian"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update"{795AADBF-58C2-42D0-B779-E730702A247E}" = HP Connection Manager"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver"{896C4E12-4857-9715-9F9D-249561D2D7EE}" = CCC Help Thai"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90932C65-D68E-4257-AEE8-EBBFC36AC601}" = KENWOOD Music Editor Light"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86"{968298EC-86D4-8F84-5ABC-E976C5CDA417}" = CCC Help Spanish"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5"{A79024ED-1969-334A-1ED6-16753F9DE377}" = CCC Help English"{A99BE117-F10C-470D-AE6D-DC2889F5F24E}" = Avadon"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)"{AEAB754A-426C-4738-89C1-52FCB389FCDF}" = calibre"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86"{BBDD3C95-E069-E346-6D1B-CC76AE448550}" = CCC Help Chinese Standard"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader"{C57C21C0-CE1B-26D5-1215-B26862051F6F}" = Catalyst Control Center"{C86CB1B1-4BD0-7BFB-88CF-76762C8CE1D3}" = Catalyst Control Center Graphics Previews Common"{C89269D9-DD02-45DD-99DD-6AE592F6C447}" = TurboTax 2011 wcaiper"{CAF5B770-082F-40C4-853D-3973BB81BDAA}" = TurboTax 2011 WinPerTaxSupport"{CD05F1BC-FC63-1E93-4094-82BC33662E76}" = Catalyst Control Center Localization All"{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}" = System Requirements Lab for Intel"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86"{D61F78AF-A111-9DAE-8368-E3230B168F03}" = CCC Help Polish"{D629D8F0-CA96-11ED-FEAC-38C95F24F4E3}" = CCC Help Russian"{D8CABEA0-CAFB-9320-5F46-EAF31535203F}" = CCC Help Turkish"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86"{DBCD5E64-7379-4648-9444-8A6558DCB614}" = Recovery Manager"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio"{E463E171-4082-4744-A466-F7CBE8502789}" = TurboTax 2011 WinPerReleaseEngine"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support"{ED1BD69A-07E3-418C-91F1-D856582581BF}" = HP On Screen Display"{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}" = TurboTax 2011 wrapper"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Display Audio Driver"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center"{F9941E63-AB58-1382-BC5D-545C4A2AA9B1}" = CCC Help Hungarian"{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}" = TurboTax 2011 WinPerFedFormset"{FC3FEC23-8BBB-CA39-DD99-C981F25A5D39}" = CCC Help Chinese Traditional"{FC8292ED-7E61-4370-15D1-60171263AA1D}" = CCC Help Czech"{FD207C2C-A7FF-332A-AC85-5A5ACED6F31B}" = Google Talk Plugin"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022"Adobe AIR" = Adobe AIR"Afterburner" = MSI Afterburner 2.1.0"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help"com.adobe.dmp.contentviewer" = Adobe Content Viewer"dBpoweramp DSP Effects" = dBpoweramp DSP Effects"dBpoweramp m4a Codec" = dBpoweramp m4a Codec"dBpoweramp Midi Decoder" = dBpoweramp Midi Decoder"dBpoweramp Music Converter" = dBpoweramp Music Converter"EPSON Scanner" = EPSON Scan"FileZilla Client" = FileZilla Client 3.5.3"FreeCommander_is1" = FreeCommander 2009.02b"Git_is1" = Git version 1.7.9-preview20120201"HandBrake" = HandBrake 0.9.5"ImgBurn" = ImgBurn"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam"InstallShield_{2EFEAD58-3311-4B2B-9D8A-8D663581D109}" = Splashtop Streamer"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD"Launchy_21344213_is1" = Launchy 2.6 Beta 2"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400"Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)"Mozilla Thunderbird 10.0.2 (x86 en-US)" = Mozilla Thunderbird 10.0.2 (x86 en-US)"MozillaMaintenanceService" = Mozilla Maintenance Service"Mp3tag" = Mp3tag v2.49"MusicBrainz Picard" = MusicBrainz Picard"Notepad++" = Notepad++"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010"Picasa 3" = Picasa 3"PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software"ProInst" = Intel PROSet Wireless"PuTTY_is1" = PuTTY version 0.61"SABnzbd" = SABnzbd 0.6.12"StarCraft II" = StarCraft II"Steam App 111100" = Snuggle Truck"Steam App 300" = Day of Defeat: Source"Steam App 4000" = Garry's Mod"Steam App 440" = Team Fortress 2"Steam App 550" = Left 4 Dead 2"TightVNC" = TightVNC 2.0.4"TrueCrypt" = TrueCrypt"TurboTax 2011" = TurboTax 2011"VLC media player" = VLC media player 2.0.0"WBFS Manager 3.0" = WBFS Manager 3.0"WinMerge_is1" = WinMerge 2.12.4========== HKEY_USERS Uninstall List ==========[HKEY_USERS\S-1-5-21-1039735209-2586580631-372817727-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"Dropbox" = Dropbox"Google Chrome" = Google Chrome========== Last 10 Event Log Errors ==========[ Application Events ]Error - 4/18/2012 3:45:39 AM | Computer Name = Deathwing | Source = ATIeRecord | ID = 16398Description = ATI EEU failed to post message to CCC Error - 4/18/2012 3:45:39 AM | Computer Name = Deathwing | Source = ATIeRecord | ID = 16398Description = ATI EEU failed to post message to CCC Error - 4/18/2012 3:45:39 AM | Computer Name = Deathwing | Source = ATIeRecord | ID = 16398Description = ATI EEU failed to post message to CCC Error - 4/18/2012 3:45:39 AM | Computer Name = Deathwing | Source = ATIeRecord | ID = 16398Description = ATI EEU failed to post message to CCC Error - 4/18/2012 3:45:39 AM | Computer Name = Deathwing | Source = ATIeRecord | ID = 16398Description = ATI EEU failed to post message to CCC Error - 4/18/2012 3:45:39 AM | Computer Name = Deathwing | Source = ATIeRecord | ID = 16398Description = ATI EEU failed to post message to CCC Error - 4/18/2012 3:45:39 AM | Computer Name = Deathwing | Source = ATIeRecord | ID = 16398Description = ATI EEU failed to post message to CCC Error - 4/18/2012 3:45:39 AM | Computer Name = Deathwing | Source = ATIeRecord | ID = 16398Description = ATI EEU failed to post message to CCC Error - 4/18/2012 3:45:39 AM | Computer Name = Deathwing | Source = ATIeRecord | ID = 16398Description = ATI EEU failed to post message to CCC Error - 4/18/2012 10:31:54 AM | Computer Name = Deathwing | Source = WinMgmt | ID = 10Description = [ Hewlett-Packard Events ]Error - 9/9/2011 5:08:19 PM | Computer Name = Deathwing | Source = Hewlett-Packard | ID = 0Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\091109020801.xml File not created by asset agentError - 9/9/2011 5:13:33 PM | Computer Name = Deathwing | Source = Hewlett-Packard | ID = 0Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\091109021331.xml File not created by asset agent[ HP Connection Manager Events ]Error - 4/11/2012 11:55:33 PM | Computer Name = Deathwing | Source = hpCMSrv | ID = 5Description = 2012/04/11 20:55:33.171|00001AA0|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged failed [hr:0x800706BA]Error - 4/11/2012 11:56:33 PM | Computer Name = Deathwing | Source = hpCMSrv | ID = 5Description = 2012/04/11 20:56:33.169|00001AA0|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged failed [hr:0x800706BA]Error - 4/11/2012 11:57:33 PM | Computer Name = Deathwing | Source = hpCMSrv | ID = 5Description = 2012/04/11 20:57:33.167|00001AA0|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged failed [hr:0x800706BA]Error - 4/11/2012 11:58:33 PM | Computer Name = Deathwing | Source = hpCMSrv | ID = 5Description = 2012/04/11 20:58:33.165|00001AA0|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged failed [hr:0x800706BA]Error - 4/11/2012 11:59:33 PM | Computer Name = Deathwing | Source = hpCMSrv | ID = 5Description = 2012/04/11 20:59:33.162|00001AA0|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged failed [hr:0x800706BA]Error - 4/12/2012 12:00:33 AM | Computer Name = Deathwing | Source = hpCMSrv | ID = 5Description = 2012/04/11 21:00:33.160|00001AA0|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged failed [hr:0x800706BA]Error - 4/12/2012 12:01:33 AM | Computer Name = Deathwing | Source = hpCMSrv | ID = 5Description = 2012/04/11 21:01:33.173|00001AA0|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged failed [hr:0x800706BA]Error - 4/12/2012 12:02:33 AM | Computer Name = Deathwing | Source = hpCMSrv | ID = 5Description = 2012/04/11 21:02:33.171|00001AA0|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged failed [hr:0x800706BA]Error - 4/16/2012 11:36:24 PM | Computer Name = Deathwing | Source = hpCMSrv | ID = 5Description = 2012/04/16 20:36:24.007|00001814|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged failed [hr:0x800706BA]Error - 4/16/2012 11:36:28 PM | Computer Name = Deathwing | Source = hpCMSrv | ID = 5Description = 2012/04/16 20:36:28.990|00001814|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged failed [hr:0x800706BA][ HP Software Framework Events ]Error - 4/30/2012 11:05:10 PM | Computer Name = Deathwing | Source = CaslSmBios | ID = 5Description = 2012/04/30 20:05:10.602|00001174|Error |[CaslWmi]XmlTools::Validate{hpCasl.enReturnCode(string,string)}|The 'schemas-hp-com.casl:TechnologyType' element is invalid - The value '' is invalid according to its datatype 'schemas-hp-com.casl:technologyTypeValue' - The Enumeration constraint failed. Error - 5/2/2012 12:37:50 PM | Computer Name = Deathwing | Source = CaslWmi | ID = 5Description = 2012/05/02 09:37:50.076|00000F04|Error |[CaslWmi]CommandPanelBrightness::GetCurrentPanelBrightnessFromOS{hpCasl.enReturnCode(CaslWmi.enPanelBrightnessDataType,ushort&)}|Exception occurred in querying WMI for WmiMonitorBrightness: 'Not supported 'Error - 5/2/2012 12:37:50 PM | Computer Name = Deathwing | Source = CaslWmi | ID = 5Description = 2012/05/02 09:37:50.330|00000F04|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio stateError - 5/8/2012 12:41:37 AM | Computer Name = Deathwing | Source = CaslWmi | ID = 5Description = 2012/05/07 21:41:37.153|00001844|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio stateError - 5/8/2012 9:35:36 AM | Computer Name = Deathwing | Source = CaslWmi | ID = 5Description = 2012/05/08 06:35:36.442|00001784|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio stateError - 5/8/2012 11:15:12 PM | Computer Name = Deathwing | Source = CaslWmi | ID = 5Description = 2012/05/08 20:15:12.203|00000FC8|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio stateError - 5/8/2012 11:23:25 PM | Computer Name = Deathwing | Source = CaslWmi | ID = 5Description = 2012/05/08 20:23:25.940|000018E4|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio stateError - 5/9/2012 12:21:42 PM | Computer Name = Deathwing | Source = CaslWmi | ID = 5Description = 2012/05/09 09:21:42.638|0000140C|Error |[CaslWmi]CommandPanelBrightness::GetCurrentPanelBrightnessFromOS{hpCasl.enReturnCode(CaslWmi.enPanelBrightnessDataType,ushort&)}|Exception occurred in querying WMI for WmiMonitorBrightness: 'Not supported 'Error - 5/9/2012 12:21:42 PM | Computer Name = Deathwing | Source = CaslWmi | ID = 5Description = 2012/05/09 09:21:42.816|0000140C|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio stateError - 5/9/2012 12:23:25 PM | Computer Name = Deathwing | Source = CaslWmi | ID = 5Description = 2012/05/09 09:23:25.173|00001D84|Error |[CaslWmi]CommandPanelBrightness::GetCurrentPanelBrightnessFromOS{hpCasl.enReturnCode(CaslWmi.enPanelBrightnessDataType,ushort&)}|Exception occurred in querying WMI for WmiMonitorBrightness: 'Not supported '[ System Events ]Error - 5/3/2012 9:31:54 AM | Computer Name = Deathwing | Source = Disk | ID = 262155Description = The driver detected a controller error on \Device\Harddisk1\DR10.Error - 5/3/2012 9:31:55 AM | Computer Name = Deathwing | Source = Disk | ID = 262155Description = The driver detected a controller error on \Device\Harddisk1\DR10.Error - 5/8/2012 3:09:37 PM | Computer Name = Deathwing | Source = Service Control Manager | ID = 7034Description = The Bluetooth Device Monitor service terminated unexpectedly. It has done this 1 time(s).Error - 5/8/2012 3:09:37 PM | Computer Name = Deathwing | Source = Service Control Manager | ID = 7034Description = The Bluetooth OBEX Service service terminated unexpectedly. It has done this 1 time(s).Error - 5/8/2012 3:09:37 PM | Computer Name = Deathwing | Source = Service Control Manager | ID = 7034Description = The Bluetooth Media Service service terminated unexpectedly. It has done this 1 time(s).Error - 5/8/2012 3:13:44 PM | Computer Name = Deathwing | Source = Service Control Manager | ID = 7030Description = The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.Error - 5/8/2012 3:16:44 PM | Computer Name = Deathwing | Source = Application Popup | ID = 1060Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.Error - 5/8/2012 3:17:12 PM | Computer Name = Deathwing | Source = Service Control Manager | ID = 7030Description = The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.Error - 5/8/2012 10:29:31 PM | Computer Name = Deathwing | Source = Service Control Manager | ID = 7030Description = The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.Error - 5/8/2012 10:32:03 PM | Computer Name = Deathwing | Source = Service Control Manager | ID = 7030Description = The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.< End of report > Link to post Share on other sites More sharing options...
MrCharlie Posted May 10, 2012 ID:550241 Share Posted May 10, 2012 OK, it's late here and I'll get back to you tomorrow am....MrC Link to post Share on other sites More sharing options...
MrCharlie Posted May 10, 2012 ID:550278 Share Posted May 10, 2012 While I look over the logs, please confirm for me that you get redirects in all three browsers.Also can you post the log from MB:Please Update and run a Quick Scan with MBAM, post the report.Make sure that everything is checked, and click Remove Selected.Thanks....MrC Link to post Share on other sites More sharing options...
MrCharlie Posted May 10, 2012 ID:550300 Share Posted May 10, 2012 Please do what I mention in the post above first....then:Please do this:Run OTLUnder the Custom Scans/Fixes box at the bottom, paste in the following :OTL[2011/12/23 23:56:46 | 000,008,846 | -HS- | C] () -- C:\Users\Lucas\AppData\Local\458ffeq4p6hr700641u@Alternate Data Stream - 1211 bytes -> C:\ProgramData\Microsoft:ao1VlNx8YbGrn9Wv1Onms6MKZd@Alternate Data Stream - 1062 bytes -> C:\ProgramData\Microsoft:wXz4oHAJVT4QGLZeJNjw8iHdTa:Commands[EMPTYJAVA][emptytemp]Then click the Run Fix button at the topLet the program run unhindered, when done it will say "Fix Complete press ok to open the log"Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.MrC Link to post Share on other sites More sharing options...
infectedturtle Posted May 11, 2012 Author ID:550505 Share Posted May 11, 2012 Malwarebytes Anti-Malware 1.61.0.1400www.malwarebytes.orgDatabase version: v2012.05.08.02Windows 7 Service Pack 1 x64 NTFSInternet Explorer 9.0.8112.16421Lucas :: DEATHWING [administrator]5/8/2012 8:14:04 PMmbam-log-2012-05-08 (20-14-04).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 201952Time elapsed: 2 minute(s), 51 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 1C:\Users\Lucas\AppData\Roaming\.minecraft\.minecraft\sqduxv.dll (Trojan.Happili.XGen) -> Quarantined and deleted successfully.(end) Link to post Share on other sites More sharing options...
Recommended Posts