Google Virus/Scour. Infected Please help

Melbee · August 17, 2012

I'm infected with scour. I'm running Windows 7 64bit version. Any help you can give would really be appreciated! Thanks in advance.

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.0

Run by Melbee at 14:47:02 on 2012-08-17

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8157.5163 [GMT -6:00]

.

AV: Kaspersky PURE *Enabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Kaspersky PURE *Enabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}

FW: Kaspersky PURE *Enabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\avp.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe

C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe

C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\avp.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k HPService

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

C:\Program Files (x86)\Windows Media Player\wmplayer.exe

C:\Windows\system32\calc.exe

C:\Users\Melbee\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Users\Melbee\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Internet Explorer\IELowutil.exe

C:\Users\Melbee\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

mStart Page = about:blank

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll

mURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll

BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\ievkbd.dll

BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll

BHO: StartNow Toolbar Helper: {6e13d095-45c3-4271-9475-f3b48227dd9f} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO: Logitech Scroll App: {e11db59d-5008-42ff-9069-535843bc0be1} - C:\Program Files\Logitech\ScrollApp\32-bit\LogiSmooth.dll

BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll

TB: StartNow Toolbar: {5911488e-9d1e-40ec-8cbb-06b231cc153f} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll

TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

TB: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File

uRun: [ccleaner] "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO

uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe -update activex

mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\avp.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\ie_banner_deny.htm

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll

DPF: {2DEF4530-8CE6-41C9-84B6-A54536C90213} - hxxp://www.yardiaspla5.com/56622nevins/activexviewer9.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 75.75.76.76 75.75.75.75

TCP: Interfaces\{F3DCC8AC-FAEC-404A-88A4-77C8B2F58823} : DhcpNameServer = 75.75.76.76 75.75.75.75

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll, C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll

BHO-X64: Increase performance and video formats for your HTML5 <video> - No File

BHO-X64: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\ievkbd.dll

BHO-X64: IEVkbdBHO - No File

BHO-X64: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll

BHO-X64: uTorrentControl2 - No File

BHO-X64: StartNow Toolbar Helper: {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll

BHO-X64: StartNow Toolbar Helper - No File

BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO-X64: Search Helper - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO-X64: Logitech Scroll App: {E11DB59D-5008-42ff-9069-535843BC0BE1} - C:\Program Files\Logitech\ScrollApp\32-bit\LogiSmooth.dll

BHO-X64: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll

BHO-X64: link filter bho - No File

TB-X64: StartNow Toolbar: {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll

TB-X64: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll

TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

TB-X64: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File

mRun-x64: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\avp.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

AppInit_DLLs-X64: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll, C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Melbee\AppData\Roaming\Mozilla\Firefox\Profiles\be1qz4m5.default\

FF - prefs.js: browser.startup.homepage - www.google.com

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=

FF - prefs.js: network.proxy.type - 0

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll

FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\Melbee\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: C:\Users\Melbee\AppData\Roaming\Mozilla\Firefox\Profiles\be1qz4m5.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\plugins\np-mswmp.dll

FF - plugin: C:\Users\Melbee\AppData\Roaming\Mozilla\plugins\npicaN.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll

FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

.

============= SERVICES / DRIVERS ===============

.

R0 CSCrySec;InfoWatch Encrypt Sector Library driver;C:\Windows\system32\DRIVERS\CSCrySec.sys --> C:\Windows\system32\DRIVERS\CSCrySec.sys [?]

R0 KLBG;Kaspersky Lab Boot Guard Driver;C:\Windows\system32\DRIVERS\klbg.sys --> C:\Windows\system32\DRIVERS\klbg.sys [?]

R1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;C:\Windows\system32\DRIVERS\CSVirtualDiskDrv.sys --> C:\Windows\system32\DRIVERS\CSVirtualDiskDrv.sys [?]

R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys --> C:\Windows\system32\DRIVERS\klim6.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]

R2 AVP;Kaspersky PURE;C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\avp.exe [2010-10-1 348760]

R2 CSObjectsSrv;CryptoStorage control service;C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [2009-12-21 743992]

R2 FreeAgentGoNext Service;Seagate Service;C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-9-25 189736]

R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2010-9-16 80896]

R2 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar;C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe [2012-6-22 265952]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]

R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\system32\DRIVERS\klmouflt.sys --> C:\Windows\system32\DRIVERS\klmouflt.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-6-1 250056]

S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]

S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\system32\DRIVERS\htcnprot.sys --> C:\Windows\system32\DRIVERS\htcnprot.sys [?]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-12 113120]

S3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-08-17 18:08:59 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6BDB0186-E3D6-41C0-921C-18DE87B7E62D}\mpengine.dll

2012-08-16 20:43:32 -------- d-----w- C:\Users\Melbee\AppData\Roaming\Malwarebytes

2012-08-16 20:43:17 -------- d-----w- C:\ProgramData\Malwarebytes

2012-08-16 20:43:16 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-08-16 20:43:16 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-08-16 04:25:13 -------- d-----w- C:\Users\Melbee\AppData\Roaming\StartNow Toolbar

2012-08-16 04:12:40 751104 ----a-w- C:\Windows\System32\win32spl.dll

2012-08-16 04:12:40 67072 ----a-w- C:\Windows\splwow64.exe

2012-08-16 04:12:40 559104 ----a-w- C:\Windows\System32\spoolsv.exe

2012-08-16 04:12:40 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll

2012-08-16 04:12:38 503808 ----a-w- C:\Windows\System32\srcore.dll

2012-08-16 04:12:38 43008 ----a-w- C:\Windows\SysWow64\srclient.dll

2012-08-16 04:12:36 59392 ----a-w- C:\Windows\System32\browcli.dll

2012-08-16 04:12:36 41984 ----a-w- C:\Windows\SysWow64\browcli.dll

2012-08-16 04:12:36 136704 ----a-w- C:\Windows\System32\browser.dll

2012-08-16 04:12:35 3148800 ----a-w- C:\Windows\System32\win32k.sys

2012-08-16 04:12:33 956928 ----a-w- C:\Windows\System32\localspl.dll

2012-08-14 20:58:59 -------- d-----w- C:\Users\Melbee\AppData\Local\{EE075814-4890-4414-89FA-E798DBDD9F5A}

2012-08-07 00:21:03 772592 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2012-08-07 00:01:14 -------- d-----w- C:\Users\Melbee\.morena

2012-07-27 20:51:30 184248 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll

2012-07-27 20:51:30 184248 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll

.

==================== Find3M ====================

.

2012-08-07 00:20:48 687600 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-08-05 20:47:14 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-08-05 20:47:14 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2012-06-29 03:49:11 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-06-29 03:39:48 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-06-29 00:16:58 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-06-29 00:09:01 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-06-29 00:08:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-06-29 00:04:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-06-29 00:00:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-06-25 22:04:24 1394248 ----a-w- C:\Windows\SysWow64\msxml4.dll

2012-06-07 02:59:42 1070152 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX

2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll

2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll

2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll

2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll

2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll

2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll

2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-06-02 21:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-06-02 21:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys

2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll

2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll

2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

2012-05-31 18:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe

.

============= FINISH: 14:48:06.22 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 1/13/2010 7:57:58 PM

System Uptime: 8/16/2012 2:56:36 PM (24 hours ago)

.

Motherboard: ASUSTeK Computer INC. | | CG5270

Processor: Intel® Core2 Quad CPU Q8300 @ 2.50GHz | LGA775 | 2499/333mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 373 GiB total, 127.999 GiB free.

D: is FIXED (NTFS) - 551 GiB total, 550.792 GiB free.

E: is CDROM (UDF)

F: is FIXED (NTFS) - 931 GiB total, 930.138 GiB free.

G: is CDROM ()

I: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Photosmart Prem C310 series

Device ID: ROOT\MULTIFUNCTION\0000

Manufacturer: HP

Name: Photosmart Prem C310 series

PNP Device ID: ROOT\MULTIFUNCTION\0000

Service:

.

==== System Restore Points ===================

.

RP376: 7/20/2012 4:05:49 PM - Windows Update

RP377: 7/24/2012 4:31:24 AM - Windows Update

RP378: 8/5/2012 7:22:55 PM - Windows Update

RP383: 8/15/2012 10:57:53 PM - Scheduled Checkpoint

RP384: 8/16/2012 3:00:16 AM - Windows Update

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

AC3Filter (remove only)

ACDSee Pro 4

Adobe AIR

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.4)

Amazon MP3 Downloader 1.0.10

Apple Application Support

Apple Software Update

ASUSUpdate

AviSynth 2.5

calibre

Carbonite Online Backup Setup

Citrix XenApp Web Plugin

Compatibility Pack for the 2007 Office system

CuteFTP 8 Professional

D3DX10

DAEMON Tools Pro

DivX Setup

Dropbox

EPU-4 Engine

eReg

foobar2000 v1.1.11

Google App Engine

Google Chrome

Google Talk (remove only)

GPL Ghostscript Lite 8.70

HoldingPattern Screen Saver

HTC BMP USB Driver

HTC Driver Installer

iShutdown

Java Auto Updater

Java 6 Update 22

Java 6 Update 31

Java 7 Update 5

Junk Mail filter update

K-Lite Codec Pack 5.4.4 (Basic)

Kaspersky PURE

Keeper Password & Data Vault

Malwarebytes Anti-Malware version 1.62.0.1300

Microsoft .NET Framework 1.1

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office Live Add-in 1.5

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Suite Activation Assistant

Microsoft Office Word 2007

Microsoft Office Word MUI (English) 2007

Microsoft Search Enhancement Pack

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ Run Time Lib Setup

Microsoft Works

Mozilla Firefox 14.0.1 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP3 Parser

MSXML 4.0 SP3 Parser (KB2721691)

MSXML 4.0 SP3 Parser (KB973685)

MyLink Access

OpenOffice.org 3.3

PS_AIO_07_C310_SW_Min

QuickTime

Qwest Installer

Realtek 8136 8168 8169 Ethernet Driver

Realtek High Definition Audio Driver

Rosetta Stone Version 3

Scan

Seagate Manager Installer

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition

SpiderOak

Spotify

StartNow Toolbar

Thinkwell

Toolbox

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Infopath 2007 Help (KB963662)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687400) 32-Bit Edition

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

uTorrentControl2 Toolbar

VC80CRTRedist - 8.0.50727.6195

Vid-Saver

VLC media player 2.0.1

WebEx Support Manager for Internet Explorer

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Windows Media Player Firefox Plugin

WinSCP 5.0.7 beta

.

==== Event Viewer Messages From Past Week ========

.

8/17/2012 9:57:58 AM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.

8/16/2012 3:06:12 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

8/16/2012 3:06:12 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

8/16/2012 2:58:03 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

8/16/2012 2:57:19 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ASPI32

8/16/2012 2:56:43 PM, Error: Application Popup [1060] - \SystemRoot\SysWow64\Drivers\ASPI32.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

8/15/2012 2:13:26 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSearch service.

8/14/2012 2:23:58 AM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: 490@01010004

.

==== End Of File ===========================

MrCharlie · August 17, 2012

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

Melbee · August 17, 2012

Thanks for your help on this. Here's the report:

RogueKiller V7.6.6 [08/10/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: Melbee [Admin rights]

Mode: Scan -- Date: 08/17/2012 16:38:41

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 3 ¤¤¤

[HJ] HKCU\[...]\Advanced : Start_TrackProgs (0) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST31000528AS ATA Device +++++

--- User ---

[MBR] 8a13ec56b63e836d5b03d894fb580fa3

[bSP] 813a3029ef30b05f87670a1b1221adcd : MBR Code unknown

Partition table:

0 - [XXXXXX] FAT32 (0x1b) [HIDDEN!] Offset (sectors): 63 | Size: 8197 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 16787925 | Size: 381551 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 798205590 | Size: 564118 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD10EADS-98M2B2 ATA Device +++++

--- User ---

[MBR] 232db92decfa30be4c19a3a8c625d302

[bSP] 242d01e79a38d5053ce094e05df00ad8 : MBR Code unknown

Partition table:

0 - [XXXXXX] UNKNOWN (0xee) [VISIBLE] Offset (sectors): 1 | Size: 2097151 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

MrCharlie · August 18, 2012

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

------------------------

Click the Start Scan button.

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

Melbee · August 20, 2012

I did as instructed. It did find 4 threats that I had quarantined. Here's is the report:

08:05:08.0280 4284 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05

08:05:08.0709 4284 ============================================================

08:05:08.0709 4284 Current date / time: 2012/08/20 08:05:08.0709

08:05:08.0709 4284 SystemInfo:

08:05:08.0709 4284

08:05:08.0709 4284 OS Version: 6.1.7601 ServicePack: 1.0

08:05:08.0709 4284 Product type: Workstation

08:05:08.0709 4284 ComputerName: MR_FANTASTIC

08:05:08.0709 4284 UserName: Melbee

08:05:08.0709 4284 Windows directory: C:\Windows

08:05:08.0709 4284 System windows directory: C:\Windows

08:05:08.0709 4284 Running under WOW64

08:05:08.0709 4284 Processor architecture: Intel x64

08:05:08.0709 4284 Number of processors: 4

08:05:08.0710 4284 Page size: 0x1000

08:05:08.0710 4284 Boot type: Normal boot

08:05:08.0710 4284 ============================================================

08:05:09.0692 4284 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

08:05:16.0373 4284 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

08:05:16.0379 4284 ============================================================

08:05:16.0379 4284 \Device\Harddisk0\DR0:

08:05:16.0379 4284 MBR partitions:

08:05:16.0379 4284 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x10029D5, BlocksNum 0x2E937CC1

08:05:16.0379 4284 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2F93A696, BlocksNum 0x44DCB32B

08:05:16.0379 4284 \Device\Harddisk1\DR1:

08:05:16.0380 4284 GPT partitions:

08:05:16.0380 4284 \Device\Harddisk1\DR1\Partition1: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {54728DAD-8532-4B5B-809A-041401E634D8}, Name: Microsoft reserved partition, StartLBA 0x22, BlocksNum 0x40000

08:05:16.0380 4284 \Device\Harddisk1\DR1\Partition2: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {39C3FD3F-FE30-47F9-B193-570825053071}, Name: Basic data partition, StartLBA 0x40800, BlocksNum 0x746C6000

08:05:16.0380 4284 MBR partitions:

08:05:16.0380 4284 ============================================================

08:05:16.0398 4284 C: <-> \Device\Harddisk0\DR0\Partition1

08:05:16.0429 4284 D: <-> \Device\Harddisk0\DR0\Partition2

08:05:16.0430 4284 F: <-> \Device\Harddisk1\DR1\Partition2

08:05:16.0430 4284 ============================================================

08:05:16.0430 4284 Initialize success

08:05:16.0430 4284 ============================================================

08:06:19.0717 3440 ============================================================

08:06:19.0717 3440 Scan started

08:06:19.0717 3440 Mode: Manual; SigCheck; TDLFS;

08:06:19.0717 3440 ============================================================

08:06:20.0193 3440 ================ Scan services =============================

08:06:20.0291 3440 [ a87d604aea360176311474c87a63bb88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys

08:06:20.0477 3440 1394ohci - ok

08:06:20.0495 3440 [ d81d9e70b8a6dd14d42d7b4efa65d5f2 ] ACPI C:\Windows\system32\drivers\ACPI.sys

08:06:20.0524 3440 ACPI - ok

08:06:20.0538 3440 [ 99f8e788246d495ce3794d7e7821d2ca ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys

08:06:20.0592 3440 AcpiPmi - ok

08:06:20.0678 3440 [ d19c4ee2ac7c47b8f5f84fff1a789d8a ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

08:06:20.0702 3440 AdobeARMservice - ok

08:06:20.0790 3440 [ f19c98ad81d2c0e1bbfd8153d2c80ee8 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

08:06:20.0811 3440 AdobeFlashPlayerUpdateSvc - ok

08:06:20.0844 3440 [ 2f6b34b83843f0c5118b63ac634f5bf4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys

08:06:20.0883 3440 adp94xx - ok

08:06:20.0897 3440 [ 597f78224ee9224ea1a13d6350ced962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys

08:06:20.0929 3440 adpahci - ok

08:06:20.0945 3440 [ e109549c90f62fb570b9540c4b148e54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys

08:06:20.0975 3440 adpu320 - ok

08:06:20.0998 3440 [ 4b78b431f225fd8624c5655cb1de7b61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

08:06:21.0113 3440 AeLookupSvc - ok

08:06:21.0144 3440 [ 1c7857b62de5994a75b054a9fd4c3825 ] AFD C:\Windows\system32\drivers\afd.sys

08:06:21.0201 3440 AFD - ok

08:06:21.0232 3440 [ 608c14dba7299d8cb6ed035a68a15799 ] agp440 C:\Windows\system32\drivers\agp440.sys

08:06:21.0257 3440 agp440 - ok

08:06:21.0276 3440 [ 3290d6946b5e30e70414990574883ddb ] ALG C:\Windows\System32\alg.exe

08:06:21.0327 3440 ALG - ok

08:06:21.0343 3440 [ 5812713a477a3ad7363c7438ca2ee038 ] aliide C:\Windows\system32\drivers\aliide.sys

08:06:21.0366 3440 aliide - ok

08:06:21.0376 3440 [ 1ff8b4431c353ce385c875f194924c0c ] amdide C:\Windows\system32\drivers\amdide.sys

08:06:21.0399 3440 amdide - ok

08:06:21.0425 3440 [ 7024f087cff1833a806193ef9d22cda9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys

08:06:21.0479 3440 AmdK8 - ok

08:06:21.0493 3440 [ 1e56388b3fe0d031c44144eb8c4d6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys

08:06:21.0530 3440 AmdPPM - ok

08:06:21.0564 3440 [ d4121ae6d0c0e7e13aa221aa57ef2d49 ] amdsata C:\Windows\system32\drivers\amdsata.sys

08:06:21.0590 3440 amdsata - ok

08:06:21.0607 3440 [ f67f933e79241ed32ff46a4f29b5120b ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys

08:06:21.0637 3440 amdsbs - ok

08:06:21.0647 3440 [ 540daf1cea6094886d72126fd7c33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys

08:06:21.0670 3440 amdxata - ok

08:06:21.0705 3440 [ 89a69c3f2f319b43379399547526d952 ] AppID C:\Windows\system32\drivers\appid.sys

08:06:21.0837 3440 AppID - ok

08:06:21.0851 3440 [ 0bc381a15355a3982216f7172f545de1 ] AppIDSvc C:\Windows\System32\appidsvc.dll

08:06:21.0909 3440 AppIDSvc - ok

08:06:21.0940 3440 [ 3977d4a871ca0d4f2ed1e7db46829731 ] Appinfo C:\Windows\System32\appinfo.dll

08:06:22.0001 3440 Appinfo - ok

08:06:22.0083 3440 [ f401929ee0cc92bfe7f15161ca535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

08:06:22.0104 3440 Apple Mobile Device - ok

08:06:22.0120 3440 [ c484f8ceb1717c540242531db7845c4e ] arc C:\Windows\system32\DRIVERS\arc.sys

08:06:22.0148 3440 arc - ok

08:06:22.0159 3440 [ 019af6924aefe7839f61c830227fe79c ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys

08:06:22.0187 3440 arcsas - ok

08:06:22.0223 3440 [ edaa17ce771c696655b6585f7cad2100 ] ASInsHelp C:\Windows\SysWow64\drivers\AsInsHelp64.sys

08:06:22.0272 3440 ASInsHelp - ok

08:06:22.0299 3440 [ a82c01606dc27d05d9d3bfb6bb807e32 ] AsIO C:\Windows\syswow64\drivers\AsIO.sys

08:06:22.0320 3440 AsIO - ok

08:06:22.0346 3440 ASPI32 - ok

08:06:22.0364 3440 [ 769765ce2cc62867468cea93969b2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

08:06:22.0437 3440 AsyncMac - ok

08:06:22.0472 3440 [ 02062c0b390b7729edc9e69c680a6f3c ] atapi C:\Windows\system32\drivers\atapi.sys

08:06:22.0495 3440 atapi - ok

08:06:22.0534 3440 [ f23fef6d569fce88671949894a8becf1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

08:06:22.0603 3440 AudioEndpointBuilder - ok

08:06:22.0614 3440 [ f23fef6d569fce88671949894a8becf1 ] AudioSrv C:\Windows\System32\Audiosrv.dll

08:06:22.0659 3440 AudioSrv - ok

08:06:22.0710 3440 [ a2b790f9a751f24f17967f9a5574186d ] AVP C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\avp.exe

08:06:22.0739 3440 AVP - ok

08:06:22.0786 3440 [ a6bf31a71b409dfa8cac83159e1e2aff ] AxInstSV C:\Windows\System32\AxInstSV.dll

08:06:22.0853 3440 AxInstSV - ok

08:06:22.0881 3440 [ 3e5b191307609f7514148c6832bb0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys

08:06:22.0936 3440 b06bdrv - ok

08:06:22.0961 3440 [ b5ace6968304a3900eeb1ebfd9622df2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys

08:06:23.0007 3440 b57nd60a - ok

08:06:23.0043 3440 [ fde360167101b4e45a96f939f388aeb0 ] BDESVC C:\Windows\System32\bdesvc.dll

08:06:23.0110 3440 BDESVC - ok

08:06:23.0128 3440 [ 16a47ce2decc9b099349a5f840654746 ] Beep C:\Windows\system32\drivers\Beep.sys

08:06:23.0186 3440 Beep - ok

08:06:23.0222 3440 [ 82974d6a2fd19445cc5171fc378668a4 ] BFE C:\Windows\System32\bfe.dll

08:06:23.0284 3440 BFE - ok

08:06:23.0313 3440 [ 1ea7969e3271cbc59e1730697dc74682 ] BITS C:\Windows\System32\qmgr.dll

08:06:23.0379 3440 BITS - ok

08:06:23.0406 3440 [ 61583ee3c3a17003c4acd0475646b4d3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys

08:06:23.0447 3440 blbdrive - ok

08:06:23.0505 3440 [ ebbcd5dfbb1de70e8f4af8fa59e401fd ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

08:06:23.0535 3440 Bonjour Service - ok

08:06:23.0594 3440 [ 6c02a83164f5cc0a262f4199f0871cf5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

08:06:23.0628 3440 bowser - ok

08:06:23.0644 3440 [ f09eee9edc320b5e1501f749fde686c8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys

08:06:23.0711 3440 BrFiltLo - ok

08:06:23.0725 3440 [ b114d3098e9bdb8bea8b053685831be6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys

08:06:23.0770 3440 BrFiltUp - ok

08:06:23.0807 3440 [ 05f5a0d14a2ee1d8255c2aa0e9e8e694 ] Browser C:\Windows\System32\browser.dll

08:06:23.0849 3440 Browser - ok

08:06:23.0864 3440 [ 43bea8d483bf1870f018e2d02e06a5bd ] Brserid C:\Windows\System32\Drivers\Brserid.sys

08:06:23.0916 3440 Brserid - ok

08:06:23.0929 3440 [ a6eca2151b08a09caceca35c07f05b42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

08:06:23.0966 3440 BrSerWdm - ok

08:06:23.0979 3440 [ b79968002c277e869cf38bd22cd61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

08:06:24.0016 3440 BrUsbMdm - ok

08:06:24.0020 3440 [ a87528880231c54e75ea7a44943b38bf ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

08:06:24.0048 3440 BrUsbSer - ok

08:06:24.0069 3440 [ 9da669f11d1f894ab4eb69bf546a42e8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys

08:06:24.0101 3440 BTHMODEM - ok

08:06:24.0129 3440 [ 95f9c2976059462cbbf227f7aab10de9 ] bthserv C:\Windows\system32\bthserv.dll

08:06:24.0179 3440 bthserv - ok

08:06:24.0193 3440 [ b8bd2bb284668c84865658c77574381a ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

08:06:24.0250 3440 cdfs - ok

08:06:24.0298 3440 [ f036ce71586e93d94dab220d7bdf4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

08:06:24.0341 3440 cdrom - ok

08:06:24.0383 3440 [ f17d1d393bbc69c5322fbfafaca28c7f ] CertPropSvc C:\Windows\System32\certprop.dll

08:06:24.0444 3440 CertPropSvc - ok

08:06:24.0468 3440 [ d7cd5c4e1b71fa62050515314cfb52cf ] circlass C:\Windows\system32\DRIVERS\circlass.sys

08:06:24.0513 3440 circlass - ok

08:06:24.0531 3440 [ fe1ec06f2253f691fe36217c592a0206 ] CLFS C:\Windows\system32\CLFS.sys

08:06:24.0564 3440 CLFS - ok

08:06:24.0606 3440 [ d88040f816fda31c3b466f0fa0918f29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

08:06:24.0634 3440 clr_optimization_v2.0.50727_32 - ok

08:06:24.0673 3440 [ d1ceea2b47cb998321c579651ce3e4f8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

08:06:24.0698 3440 clr_optimization_v2.0.50727_64 - ok

08:06:24.0743 3440 [ c5a75eb48e2344abdc162bda79e16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

08:06:24.0767 3440 clr_optimization_v4.0.30319_32 - ok

08:06:24.0804 3440 [ c6f9af94dcd58122a4d7e89db6bed29d ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

08:06:24.0827 3440 clr_optimization_v4.0.30319_64 - ok

08:06:24.0837 3440 [ 0840155d0bddf1190f84a663c284bd33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys

08:06:24.0873 3440 CmBatt - ok

08:06:24.0910 3440 [ e19d3f095812725d88f9001985b94edd ] cmdide C:\Windows\system32\drivers\cmdide.sys

08:06:24.0932 3440 cmdide - ok

08:06:24.0963 3440 [ 9ac4f97c2d3e93367e2148ea940cd2cd ] CNG C:\Windows\system32\Drivers\cng.sys

08:06:24.0999 3440 CNG - ok

08:06:25.0007 3440 [ 102de219c3f61415f964c88e9085ad14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys

08:06:25.0034 3440 Compbatt - ok

08:06:25.0049 3440 [ 03edb043586cceba243d689bdda370a8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys

08:06:25.0084 3440 CompositeBus - ok

08:06:25.0096 3440 COMSysApp - ok

08:06:25.0114 3440 [ 1c827878a998c18847245fe1f34ee597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys

08:06:25.0142 3440 crcdisk - ok

08:06:25.0192 3440 [ 4f5414602e2544a4554d95517948b705 ] CryptSvc C:\Windows\system32\cryptsvc.dll

08:06:25.0243 3440 CryptSvc - ok

08:06:25.0284 3440 [ ab1201f8de199e764da9a32abf71049c ] CSCrySec C:\Windows\system32\DRIVERS\CSCrySec.sys

08:06:25.0310 3440 CSCrySec - ok

08:06:25.0393 3440 [ 6e5b42219f1fe4a3d087d9d501e343d5 ] CSObjectsSrv C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe

08:06:25.0429 3440 CSObjectsSrv - ok

08:06:25.0464 3440 [ a6eed705bb510fa6b0f9f097165a3395 ] CSVirtualDiskDrv C:\Windows\system32\DRIVERS\CSVirtualDiskDrv.sys

08:06:25.0498 3440 CSVirtualDiskDrv - ok

08:06:25.0537 3440 [ 5c627d1b1138676c0a7ab2c2c190d123 ] DcomLaunch C:\Windows\system32\rpcss.dll

08:06:25.0598 3440 DcomLaunch - ok

08:06:25.0622 3440 [ 3cec7631a84943677aa8fa8ee5b6b43d ] defragsvc C:\Windows\System32\defragsvc.dll

08:06:25.0681 3440 defragsvc - ok

08:06:25.0712 3440 [ 9bb2ef44eaa163b29c4a4587887a0fe4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

08:06:25.0781 3440 DfsC - ok

08:06:25.0825 3440 [ 43d808f5d9e1a18e5eeb5ebc83969e4e ] Dhcp C:\Windows\system32\dhcpcore.dll

08:06:25.0885 3440 Dhcp - ok

08:06:25.0901 3440 [ 13096b05847ec78f0977f2c0f79e9ab3 ] discache C:\Windows\system32\drivers\discache.sys

08:06:25.0958 3440 discache - ok

08:06:25.0980 3440 [ 9819eee8b5ea3784ec4af3b137a5244c ] Disk C:\Windows\system32\DRIVERS\disk.sys

08:06:26.0008 3440 Disk - ok

08:06:26.0039 3440 [ 16835866aaa693c7d7fceba8fff706e4 ] Dnscache C:\Windows\System32\dnsrslvr.dll

08:06:26.0168 3440 Dnscache - ok

08:06:26.0199 3440 [ b1fb3ddca0fdf408750d5843591afbc6 ] dot3svc C:\Windows\System32\dot3svc.dll

08:06:26.0356 3440 dot3svc - ok

08:06:26.0379 3440 [ b26f4f737e8f9df4f31af6cf31d05820 ] DPS C:\Windows\system32\dps.dll

08:06:26.0425 3440 DPS - ok

08:06:26.0445 3440 [ 9b19f34400d24df84c858a421c205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

08:06:26.0475 3440 drmkaud - ok

08:06:26.0525 3440 [ f5bee30450e18e6b83a5012c100616fd ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

08:06:26.0567 3440 DXGKrnl - ok

08:06:26.0590 3440 [ e2dda8726da9cb5b2c4000c9018a9633 ] EapHost C:\Windows\System32\eapsvc.dll

08:06:26.0648 3440 EapHost - ok

08:06:26.0704 3440 [ dc5d737f51be844d8c82c695eb17372f ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys

08:06:26.0803 3440 ebdrv - ok

08:06:26.0828 3440 [ c118a82cd78818c29ab228366ebf81c3 ] EFS C:\Windows\System32\lsass.exe

08:06:26.0888 3440 EFS - ok

08:06:26.0925 3440 [ c4002b6b41975f057d98c439030cea07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe

08:06:26.0985 3440 ehRecvr - ok

08:06:27.0003 3440 [ 4705e8ef9934482c5bb488ce28afc681 ] ehSched C:\Windows\ehome\ehsched.exe

08:06:27.0054 3440 ehSched - ok

08:06:27.0086 3440 [ 0e5da5369a0fcaea12456dd852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys

08:06:27.0122 3440 elxstor - ok

08:06:27.0156 3440 [ 34a3c54752046e79a126e15c51db409b ] ErrDev C:\Windows\system32\drivers\errdev.sys

08:06:27.0200 3440 ErrDev - ok

08:06:27.0223 3440 [ 4166f82be4d24938977dd1746be9b8a0 ] EventSystem C:\Windows\system32\es.dll

08:06:27.0292 3440 EventSystem - ok

08:06:27.0315 3440 [ a510c654ec00c1e9bdd91eeb3a59823b ] exfat C:\Windows\system32\drivers\exfat.sys

08:06:27.0362 3440 exfat - ok

08:06:27.0379 3440 [ 0adc83218b66a6db380c330836f3e36d ] fastfat C:\Windows\system32\drivers\fastfat.sys

08:06:27.0434 3440 fastfat - ok

08:06:27.0457 3440 [ dbefd454f8318a0ef691fdd2eaab44eb ] Fax C:\Windows\system32\fxssvc.exe

08:06:27.0520 3440 Fax - ok

08:06:27.0534 3440 [ d765d19cd8ef61f650c384f62fac00ab ] fdc C:\Windows\system32\DRIVERS\fdc.sys

08:06:27.0568 3440 fdc - ok

08:06:27.0589 3440 [ 0438cab2e03f4fb61455a7956026fe86 ] fdPHost C:\Windows\system32\fdPHost.dll

08:06:27.0656 3440 fdPHost - ok

08:06:27.0671 3440 [ 802496cb59a30349f9a6dd22d6947644 ] FDResPub C:\Windows\system32\fdrespub.dll

08:06:27.0721 3440 FDResPub - ok

08:06:27.0731 3440 [ 655661be46b5f5f3fd454e2c3095b930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

08:06:27.0755 3440 FileInfo - ok

08:06:27.0759 3440 [ 5f671ab5bc87eea04ec38a6cd5962a47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

08:06:27.0818 3440 Filetrace - ok

08:06:27.0870 3440 [ bb0667b0171b632b97ea759515476f07 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

08:06:27.0906 3440 FLEXnet Licensing Service - ok

08:06:27.0919 3440 [ c172a0f53008eaeb8ea33fe10e177af5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys

08:06:27.0954 3440 flpydisk - ok

08:06:27.0972 3440 [ da6b67270fd9db3697b20fce94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

08:06:28.0001 3440 FltMgr - ok

08:06:28.0050 3440 [ 5c4cb4086fb83115b153e47add961a0c ] FontCache C:\Windows\system32\FntCache.dll

08:06:28.0132 3440 FontCache - ok

08:06:28.0180 3440 [ a8b7f3818ab65695e3a0bb3279f6dce6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

08:06:28.0205 3440 FontCache3.0.0.0 - ok

08:06:28.0258 3440 [ 9513b437b7adb1e6065b7f0d83d11ecf ] FreeAgentGoNext Service C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe

08:06:28.0286 3440 FreeAgentGoNext Service - ok

08:06:28.0295 3440 [ d43703496149971890703b4b1b723eac ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

08:06:28.0318 3440 FsDepends - ok

08:06:28.0347 3440 [ 6c06701bf1db05405804d7eb610991ce ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys

08:06:28.0373 3440 fssfltr - ok

08:06:28.0451 3440 [ 4ce9dac1518ff7e77bd213e6394b9d77 ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe

08:06:28.0518 3440 fsssvc - ok

08:06:28.0545 3440 [ 6bd9295cc032dd3077c671fccf579a7b ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

08:06:28.0572 3440 Fs_Rec - ok

08:06:28.0602 3440 [ 1f7b25b858fa27015169fe95e54108ed ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

08:06:28.0649 3440 fvevol - ok

08:06:28.0664 3440 [ 8c778d335c9d272cfd3298ab02abe3b6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys

08:06:28.0692 3440 gagp30kx - ok

08:06:28.0707 3440 [ e403aacf8c7bb11375122d2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

08:06:28.0729 3440 GEARAspiWDM - ok

08:06:28.0764 3440 [ 277bbc7e1aa1ee957f573a10eca7ef3a ] gpsvc C:\Windows\System32\gpsvc.dll

08:06:28.0832 3440 gpsvc - ok

08:06:28.0850 3440 [ f2523ef6460fc42405b12248338ab2f0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

08:06:28.0907 3440 hcw85cir - ok

08:06:28.0952 3440 [ 975761c778e33cd22498059b91e7373a ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

08:06:28.0996 3440 HdAudAddService - ok

08:06:29.0023 3440 [ 97bfed39b6b79eb12cddbfeed51f56bb ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys

08:06:29.0052 3440 HDAudBus - ok

08:06:29.0073 3440 [ 78e86380454a7b10a5eb255dc44a355f ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys

08:06:29.0111 3440 HidBatt - ok

08:06:29.0129 3440 [ 7fd2a313f7afe5c4dab14798c48dd104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys

08:06:29.0168 3440 HidBth - ok

08:06:29.0183 3440 [ 0a77d29f311b88cfae3b13f9c1a73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys

08:06:29.0210 3440 HidIr - ok

08:06:29.0225 3440 [ bd9eb3958f213f96b97b1d897dee006d ] hidserv C:\Windows\system32\hidserv.dll

08:06:29.0288 3440 hidserv - ok

08:06:29.0297 3440 [ 9592090a7e2b61cd582b612b6df70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

08:06:29.0321 3440 HidUsb - ok

08:06:29.0352 3440 [ 387e72e739e15e3d37907a86d9ff98e2 ] hkmsvc C:\Windows\system32\kmsvc.dll

08:06:29.0424 3440 hkmsvc - ok

08:06:29.0453 3440 [ efdfb3dd38a4376f93e7985173813abd ] HomeGroupListener C:\Windows\system32\ListSvc.dll

08:06:29.0519 3440 HomeGroupListener - ok

08:06:29.0552 3440 [ 908acb1f594274965a53926b10c81e89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

08:06:29.0583 3440 HomeGroupProvider - ok

08:06:29.0617 3440 [ 39d2abcd392f3d8a6dce7b60ae7b8efc ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys

08:06:29.0641 3440 HpSAMD - ok

08:06:29.0704 3440 [ d4f91cf4de215d6f14a06087d46725e4 ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL

08:06:29.0739 3440 HPSLPSVC - ok

08:06:29.0772 3440 [ b8b1b284362e1d8135112573395d5da5 ] htcnprot C:\Windows\system32\DRIVERS\htcnprot.sys

08:06:29.0791 3440 htcnprot - ok

08:06:29.0842 3440 [ 0ea7de1acb728dd5a369fd742d6eee28 ] HTTP C:\Windows\system32\drivers\HTTP.sys

08:06:29.0909 3440 HTTP - ok

08:06:29.0927 3440 [ a5462bd6884960c9dc85ed49d34ff392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

08:06:29.0950 3440 hwpolicy - ok

08:06:29.0976 3440 [ fa55c73d4affa7ee23ac4be53b4592d3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys

08:06:30.0002 3440 i8042prt - ok

08:06:30.0036 3440 [ aaaf44db3bd0b9d1fb6969b23ecc8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys

08:06:30.0066 3440 iaStorV - ok

08:06:30.0112 3440 [ 5988fc40f8db5b0739cd1e3a5d0d78bd ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

08:06:30.0147 3440 idsvc - ok

08:06:30.0321 3440 [ c6238c6abd6ac99f5d152da4e9439a3d ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys

08:06:30.0582 3440 igfx - ok

08:06:30.0598 3440 [ 5c18831c61933628f5bb0ea2675b9d21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys

08:06:30.0621 3440 iirsp - ok

08:06:30.0642 3440 [ fcd84c381e0140af901e58d48882d26b ] IKEEXT C:\Windows\System32\ikeext.dll

08:06:30.0710 3440 IKEEXT - ok

08:06:30.0758 3440 [ d42d651676883181400e22957a7e0b1e ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys

08:06:30.0832 3440 IntcAzAudAddService - ok

08:06:30.0855 3440 [ d485d3bd3e2179aa86853a182f70699f ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys

08:06:30.0886 3440 IntcHdmiAddService - ok

08:06:30.0897 3440 [ f00f20e70c6ec3aa366910083a0518aa ] intelide C:\Windows\system32\drivers\intelide.sys

08:06:30.0920 3440 intelide - ok

08:06:30.0940 3440 [ ada036632c664caa754079041cf1f8c1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

08:06:30.0974 3440 intelppm - ok

08:06:31.0012 3440 [ 098a91c54546a3b878dad6a7e90a455b ] IPBusEnum C:\Windows\system32\ipbusenum.dll

08:06:31.0070 3440 IPBusEnum - ok

08:06:31.0102 3440 [ c9f0e1bd74365a8771590e9008d22ab6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

08:06:31.0196 3440 IpFilterDriver - ok

08:06:31.0245 3440 [ a34a587fffd45fa649fba6d03784d257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

08:06:31.0306 3440 iphlpsvc - ok

08:06:31.0332 3440 [ 0fc1aea580957aa8817b8f305d18ca3a ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys

08:06:31.0358 3440 IPMIDRV - ok

08:06:31.0369 3440 [ af9b39a7e7b6caa203b3862582e9f2d0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys

08:06:31.0426 3440 IPNAT - ok

08:06:31.0509 3440 [ a9ab99ee7d39725eafec82732d2b3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

08:06:31.0544 3440 iPod Service - ok

08:06:31.0556 3440 [ 3abf5e7213eb28966d55d58b515d5ce9 ] IRENUM C:\Windows\system32\drivers\irenum.sys

08:06:31.0600 3440 IRENUM - ok

08:06:31.0612 3440 [ 2f7b28dc3e1183e5eb418df55c204f38 ] isapnp C:\Windows\system32\drivers\isapnp.sys

08:06:31.0635 3440 isapnp - ok

08:06:31.0649 3440 [ d931d7309deb2317035b07c9f9e6b0bd ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys

08:06:31.0677 3440 iScsiPrt - ok

08:06:31.0689 3440 [ bc02336f1cba7dcc7d1213bb588a68a5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

08:06:31.0713 3440 kbdclass - ok

08:06:31.0719 3440 [ 0705eff5b42a9db58548eec3b26bb484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys

08:06:31.0753 3440 kbdhid - ok

08:06:31.0765 3440 [ c118a82cd78818c29ab228366ebf81c3 ] KeyIso C:\Windows\system32\lsass.exe

08:06:31.0786 3440 KeyIso - ok

08:06:31.0804 3440 [ db449f50e5141458eb58e64ffac4863f ] kl1 C:\Windows\system32\DRIVERS\kl1.sys

08:06:31.0841 3440 kl1 - ok

08:06:31.0871 3440 [ 87200a8afe40532baa4d2b24a7ba0eea ] KLBG C:\Windows\system32\DRIVERS\klbg.sys

08:06:31.0906 3440 KLBG - ok

08:06:31.0939 3440 [ 34d49307217b20e5a845b7db50cdd4fa ] KLIF C:\Windows\system32\DRIVERS\klif.sys

08:06:31.0967 3440 KLIF - ok

08:06:32.0013 3440 [ 630f22545379437737cf4172f09fe449 ] KLIM6 C:\Windows\system32\DRIVERS\klim6.sys

08:06:32.0037 3440 KLIM6 - ok

08:06:32.0062 3440 [ 786791291939abb11f6d0f040da23912 ] klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys

08:06:32.0087 3440 klmouflt - ok

08:06:32.0117 3440 [ 97a7070aea4c058b6418519e869a63b4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

08:06:32.0143 3440 KSecDD - ok

08:06:32.0178 3440 [ 26c43a7c2862447ec59deda188d1da07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

08:06:32.0205 3440 KSecPkg - ok

08:06:32.0230 3440 [ 6869281e78cb31a43e969f06b57347c4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

08:06:32.0288 3440 ksthunk - ok

08:06:32.0325 3440 [ 6ab66e16aa859232f64deb66887a8c9c ] KtmRm C:\Windows\system32\msdtckrm.dll

08:06:32.0390 3440 KtmRm - ok

08:06:32.0439 3440 [ d9f42719019740baa6d1c6d536cbdaa6 ] LanmanServer C:\Windows\system32\srvsvc.dll

08:06:32.0504 3440 LanmanServer - ok

08:06:32.0532 3440 [ 851a1382eed3e3a7476db004f4ee3e1a ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

08:06:32.0591 3440 LanmanWorkstation - ok

08:06:32.0675 3440 [ 7772dfab22611050b79504e671b06e6e ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe

08:06:32.0706 3440 LBTServ - ok

08:06:32.0754 3440 [ 241f2648adf090e2a10095bd6d6f5dcb ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys

08:06:32.0777 3440 LHidFilt - ok

08:06:32.0785 3440 [ 1538831cf8ad2979a04c423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

08:06:32.0830 3440 lltdio - ok

08:06:32.0846 3440 [ c1185803384ab3feed115f79f109427f ] lltdsvc C:\Windows\System32\lltdsvc.dll

08:06:32.0912 3440 lltdsvc - ok

08:06:32.0924 3440 [ f993a32249b66c9d622ea5592a8b76b8 ] lmhosts C:\Windows\System32\lmhsvc.dll

08:06:32.0982 3440 lmhosts - ok

08:06:33.0012 3440 [ 342ed5a4b3326014438f36d22d803737 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys

08:06:33.0032 3440 LMouFilt - ok

08:06:33.0050 3440 [ 1a93e54eb0ece102495a51266dcdb6a6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys

08:06:33.0075 3440 LSI_FC - ok

08:06:33.0097 3440 [ 1047184a9fdc8bdbff857175875ee810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys

08:06:33.0121 3440 LSI_SAS - ok

08:06:33.0137 3440 [ 30f5c0de1ee8b5bc9306c1f0e4a75f93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys

08:06:33.0161 3440 LSI_SAS2 - ok

08:06:33.0177 3440 [ 0504eacaff0d3c8aed161c4b0d369d4a ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys

08:06:33.0202 3440 LSI_SCSI - ok

08:06:33.0225 3440 [ 43d0f98e1d56ccddb0d5254cff7b356e ] luafv C:\Windows\system32\drivers\luafv.sys

08:06:33.0286 3440 luafv - ok

08:06:33.0345 3440 [ 79d51e7f5926e8ce1b3ebecebae28cff ] mcdbus C:\Windows\system32\DRIVERS\mcdbus.sys

08:06:33.0372 3440 mcdbus - ok

08:06:33.0409 3440 [ 0be09cd858abf9df6ed259d57a1a1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

08:06:33.0436 3440 Mcx2Svc - ok

08:06:33.0446 3440 [ a55805f747c6edb6a9080d7c633bd0f4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys

08:06:33.0469 3440 megasas - ok

08:06:33.0480 3440 [ baf74ce0072480c3b6b7c13b2a94d6b3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys

08:06:33.0508 3440 MegaSR - ok

08:06:33.0564 3440 [ 123271bd5237ab991dc5c21fdf8835eb ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe

08:06:33.0591 3440 Microsoft Office Groove Audit Service - ok

08:06:33.0609 3440 [ e40e80d0304a73e8d269f7141d77250b ] MMCSS C:\Windows\system32\mmcss.dll

08:06:33.0673 3440 MMCSS - ok

08:06:33.0687 3440 [ 800ba92f7010378b09f9ed9270f07137 ] Modem C:\Windows\system32\drivers\modem.sys

08:06:33.0747 3440 Modem - ok

08:06:33.0768 3440 [ b03d591dc7da45ece20b3b467e6aadaa ] monitor C:\Windows\system32\DRIVERS\monitor.sys

08:06:33.0805 3440 monitor - ok

08:06:33.0836 3440 [ 14eb6898923b5816e574f88835f4f454 ] motmodem C:\Windows\system32\DRIVERS\motmodem.sys

08:06:33.0884 3440 motmodem - ok

08:06:33.0918 3440 [ 7d27ea49f3c1f687d357e77a470aea99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

08:06:33.0941 3440 mouclass - ok

08:06:33.0957 3440 [ d3bf052c40b0c4166d9fd86a4288c1e6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

08:06:33.0982 3440 mouhid - ok

08:06:34.0012 3440 [ 32e7a3d591d671a6df2db515a5cbe0fa ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

08:06:34.0039 3440 mountmgr - ok

08:06:34.0097 3440 [ 46297fa8e30a6007f14118fc2b942fbc ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

08:06:34.0123 3440 MozillaMaintenance - ok

08:06:34.0141 3440 [ a44b420d30bd56e145d6a2bc8768ec58 ] mpio C:\Windows\system32\drivers\mpio.sys

08:06:34.0169 3440 mpio - ok

08:06:34.0184 3440 [ 6c38c9e45ae0ea2fa5e551f2ed5e978f ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

08:06:34.0230 3440 mpsdrv - ok

08:06:34.0274 3440 [ 54ffc9c8898113ace189d4aa7199d2c1 ] MpsSvc C:\Windows\system32\mpssvc.dll

08:06:34.0330 3440 MpsSvc - ok

08:06:34.0368 3440 [ dc722758b8261e1abafd31a3c0a66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

08:06:34.0407 3440 MRxDAV - ok

08:06:34.0440 3440 [ a5d9106a73dc88564c825d317cac68ac ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

08:06:34.0491 3440 mrxsmb - ok

08:06:34.0521 3440 [ d711b3c1d5f42c0c2415687be09fc163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

08:06:34.0562 3440 mrxsmb10 - ok

08:06:34.0577 3440 [ 9423e9d355c8d303e76b8cfbd8a5c30c ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

08:06:34.0599 3440 mrxsmb20 - ok

08:06:34.0612 3440 [ c25f0bafa182cbca2dd3c851c2e75796 ] msahci C:\Windows\system32\drivers\msahci.sys

08:06:34.0635 3440 msahci - ok

08:06:34.0650 3440 [ db801a638d011b9633829eb6f663c900 ] msdsm C:\Windows\system32\drivers\msdsm.sys

08:06:34.0675 3440 msdsm - ok

08:06:34.0687 3440 [ de0ece52236cfa3ed2dbfc03f28253a8 ] MSDTC C:\Windows\System32\msdtc.exe

08:06:34.0715 3440 MSDTC - ok

08:06:34.0729 3440 [ aa3fb40e17ce1388fa1bedab50ea8f96 ] Msfs C:\Windows\system32\drivers\Msfs.sys

08:06:34.0788 3440 Msfs - ok

08:06:34.0800 3440 [ f9d215a46a8b9753f61767fa72a20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

08:06:34.0844 3440 mshidkmdf - ok

08:06:34.0852 3440 [ d916874bbd4f8b07bfb7fa9b3ccae29d ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

08:06:34.0876 3440 msisadrv - ok

08:06:34.0899 3440 [ 808e98ff49b155c522e6400953177b08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

08:06:34.0967 3440 MSiSCSI - ok

08:06:34.0971 3440 msiserver - ok

08:06:34.0997 3440 [ 49ccf2c4fea34ffad8b1b59d49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

08:06:35.0084 3440 MSKSSRV - ok

08:06:35.0102 3440 [ bdd71ace35a232104ddd349ee70e1ab3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

08:06:35.0157 3440 MSPCLOCK - ok

08:06:35.0170 3440 [ 4ed981241db27c3383d72092b618a1d0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

08:06:35.0229 3440 MSPQM - ok

08:06:35.0264 3440 [ 759a9eeb0fa9ed79da1fb7d4ef78866d ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

08:06:35.0293 3440 MsRPC - ok

08:06:35.0331 3440 [ 0eed230e37515a0eaee3c2e1bc97b288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys

08:06:35.0356 3440 mssmbios - ok

08:06:35.0372 3440 [ 2e66f9ecb30b4221a318c92ac2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

08:06:35.0416 3440 MSTEE - ok

08:06:35.0429 3440 [ 7ea404308934e675bffde8edf0757bcd ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys

08:06:35.0454 3440 MTConfig - ok

08:06:35.0485 3440 [ 19b006b181e3875fd254f7b67acf1e7c ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys

08:06:35.0510 3440 MTsensor - ok

08:06:35.0528 3440 [ f9a18612fd3526fe473c1bda678d61c8 ] Mup C:\Windows\system32\Drivers\mup.sys

08:06:35.0553 3440 Mup - ok

08:06:35.0588 3440 [ 582ac6d9873e31dfa28a4547270862dd ] napagent C:\Windows\system32\qagentRT.dll

08:06:35.0639 3440 napagent - ok

08:06:35.0666 3440 [ 1ea3749c4114db3e3161156ffffa6b33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

08:06:35.0709 3440 NativeWifiP - ok

08:06:35.0735 3440 [ 79b47fd40d9a817e932f9d26fac0a81c ] NDIS C:\Windows\system32\drivers\ndis.sys

08:06:35.0775 3440 NDIS - ok

08:06:35.0801 3440 [ 9f9a1f53aad7da4d6fef5bb73ab811ac ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

08:06:35.0861 3440 NdisCap - ok

08:06:35.0877 3440 [ 30639c932d9fef22b31268fe25a1b6e5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

08:06:35.0937 3440 NdisTapi - ok

08:06:35.0966 3440 [ 136185f9fb2cc61e573e676aa5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

08:06:36.0016 3440 Ndisuio - ok

08:06:36.0051 3440 [ 53f7305169863f0a2bddc49e116c2e11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

08:06:36.0113 3440 NdisWan - ok

08:06:36.0143 3440 [ 015c0d8e0e0421b4cfd48cffe2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

08:06:36.0208 3440 NDProxy - ok

08:06:36.0256 3440 [ d4f51e88c71bf8f06ea1be320b0bb75b ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll

08:06:36.0264 3440 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning

08:06:36.0264 3440 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)

08:06:36.0274 3440 [ 86743d9f5d2b1048062b14b1d84501c4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

08:06:36.0327 3440 NetBIOS - ok

08:06:36.0363 3440 [ 09594d1089c523423b32a4229263f068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

08:06:36.0412 3440 NetBT - ok

08:06:36.0426 3440 [ c118a82cd78818c29ab228366ebf81c3 ] Netlogon C:\Windows\system32\lsass.exe

08:06:36.0448 3440 Netlogon - ok

08:06:36.0478 3440 [ 847d3ae376c0817161a14a82c8922a9e ] Netman C:\Windows\System32\netman.dll

08:06:36.0542 3440 Netman - ok

08:06:36.0563 3440 [ 5f28111c648f1e24f7dbc87cdeb091b8 ] netprofm C:\Windows\System32\netprofm.dll

08:06:36.0619 3440 netprofm - ok

08:06:36.0638 3440 [ b72bb9496a126fcfc7fc5945ded9b411 ] netr28x C:\Windows\system32\DRIVERS\netr28x.sys

08:06:36.0674 3440 netr28x - ok

08:06:36.0693 3440 [ 3e5a36127e201ddf663176b66828fafe ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

08:06:36.0716 3440 NetTcpPortSharing - ok

08:06:36.0732 3440 [ 77889813be4d166cdab78ddba990da92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys

08:06:36.0756 3440 nfrd960 - ok

08:06:36.0792 3440 [ 1ee99a89cc788ada662441d1e9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll

08:06:36.0841 3440 NlaSvc - ok

08:06:36.0853 3440 [ 1e4c4ab5c9b8dd13179bbdc75a2a01f7 ] Npfs C:\Windows\system32\drivers\Npfs.sys

08:06:36.0900 3440 Npfs - ok

08:06:36.0927 3440 [ d54bfdf3e0c953f823b3d0bfe4732528 ] nsi C:\Windows\system32\nsisvc.dll

08:06:36.0998 3440 nsi - ok

08:06:37.0012 3440 [ e7f5ae18af4168178a642a9247c63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

08:06:37.0068 3440 nsiproxy - ok

08:06:37.0117 3440 [ a2f74975097f52a00745f9637451fdd8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

08:06:37.0187 3440 Ntfs - ok

08:06:37.0202 3440 [ 9899284589f75fa8724ff3d16aed75c1 ] Null C:\Windows\system32\drivers\Null.sys

08:06:37.0258 3440 Null - ok

08:06:37.0291 3440 [ 0a92cb65770442ed0dc44834632f66ad ] nvraid C:\Windows\system32\drivers\nvraid.sys

08:06:37.0316 3440 nvraid - ok

08:06:37.0331 3440 [ dab0e87525c10052bf65f06152f37e4a ] nvstor C:\Windows\system32\drivers\nvstor.sys

08:06:37.0357 3440 nvstor - ok

08:06:37.0395 3440 [ 270d7cd42d6e3979f6dd0146650f0e05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

08:06:37.0421 3440 nv_agp - ok

08:06:37.0500 3440 [ 785f487a64950f3cb8e9f16253ba3b7b ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

08:06:37.0535 3440 odserv - ok

08:06:37.0545 3440 [ 3589478e4b22ce21b41fa1bfc0b8b8a0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

08:06:37.0579 3440 ohci1394 - ok

08:06:37.0621 3440 [ 9d10f99a6712e28f8acd5641e3a7ea6b ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

08:06:37.0649 3440 ose - ok

08:06:37.0664 3440 [ 3eac4455472cc2c97107b5291e0dcafe ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

08:06:37.0713 3440 p2pimsvc - ok

08:06:37.0728 3440 [ 927463ecb02179f88e4b9a17568c63c3 ] p2psvc C:\Windows\system32\p2psvc.dll

08:06:37.0763 3440 p2psvc - ok

08:06:37.0771 3440 [ 0086431c29c35be1dbc43f52cc273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys

08:06:37.0798 3440 Parport - ok

08:06:37.0824 3440 [ e9766131eeade40a27dc27d2d68fba9c ] partmgr C:\Windows\system32\drivers\partmgr.sys

08:06:37.0849 3440 partmgr - ok

08:06:37.0885 3440 [ 5fbcc9eeefaca3019d5bd5979618f298 ] PassThru Service C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe

08:06:37.0905 3440 PassThru Service ( UnsignedFile.Multi.Generic ) - warning

08:06:37.0905 3440 PassThru Service - detected UnsignedFile.Multi.Generic (1)

08:06:37.0925 3440 [ 3aeaa8b561e63452c655dc0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll

08:06:37.0975 3440 PcaSvc - ok

08:06:37.0997 3440 [ 94575c0571d1462a0f70bde6bd6ee6b3 ] pci C:\Windows\system32\drivers\pci.sys

08:06:38.0023 3440 pci - ok

08:06:38.0044 3440 [ b5b8b5ef2e5cb34df8dcf8831e3534fa ] pciide C:\Windows\system32\drivers\pciide.sys

08:06:38.0074 3440 pciide - ok

08:06:38.0097 3440 [ b2e81d4e87ce48589f98cb8c05b01f2f ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys

08:06:38.0128 3440 pcmcia - ok

08:06:38.0143 3440 [ d6b9c2e1a11a3a4b26a182ffef18f603 ] pcw C:\Windows\system32\drivers\pcw.sys

08:06:38.0173 3440 pcw - ok

08:06:38.0193 3440 [ 68769c3356b3be5d1c732c97b9a80d6e ] PEAUTH C:\Windows\system32\drivers\peauth.sys

08:06:38.0262 3440 PEAUTH - ok

08:06:38.0313 3440 [ e495e408c93141e8fc72dc0c6046ddfa ] PerfHost C:\Windows\SysWow64\perfhost.exe

08:06:38.0342 3440 PerfHost - ok

08:06:38.0395 3440 [ c7cf6a6e137463219e1259e3f0f0dd6c ] pla C:\Windows\system32\pla.dll

08:06:38.0495 3440 pla - ok

08:06:38.0539 3440 [ 25fbdef06c4d92815b353f6e792c8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

08:06:38.0595 3440 PlugPlay - ok

08:06:38.0614 3440 [ 9a80707d8b6c1806531bfd7399b3cc76 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll

08:06:38.0624 3440 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning

08:06:38.0624 3440 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)

08:06:38.0642 3440 [ 7195581cec9bb7d12abe54036acc2e38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

08:06:38.0672 3440 PNRPAutoReg - ok

08:06:38.0688 3440 [ 3eac4455472cc2c97107b5291e0dcafe ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

08:06:38.0713 3440 PNRPsvc - ok

08:06:38.0730 3440 [ 4f15d75adf6156bf56eced6d4a55c389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

08:06:38.0781 3440 PolicyAgent - ok

08:06:38.0802 3440 [ 6ba9d927dded70bd1a9caded45f8b184 ] Power C:\Windows\system32\umpo.dll

08:06:38.0868 3440 Power - ok

08:06:38.0907 3440 [ f92a2c41117a11a00be01ca01a7fcde9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

08:06:38.0968 3440 PptpMiniport - ok

08:06:38.0987 3440 [ 0d922e23c041efb1c3fac2a6f943c9bf ] Processor C:\Windows\system32\DRIVERS\processr.sys

08:06:39.0027 3440 Processor - ok

08:06:39.0055 3440 [ 53e83f1f6cf9d62f32801cf66d8352a8 ] ProfSvc C:\Windows\system32\profsvc.dll

08:06:39.0095 3440 ProfSvc - ok

08:06:39.0107 3440 [ c118a82cd78818c29ab228366ebf81c3 ] ProtectedStorage C:\Windows\system32\lsass.exe

08:06:39.0128 3440 ProtectedStorage - ok

08:06:39.0160 3440 [ 0557cf5a2556bd58e26384169d72438d ] Psched C:\Windows\system32\DRIVERS\pacer.sys

08:06:39.0219 3440 Psched - ok

08:06:39.0257 3440 [ a53a15a11ebfd21077463ee2c7afeef0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys

08:06:39.0323 3440 ql2300 - ok

08:06:39.0339 3440 [ 4f6d12b51de1aaeff7dc58c4d75423c8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys

08:06:39.0365 3440 ql40xx - ok

08:06:39.0378 3440 [ 906191634e99aea92c4816150bda3732 ] QWAVE C:\Windows\system32\qwave.dll

08:06:39.0414 3440 QWAVE - ok

08:06:39.0427 3440 [ 76707bb36430888d9ce9d705398adb6c ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

08:06:39.0456 3440 QWAVEdrv - ok

08:06:39.0466 3440 [ 5a0da8ad5762fa2d91678a8a01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

08:06:39.0511 3440 RasAcd - ok

08:06:39.0532 3440 [ 7ecff9b22276b73f43a99a15a6094e90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

08:06:39.0584 3440 RasAgileVpn - ok

08:06:39.0589 3440 [ 8f26510c5383b8dbe976de1cd00fc8c7 ] RasAuto C:\Windows\System32\rasauto.dll

08:06:39.0643 3440 RasAuto - ok

08:06:39.0677 3440 [ 471815800ae33e6f1c32fb1b97c490ca ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

08:06:39.0722 3440 Rasl2tp - ok

08:06:39.0760 3440 [ ee867a0870fc9e4972ba9eaad35651e2 ] RasMan C:\Windows\System32\rasmans.dll

08:06:39.0823 3440 RasMan - ok

08:06:39.0842 3440 [ 855c9b1cd4756c5e9a2aa58a15f58c25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

08:06:39.0888 3440 RasPppoe - ok

08:06:39.0906 3440 [ e8b1e447b008d07ff47d016c2b0eeecb ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

08:06:39.0957 3440 RasSstp - ok

08:06:39.0967 3440 [ 77f665941019a1594d887a74f301fa2f ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

08:06:40.0029 3440 rdbss - ok

08:06:40.0044 3440 [ 302da2a0539f2cf54d7c6cc30c1f2d8d ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys

08:06:40.0080 3440 rdpbus - ok

08:06:40.0096 3440 [ cea6cc257fc9b7715f1c2b4849286d24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

08:06:40.0141 3440 RDPCDD - ok

08:06:40.0155 3440 [ bb5971a4f00659529a5c44831af22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

08:06:40.0200 3440 RDPENCDD - ok

08:06:40.0206 3440 [ 216f3fa57533d98e1f74ded70113177a ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

08:06:40.0251 3440 RDPREFMP - ok

08:06:40.0286 3440 [ e61608aa35e98999af9aaeeea6114b0a ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

08:06:40.0340 3440 RDPWD - ok

08:06:40.0354 3440 [ 34ed295fa0121c241bfef24764fc4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

08:06:40.0381 3440 rdyboost - ok

08:06:40.0400 3440 [ 254fb7a22d74e5511c73a3f6d802f192 ] RemoteAccess C:\Windows\System32\mprdim.dll

08:06:40.0451 3440 RemoteAccess - ok

08:06:40.0472 3440 [ e4d94f24081440b5fc5aa556c7c62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll

08:06:40.0533 3440 RemoteRegistry - ok

08:06:40.0547 3440 [ e4dc58cf7b3ea515ae917ff0d402a7bb ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

08:06:40.0598 3440 RpcEptMapper - ok

08:06:40.0606 3440 [ d5ba242d4cf8e384db90e6a8ed850b8c ] RpcLocator C:\Windows\system32\locator.exe

08:06:40.0633 3440 RpcLocator - ok

08:06:40.0663 3440 [ 5c627d1b1138676c0a7ab2c2c190d123 ] RpcSs C:\Windows\system32\rpcss.dll

08:06:40.0709 3440 RpcSs - ok

08:06:40.0713 3440 [ ddc86e4f8e7456261e637e3552e804ff ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

08:06:40.0759 3440 rspndr - ok

08:06:40.0807 3440 [ ee082e06a82ff630351d1e0ebbd3d8d0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys

08:06:40.0837 3440 RTL8167 - ok

08:06:40.0846 3440 [ c118a82cd78818c29ab228366ebf81c3 ] SamSs C:\Windows\system32\lsass.exe

08:06:40.0868 3440 SamSs - ok

08:06:40.0896 3440 [ ac03af3329579fffb455aa2daabbe22b ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

08:06:40.0921 3440 sbp2port - ok

08:06:40.0939 3440 [ 9b7395789e3791a3b6d000fe6f8b131e ] SCardSvr C:\Windows\System32\SCardSvr.dll

08:06:41.0005 3440 SCardSvr - ok

08:06:41.0038 3440 [ 253f38d0d7074c02ff8deb9836c97d2b ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

08:06:41.0087 3440 scfilter - ok

08:06:41.0135 3440 [ 262f6592c3299c005fd6bec90fc4463a ] Schedule C:\Windows\system32\schedsvc.dll

08:06:41.0219 3440 Schedule - ok

08:06:41.0249 3440 [ f17d1d393bbc69c5322fbfafaca28c7f ] SCPolicySvc C:\Windows\System32\certprop.dll

08:06:41.0289 3440 SCPolicySvc - ok

08:06:41.0331 3440 [ 6ea4234dc55346e0709560fe7c2c1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll

08:06:41.0391 3440 SDRSVC - ok

08:06:41.0441 3440 [ 16a252022535b680046f6e34e136d378 ] SeaPort C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

08:06:41.0467 3440 SeaPort - ok

08:06:41.0485 3440 [ 3ea8a16169c26afbeb544e0e48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys

08:06:41.0543 3440 secdrv - ok

08:06:41.0562 3440 [ bc617a4e1b4fa8df523a061739a0bd87 ] seclogon C:\Windows\system32\seclogon.dll

08:06:41.0620 3440 seclogon - ok

08:06:41.0640 3440 [ c32ab8fa018ef34c0f113bd501436d21 ] SENS C:\Windows\System32\sens.dll

08:06:41.0705 3440 SENS - ok

08:06:41.0723 3440 [ 0336cffafaab87a11541f1cf1594b2b2 ] SensrSvc C:\Windows\system32\sensrsvc.dll

08:06:41.0780 3440 SensrSvc - ok

08:06:41.0784 3440 [ cb624c0035412af0debec78c41f5ca1b ] Serenum C:\Windows\system32\DRIVERS\serenum.sys

08:06:41.0815 3440 Serenum - ok

08:06:41.0838 3440 [ c1d8e28b2c2adfaec4ba89e9fda69bd6 ] Serial C:\Windows\system32\DRIVERS\serial.sys

08:06:41.0877 3440 Serial - ok

08:06:41.0891 3440 [ 1c545a7d0691cc4a027396535691c3e3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys

08:06:41.0927 3440 sermouse - ok

08:06:41.0953 3440 [ 0b6231bf38174a1628c4ac812cc75804 ] SessionEnv C:\Windows\system32\sessenv.dll

08:06:42.0001 3440 SessionEnv - ok

08:06:42.0020 3440 [ a554811bcd09279536440c964ae35bbf ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

08:06:42.0047 3440 sffdisk - ok

08:06:42.0057 3440 [ ff414f0baefeba59bc6c04b3db0b87bf ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

08:06:42.0093 3440 sffp_mmc - ok

08:06:42.0108 3440 [ dd85b78243a19b59f0637dcf284da63c ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

08:06:42.0148 3440 sffp_sd - ok

08:06:42.0164 3440 [ a9d601643a1647211a1ee2ec4e433ff4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys

08:06:42.0190 3440 sfloppy - ok

08:06:42.0208 3440 [ b95f6501a2f8b2e78c697fec401970ce ] SharedAccess C:\Windows\System32\ipnathlp.dll

08:06:42.0262 3440 SharedAccess - ok

08:06:42.0277 3440 [ aaf932b4011d14052955d4b212a4da8d ] ShellHWDetection C:\Windows\System32\shsvcs.dll

08:06:42.0339 3440 ShellHWDetection - ok

08:06:42.0363 3440 [ 843caf1e5fde1ffd5ff768f23a51e2e1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys

08:06:42.0387 3440 SiSRaid2 - ok

08:06:42.0395 3440 [ 6a6c106d42e9ffff8b9fcb4f754f6da4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys

08:06:42.0420 3440 SiSRaid4 - ok

08:06:42.0440 3440 [ 548260a7b8654e024dc30bf8a7c5baa4 ] Smb C:\Windows\system32\DRIVERS\smb.sys

08:06:42.0487 3440 Smb - ok

08:06:42.0524 3440 [ 6313f223e817cc09aa41811daa7f541d ] SNMPTRAP C:\Windows\System32\snmptrap.exe

08:06:42.0550 3440 SNMPTRAP - ok

08:06:42.0564 3440 [ b9e31e5cacdfe584f34f730a677803f9 ] spldr C:\Windows\system32\drivers\spldr.sys

08:06:42.0587 3440 spldr - ok

08:06:42.0625 3440 [ 85daa09a98c9286d4ea2ba8d0e644377 ] Spooler C:\Windows\System32\spoolsv.exe

08:06:42.0679 3440 Spooler - ok

08:06:42.0752 3440 [ e17e0188bb90fae42d83e98707efa59c ] sppsvc C:\Windows\system32\sppsvc.exe

08:06:42.0860 3440 sppsvc - ok

08:06:42.0869 3440 [ 93d7d61317f3d4bc4f4e9f8a96a7de45 ] sppuinotify C:\Windows\system32\sppuinotify.dll

08:06:42.0935 3440 sppuinotify - ok

08:06:42.0981 3440 [ a6cff1af7664627a296b6a0a96cf876e ] sptd C:\Windows\System32\Drivers\sptd.sys

08:06:42.0981 3440 Suspicious file (NoAccess): C:\Windows\System32\Drivers\sptd.sys. md5: a6cff1af7664627a296b6a0a96cf876e

08:06:42.0982 3440 sptd ( LockedFile.Multi.Generic ) - warning

08:06:42.0982 3440 sptd - detected LockedFile.Multi.Generic (1)

08:06:43.0008 3440 [ 441fba48bff01fdb9d5969ebc1838f0b ] srv C:\Windows\system32\DRIVERS\srv.sys

08:06:43.0071 3440 srv - ok

08:06:43.0083 3440 [ b4adebbf5e3677cce9651e0f01f7cc28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

08:06:43.0112 3440 srv2 - ok

08:06:43.0126 3440 [ 27e461f0be5bff5fc737328f749538c3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

08:06:43.0152 3440 srvnet - ok

08:06:43.0167 3440 [ 51b52fbd583cde8aa9ba62b8b4298f33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

08:06:43.0220 3440 SSDPSRV - ok

08:06:43.0238 3440 [ ab7aebf58dad8daab7a6c45e6a8885cb ] SstpSvc C:\Windows\system32\sstpsvc.dll

08:06:43.0302 3440 SstpSvc - ok

08:06:43.0340 3440 [ f3817967ed533d08327dc73bc4d5542a ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys

08:06:43.0363 3440 stexstor - ok

08:06:43.0409 3440 [ decacb6921ded1a38642642685d77dac ] StillCam C:\Windows\system32\DRIVERS\serscan.sys

08:06:43.0450 3440 StillCam - ok

08:06:43.0492 3440 [ 8dd52e8e6128f4b2da92ce27402871c1 ] stisvc C:\Windows\System32\wiaservc.dll

08:06:43.0544 3440 stisvc - ok

08:06:43.0571 3440 [ d01ec09b6711a5f8e7e6564a4d0fbc90 ] swenum C:\Windows\system32\drivers\swenum.sys

08:06:43.0594 3440 swenum - ok

08:06:43.0607 3440 [ e08e46fdd841b7184194011ca1955a0b ] swprv C:\Windows\System32\swprv.dll

08:06:43.0664 3440 swprv - ok

08:06:43.0719 3440 [ bf9ccc0bf39b418c8d0ae8b05cf95b7d ] SysMain C:\Windows\system32\sysmain.dll

08:06:43.0796 3440 SysMain - ok

08:06:43.0828 3440 [ e3c61fd7b7c2557e1f1b0b4cec713585 ] TabletInputService C:\Windows\System32\TabSvc.dll

08:06:43.0864 3440 TabletInputService - ok

08:06:43.0879 3440 [ 40f0849f65d13ee87b9a9ae3c1dd6823 ] TapiSrv C:\Windows\System32\tapisrv.dll

08:06:43.0939 3440 TapiSrv - ok

08:06:43.0955 3440 [ 1be03ac720f4d302ea01d40f588162f6 ] TBS C:\Windows\System32\tbssvc.dll

08:06:44.0007 3440 TBS - ok

08:06:44.0059 3440 [ acb82bda8f46c84f465c1afa517dc4b9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys

08:06:44.0129 3440 Tcpip - ok

08:06:44.0176 3440 [ acb82bda8f46c84f465c1afa517dc4b9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

08:06:44.0220 3440 TCPIP6 - ok

08:06:44.0255 3440 [ df687e3d8836bfb04fcc0615bf15a519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

08:06:44.0307 3440 tcpipreg - ok

08:06:44.0329 3440 [ 3371d21011695b16333a3934340c4e7c ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

08:06:44.0361 3440 TDPIPE - ok

08:06:44.0390 3440 [ 51c5eceb1cdee2468a1748be550cfbc8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

08:06:44.0427 3440 TDTCP - ok

08:06:44.0457 3440 [ ddad5a7ab24d8b65f8d724f5c20fd806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

08:06:44.0524 3440 tdx - ok

08:06:44.0551 3440 [ 561e7e1f06895d78de991e01dd0fb6e5 ] TermDD C:\Windows\system32\drivers\termdd.sys

08:06:44.0584 3440 TermDD - ok

08:06:44.0612 3440 [ 2e648163254233755035b46dd7b89123 ] TermService C:\Windows\System32\termsrv.dll

08:06:44.0675 3440 TermService - ok

08:06:44.0679 3440 [ f0344071948d1a1fa732231785a0664c ] Themes C:\Windows\system32\themeservice.dll

08:06:44.0721 3440 Themes - ok

08:06:44.0738 3440 [ e40e80d0304a73e8d269f7141d77250b ] THREADORDER C:\Windows\system32\mmcss.dll

08:06:44.0780 3440 THREADORDER - ok

08:06:44.0789 3440 [ 7e7afd841694f6ac397e99d75cead49d ] TrkWks C:\Windows\System32\trkwks.dll

08:06:44.0852 3440 TrkWks - ok

08:06:44.0905 3440 [ 773212b2aaa24c1e31f10246b15b276c ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

08:06:44.0960 3440 TrustedInstaller - ok

08:06:44.0996 3440 [ ce18b2cdfc837c99e5fae9ca6cba5d30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

08:06:45.0046 3440 tssecsrv - ok

08:06:45.0083 3440 [ d11c783e3ef9a3c52c0ebe83cc5000e9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys

08:06:45.0128 3440 TsUsbFlt - ok

08:06:45.0167 3440 [ 3566a8daafa27af944f5d705eaa64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

08:06:45.0227 3440 tunnel - ok

08:06:45.0247 3440 [ b4dd609bd7e282bfc683cec7eaaaad67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys

08:06:45.0271 3440 uagp35 - ok

08:06:45.0308 3440 [ ff4232a1a64012baa1fd97c7b67df593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

08:06:45.0356 3440 udfs - ok

08:06:45.0366 3440 [ 3cbdec8d06b9968aba702eba076364a1 ] UI0Detect C:\Windows\system32\UI0Detect.exe

08:06:45.0403 3440 UI0Detect - ok

08:06:45.0416 3440 [ 4bfe1bc28391222894cbf1e7d0e42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

08:06:45.0440 3440 uliagpkx - ok

08:06:45.0485 3440 [ dc54a574663a895c8763af0fa1ff7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys

08:06:45.0514 3440 umbus - ok

08:06:45.0524 3440 [ b2e8e8cb557b156da5493bbddcc1474d ] UmPass C:\Windows\system32\DRIVERS\umpass.sys

08:06:45.0560 3440 UmPass - ok

08:06:45.0624 3440 [ 1e9993ac255b3220bce71fe9e056bbc9 ] Updater Service for StartNow Toolbar C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe

08:06:45.0653 3440 Updater Service for StartNow Toolbar - ok

08:06:45.0669 3440 [ d47ec6a8e81633dd18d2436b19baf6de ] upnphost C:\Windows\System32\upnphost.dll

08:06:45.0733 3440 upnphost - ok

08:06:45.0769 3440 [ fb251567f41bc61988b26731dec19e4b ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys

08:06:45.0822 3440 USBAAPL64 - ok

08:06:45.0831 3440 [ 6f1a3157a1c89435352ceb543cdb359c ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

08:06:45.0893 3440 usbccgp - ok

08:06:45.0936 3440 [ af0892a803fdda7492f595368e3b68e7 ] usbcir C:\Windows\system32\drivers\usbcir.sys

08:06:45.0976 3440 usbcir - ok

08:06:45.0990 3440 [ c025055fe7b87701eb042095df1a2d7b ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys

08:06:46.0028 3440 usbehci - ok

08:06:46.0050 3440 [ 287c6c9410b111b68b52ca298f7b8c24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

08:06:46.0093 3440 usbhub - ok

08:06:46.0108 3440 [ 9840fc418b4cbd632d3d0a667a725c31 ] usbohci C:\Windows\system32\drivers\usbohci.sys

08:06:46.0141 3440 usbohci - ok

08:06:46.0175 3440 [ 73188f58fb384e75c4063d29413cee3d ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

08:06:46.0215 3440 usbprint - ok

08:06:46.0241 3440 [ aaa2513c8aed8b54b189fd0c6b1634c0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys

08:06:46.0267 3440 usbscan - ok

08:06:46.0278 3440 [ fed648b01349a3c8395a5169db5fb7d6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

08:06:46.0316 3440 USBSTOR - ok

08:06:46.0328 3440 [ 62069a34518bcf9c1fd9e74b3f6db7cd ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys

08:06:46.0365 3440 usbuhci - ok

08:06:46.0380 3440 [ edbb23cbcf2cdf727d64ff9b51a6070e ] UxSms C:\Windows\System32\uxsms.dll

08:06:46.0438 3440 UxSms - ok

08:06:46.0457 3440 [ c118a82cd78818c29ab228366ebf81c3 ] VaultSvc C:\Windows\system32\lsass.exe

08:06:46.0479 3440 VaultSvc - ok

08:06:46.0492 3440 [ c5c876ccfc083ff3b128f933823e87bd ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys

08:06:46.0516 3440 vdrvroot - ok

08:06:46.0550 3440 [ 8d6b481601d01a456e75c3210f1830be ] vds C:\Windows\System32\vds.exe

08:06:46.0608 3440 vds - ok

08:06:46.0623 3440 [ da4da3f5e02943c2dc8c6ed875de68dd ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

08:06:46.0650 3440 vga - ok

08:06:46.0663 3440 [ 53e92a310193cb3c03bea963de7d9cfc ] VgaSave C:\Windows\System32\drivers\vga.sys

08:06:46.0707 3440 VgaSave - ok

08:06:46.0721 3440 [ 2ce2df28c83aeaf30084e1b1eb253cbb ] vhdmp C:\Windows\system32\drivers\vhdmp.sys

08:06:46.0748 3440 vhdmp - ok

08:06:46.0760 3440 [ e5689d93ffe4e5d66c0178761240dd54 ] viaide C:\Windows\system32\drivers\viaide.sys

08:06:46.0783 3440 viaide - ok

08:06:46.0793 3440 [ d2aafd421940f640b407aefaaebd91b0 ] volmgr C:\Windows\system32\drivers\volmgr.sys

08:06:46.0818 3440 volmgr - ok

08:06:46.0853 3440 [ a255814907c89be58b79ef2f189b843b ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

08:06:46.0885 3440 volmgrx - ok

08:06:46.0901 3440 [ 0d08d2f3b3ff84e433346669b5e0f639 ] volsnap C:\Windows\system32\drivers\volsnap.sys

08:06:46.0928 3440 volsnap - ok

08:06:46.0950 3440 [ 5e2016ea6ebaca03c04feac5f330d997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys

08:06:46.0976 3440 vsmraid - ok

08:06:47.0007 3440 [ b60ba0bc31b0cb414593e169f6f21cc2 ] VSS C:\Windows\system32\vssvc.exe

08:06:47.0080 3440 VSS - ok

08:06:47.0093 3440 [ 36d4720b72b5c5d9cb2b9c29e9df67a1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys

08:06:47.0130 3440 vwifibus - ok

08:06:47.0153 3440 [ 6a3d66263414ff0d6fa754c646612f3f ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys

08:06:47.0192 3440 vwififlt - ok

08:06:47.0221 3440 [ 1c9d80cc3849b3788048078c26486e1a ] W32Time C:\Windows\system32\w32time.dll

08:06:47.0276 3440 W32Time - ok

08:06:47.0289 3440 [ 4e9440f4f152a7b944cb1663d3935a3e ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys

08:06:47.0314 3440 WacomPen - ok

08:06:47.0347 3440 [ 356afd78a6ed4457169241ac3965230c ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

08:06:47.0405 3440 WANARP - ok

08:06:47.0408 3440 [ 356afd78a6ed4457169241ac3965230c ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

08:06:47.0450 3440 Wanarpv6 - ok

08:06:47.0521 3440 [ 3cec96de223e49eaae3651fcf8faea6c ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

08:06:47.0571 3440 WatAdminSvc - ok

08:06:47.0608 3440 [ 78f4e7f5c56cb9716238eb57da4b6a75 ] wbengine C:\Windows\system32\wbengine.exe

08:06:47.0712 3440 wbengine - ok

08:06:47.0725 3440 [ 3aa101e8edab2db4131333f4325c76a3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

08:06:47.0771 3440 WbioSrvc - ok

08:06:47.0799 3440 [ 7368a2afd46e5a4481d1de9d14848edd ] wcncsvc C:\Windows\System32\wcncsvc.dll

08:06:47.0844 3440 wcncsvc - ok

08:06:47.0849 3440 [ 20f7441334b18cee52027661df4a6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

08:06:47.0907 3440 WcsPlugInService - ok

08:06:47.0923 3440 [ 72889e16ff12ba0f235467d6091b17dc ] Wd C:\Windows\system32\DRIVERS\wd.sys

08:06:47.0947 3440 Wd - ok

08:06:47.0967 3440 [ 441bd2d7b4f98134c3a4f9fa570fd250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

08:06:48.0002 3440 Wdf01000 - ok

08:06:48.0012 3440 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiServiceHost C:\Windows\system32\wdi.dll

08:06:48.0103 3440 WdiServiceHost - ok

08:06:48.0107 3440 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiSystemHost C:\Windows\system32\wdi.dll

08:06:48.0134 3440 WdiSystemHost - ok

08:06:48.0154 3440 [ 3db6d04e1c64272f8b14eb8bc4616280 ] WebClient C:\Windows\System32\webclnt.dll

08:06:48.0199 3440 WebClient - ok

08:06:48.0220 3440 [ c749025a679c5103e575e3b48e092c43 ] Wecsvc C:\Windows\system32\wecsvc.dll

08:06:48.0274 3440 Wecsvc - ok

08:06:48.0284 3440 [ 7e591867422dc788b9e5bd337a669a08 ] wercplsupport C:\Windows\System32\wercplsupport.dll

08:06:48.0335 3440 wercplsupport - ok

08:06:48.0355 3440 [ 6d137963730144698cbd10f202e9f251 ] WerSvc C:\Windows\System32\WerSvc.dll

08:06:48.0417 3440 WerSvc - ok

08:06:48.0449 3440 [ 611b23304bf067451a9fdee01fbdd725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

08:06:48.0504 3440 WfpLwf - ok

08:06:48.0516 3440 [ 05ecaec3e4529a7153b3136ceb49f0ec ] WIMMount C:\Windows\system32\drivers\wimmount.sys

08:06:48.0539 3440 WIMMount - ok

08:06:48.0553 3440 WinDefend - ok

08:06:48.0558 3440 WinHttpAutoProxySvc - ok

08:06:48.0598 3440 [ 19b07e7e8915d701225da41cb3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

08:06:48.0666 3440 Winmgmt - ok

08:06:48.0704 3440 [ bcb1310604aa415c4508708975b3931e ] WinRM C:\Windows\system32\WsmSvc.dll

08:06:48.0788 3440 WinRM - ok

08:06:48.0840 3440 [ fe88b288356e7b47b74b13372add906d ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys

08:06:48.0875 3440 WinUsb - ok

08:06:48.0907 3440 [ 4fada86e62f18a1b2f42ba18ae24e6aa ] Wlansvc C:\Windows\System32\wlansvc.dll

08:06:48.0952 3440 Wlansvc - ok

08:06:49.0042 3440 [ 7e47c328fc4768cb8beafbcfafa70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

08:06:49.0117 3440 wlidsvc - ok

08:06:49.0128 3440 [ f6ff8944478594d0e414d3f048f0d778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys

08:06:49.0168 3440 WmiAcpi - ok

08:06:49.0196 3440 [ 38b84c94c5a8af291adfea478ae54f93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

08:06:49.0227 3440 wmiApSrv - ok

08:06:49.0257 3440 WMPNetworkSvc - ok

08:06:49.0265 3440 [ 96c6e7100d724c69fcf9e7bf590d1dca ] WPCSvc C:\Windows\System32\wpcsvc.dll

08:06:49.0330 3440 WPCSvc - ok

08:06:49.0363 3440 [ 93221146d4ebbf314c29b23cd6cc391d ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

08:06:49.0415 3440 WPDBusEnum - ok

08:06:49.0427 3440 [ 6bcc1d7d2fd2453957c5479a32364e52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

08:06:49.0480 3440 ws2ifsl - ok

08:06:49.0498 3440 [ e8b1fe6669397d1772d8196df0e57a9e ] wscsvc C:\Windows\System32\wscsvc.dll

08:06:49.0533 3440 wscsvc - ok

08:06:49.0563 3440 [ 8d918b1db190a4d9b1753a66fa8c96e8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys

08:06:49.0597 3440 WSDPrintDevice - ok

08:06:49.0601 3440 WSearch - ok

08:06:49.0664 3440 [ d9ef901dca379cfe914e9fa13b73b4c4 ] wuauserv C:\Windows\system32\wuaueng.dll

08:06:49.0751 3440 wuauserv - ok

08:06:49.0778 3440 [ d3381dc54c34d79b22cee0d65ba91b7c ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

08:06:49.0840 3440 WudfPf - ok

08:06:49.0869 3440 [ cf8d590be3373029d57af80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

08:06:49.0914 3440 WUDFRd - ok

08:06:49.0945 3440 [ 7a95c95b6c4cf292d689106bcae49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

08:06:49.0996 3440 wudfsvc - ok

08:06:50.0011 3440 [ 9a3452b3c2a46c073166c5cf49fad1ae ] WwanSvc C:\Windows\System32\wwansvc.dll

08:06:50.0063 3440 WwanSvc - ok

08:06:50.0078 3440 ================ Scan global ===============================

08:06:50.0098 3440 (ba0cd8c393e8c9f83354106093832c7b) C:\Windows\system32\basesrv.dll

08:06:50.0137 3440 (eb6a48cc998e1090e44e8e7f1009a640) C:\Windows\system32\winsrv.dll

08:06:50.0149 3440 (eb6a48cc998e1090e44e8e7f1009a640) C:\Windows\system32\winsrv.dll

08:06:50.0164 3440 (d6160f9d869ba3af0b787f971db56368) C:\Windows\system32\sxssrv.dll

08:06:50.0196 3440 (24acb7e5be595468e3b9aa488b9b4fcb) C:\Windows\system32\services.exe

08:06:50.0207 3440 [Global] - ok

08:06:50.0207 3440 ================ Scan MBR ==================================

08:06:50.0220 3440 MBR (0x1B8) (f05261c246ce4b3c544521ffff7aef5d) \Device\Harddisk0\DR0

08:06:50.0414 3440 \Device\Harddisk0\DR0 - ok

08:06:50.0417 3440 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1

08:06:50.0469 3440 \Device\Harddisk1\DR1 - ok

08:06:50.0470 3440 ================ Scan VBR ==================================

08:06:50.0473 3440 Boot (0x1200) (4d888bb74727baf7b500b3db6d553039) \Device\Harddisk0\DR0\Partition1

08:06:50.0474 3440 \Device\Harddisk0\DR0\Partition1 - ok

08:06:50.0496 3440 Boot (0x1200) (0ed23db40a466559e3a29fca537dea6c) \Device\Harddisk0\DR0\Partition2

08:06:50.0498 3440 \Device\Harddisk0\DR0\Partition2 - ok

08:06:50.0501 3440 Boot (0x1200) (b1e27aa018409de6bfd73f8afb883a65) \Device\Harddisk1\DR1\Partition1

08:06:50.0501 3440 \Device\Harddisk1\DR1\Partition1 - ok

08:06:50.0507 3440 Boot (0x1200) (e544b899d9b1aa928ec7c785bb91bcaa) \Device\Harddisk1\DR1\Partition2

08:06:50.0508 3440 \Device\Harddisk1\DR1\Partition2 - ok

08:06:50.0509 3440 ============================================================

08:06:50.0509 3440 Scan finished

08:06:50.0509 3440 ============================================================

08:06:50.0520 5400 Detected object count: 4

08:06:50.0520 5400 Actual detected object count: 4

08:07:12.0691 5400 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user

08:07:12.0691 5400 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:07:12.0695 5400 PassThru Service ( UnsignedFile.Multi.Generic ) - skipped by user

08:07:12.0695 5400 PassThru Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:07:12.0698 5400 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user

08:07:12.0698 5400 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:07:12.0701 5400 sptd ( LockedFile.Multi.Generic ) - skipped by user

08:07:12.0701 5400 sptd ( LockedFile.Multi.Generic ) - User select action: Skip

MrCharlie · August 20, 2012

It did find 4 threats that I had quarantined. Here's is the report:

Those are good files > are you talking about some other files??

MrC

Melbee · August 20, 2012

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

-------------------------------------------------------------------------------------------------------------------------------------

Maybe I misunderstood. It showed 4 threats detected. With the dropdown box I hit to quarantine, not delete.

Should I unquarantine these?

MrCharlie · August 20, 2012

08:06:50.0520 5400 Detected object count: 4
08:06:50.0520 5400 Actual detected object count: 4
08:07:12.0691 5400 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
08:07:12.0691 5400 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:07:12.0695 5400 PassThru Service ( UnsignedFile.Multi.Generic ) - skipped by user
08:07:12.0695 5400 PassThru Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:07:12.0698 5400 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
08:07:12.0698 5400 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:07:12.0701 5400 sptd ( LockedFile.Multi.Generic ) - skipped by user
08:07:12.0701 5400 sptd ( LockedFile.Multi.Generic ) - User select action: Skip

If you are talking about these > they are all good.

Instructions say.....

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose Skip and click on Continue

Did you run TDSSKiller more than once? MrC

Melbee · August 20, 2012

Just ran TDDS again. Here is a screen shot:

A7IYw.png?1

MrCharlie · August 20, 2012

Those are all good.

~~~~~~~~~~~~~~~~~~~~~

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Melbee · August 20, 2012

Thanks again for taking your time to help me on this. I ran the combo report. Below are the results:

http://i.imgur.com/Ns41l.jpgComboFix 12-08-20.01 - Melbee 08/20/2012 10:41:39.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8157.6400 [GMT -6:00]

Running from: c:\users\Melbee\Downloads\ComboFix.exe

AV: Kaspersky PURE *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}

FW: Kaspersky PURE *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}

SP: Kaspersky PURE *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\program files (x86)\StartNow Toolbar

c:\program files (x86)\StartNow Toolbar\Reactivate.exe

c:\program files (x86)\StartNow Toolbar\ReactivateFF.exe

c:\program files (x86)\StartNow Toolbar\Resources\images\engine_images.png

c:\program files (x86)\StartNow Toolbar\Resources\images\engine_maps.png

c:\program files (x86)\StartNow Toolbar\Resources\images\engine_news.png

c:\program files (x86)\StartNow Toolbar\Resources\images\engine_videos.png

c:\program files (x86)\StartNow Toolbar\Resources\images\engine_web.png

c:\program files (x86)\StartNow Toolbar\Resources\images\icon_amazon.png

c:\program files (x86)\StartNow Toolbar\Resources\images\icon_ebay.png

c:\program files (x86)\StartNow Toolbar\Resources\images\icon_facebook.png

c:\program files (x86)\StartNow Toolbar\Resources\images\icon_games.png

c:\program files (x86)\StartNow Toolbar\Resources\images\icon_msn.png

c:\program files (x86)\StartNow Toolbar\Resources\images\icon_shopping.png

c:\program files (x86)\StartNow Toolbar\Resources\images\icon_travel.png

c:\program files (x86)\StartNow Toolbar\Resources\images\icon_twitter.png

c:\program files (x86)\StartNow Toolbar\Resources\images\startnow_logo.png

c:\program files (x86)\StartNow Toolbar\Resources\installer.xml

c:\program files (x86)\StartNow Toolbar\Resources\skin\chevron_button.png

c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_button_hover.png

c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_button_normal.png

c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_dropdown_button_normal.png

c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_background.png

c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_left.png

c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_middle.png

c:\program files (x86)\StartNow Toolbar\Resources\skin\separator.png

c:\program files (x86)\StartNow Toolbar\Resources\skin\splitter.png

c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ff_hover_c.png

c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_c.png

c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_l.png

c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_r.png

c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_c.png

c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_l.png

c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_r.png

c:\program files (x86)\StartNow Toolbar\Resources\toolbar.xml

c:\program files (x86)\StartNow Toolbar\Resources\update.xml

c:\program files (x86)\StartNow Toolbar\StartNowToolbarUninstall.exe

c:\program files (x86)\StartNow Toolbar\Toolbar32.dll

c:\program files (x86)\StartNow Toolbar\ToolbarBroker.exe

c:\program files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe

c:\program files (x86)\StartNow Toolbar\uninstall.dat

c:\program files (x86)\StartNow Toolbar\XBrowser.dll

c:\program files (x86)\Vid-Saver

c:\program files (x86)\Vid-Saver\Uninstall.exe

c:\program files (x86)\Vid-Saver\Vid-Saver.exe

c:\program files (x86)\Vid-Saver\Vid-Saver.ico

c:\program files (x86)\Vid-Saver\Vid-SaverGui.exe

c:\users\Melbee\AppData\Local\{B4BC7B7F-4A40-44AA-B18D-76CCE08E52B4}

c:\users\Melbee\AppData\Local\{B4BC7B7F-4A40-44AA-B18D-76CCE08E52B4}\chrome.manifest

c:\users\Melbee\AppData\Local\{B4BC7B7F-4A40-44AA-B18D-76CCE08E52B4}\chrome\content\_cfg.js

c:\users\Melbee\AppData\Local\{B4BC7B7F-4A40-44AA-B18D-76CCE08E52B4}\chrome\content\overlay.xul

c:\users\Melbee\AppData\Local\{B4BC7B7F-4A40-44AA-B18D-76CCE08E52B4}\install.rdf

c:\users\Melbee\AppData\Local\Vid-Saver

c:\users\Melbee\AppData\Local\Vid-Saver\Chrome\Vid-Saver.crx

c:\users\Melbee\AppData\Local\Windows Server

c:\users\Melbee\AppData\Local\Windows Server\server.dat

c:\users\Melbee\AppData\Roaming\inst.exe

c:\users\Melbee\AppData\Roaming\Mozilla\Firefox\Profiles\be1qz4m5.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}

c:\users\Melbee\AppData\Roaming\Mozilla\Firefox\Profiles\be1qz4m5.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome.manifest

c:\users\Melbee\AppData\Roaming\Mozilla\Firefox\Profiles\be1qz4m5.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\bar.js

c:\users\Melbee\AppData\Roaming\Mozilla\Firefox\Profiles\be1qz4m5.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\bar.xul

c:\users\Melbee\AppData\Roaming\Mozilla\Firefox\Profiles\be1qz4m5.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\buttons.js

c:\users\Melbee\AppData\Roaming\Mozilla\Firefox\Profiles\be1qz4m5.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\constants.js

c:\users\Melbee\AppData\Roaming\Mozilla\Firefox\Profiles\be1qz4m5.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\events.js

c:\users\Melbee\AppData\Roaming\Mozilla\Firefox\Profiles\be1qz4m5.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\globals.js

c:\users\Melbee\AppData\Roaming\Mozilla\Firefox\Profiles\be1qz4m5.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\hosts.js

c:\users\Melbee\AppData\Roaming\Mozilla\Firefox\Profiles\be1qz4m5.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\init.js

c:\users\Melbee\AppData\Roaming\Mozilla\Firefox\Profiles\be1qz4m5.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\injection_button.js

c:\users\Melbee\AppData\Roaming\Mozilla\Firefox\Profiles\be1qz4m5.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\popups.js

c:\users\Melbee\AppData\Roaming\Mozilla\Firefox\Profiles\be1qz4m5.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\printerExternalAccessFF.js

c:\users\Melbee\AppData\Roaming\Mozilla\Firefox\Profiles\be1qz4m5.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_images.png

c:\users\Melbee\AppData\Roaming\Mozilla\Firefox\Profiles\be1qz4m5.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_maps.png

c:\users\Melbee\AppData\Roaming\Mozilla\Firefox\Profiles\be1qz4m5.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_news.png

c:\users\Melbee\AppData\Roaming\Mozilla\Firefox\Profiles\be1qz4m5.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_videos.png

c:\users\Melbee\AppData\Roaming\Mozilla\Firefox\Profiles\be1qz4m5.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_web.png

c:\users\Melbee\AppData\Roaming\Mozilla\Firefox\Profiles\be1qz4m5.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_amazon.png

c:\users\Melbee\AppData\Roaming\Mozilla\Firefox\Profiles\be1qz4m5.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_ebay.png

c:\users\Melbee\AppData\Roaming\Mozilla\Firefox\Profiles\be1qz4m5.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_facebook.png

c:\users\Melbee\AppData\Roaming\Mozilla\Firefox\Profiles\be1qz4m5.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_games.png

c:\users\Melbee\AppData\Roaming\Mozilla\Firefox\Profiles\be1qz4m5.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_msn.png

c:\users\Melbee\AppData\Roaming\Mozilla\Firefox\Profiles\be1qz4m5.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_shopping.png

c:\users\Melbee\AppData\Roaming\Mozilla\Firefox\Profiles\be1qz4m5.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_travel.png

c:\users\Melbee\AppData\Roaming\Mozilla\Firefox\Profiles\be1qz4m5.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_twitter.png

c:\users\Melbee\AppData\Roaming\Mozilla\Firefox\Profiles\be1qz4m5.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\startnow_logo.png

c:\users\Melbee\AppData\Roaming\Mozilla\Firefox\Profiles\be1qz4m5.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\installer.xml

c:\users\Melbee\AppData\Roaming\Mozilla\Firefox\Profiles\be1qz4m5.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\reactivate\index.html

c:\users\Melbee\AppData\Roaming\Mozilla\Firefox\Profiles\be1qz4m5.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\reactivate\LeftImage.png

c:\users\Melbee\AppData\Roaming\Mozilla\Firefox\Profiles\be1qz4m5.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\reactivate\NotIE6.css

c:\users\Melbee\AppData\Roaming\Mozilla\Firefox\Profiles\be1qz4m5.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\reactivate\OnlyIE6.css

c:\users\Melbee\AppData\Roaming\Mozilla\Firefox\Profiles\be1qz4m5.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\reactivate\window.css

c:\users\Melbee\AppData\Roaming\Mozilla\Firefox\Profiles\be1qz4m5.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\reactivate\window.js

c:\users\Melbee\AppData\Roaming\Mozilla\Firefox\Profiles\be1qz4m5.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\chevron_button.png

c:\users\Melbee\AppData\Roaming\Mozilla\Firefox\Profiles\be1qz4m5.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_button_hover.png

c:\users\Melbee\AppData\Roaming\Mozilla\Firefox\Profiles\be1qz4m5.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_button_normal.png

c:\users\Melbee\AppData\Roaming\Mozilla\Firefox\Profiles\be1qz4m5.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_dropdown_button_normal.png

c:\users\Melbee\AppData\Roaming\Mozilla\Firefox\Profiles\be1qz4m5.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_background.png

c:\users\Melbee\AppData\Roaming\Mozilla\Firefox\Profiles\be1qz4m5.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_left.png

c:\users\Melbee\AppData\Roaming\Mozilla\Firefox\Profiles\be1qz4m5.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_middle.png

c:\users\Melbee\AppData\Roaming\Mozilla\Firefox\Profiles\be1qz4m5.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\separator.png

c:\users\Melbee\AppData\Roaming\Mozilla\Firefox\Profiles\be1qz4m5.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\splitter.png

c:\users\Melbee\AppData\Roaming\Mozilla\Firefox\Profiles\be1qz4m5.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ff_hover_c.png

c:\users\Melbee\AppData\Roaming\Mozilla\Firefox\Profiles\be1qz4m5.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_c.png

c:\users\Melbee\AppData\Roaming\Mozilla\Firefox\Profiles\be1qz4m5.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_l.png

c:\users\Melbee\AppData\Roaming\Mozilla\Firefox\Profiles\be1qz4m5.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_r.png

c:\users\Melbee\AppData\Roaming\Mozilla\Firefox\Profiles\be1qz4m5.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_c.png

c:\users\Melbee\AppData\Roaming\Mozilla\Firefox\Profiles\be1qz4m5.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_l.png

c:\users\Melbee\AppData\Roaming\Mozilla\Firefox\Profiles\be1qz4m5.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_r.png

c:\users\Melbee\AppData\Roaming\Mozilla\Firefox\Profiles\be1qz4m5.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\toolbar.xml

c:\users\Melbee\AppData\Roaming\Mozilla\Firefox\Profiles\be1qz4m5.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\locale\en-US\{5911488E-9D1E-40ec-8CBB-06B231CC153F}.dtd

c:\users\Melbee\AppData\Roaming\Mozilla\Firefox\Profiles\be1qz4m5.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\skin\overlay.css

c:\users\Melbee\AppData\Roaming\Mozilla\Firefox\Profiles\be1qz4m5.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\install.rdf

c:\users\Melbee\AppData\Roaming\Mozilla\Firefox\Profiles\be1qz4m5.default\extensions\crossriderapp3491@crossrider.com

c:\users\Melbee\AppData\Roaming\Mozilla\Firefox\Profiles\be1qz4m5.default\extensions\crossriderapp3491@crossrider.com\chrome.manifest

c:\users\Melbee\AppData\Roaming\Mozilla\Firefox\Profiles\be1qz4m5.default\extensions\crossriderapp3491@crossrider.com\chrome\content\background.html

c:\users\Melbee\AppData\Roaming\Mozilla\Firefox\Profiles\be1qz4m5.default\extensions\crossriderapp3491@crossrider.com\chrome\content\browser.xul

c:\users\Melbee\AppData\Roaming\Mozilla\Firefox\Profiles\be1qz4m5.default\extensions\crossriderapp3491@crossrider.com\chrome\content\crossrider.js

c:\users\Melbee\AppData\Roaming\Mozilla\Firefox\Profiles\be1qz4m5.default\extensions\crossriderapp3491@crossrider.com\chrome\content\crossriderapi.js

c:\users\Melbee\AppData\Roaming\Mozilla\Firefox\Profiles\be1qz4m5.default\extensions\crossriderapp3491@crossrider.com\chrome\content\dialog.js

c:\users\Melbee\AppData\Roaming\Mozilla\Firefox\Profiles\be1qz4m5.default\extensions\crossriderapp3491@crossrider.com\chrome\content\options.js

c:\users\Melbee\AppData\Roaming\Mozilla\Firefox\Profiles\be1qz4m5.default\extensions\crossriderapp3491@crossrider.com\chrome\content\options.xul

c:\users\Melbee\AppData\Roaming\Mozilla\Firefox\Profiles\be1qz4m5.default\extensions\crossriderapp3491@crossrider.com\chrome\content\search_dialog.xul

c:\users\Melbee\AppData\Roaming\Mozilla\Firefox\Profiles\be1qz4m5.default\extensions\crossriderapp3491@crossrider.com\chrome\content\update.html

c:\users\Melbee\AppData\Roaming\Mozilla\Firefox\Profiles\be1qz4m5.default\extensions\crossriderapp3491@crossrider.com\defaults\preferences\prefs.js

c:\users\Melbee\AppData\Roaming\Mozilla\Firefox\Profiles\be1qz4m5.default\extensions\crossriderapp3491@crossrider.com\install.rdf

c:\users\Melbee\AppData\Roaming\Mozilla\Firefox\Profiles\be1qz4m5.default\extensions\crossriderapp3491@crossrider.com\locale\en-US\translations.dtd

c:\users\Melbee\AppData\Roaming\Mozilla\Firefox\Profiles\be1qz4m5.default\extensions\crossriderapp3491@crossrider.com\skin\button1.png

c:\users\Melbee\AppData\Roaming\Mozilla\Firefox\Profiles\be1qz4m5.default\extensions\crossriderapp3491@crossrider.com\skin\button2.png

c:\users\Melbee\AppData\Roaming\Mozilla\Firefox\Profiles\be1qz4m5.default\extensions\crossriderapp3491@crossrider.com\skin\button3.png

c:\users\Melbee\AppData\Roaming\Mozilla\Firefox\Profiles\be1qz4m5.default\extensions\crossriderapp3491@crossrider.com\skin\button4.png

c:\users\Melbee\AppData\Roaming\Mozilla\Firefox\Profiles\be1qz4m5.default\extensions\crossriderapp3491@crossrider.com\skin\button5.png

c:\users\Melbee\AppData\Roaming\Mozilla\Firefox\Profiles\be1qz4m5.default\extensions\crossriderapp3491@crossrider.com\skin\crossrider_statusbar.png

c:\users\Melbee\AppData\Roaming\Mozilla\Firefox\Profiles\be1qz4m5.default\extensions\crossriderapp3491@crossrider.com\skin\icon128.png

c:\users\Melbee\AppData\Roaming\Mozilla\Firefox\Profiles\be1qz4m5.default\extensions\crossriderapp3491@crossrider.com\skin\icon16.png

c:\users\Melbee\AppData\Roaming\Mozilla\Firefox\Profiles\be1qz4m5.default\extensions\crossriderapp3491@crossrider.com\skin\icon24.png

c:\users\Melbee\AppData\Roaming\Mozilla\Firefox\Profiles\be1qz4m5.default\extensions\crossriderapp3491@crossrider.com\skin\icon48.png

c:\users\Melbee\AppData\Roaming\Mozilla\Firefox\Profiles\be1qz4m5.default\extensions\crossriderapp3491@crossrider.com\skin\panelarrow-up.png

c:\users\Melbee\AppData\Roaming\Mozilla\Firefox\Profiles\be1qz4m5.default\extensions\crossriderapp3491@crossrider.com\skin\popup.css

c:\users\Melbee\AppData\Roaming\Mozilla\Firefox\Profiles\be1qz4m5.default\extensions\crossriderapp3491@crossrider.com\skin\popup.html

c:\users\Melbee\AppData\Roaming\Mozilla\Firefox\Profiles\be1qz4m5.default\extensions\crossriderapp3491@crossrider.com\skin\popup_binding.xml

c:\users\Melbee\AppData\Roaming\Mozilla\Firefox\Profiles\be1qz4m5.default\extensions\crossriderapp3491@crossrider.com\skin\skin.css

c:\users\Melbee\AppData\Roaming\Mozilla\Firefox\Profiles\be1qz4m5.default\extensions\crossriderapp3491@crossrider.com\skin\update.css

c:\users\Melbee\AppData\Roaming\Mozilla\Firefox\Profiles\be1qz4m5.default\searchplugins\bing-zugo.xml

c:\users\Melbee\AppData\Roaming\vso_ts_preview.xml

c:\users\Melbee\Documents\~WRL1840.tmp

c:\users\Melbee\Documents\~WRL3229.tmp

c:\users\Melbee\Documents\~WRL3541.tmp

c:\users\Melbee\Documents\~WRL3680.tmp

c:\windows\SysWow64\URTTemp

c:\windows\SysWow64\URTTemp\regtlib.exe

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_Updater Service for StartNow Toolbar

.

((((((((((((((((((((((((( Files Created from 2012-07-20 to 2012-08-20 )))))))))))))))))))))))))))))))

.

2012-08-20 16:51 . 2012-08-20 16:51 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-08-20 14:14 . 2012-08-20 14:14 -------- d-----w- C:\TDSSKiller_Quarantine

2012-08-17 18:08 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6BDB0186-E3D6-41C0-921C-18DE87B7E62D}\mpengine.dll

2012-08-16 20:43 . 2012-08-16 20:43 -------- d-----w- c:\users\Melbee\AppData\Roaming\Malwarebytes

2012-08-16 20:43 . 2012-08-16 20:43 -------- d-----w- c:\programdata\Malwarebytes

2012-08-16 20:43 . 2012-08-16 20:43 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-08-16 20:43 . 2012-07-03 19:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-08-16 04:25 . 2012-08-16 04:25 -------- d-----w- c:\users\Melbee\AppData\Roaming\StartNow Toolbar

2012-08-16 04:12 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll

2012-08-16 04:12 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe

2012-08-16 04:12 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe

2012-08-16 04:12 . 2012-02-11 05:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll

2012-08-16 04:12 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll

2012-08-16 04:12 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll

2012-08-16 04:12 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll

2012-08-16 04:12 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll

2012-08-16 04:12 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll

2012-08-16 04:12 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll

2012-08-16 04:12 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys

2012-08-16 04:12 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll

2012-08-07 00:21 . 2012-08-07 00:20 772592 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2012-08-07 00:01 . 2012-08-07 00:01 -------- d-----w- c:\users\Melbee\.morena

2012-07-27 20:51 . 2012-07-27 20:51 184248 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll

2012-07-27 20:51 . 2012-07-27 20:51 184248 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-20 14:22 . 2012-06-01 21:54 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-08-20 14:22 . 2011-06-17 13:51 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-08-16 09:00 . 2010-01-22 16:43 62134624 ----a-w- c:\windows\system32\MRT.exe

2012-08-07 00:20 . 2010-10-14 23:57 687600 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-06-25 22:04 . 2012-06-25 22:04 1394248 ----a-w- c:\windows\SysWow64\msxml4.dll

2012-06-09 05:43 . 2012-07-11 08:13 14172672 ----a-w- c:\windows\system32\shell32.dll

2012-06-07 02:59 . 2012-06-07 02:59 1070152 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX

2012-06-06 06:06 . 2012-07-11 08:13 2004480 ----a-w- c:\windows\system32\msxml6.dll

2012-06-06 06:06 . 2012-07-11 08:13 1881600 ----a-w- c:\windows\system32\msxml3.dll

2012-06-06 06:02 . 2012-07-11 08:13 1133568 ----a-w- c:\windows\system32\cdosys.dll

2012-06-06 05:05 . 2012-07-11 08:13 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll

2012-06-06 05:05 . 2012-07-11 08:13 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll

2012-06-06 05:03 . 2012-07-11 08:13 805376 ----a-w- c:\windows\SysWow64\cdosys.dll

2012-06-02 22:19 . 2012-06-22 05:10 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-06-22 05:10 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:19 . 2012-06-22 05:10 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-06-22 05:10 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-06-22 05:10 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:15 . 2012-06-22 05:10 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:15 . 2012-06-22 05:10 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 21:19 . 2012-06-22 05:09 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 21:15 . 2012-06-22 05:09 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-06-02 05:50 . 2012-07-11 08:13 458704 ----a-w- c:\windows\system32\drivers\cng.sys

2012-06-02 05:48 . 2012-07-11 08:13 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2012-06-02 05:48 . 2012-07-11 08:13 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-06-02 05:45 . 2012-07-11 08:13 340992 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 05:44 . 2012-07-11 08:13 307200 ----a-w- c:\windows\system32\ncrypt.dll

2012-06-02 04:40 . 2012-07-11 08:13 22016 ----a-w- c:\windows\SysWow64\secur32.dll

2012-06-02 04:40 . 2012-07-11 08:13 225280 ----a-w- c:\windows\SysWow64\schannel.dll

2012-06-02 04:39 . 2012-07-11 08:13 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll

2012-06-02 04:34 . 2012-07-11 08:13 96768 ----a-w- c:\windows\SysWow64\sspicli.dll

2012-05-31 18:25 . 2010-02-07 22:17 279656 ------w- c:\windows\system32\MpSigStub.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files (x86)\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}]

2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\uTorrentControl2\prxtbuTor.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files (x86)\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Melbee\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Melbee\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Melbee\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]

@="{dd230880-495a-11d1-b064-008048ec2fc5}"

[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]

2010-10-02 04:05 129624 ----a-w- c:\program files (x86)\Kaspersky Lab\Kaspersky PURE\shellex.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ccleaner"="c:\program files\CCleaner\CCleaner64.exe" [2012-07-24 5312352]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky PURE\avp.exe" [2010-10-02 348760]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~2\KASPER~1\KASPER~1\mzvkbd3.dll c:\progra~2\KASPER~1\KASPER~1\sbhook.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-20 250056]

R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-18 113120]

R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28x.sys [2009-06-10 620544]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-20 1255736]

S0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows\system32\DRIVERS\CSCrySec.sys [2009-12-14 85048]

S0 KLBG;Kaspersky Lab Boot Guard Driver;c:\windows\system32\DRIVERS\klbg.sys [2009-10-15 40464]

S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]

S1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows\system32\DRIVERS\CSVirtualDiskDrv.sys [2009-12-14 66104]

S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2009-09-14 27152]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]

S2 CSObjectsSrv;CryptoStorage control service;c:\program files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [2009-12-21 743992]

S2 FreeAgentGoNext Service;Seagate Service;c:\program files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-09-26 189736]

S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2010-09-16 80896]

S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-05-25 138752]

S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-10-03 21008]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]

S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-20 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-01 14:22]

.

2012-07-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1441638009-4071506538-4073995487-1000Core.job

- c:\users\Melbee\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-14 03:43]

.

2012-07-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1441638009-4071506538-4073995487-1000UA.job

- c:\users\Melbee\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-14 03:43]

.

--------- X64 Entries -----------

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\Melbee\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\Melbee\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\Melbee\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\Melbee\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]

@="{dd230880-495a-11d1-b064-008048ec2fc5}"

[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]

2010-10-02 04:06 170584 ----a-w- c:\program files (x86)\Kaspersky Lab\Kaspersky PURE\x64\ShellEx.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"combofix"="c:\combofix\CF11143.3XE" [2010-11-20 345088]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x1

"AppInit_DLLs"=c:\progra~2\KASPER~1\KASPER~1\x64\sbhook64.dll

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = about:blank

mStart Page = about:blank

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000

TCP: DhcpNameServer = 75.75.76.76 75.75.75.75

TCP: Interfaces\{F3DCC8AC-FAEC-404A-88A4-77C8B2F58823}: DhcpNameServer = 75.75.76.76 75.75.75.75

FF - ProfilePath - c:\users\Melbee\AppData\Roaming\Mozilla\Firefox\Profiles\be1qz4m5.default\

FF - prefs.js: browser.startup.homepage - www.google.com

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=

FF - prefs.js: network.proxy.type - 0

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)

AddRemove-HoldingPattern - c:\windows\system32\HoldingPattern.scr

AddRemove-StartNow Toolbar - c:\program files (x86)\StartNow Toolbar\StartNowToolbarUninstall.exe

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-1441638009-4071506538-4073995487-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.032"

.

[HKEY_USERS\S-1-5-21-1441638009-4071506538-4073995487-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.abr"

.

[HKEY_USERS\S-1-5-21-1441638009-4071506538-4073995487-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.amr\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.amr"

.

[HKEY_USERS\S-1-5-21-1441638009-4071506538-4073995487-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.ani"

.

[HKEY_USERS\S-1-5-21-1441638009-4071506538-4073995487-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.apd"

.

[HKEY_USERS\S-1-5-21-1441638009-4071506538-4073995487-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.arw"

.

[HKEY_USERS\S-1-5-21-1441638009-4071506538-4073995487-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.bay"

.

[HKEY_USERS\S-1-5-21-1441638009-4071506538-4073995487-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.bmp"

.

[HKEY_USERS\S-1-5-21-1441638009-4071506538-4073995487-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.bw"

.

[HKEY_USERS\S-1-5-21-1441638009-4071506538-4073995487-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bwf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.bwf"

.

[HKEY_USERS\S-1-5-21-1441638009-4071506538-4073995487-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.caf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.caf"

.

[HKEY_USERS\S-1-5-21-1441638009-4071506538-4073995487-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cdda\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.cdda"

.

[HKEY_USERS\S-1-5-21-1441638009-4071506538-4073995487-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cel\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.cel"

.

[HKEY_USERS\S-1-5-21-1441638009-4071506538-4073995487-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.cr2"

.

[HKEY_USERS\S-1-5-21-1441638009-4071506538-4073995487-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.crw"

.

[HKEY_USERS\S-1-5-21-1441638009-4071506538-4073995487-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.cs1"

.

[HKEY_USERS\S-1-5-21-1441638009-4071506538-4073995487-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.cur"

.

[HKEY_USERS\S-1-5-21-1441638009-4071506538-4073995487-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.dcr"

.

[HKEY_USERS\S-1-5-21-1441638009-4071506538-4073995487-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.dcx"

.

[HKEY_USERS\S-1-5-21-1441638009-4071506538-4073995487-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.dib"

.

[HKEY_USERS\S-1-5-21-1441638009-4071506538-4073995487-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.djv"

.

[HKEY_USERS\S-1-5-21-1441638009-4071506538-4073995487-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.djvu"

.

[HKEY_USERS\S-1-5-21-1441638009-4071506538-4073995487-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.dng"

.

[HKEY_USERS\S-1-5-21-1441638009-4071506538-4073995487-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.emf"

.

[HKEY_USERS\S-1-5-21-1441638009-4071506538-4073995487-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-1441638009-4071506538-4073995487-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.eps"

.

[HKEY_USERS\S-1-5-21-1441638009-4071506538-4073995487-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.erf"

.

[HKEY_USERS\S-1-5-21-1441638009-4071506538-4073995487-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.fff"

.

[HKEY_USERS\S-1-5-21-1441638009-4071506538-4073995487-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flc\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.flc"

.

[HKEY_USERS\S-1-5-21-1441638009-4071506538-4073995487-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fli\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.fli"

.

[HKEY_USERS\S-1-5-21-1441638009-4071506538-4073995487-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.fpx"

.

[HKEY_USERS\S-1-5-21-1441638009-4071506538-4073995487-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.gif"

.

[HKEY_USERS\S-1-5-21-1441638009-4071506538-4073995487-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gsm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.gsm"

.

[HKEY_USERS\S-1-5-21-1441638009-4071506538-4073995487-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.hdr"

.

[HKEY_USERS\S-1-5-21-1441638009-4071506538-4073995487-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.icl"

.

[HKEY_USERS\S-1-5-21-1441638009-4071506538-4073995487-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.icn"

.

[HKEY_USERS\S-1-5-21-1441638009-4071506538-4073995487-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.iff"

.

[HKEY_USERS\S-1-5-21-1441638009-4071506538-4073995487-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.ilbm"

.

[HKEY_USERS\S-1-5-21-1441638009-4071506538-4073995487-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.int"

.

[HKEY_USERS\S-1-5-21-1441638009-4071506538-4073995487-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.inta"

.

[HKEY_USERS\S-1-5-21-1441638009-4071506538-4073995487-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.iw4"

.

[HKEY_USERS\S-1-5-21-1441638009-4071506538-4073995487-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.j2c"

.

[HKEY_USERS\S-1-5-21-1441638009-4071506538-4073995487-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.j2k"

.

[HKEY_USERS\S-1-5-21-1441638009-4071506538-4073995487-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.jbr"

.

[HKEY_USERS\S-1-5-21-1441638009-4071506538-4073995487-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.jfif"

.

[HKEY_USERS\S-1-5-21-1441638009-4071506538-4073995487-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.jif"

.

[HKEY_USERS\S-1-5-21-1441638009-4071506538-4073995487-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.jp2"

.

[HKEY_USERS\S-1-5-21-1441638009-4071506538-4073995487-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.jpc"

.

[HKEY_USERS\S-1-5-21-1441638009-4071506538-4073995487-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.jpe"

.

[HKEY_USERS\S-1-5-21-1441638009-4071506538-4073995487-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.jpeg"

.

[HKEY_USERS\S-1-5-21-1441638009-4071506538-4073995487-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.jpg"

.

[HKEY_USERS\S-1-5-21-1441638009-4071506538-4073995487-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.jpk"

.

[HKEY_USERS\S-1-5-21-1441638009-4071506538-4073995487-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.jpx"

.

[HKEY_USERS\S-1-5-21-1441638009-4071506538-4073995487-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kar\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.kar"

.

[HKEY_USERS\S-1-5-21-1441638009-4071506538-4073995487-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.kdc"

.

[HKEY_USERS\S-1-5-21-1441638009-4071506538-4073995487-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.lbm"

.

[HKEY_USERS\S-1-5-21-1441638009-4071506538-4073995487-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m15\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.m15"

.

[HKEY_USERS\S-1-5-21-1441638009-4071506538-4073995487-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1a\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.m1a"

.

[HKEY_USERS\S-1-5-21-1441638009-4071506538-4073995487-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2a\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.m2a"

.

[HKEY_USERS\S-1-5-21-1441638009-4071506538-4073995487-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4b\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.m4b"

.

[HKEY_USERS\S-1-5-21-1441638009-4071506538-4073995487-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m75\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.m75"

.

[HKEY_USERS\S-1-5-21-1441638009-4071506538-4073995487-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.mef"

.

[HKEY_USERS\S-1-5-21-1441638009-4071506538-4073995487-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.mos"

.

[HKEY_USERS\S-1-5-21-1441638009-4071506538-4073995487-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.mrw"

.

[HKEY_USERS\S-1-5-21-1441638009-4071506538-4073995487-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.nef"

.

[HKEY_USERS\S-1-5-21-1441638009-4071506538-4073995487-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.nrw"

.

[HKEY_USERS\S-1-5-21-1441638009-4071506538-4073995487-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.orf"

.

[HKEY_USERS\S-1-5-21-1441638009-4071506538-4073995487-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.pbm"

.

[HKEY_USERS\S-1-5-21-1441638009-4071506538-4073995487-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.pbr"

.

[HKEY_USERS\S-1-5-21-1441638009-4071506538-4073995487-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.pcd"

.

[HKEY_USERS\S-1-5-21-1441638009-4071506538-4073995487-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.pct"

.

[HKEY_USERS\S-1-5-21-1441638009-4071506538-4073995487-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.pcx"

.

[HKEY_USERS\S-1-5-21-1441638009-4071506538-4073995487-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.pef"

.

[HKEY_USERS\S-1-5-21-1441638009-4071506538-4073995487-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.pgm"

.

[HKEY_USERS\S-1-5-21-1441638009-4071506538-4073995487-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.pic"

.

[HKEY_USERS\S-1-5-21-1441638009-4071506538-4073995487-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pics\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.pics"

.

[HKEY_USERS\S-1-5-21-1441638009-4071506538-4073995487-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.pict"

.

[HKEY_USERS\S-1-5-21-1441638009-4071506538-4073995487-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.pix"

.

[HKEY_USERS\S-1-5-21-1441638009-4071506538-4073995487-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.png"

.

[HKEY_USERS\S-1-5-21-1441638009-4071506538-4073995487-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.ppm"

.

[HKEY_USERS\S-1-5-21-1441638009-4071506538-4073995487-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.psd"

.

[HKEY_USERS\S-1-5-21-1441638009-4071506538-4073995487-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.psp"

.

[HKEY_USERS\S-1-5-21-1441638009-4071506538-4073995487-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.pspbrush"

.

[HKEY_USERS\S-1-5-21-1441638009-4071506538-4073995487-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.pspimage"

.

[HKEY_USERS\S-1-5-21-1441638009-4071506538-4073995487-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qcp\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.qcp"

.

[HKEY_USERS\S-1-5-21-1441638009-4071506538-4073995487-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qtpf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.qtpf"

.

[HKEY_USERS\S-1-5-21-1441638009-4071506538-4073995487-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.raf"

.

[HKEY_USERS\S-1-5-21-1441638009-4071506538-4073995487-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.ras"

.

[HKEY_USERS\S-1-5-21-1441638009-4071506538-4073995487-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.raw"

.

[HKEY_USERS\S-1-5-21-1441638009-4071506538-4073995487-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.rgb"

.

[HKEY_USERS\S-1-5-21-1441638009-4071506538-4073995487-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.rgba"

.

[HKEY_USERS\S-1-5-21-1441638009-4071506538-4073995487-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.rle"

.

[HKEY_USERS\S-1-5-21-1441638009-4071506538-4073995487-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.rsb"

.

[HKEY_USERS\S-1-5-21-1441638009-4071506538-4073995487-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.rw2"

.

[HKEY_USERS\S-1-5-21-1441638009-4071506538-4073995487-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.rwl"

.

[HKEY_USERS\S-1-5-21-1441638009-4071506538-4073995487-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sfil\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.sfil"

.

[HKEY_USERS\S-1-5-21-1441638009-4071506538-4073995487-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.sgi"

.

[HKEY_USERS\S-1-5-21-1441638009-4071506538-4073995487-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smi\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.smi"

.

[HKEY_USERS\S-1-5-21-1441638009-4071506538-4073995487-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smil\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.smil"

.

[HKEY_USERS\S-1-5-21-1441638009-4071506538-4073995487-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.sml"

.

[HKEY_USERS\S-1-5-21-1441638009-4071506538-4073995487-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.sr2"

.

[HKEY_USERS\S-1-5-21-1441638009-4071506538-4073995487-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.srf"

.

[HKEY_USERS\S-1-5-21-1441638009-4071506538-4073995487-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.srw"

.

[HKEY_USERS\S-1-5-21-1441638009-4071506538-4073995487-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.swa\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.swa"

.

[HKEY_USERS\S-1-5-21-1441638009-4071506538-4073995487-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.tga"

.

[HKEY_USERS\S-1-5-21-1441638009-4071506538-4073995487-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.thm"

.

[HKEY_USERS\S-1-5-21-1441638009-4071506538-4073995487-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.tif"

.

[HKEY_USERS\S-1-5-21-1441638009-4071506538-4073995487-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.tiff"

.

[HKEY_USERS\S-1-5-21-1441638009-4071506538-4073995487-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.ttc"

.

[HKEY_USERS\S-1-5-21-1441638009-4071506538-4073995487-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.ttf"

.

[HKEY_USERS\S-1-5-21-1441638009-4071506538-4073995487-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ulw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.ulw"

.

[HKEY_USERS\S-1-5-21-1441638009-4071506538-4073995487-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v40po\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.v40po"

.

[HKEY_USERS\S-1-5-21-1441638009-4071506538-4073995487-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v40pp\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.v40pp"

.

[HKEY_USERS\S-1-5-21-1441638009-4071506538-4073995487-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v40ppf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.v40ppf"

.

[HKEY_USERS\S-1-5-21-1441638009-4071506538-4073995487-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_USERS\S-1-5-21-1441638009-4071506538-4073995487-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vfw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.vfw"

.

[HKEY_USERS\S-1-5-21-1441638009-4071506538-4073995487-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.wbm"

.

[HKEY_USERS\S-1-5-21-1441638009-4071506538-4073995487-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.wbmp"

.

[HKEY_USERS\S-1-5-21-1441638009-4071506538-4073995487-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.wmf"

.

[HKEY_USERS\S-1-5-21-1441638009-4071506538-4073995487-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.xbm"

.

[HKEY_USERS\S-1-5-21-1441638009-4071506538-4073995487-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.xif"

.

[HKEY_USERS\S-1-5-21-1441638009-4071506538-4073995487-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.xmp"

.

[HKEY_USERS\S-1-5-21-1441638009-4071506538-4073995487-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.xpm"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

.

**************************************************************************

.

Completion time: 2012-08-20 13:02:55 - machine was rebooted

ComboFix-quarantined-files.txt 2012-08-20 19:02

.

Pre-Run: 138,416,230,400 bytes free

Post-Run: 137,686,900,736 bytes free

.

- - End Of File - - B0D987C67931BEE4F5128ACB4C246FC3

MrCharlie · August 20, 2012

Looks Good.....

Please Update and run a Quick Scan with MBAM, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

Melbee · August 20, 2012

Seems to be running just fine. Ran the report and show no detected items.

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.16.10

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Melbee :: MR_FANTASTIC [administrator]

8/20/2012 3:42:30 PM

mbam-log-2012-08-20 (15-42-30).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 199514

Time elapsed: 2 minute(s), 38 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

MrCharlie · August 21, 2012

Great

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall)

---------------------------------

Please download OTL from one of the links below: (you may already have OTL on the system)

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

http://www.itxassociates.com/OT-Tools/OTL.exe

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, etc....

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

LDTate · August 21, 2012

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.

Google Virus/Scour. Infected Please help

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information