Jump to content

Computer meltdown, user idiot


Recommended Posts

Hi my name is Mike and I'n an idiot, I have something on my pc which is killing it. I'm in safemode with networking as I type as my pc just keeps powering down with BSOD. I managed to contract something on my PC a few weeks ago, words on internet pages are underscored with dodgy links coming up when I hover over them. I tried every anti malware, spyware, system care, ccleaner I could, yet to no avail. I now have something that keeps re-directing me everytime I click on a link, optimizedby,brealtime is what comes up. I also have AVG giving me a threat of C:\Windows\System32\svchost.exe which apparently it can do nothing with. I have Malwarebytes which has found nothing. As requested, and I hope I have done this correctly, is the info from the DDS that I ran. Now I'm not that computer savvy, so please be patient with me. I hope I have the right place and thanks for helping... Mike

DDS (Ver_2012-10-14.05) - NTFS_AMD64 NETWORK

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2

Run by Mikey at 12:17:11 on 2012-10-18

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4095.3279 [GMT 1:00]

.

AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\Explorer.EXE

C:\Windows\System32\WerFault.exe

C:\Windows\system32\ctfmon.exe

C:\Users\Mikey\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Mikey\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Mikey\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Mikey\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Mikey\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Mikey\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Mikey\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Mikey\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Mikey\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Mikey\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uLocal Page = C:\Program Files (x86)\Corel\Corel PaintShop Pro X4\Languages\EN\Help\wwhelp\wwhimpl\common\html\blank.htm

uSearch Bar = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=GB&userid=a4229038-f534-4a79-8c9e-411368bb224c&searchtype=ds&q={searchTerms}

uSearch Page = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=GB&userid=a4229038-f534-4a79-8c9e-411368bb224c&searchtype=ds&q={searchTerms}

uSearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=GB&userid=a4229038-f534-4a79-8c9e-411368bb224c&searchtype=ds&q={searchTerms}

mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll

dURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll

mWinlogon: Userinit = userinit.exe,

BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll

BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll

BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

TB: Vuze Remote Toolbar: {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -

TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll

TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>

TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

uRun: [speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

uRun: [PC Remote Server] C:\Program Files (x86)\PC Remote\PC Remote\PCRemote.exe /silent

uRun: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart

uRun: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload

uRun: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup

uRun: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

mRun: [XtrCtrlExEmotion] C:\Program Files (x86)\Hercules\Dualpix Emotion\XtrCtrlEx.exe /startup

mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

mRun: [AllShareAgent] C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe

dRunOnce: [DeleteEngineAfterUpdate] reg DELETE HKCU\Software\AppDataLow\Software\ConduitEngine /f

StartupFolder: C:\Users\Mikey\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Mikey\AppData\Roaming\Dropbox\bin\Dropbox.exe

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll

IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe

IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

LSP: mswsock.dll

DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab

DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/RELEASECAB/install.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: NameServer = 194.168.4.100 194.168.8.100

TCP: Interfaces\{3FF28140-A05F-49A5-93A0-E59D99E74670} : DHCPNameServer = 194.168.4.100 194.168.8.100

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp

x64-BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll

x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>

x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

x64-Run: [XtrCtrlExEmotion] C:\Program Files (x86)\Hercules\Dualpix Emotion\XtrCtrlEx.exe /startup

x64-Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"

x64-Run: [rfagent] "C:\Program Files\RFA 8\rfagent64.exe"

x64-IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll

x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll

x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

x64-STS: CThemeResourceChangerObject Class - {F791A188-699D-4FD4-955A-EB59E89B1907} - \Program Files\Theme Resource Changer\ThemeResourceChanger.dll

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-4-19 28480]

R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-1-31 36944]

R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\System32\drivers\SmartDefragDriver.sys [2012-10-18 17720]

R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-8-24 384352]

R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2012-7-10 46136]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-7-10 676968]

S1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-7-26 291680]

S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2011-12-23 47696]

S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]

S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-6-5 913792]

S2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-3-15 361984]

S2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-1-3 55936]

S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-8-13 5167736]

S2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\V4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\V4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-18 136176]

S2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-7-9 1258856]

S2 SamsungAllShareV2.0;Samsung AllShare PC;C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [2012-3-2 25504]

S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-9-26 1153368]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-7 160944]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-2 382824]

S2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2012-8-23 2148216]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-27 250808]

S3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2011-12-23 124496]

S3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\avgidsfiltera.sys [2011-12-23 29776]

S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-4-1 183560]

S3 ExpressAccountsService;Express Accounts;C:\Program Files (x86)\NCH Software\ExpressAccounts\expressaccounts.exe [2012-7-19 3201540]

S3 ExpressInvoiceService;Express Invoice;C:\Program Files (x86)\NCH Software\ExpressInvoice\expressinvoice.exe [2012-7-19 2141700]

S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-8-23 57280]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-7-28 1511872]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-18 136176]

S3 hxctlflt;hxctlflt;C:\Windows\System32\drivers\hxctlflt.sys [2009-2-8 111104]

S3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;C:\PROGRA~1\MSI\MSIWDev\msibios64_100507.sys [2010-5-10 33592]

S3 NTIOLib_1_0_8;NTIOLib_1_0_8;C:\PROGRA~1\MSI\MSIWDev\NTIOLib_X64.sys [2011-1-27 11888]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\System32\drivers\nvhda64v.sys [2012-10-17 189288]

S3 SimpleSlideShowServer;SimpleSlideShowServer;C:\Program Files (x86)\Samsung\AllShare\AllShareSlideShowService.exe [2012-3-2 27584]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]

S3 SWDUMon;SWDUMon;C:\Windows\System32\drivers\SWDUMon.sys [2012-8-17 15712]

S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-10-16 59392]

S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [2012-7-4 11880]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-10-16 1255736]

S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2011-8-5 306400]

.

=============== Created Last 30 ================

.

2012-10-18 09:31:36 32600 ----a-w- C:\Windows\System32\SmartDefragBootTime.exe

2012-10-18 09:31:09 17720 ----a-w- C:\Windows\System32\drivers\SmartDefragDriver.sys

2012-10-18 09:20:01 35192 ----a-w- C:\Windows\System32\TURegOpt.exe

2012-10-18 09:19:59 26488 ----a-w- C:\Windows\System32\authuitu.dll

2012-10-18 09:19:58 21880 ----a-w- C:\Windows\SysWow64\authuitu.dll

2012-10-18 09:19:05 -------- d-----w- C:\Users\Mikey\AppData\Roaming\AVG

2012-10-18 09:18:15 -------- d-----w- C:\ProgramData\AVG

2012-10-18 09:18:08 -------- d-sh--w- C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}

2012-10-17 11:15:54 -------- d-----w- C:\ProgramData\RFA_Backups

2012-10-17 11:14:11 -------- d-----w- C:\ProgramData\Registry First Aid

2012-10-17 11:14:11 -------- d-----w- C:\Program Files\RFA 8

2012-10-16 14:53:20 -------- d-----w- C:\Users\Mikey\AppData\Local\KingJackpot

2012-10-16 11:41:31 -------- d-----w- C:\Users\Mikey\AppData\Roaming\PDAppFlex

2012-10-12 09:29:11 -------- d-----w- C:\Users\Mikey\AppData\Local\Helicon

2012-10-12 09:28:02 -------- d-----w- C:\Program Files (x86)\Common Files\Nikon

2012-10-12 09:27:45 -------- d-----w- C:\Program Files (x86)\Helicon Software

2012-10-10 11:16:59 184320 ----a-w- C:\Windows\System32\cryptsvc.dll

2012-10-10 11:16:59 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2012-10-10 11:16:59 140288 ----a-w- C:\Windows\System32\cryptnet.dll

2012-10-10 11:16:59 1159680 ----a-w- C:\Windows\SysWow64\crypt32.dll

2012-10-10 11:16:59 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

2012-10-10 10:10:39 -------- d-----w- C:\Samsung

2012-10-10 10:10:37 -------- d-----w- C:\Download

2012-10-10 10:07:48 -------- d-----w- C:\AllShare

2012-10-09 10:52:03 -------- d-----w- C:\Users\Mikey\.yawcam

2012-10-09 10:51:52 -------- d-----w- C:\Program Files (x86)\Yawcam

2012-10-08 12:51:36 -------- d-----w- C:\Program Files (x86)\MyFree Codec

2012-10-08 12:50:14 -------- d-----w- C:\Temp

2012-10-06 11:35:09 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2012-10-06 11:35:09 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-10-06 11:34:54 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2012-10-06 11:18:43 -------- d-----w- C:\Users\Mikey\AppData\Local\Samsung

2012-10-06 11:18:40 -------- d-----w- C:\Users\Mikey\AppData\Roaming\Samsung

2012-10-06 11:02:10 4659712 ----a-w- C:\Windows\SysWow64\Redemption.dll

2012-10-06 11:01:56 821824 ----a-w- C:\Windows\SysWow64\dgderapi.dll

2012-10-06 11:01:56 -------- d-----w- C:\Program Files (x86)\MarkAny

2012-10-06 11:01:22 -------- d-----w- C:\Program Files (x86)\Samsung

2012-10-06 11:01:21 -------- d-----w- C:\ProgramData\Samsung

2012-10-06 10:54:09 -------- d-----w- C:\Users\Mikey\AppData\Local\Downloaded Installations

2012-10-06 10:20:17 -------- d-----r- C:\Users\Mikey\Dropbox

2012-10-06 10:17:36 -------- d-----w- C:\Users\Mikey\AppData\Roaming\Dropbox

2012-10-02 12:15:52 430952 ----a-w- C:\Windows\SysWow64\nvStreaming.exe

2012-09-26 19:55:11 -------- d-----w- C:\ProgramData\boost_interprocess

2012-09-26 15:42:57 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy

2012-09-26 15:39:29 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe

2012-09-25 18:43:41 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy

2012-09-25 18:43:29 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2

2012-09-24 16:14:52 -------- d-----w- C:\Program Files\Enigma Software Group

2012-09-24 16:14:08 -------- d-----w- C:\Windows\8C5C34C7BC6B48318B2C6535FE63E502.TMP

2012-09-24 16:14:05 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard

2012-09-21 15:51:18 -------- d-----w- C:\Program Files (x86)\Vuze_Remote

2012-09-21 14:48:19 -------- d-----w- C:\Program Files\CCleaner

2012-09-21 14:44:57 -------- d-----w- C:\Program Files (x86)\CCleaner Business Edition

2012-09-21 09:23:36 -------- d-----w- C:\Users\Mikey\AppData\Roaming\Subversion

2012-09-21 09:22:35 -------- d-----w- C:\Users\Mikey\AppData\Roaming\fltk.org

2012-09-21 09:22:35 -------- d-----w- C:\ProgramData\fltk.org

2012-09-21 09:22:25 -------- d-----w- C:\Users\Mikey\AppData\Roaming\flightgear.org

2012-09-21 09:22:25 -------- d-----w- C:\ProgramData\flightgear.org

2012-09-21 09:22:11 466456 ----a-w- C:\Windows\System32\wrap_oal.dll

2012-09-21 09:22:11 122904 ----a-w- C:\Windows\System32\OpenAL32.dll

2012-09-21 09:22:10 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll

2012-09-21 09:22:10 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll

2012-09-21 09:22:10 -------- d-----w- C:\Program Files (x86)\OpenAL

2012-09-21 09:16:54 -------- d-----w- C:\Program Files\FlightGear

.

==================== Find3M ====================

.

2012-10-18 11:05:28 15712 ----a-w- C:\Windows\System32\drivers\SWDUMon.sys

2012-10-08 22:06:09 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-10-08 22:06:09 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-10-02 19:51:15 3536817 ----a-w- C:\Windows\System32\nvcoproc.bin

2012-10-02 19:51:11 3293544 ----a-w- C:\Windows\System32\nvsvc64.dll

2012-10-02 19:51:04 6200680 ----a-w- C:\Windows\System32\nvcpl.dll

2012-10-02 19:50:57 891240 ----a-w- C:\Windows\System32\nvvsvc.exe

2012-10-02 19:50:57 63336 ----a-w- C:\Windows\System32\nvshext.dll

2012-10-02 19:50:57 118120 ----a-w- C:\Windows\System32\nvmctray.dll

2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll

2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2012-09-07 16:04:46 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-08-31 18:19:35 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys

2012-08-30 18:03:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-08-24 18:05:07 220160 ----a-w- C:\Windows\System32\wintrust.dll

2012-08-24 16:57:48 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll

2012-08-24 14:43:16 384352 ----a-w- C:\Windows\System32\drivers\avgtdia.sys

2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll

2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-08-23 18:10:11 332288 ----a-w- C:\Windows\System32\uxtheme.dll

2012-08-23 18:10:09 2851840 ----a-w- C:\Windows\System32\themeui.dll

2012-08-23 18:10:06 44544 ----a-w- C:\Windows\System32\themeservice.dll

2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys

2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys

2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS

2012-08-20 18:48:44 362496 ----a-w- C:\Windows\System32\wow64win.dll

2012-08-20 18:48:44 243200 ----a-w- C:\Windows\System32\wow64.dll

2012-08-20 18:48:44 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2012-08-20 18:48:43 215040 ----a-w- C:\Windows\System32\winsrv.dll

2012-08-20 18:48:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

2012-08-20 18:48:35 424448 ----a-w- C:\Windows\System32\KernelBase.dll

2012-08-20 18:46:22 338432 ----a-w- C:\Windows\System32\conhost.exe

2012-08-20 17:40:21 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2012-08-20 17:38:44 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2012-08-20 17:38:26 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2012-08-20 17:37:19 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2012-08-20 17:37:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2012-08-20 15:38:21 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2012-08-20 15:38:20 2048 ----a-w- C:\Windows\SysWow64\user.exe

2012-08-20 15:33:28 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2012-08-20 15:33:28 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2012-08-20 15:33:28 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2012-08-20 15:33:28 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2012-08-11 00:56:03 715776 ----a-w- C:\Windows\System32\kerberos.dll

2012-08-10 23:56:14 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll

2012-08-02 17:58:52 574464 ----a-w- C:\Windows\System32\d3d10level9.dll

2012-08-02 16:57:20 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll

2012-07-28 02:09:02 57792 ----a-w- C:\Windows\SysWow64\sirenacm.dll

2012-07-28 01:54:00 321472 ----a-w- C:\Windows\WLXPGSS.SCR

2012-07-28 01:15:28 57280 ----a-w- C:\Windows\System32\drivers\fssfltr.sys

2012-07-26 18:08:06 862664 ----a-w- C:\Windows\SysWow64\msvcr110.dll

2012-07-26 18:08:06 534480 ----a-w- C:\Windows\SysWow64\msvcp110.dll

2012-07-26 18:08:06 251864 ----a-w- C:\Windows\SysWow64\vccorlib110.dll

2012-07-26 18:08:06 153536 ----a-w- C:\Windows\SysWow64\atl110.dll

2012-07-26 18:08:06 115656 ----a-w- C:\Windows\SysWow64\vcomp110.dll

2012-07-26 14:22:10 828872 ----a-w- C:\Windows\System32\msvcr110.dll

2012-07-26 14:22:10 661448 ----a-w- C:\Windows\System32\msvcp110.dll

2012-07-26 14:22:10 354264 ----a-w- C:\Windows\System32\vccorlib110.dll

2012-07-26 14:22:10 177096 ----a-w- C:\Windows\System32\atl110.dll

2012-07-26 14:22:10 124360 ----a-w- C:\Windows\System32\vcomp110.dll

2012-07-26 02:21:28 291680 ----a-w- C:\Windows\System32\drivers\avgldx64.sys

.

============= FINISH: 12:18:34.17 ===============

Link to post
Share on other sites

  • Staff

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us


  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.

    [*]Please do not attach logs or use code boxes, just copy and paste the text.

    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.

    [*]Please read every post completely before doing anything.

    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.

    [*]Please provide feedback about your experience as we go.

    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from
here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download
AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
    • Quit all programs that you may have started.
    • Please disconnect any USB or external drives from the computer before you run this scan!
    • For Vista or Windows 7, right-click and select "Run as Administrator to start"
    • For Windows XP, double-click to start.
    • Wait until Prescan has finished ...
    • Then Click on "Scan" button
    • Wait until the Status box shows "Scan Finished"
    • click on "delete"
    • Wait until the Status box shows "Deleting Finished"
    • Click on "Report" and copy/paste the content of the Notepad into your next reply.
    • The log should be found in RKreport[1].txt on your Desktop
    • Exit/Close RogueKiller+

Gringo

Link to post
Share on other sites

Security check

Results of screen317's Security Check version 0.99.51

Windows 7 Service Pack 1 x64 (UAC is enabled)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Security Center service is not running! This report may not be accurate!

AVG Anti-Virus Free Edition 2012

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Spybot - Search & Destroy

Malwarebytes Anti-Malware version 1.65.0.1400

AVG PC TuneUp

AVG PC TuneUp Language Pack (en-US)

CCleaner Business Edition

Java 7 Update 7

Adobe Reader X (10.1.4)

Google Chrome 21.0.1180.83

Google Chrome 21.0.1180.89

Google Chrome 22.0.1229.79

Google Chrome 22.0.1229.92

Google Chrome 22.0.1229.94

````````Process Check: objlist.exe by Laurent````````

`````````````````System Health check`````````````````

Total Fragmentation on Drive C:

````````````````````End of Log``````````````````````

ADW Cleaner

# AdwCleaner v2.005 - Logfile created 10/18/2012 at 13:29:41

# Updated 14/10/2012 by Xplode

# Operating system : Windows 7 Professional Service Pack 1 (64 bits)

# User : Mikey - MIKEY-PC

# Boot Mode : Safe mode with networking

# Running from : C:\Users\Mikey\Downloads\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

File Deleted : C:\user.js

Folder Deleted : C:\Program Files (x86)\Conduit

Folder Deleted : C:\Program Files (x86)\Vuze_Remote

Folder Deleted : C:\ProgramData\boost_interprocess

Folder Deleted : C:\ProgramData\InstallMate

Folder Deleted : C:\ProgramData\Premium

Folder Deleted : C:\ProgramData\Trymedia

Folder Deleted : C:\Users\Mikey\AppData\Local\Conduit

Folder Deleted : C:\Users\Mikey\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk

Folder Deleted : C:\Users\Mikey\AppData\Local\Ilivid Player

Folder Deleted : C:\Users\Mikey\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\Mikey\AppData\LocalLow\ConduitEngine

Folder Deleted : C:\Users\Mikey\AppData\LocalLow\PriceGong

Folder Deleted : C:\Users\Mikey\AppData\LocalLow\Vuze_Remote

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit

Key Deleted : HKCU\Software\AppDataLow\Software\conduitEngine

Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes

Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider

Key Deleted : HKCU\Software\AppDataLow\Software\I Want This

Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong

Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar

Key Deleted : HKCU\Software\AppDataLow\Software\Vuze_Remote

Key Deleted : HKCU\Software\AppDataLow\Toolbar

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\Google\Chrome\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA14329E-9550-4989-B3F2-9732E92D17CC}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA14329E-9550-4989-B3F2-9732E92D17CC}

Key Deleted : HKCU\Software\Softonic

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL

Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2504091

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3202918

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E30ED111-BD63-48C2-A6CB-AB3C9FFFB07C}

Key Deleted : HKLM\Software\Vuze_Remote

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BA14329E-9550-4989-B3F2-9732E92D17CC}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E30ED111-BD63-48C2-A6CB-AB3C9FFFB07C}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8A5114AD-9693-4DAC-9C45-7E2618ED653D}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F6A74608-1B1B-4A96-B48F-0F1715FF312F}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA14329E-9550-4989-B3F2-9732E92D17CC}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Vuze_Remote Toolbar

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BA14329E-9550-4989-B3F2-9732E92D17CC}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{BA14329E-9550-4989-B3F2-9732E92D17CC}]

Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{BA14329E-9550-4989-B3F2-9732E92D17CC}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=GB&userid=a4229038-f534-4a79-8c9e-411368bb224c&searchtype=ds&q={searchTerms} --> hxxp://www.google.com

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=GB&userid=a4229038-f534-4a79-8c9e-411368bb224c&searchtype=ds&q={searchTerms} --> hxxp://www.google.com

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=GB&userid=a4229038-f534-4a79-8c9e-411368bb224c&searchtype=ds&q={searchTerms} --> hxxp://www.google.com

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=GB&userid=a4229038-f534-4a79-8c9e-411368bb224c&searchtype=ds&q={searchTerms} --> hxxp://www.google.com

-\\ Google Chrome v22.0.1229.94

File : C:\Users\Mikey\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.13] : urls_to_restore_on_startup = [ "hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=GB&userid=a4229038-f534-4a79-8c9e-411368bb224c&searchtype=hp" ]

Deleted [l.2252] : urls_to_restore_on_startup = [ "hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=GB&userid=a4229038-f534-4a79-8c9e-411368bb224c&searchtype=hp" ]

*************************

AdwCleaner[s1].txt - [6953 octets] - [18/10/2012 13:29:41]

########## EOF - C:\AdwCleaner[s1].txt - [7013 octets] ##########

RKReport

RogueKiller V8.1.1 [10/01/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website: http://tigzy.geekstogo.com/roguekiller.php

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Safe mode with network support

User : Mikey [Admin rights]

Mode : Scan -- Date : 10/18/2012 13:44:34

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 7 ¤¤¤

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND

[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> FOUND

[HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

[ZeroAccess][FILE] @ : C:\Windows\Installer\{ea34e320-117c-320c-35bc-70b4ccfb2817}\@ --> FOUND

[ZeroAccess][FOLDER] U : C:\Windows\Installer\{ea34e320-117c-320c-35bc-70b4ccfb2817}\U --> FOUND

[ZeroAccess][FOLDER] L : C:\Windows\Installer\{ea34e320-117c-320c-35bc-70b4ccfb2817}\L --> FOUND

[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_32\Desktop.ini --> FOUND

[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_64\Desktop.ini --> FOUND

[susp.ASLR][FILE] services.exe : C:\Windows\system32\services.exe --> FOUND

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Maxtor 6V320F0 ATA Device +++++

--- User ---

[MBR] a89a9aca3e186566131e3f135f070b67

[bSP] db550729b9d0b89f194767de271d1b1f : Windows 7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 305243 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[2].txt >>

RKreport[1].txt ; RKreport[2].txt

Thank you Gringo, I hope all the info is there for you

Link to post
Share on other sites

  • Staff

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.

Link 1
Link 2
Link 3

1. Close any open browsers or any other programs that are open.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

Link to post
Share on other sites

Finally Gringo here's the report. I'll re boot into normal mode and let you know how it's going

ComboFix 12-10-18.03 - Mikey 18/10/2012 14:53:19.2.4 - x64 NETWORK

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4095.3360 [GMT 1:00]

Running from: c:\users\Mikey\Downloads\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((( Files Created from 2012-09-18 to 2012-10-18 )))))))))))))))))))))))))))))))

.

.

2012-10-18 14:00 . 2012-10-18 14:00 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp

2012-10-18 14:00 . 2012-10-18 14:00 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-10-18 14:00 . 2012-10-18 14:00 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-10-18 09:31 . 2012-05-08 17:34 32600 ----a-w- c:\windows\system32\SmartDefragBootTime.exe

2012-10-18 09:31 . 2010-11-26 17:02 17720 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys

2012-10-18 09:20 . 2012-08-23 10:31 35192 ----a-w- c:\windows\system32\TURegOpt.exe

2012-10-18 09:19 . 2012-08-23 10:31 26488 ----a-w- c:\windows\system32\authuitu.dll

2012-10-18 09:19 . 2012-08-23 10:31 21880 ----a-w- c:\windows\SysWow64\authuitu.dll

2012-10-18 09:19 . 2012-10-18 09:19 -------- d-----w- c:\users\Mikey\AppData\Roaming\AVG

2012-10-18 09:18 . 2012-10-18 09:20 -------- d-----w- c:\programdata\AVG

2012-10-18 09:18 . 2012-10-18 09:18 -------- d-sh--w- c:\programdata\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}

2012-10-17 11:15 . 2012-10-17 16:59 -------- d-----w- c:\programdata\RFA_Backups

2012-10-17 11:14 . 2012-10-17 22:56 -------- d-----w- c:\programdata\Registry First Aid

2012-10-17 11:14 . 2012-10-17 22:56 -------- d-----w- c:\program files\RFA 8

2012-10-16 14:53 . 2012-10-17 09:39 -------- d-----w- c:\users\Mikey\AppData\Local\KingJackpot

2012-10-16 11:41 . 2012-10-16 11:41 -------- d-----w- c:\users\Mikey\AppData\Roaming\PDAppFlex

2012-10-12 09:29 . 2012-10-17 02:21 -------- d-----w- c:\users\Mikey\AppData\Local\Helicon

2012-10-12 09:28 . 2012-10-17 02:21 -------- d-----w- c:\program files (x86)\Common Files\Nikon

2012-10-12 09:27 . 2012-10-17 02:21 -------- d-----w- c:\program files (x86)\Helicon Software

2012-10-10 11:16 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll

2012-10-10 11:16 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll

2012-10-10 11:16 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll

2012-10-10 11:16 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll

2012-10-10 11:16 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll

2012-10-10 10:10 . 2012-10-10 10:10 -------- d-----w- C:\Samsung

2012-10-10 10:10 . 2012-10-10 10:10 -------- d-----w- C:\Download

2012-10-10 10:07 . 2012-10-10 10:07 -------- d-----w- C:\AllShare

2012-10-09 10:52 . 2012-10-09 11:03 -------- d-----w- c:\users\Mikey\.yawcam

2012-10-09 10:51 . 2012-10-09 11:03 -------- d-----w- c:\program files (x86)\Yawcam

2012-10-08 12:51 . 2012-10-17 02:21 -------- d-----w- c:\program files (x86)\MyFree Codec

2012-10-08 12:50 . 2012-10-17 10:27 -------- d-----w- C:\Temp

2012-10-06 11:35 . 2012-10-17 02:21 -------- d-----w- c:\program files (x86)\Common Files\Java

2012-10-06 11:35 . 2012-10-06 11:34 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2012-10-06 11:35 . 2012-10-06 11:34 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-10-06 11:34 . 2012-10-06 11:34 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2012-10-06 11:34 . 2012-10-17 02:21 -------- d-----w- c:\program files (x86)\Java

2012-10-06 11:18 . 2012-10-17 02:21 -------- d-----w- c:\users\Mikey\AppData\Local\Samsung

2012-10-06 11:18 . 2012-10-10 10:08 -------- d-----w- c:\users\Mikey\AppData\Roaming\Samsung

2012-10-06 11:02 . 2012-09-26 19:57 4659712 ----a-w- c:\windows\SysWow64\Redemption.dll

2012-10-06 11:01 . 2012-10-17 02:21 -------- d-----w- c:\program files (x86)\MarkAny

2012-10-06 11:01 . 2012-09-26 19:57 821824 ----a-w- c:\windows\SysWow64\dgderapi.dll

2012-10-06 11:01 . 2012-10-17 02:21 -------- d-----w- c:\program files (x86)\Samsung

2012-10-06 11:01 . 2012-10-06 11:16 -------- d-----w- c:\programdata\Samsung

2012-10-06 10:54 . 2012-10-17 02:21 -------- d-----w- c:\users\Mikey\AppData\Local\Downloaded Installations

2012-10-06 10:20 . 2012-10-18 13:43 -------- d-----r- c:\users\Mikey\Dropbox

2012-10-06 10:17 . 2012-10-18 13:44 -------- d-----w- c:\users\Mikey\AppData\Roaming\Dropbox

2012-10-02 12:15 . 2012-10-02 12:15 430952 ----a-w- c:\windows\SysWow64\nvStreaming.exe

2012-09-26 15:42 . 2012-09-26 15:43 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy

2012-09-26 15:39 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe

2012-09-25 18:43 . 2012-10-17 11:03 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2012-09-25 18:43 . 2012-09-26 06:58 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2

2012-09-24 16:14 . 2012-09-24 16:14 -------- d-----w- c:\program files\Enigma Software Group

2012-09-24 16:14 . 2012-09-24 17:39 -------- d-----w- c:\windows\8C5C34C7BC6B48318B2C6535FE63E502.TMP

2012-09-24 16:14 . 2012-09-24 16:14 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard

2012-09-21 14:48 . 2012-09-21 14:48 -------- d-----w- c:\program files\CCleaner

2012-09-21 14:44 . 2012-09-21 14:44 -------- d-----w- c:\program files (x86)\CCleaner Business Edition

2012-09-21 09:23 . 2012-09-21 09:23 -------- d-----w- c:\users\Mikey\AppData\Roaming\Subversion

2012-09-21 09:22 . 2012-09-21 09:22 -------- d-----w- c:\users\Mikey\AppData\Roaming\fltk.org

2012-09-21 09:22 . 2012-09-21 09:22 -------- d-----w- c:\programdata\fltk.org

2012-09-21 09:22 . 2012-09-21 09:25 -------- d-----w- c:\users\Mikey\AppData\Roaming\flightgear.org

2012-09-21 09:22 . 2012-09-21 09:22 -------- d-----w- c:\programdata\flightgear.org

2012-09-21 09:22 . 2012-09-21 09:22 466456 ----a-w- c:\windows\system32\wrap_oal.dll

2012-09-21 09:22 . 2012-09-21 09:22 122904 ----a-w- c:\windows\system32\OpenAL32.dll

2012-09-21 09:22 . 2012-09-21 09:22 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll

2012-09-21 09:22 . 2012-09-21 09:22 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll

2012-09-21 09:22 . 2012-09-21 09:22 -------- d-----w- c:\program files (x86)\OpenAL

2012-09-21 09:16 . 2012-09-21 09:16 -------- d-----w- c:\program files\FlightGear

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-10-18 13:41 . 2012-08-17 10:53 15712 ----a-w- c:\windows\system32\drivers\SWDUMon.sys

2012-10-11 02:03 . 2011-10-15 15:22 65309168 ----a-w- c:\windows\system32\MRT.exe

2012-10-08 22:06 . 2012-05-27 10:04 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-10-08 22:06 . 2011-10-15 02:45 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-10-02 19:51 . 2012-07-09 20:16 3536817 ----a-w- c:\windows\system32\nvcoproc.bin

2012-10-02 19:51 . 2012-07-09 20:16 3293544 ----a-w- c:\windows\system32\nvsvc64.dll

2012-10-02 19:51 . 2012-07-09 20:16 6200680 ----a-w- c:\windows\system32\nvcpl.dll

2012-10-02 19:50 . 2012-07-09 20:16 891240 ----a-w- c:\windows\system32\nvvsvc.exe

2012-10-02 19:50 . 2012-07-09 20:16 63336 ----a-w- c:\windows\system32\nvshext.dll

2012-10-02 19:50 . 2012-07-09 20:16 118120 ----a-w- c:\windows\system32\nvmctray.dll

2012-09-07 16:04 . 2012-05-02 06:15 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-08-24 14:43 . 2012-08-24 14:43 384352 ----a-w- c:\windows\system32\drivers\avgtdia.sys

2012-08-23 18:10 . 2009-07-13 23:55 332288 ----a-w- c:\windows\system32\uxtheme.dll

2012-08-23 18:10 . 2011-10-16 18:20 2851840 ----a-w- c:\windows\system32\themeui.dll

2012-08-23 18:10 . 2009-07-13 23:54 44544 ----a-w- c:\windows\system32\themeservice.dll

2012-08-22 18:12 . 2012-09-12 00:42 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-08-22 18:12 . 2012-09-12 00:42 950128 ----a-w- c:\windows\system32\drivers\ndis.sys

2012-08-22 18:12 . 2012-09-12 00:42 376688 ----a-w- c:\windows\system32\drivers\netio.sys

2012-08-22 18:12 . 2012-09-12 00:42 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

2012-08-20 17:38 . 2012-10-10 11:17 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2012-08-02 17:58 . 2012-09-12 00:42 574464 ----a-w- c:\windows\system32\d3d10level9.dll

2012-08-02 16:57 . 2012-09-12 00:42 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll

2012-07-28 02:09 . 2012-07-28 02:09 57792 ----a-w- c:\windows\SysWow64\sirenacm.dll

2012-07-28 01:54 . 2012-07-28 01:54 321472 ----a-w- c:\windows\WLXPGSS.SCR

2012-07-28 01:15 . 2012-08-23 16:58 57280 ----a-w- c:\windows\system32\drivers\fssfltr.sys

2012-07-26 18:08 . 2012-07-26 18:08 862664 ----a-w- c:\windows\SysWow64\msvcr110.dll

2012-07-26 18:08 . 2012-07-26 18:08 534480 ----a-w- c:\windows\SysWow64\msvcp110.dll

2012-07-26 18:08 . 2012-07-26 18:08 251864 ----a-w- c:\windows\SysWow64\vccorlib110.dll

2012-07-26 18:08 . 2012-07-26 18:08 153536 ----a-w- c:\windows\SysWow64\atl110.dll

2012-07-26 18:08 . 2012-07-26 18:08 115656 ----a-w- c:\windows\SysWow64\vcomp110.dll

2012-07-26 14:22 . 2012-07-26 14:22 828872 ----a-w- c:\windows\system32\msvcr110.dll

2012-07-26 14:22 . 2012-07-26 14:22 661448 ----a-w- c:\windows\system32\msvcp110.dll

2012-07-26 14:22 . 2012-07-26 14:22 354264 ----a-w- c:\windows\system32\vccorlib110.dll

2012-07-26 14:22 . 2012-07-26 14:22 177096 ----a-w- c:\windows\system32\atl110.dll

2012-07-26 14:22 . 2012-07-26 14:22 124360 ----a-w- c:\windows\system32\vcomp110.dll

2012-07-26 02:21 . 2012-07-26 02:21 291680 ----a-w- c:\windows\system32\drivers\avgldx64.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]

@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"

[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]

2012-08-23 16:52 220608 ----a-w- c:\users\Mikey\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]

@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"

[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]

2012-08-23 16:52 220608 ----a-w- c:\users\Mikey\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]

@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"

[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]

2012-08-23 16:52 220608 ----a-w- c:\users\Mikey\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 94208 ----a-w- c:\users\Mikey\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 94208 ----a-w- c:\users\Mikey\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 94208 ----a-w- c:\users\Mikey\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]

"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2009-07-14 44544]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-01-18 39408]

"PC Remote Server"="c:\program files (x86)\PC Remote\PC Remote\PCRemote.exe" [2012-02-01 1501696]

"Advanced SystemCare 5"="c:\program files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-05-28 288128]

"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2012-09-28 965560]

"KiesAirMessage"="c:\program files (x86)\Samsung\Kies\KiesAirMessage.exe" [2012-09-26 580096]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984]

"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]

"XtrCtrlExEmotion"="c:\program files (x86)\Hercules\Dualpix Emotion\XtrCtrlEx.exe" [2009-10-19 3407656]

"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-09-28 309688]

"AllShareAgent"="c:\program files (x86)\Samsung\AllShare\AllShareAgent.exe" [2012-03-01 285072]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"DeleteEngineAfterUpdate"="reg DELETE HKCU\Software\AppDataLow\Software\ConduitEngine" [X]

.

c:\users\Mikey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Mikey\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-8-27 26924984]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"

.

R1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-07-26 291680]

R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]

R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]

R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-05-26 913792]

R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-03-15 361984]

R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-01-03 55936]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-08-13 5167736]

R2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-18 136176]

R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2000-01-01 1258856]

R2 SamsungAllShareV2.0;Samsung AllShare PC;c:\program files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [2012-03-02 25504]

R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]

R2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2012-08-23 2148216]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-08 250808]

R3 ALSysIO;ALSysIO;c:\users\Mikey\AppData\Local\Temp\ALSysIO64.sys [x]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]

R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]

R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]

R3 ExpressAccountsService;Express Accounts;c:\program files (x86)\NCH Software\ExpressAccounts\expressaccounts.exe [2012-07-19 3201540]

R3 ExpressInvoiceService;Express Invoice;c:\program files (x86)\NCH Software\ExpressInvoice\expressinvoice.exe [2012-07-19 2141700]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-18 136176]

R3 hxctlflt;hxctlflt;c:\windows\system32\Drivers\hxctlflt.sys [2009-02-08 111104]

R3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\progra~1\MSI\MSIWDev\msibios64_100507.sys [2010-05-10 33592]

R3 NTIOLib_1_0_4;NTIOLib_1_0_4; [x]

R3 NTIOLib_1_0_8;NTIOLib_1_0_8;c:\progra~1\MSI\MSIWDev\NTIOLib_X64.sys [2011-01-27 11888]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2000-01-01 189288]

R3 SimpleSlideShowServer;SimpleSlideShowServer;c:\program files (x86)\Samsung\AllShare\AllShareSlideShowService.exe [2012-03-02 27584]

R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [2012-10-18 15712]

R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [2012-07-04 11880]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-16 1255736]

R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]

S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]

S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]

S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2010-11-26 17720]

S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-08-24 384352]

S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2000-01-01 676968]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08

.

Contents of the 'Scheduled Tasks' folder

.

2012-10-18 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-27 22:06]

.

2012-10-18 c:\windows\Tasks\DriverUpdate Startup.job

- c:\program files (x86)\DriverUpdate\DriverUpdate.exe [2012-08-10 08:08]

.

2012-10-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-18 08:27]

.

2012-10-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-18 08:27]

.

2012-10-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3603500710-2092313750-1169243093-1001Core.job

- c:\users\Mikey\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-20 16:49]

.

2012-10-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3603500710-2092313750-1169243093-1001UA.job

- c:\users\Mikey\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-20 16:49]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]

@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"

[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]

2012-08-23 16:52 244672 ----a-w- c:\users\Mikey\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]

@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"

[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]

2012-08-23 16:52 244672 ----a-w- c:\users\Mikey\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]

@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"

[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]

2012-08-23 16:52 244672 ----a-w- c:\users\Mikey\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 97792 ----a-w- c:\users\Mikey\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 97792 ----a-w- c:\users\Mikey\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 97792 ----a-w- c:\users\Mikey\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 97792 ----a-w- c:\users\Mikey\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]

"XtrCtrlExEmotion"="c:\program files (x86)\Hercules\Dualpix Emotion\XtrCtrlEx.exe" [2009-10-19 3407656]

"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]

"rfagent"="c:\program files\RFA 8\rfagent64.exe" [2012-10-08 3267736]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]

"{F791A188-699D-4FD4-955A-EB59E89B1907}"= "\Program Files\Theme Resource Changer\ThemeResourceChanger.dll" [2010-10-07 103936]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uLocal Page = c:\program files (x86)\Corel\Corel PaintShop Pro X4\Languages\EN\Help\wwhelp\wwhimpl\common\html\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uSearchAssistant = hxxp://www.google.com

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000

Trusted Zone: com\www.msi

Trusted Zone: com.tw\asia.msi

Trusted Zone: com.tw\global.msi

TCP: DhcpNameServer = 194.168.4.100 194.168.8.100

DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} - hxxp://archives.gametap.com/static/cab_headless/GameTapWebPlayer.cab

.

- - - - ORPHANS REMOVED - - - -

.

WebBrowser-{55D7C7BC-12A7-4F9B-81C0-600D9A182395} - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{30F9B915-B755-4826-820B-08FBA6BD249D}"=hex:51,66,7a,6c,4c,1d,38,12,7b,ba,ea,

34,67,f9,48,0d,fd,1d,4b,bb,a3,e3,60,89

"{0347C33E-8762-4905-BF09-768834316C61}"=hex:51,66,7a,6c,4c,1d,38,12,50,c0,54,

07,50,c9,6b,0c,c0,1f,35,c8,31,6f,28,75

"{1631550F-191D-4826-B069-D9439253D926}"=hex:51,66,7a,6c,4c,1d,38,12,61,56,22,

12,2f,57,48,0d,cf,7f,9a,03,97,0d,9d,32

"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,

1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7

"{2EECD738-5844-4A99-B4B6-146BF802613B}"=hex:51,66,7a,6c,4c,1d,38,12,56,d4,ff,

2a,76,16,f7,0f,cb,a0,57,2b,fd,5c,25,2f

"{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}"=hex:51,66,7a,6c,4c,1d,38,12,81,2d,20,

35,ad,85,e1,00,d0,fd,90,4e,9f,38,f2,ae

"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,

38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4

"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,

94,30,02,d1,0f,f1,da,12,24,73,56,27,d2

"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,

aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83

"{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,38,12,91,fc,ec,

fb,7c,81,45,0a,c2,d4,4d,32,e4,48,ec,42

"{555D4D79-4BD2-4094-A395-CFC534424A05}"=hex:51,66,7a,6c,4c,1d,38,12,17,4e,4e,

51,e0,05,fa,05,dc,83,8c,85,31,1c,0e,11

"{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}"=hex:51,66,7a,6c,4c,1d,38,12,35,fc,e1,

93,3e,68,a1,09,fc,5c,6e,9a,4b,77,a7,8a

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:09,c9,f7,fe,b5,73,cd,01

.

[HKEY_USERS\S-1-5-21-3603500710-2092313750-1169243093-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (S-1-5-21-3603500710-2092313750-1169243093-1001)

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-3603500710-2092313750-1169243093-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (S-1-5-21-3603500710-2092313750-1169243093-1001)

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]

"value"="?\0a\06\0f\11\"\1f?"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Nico Mak Computing\WinZip]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-10-18 15:02:00

ComboFix-quarantined-files.txt 2012-10-18 14:02

ComboFix2.txt 2012-10-18 13:38

.

Pre-Run: 111,835,516,928 bytes free

Post-Run: 111,652,098,048 bytes free

.

- - End Of File - - C04F11FB7CFA3BE3B2C00958C09B8777

Link to post
Share on other sites

Well the malware seems to have gone Gringo, no underscored words as of yet, seems stable at the minute, no dodgy links yet either. Is there anything else I should be doing, other than thanking you profusely. As you may have noticed I have Malwarebytes, AVG, Advanced System Care 5, Spybot S & D, CCleaner and Registry First Aid running. Is this overkill do you think ?, could these be causing a problem ?

Link to post
Share on other sites

Well I spoke a little too soon I think Gringo, two BSOD's in the last half an hour. After the first BSOD the pc decided to check the file system and disks for consistency. Something is still amiss here I think Gringo.

Here is the report from BLUSCREENVIEW

101812-40466-01.dmp 18/10/2012 16:17:20 SYSTEM_SERVICE_EXCEPTION 0x0000003b 00000000`c000001d fffff800`03094c85 fffff880`096fae50 00000000`00000000 Beep.SYS Beep.SYS+a0d8410 x64 ntoskrnl.exe+7efc0 C:\Windows\Minidump\101812-40466-01.dmp 4 15 7601 301,970

Link to post
Share on other sites

Another BSOD Gringo

101812-40123-01.dmp 18/10/2012 16:26:23 PAGE_FAULT_IN_NONPAGED_AREA 0x00000050 fffffa80`49b51b79 00000000`00000000 fffff800`0309d70a 00000000`00000005 ntoskrnl.exe ntoskrnl.exe+7efc0 NT Kernel & System Microsoft® Windows® Operating System Microsoft Corporation 6.1.7601.17944 (win7sp1_gdr.120830-0333) x64 ntoskrnl.exe+7efc0 C:\Windows\Minidump\101812-40123-01.dmp 4 15 7601 301,970

Thank for your help

Link to post
Share on other sites

  • Staff

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.

  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo

Link to post
Share on other sites

The TDSSKiller found no issues, and I can't seem to copy the report. let me know if you still need the report, seeing as no issues were found.

here is the aswMBR report.

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-10-18 16:43:25

-----------------------------

16:43:25.735 OS Version: Windows x64 6.1.7601 Service Pack 1

16:43:25.735 Number of processors: 4 586 0x203

16:43:25.735 ComputerName: MIKEY-PC UserName: Mikey

16:43:26.790 Initialize success

16:43:38.025 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

16:43:38.026 Disk 0 Vendor: Maxtor_6V320F0 VA111900 Size: 305245MB BusType: 3

16:43:38.045 Disk 0 MBR read successfully

16:43:38.047 Disk 0 MBR scan

16:43:38.049 Disk 0 Windows 7 default MBR code

16:43:38.060 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 305243 MB offset 2048

16:43:38.066 Disk 0 scanning C:\Windows\system32\drivers

16:43:44.705 Service scanning

16:44:00.511 Modules scanning

16:44:00.517 Disk 0 trace - called modules:

16:44:00.529 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys

16:44:00.532 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004b58060]

16:44:00.535 3 CLASSPNP.SYS[fffff8800189143f] -> nt!IofCallDriver -> [0xfffffa80046219b0]

16:44:00.539 5 ACPI.sys[fffff88000fa17a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004870060]

16:44:00.543 Scan finished successfully

16:44:17.964 Disk 0 MBR has been saved successfully to "C:\Users\Mikey\Desktop\MBR.dat"

16:44:17.990 The log file has been saved successfully to "C:\Users\Mikey\Desktop\aswMBR.txt"

It has created a .dat file too which I'm unsure what to do with Gringo

Link to post
Share on other sites

Located tdsskiller file

16:38:22.0588 1748 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47

16:38:22.0702 1748 ============================================================

16:38:22.0702 1748 Current date / time: 2012/10/18 16:38:22.0702

16:38:22.0702 1748 SystemInfo:

16:38:22.0702 1748

16:38:22.0702 1748 OS Version: 6.1.7601 ServicePack: 1.0

16:38:22.0702 1748 Product type: Workstation

16:38:22.0702 1748 ComputerName: MIKEY-PC

16:38:22.0702 1748 UserName: Mikey

16:38:22.0702 1748 Windows directory: C:\Windows

16:38:22.0702 1748 System windows directory: C:\Windows

16:38:22.0702 1748 Running under WOW64

16:38:22.0702 1748 Processor architecture: Intel x64

16:38:22.0702 1748 Number of processors: 4

16:38:22.0702 1748 Page size: 0x1000

16:38:22.0702 1748 Boot type: Safe boot with network

16:38:22.0702 1748 ============================================================

16:38:24.0041 1748 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x97695, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x10, Type 'K0', Flags 0x00000040

16:38:24.0044 1748 ============================================================

16:38:24.0044 1748 \Device\Harddisk0\DR0:

16:38:24.0045 1748 MBR partitions:

16:38:24.0045 1748 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2542D800

16:38:24.0045 1748 ============================================================

16:38:24.0070 1748 C: <-> \Device\Harddisk0\DR0\Partition1

16:38:24.0070 1748 ============================================================

16:38:24.0070 1748 Initialize success

16:38:24.0070 1748 ============================================================

16:38:25.0035 1260 ============================================================

16:38:25.0035 1260 Scan started

16:38:25.0035 1260 Mode: Manual;

16:38:25.0035 1260 ============================================================

16:38:26.0415 1260 ================ Scan system memory ========================

16:38:26.0415 1260 System memory - ok

16:38:26.0416 1260 ================ Scan services =============================

16:38:26.0531 1260 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys

16:38:26.0533 1260 1394ohci - ok

16:38:26.0579 1260 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys

16:38:26.0588 1260 ACPI - ok

16:38:26.0605 1260 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys

16:38:26.0606 1260 AcpiPmi - ok

16:38:26.0713 1260 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

16:38:26.0714 1260 AdobeARMservice - ok

16:38:26.0853 1260 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

16:38:26.0861 1260 AdobeFlashPlayerUpdateSvc - ok

16:38:26.0904 1260 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys

16:38:26.0921 1260 adp94xx - ok

16:38:26.0949 1260 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys

16:38:26.0958 1260 adpahci - ok

16:38:26.0975 1260 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys

16:38:26.0983 1260 adpu320 - ok

16:38:27.0092 1260 [ 96D6CDD0B32846E8CFBE592F4F32E608 ] AdvancedSystemCareService5 C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe

16:38:27.0098 1260 AdvancedSystemCareService5 - ok

16:38:27.0123 1260 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

16:38:27.0124 1260 AeLookupSvc - ok

16:38:27.0175 1260 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys

16:38:27.0178 1260 AFD - ok

16:38:27.0209 1260 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys

16:38:27.0211 1260 agp440 - ok

16:38:27.0236 1260 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe

16:38:27.0238 1260 ALG - ok

16:38:27.0266 1260 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys

16:38:27.0267 1260 aliide - ok

16:38:27.0361 1260 ALSysIO - ok

16:38:27.0423 1260 AMD FUEL Service - ok

16:38:27.0439 1260 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys

16:38:27.0439 1260 amdide - ok

16:38:27.0455 1260 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys

16:38:27.0455 1260 amdiox64 - ok

16:38:27.0486 1260 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys

16:38:27.0486 1260 AmdK8 - ok

16:38:27.0501 1260 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys

16:38:27.0501 1260 AmdPPM - ok

16:38:27.0564 1260 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys

16:38:27.0564 1260 amdsata - ok

16:38:27.0595 1260 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys

16:38:27.0611 1260 amdsbs - ok

16:38:27.0611 1260 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys

16:38:27.0611 1260 amdxata - ok

16:38:27.0642 1260 [ 0E2BA6DC63E9CF3BF275856735A3E3BE ] AODDriver4.1 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys

16:38:27.0642 1260 AODDriver4.1 - ok

16:38:27.0689 1260 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys

16:38:27.0689 1260 AppID - ok

16:38:27.0689 1260 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll

16:38:27.0704 1260 AppIDSvc - ok

16:38:27.0753 1260 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll

16:38:27.0753 1260 Appinfo - ok

16:38:27.0796 1260 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll

16:38:27.0805 1260 AppMgmt - ok

16:38:27.0823 1260 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys

16:38:27.0825 1260 arc - ok

16:38:27.0838 1260 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys

16:38:27.0840 1260 arcsas - ok

16:38:27.0938 1260 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

16:38:27.0971 1260 aspnet_state - ok

16:38:28.0006 1260 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

16:38:28.0007 1260 AsyncMac - ok

16:38:28.0026 1260 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys

16:38:28.0027 1260 atapi - ok

16:38:28.0061 1260 [ E82E61F46D1336447F4DEFF8C074F13E ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie64.sys

16:38:28.0062 1260 AtiPcie - ok

16:38:28.0116 1260 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

16:38:28.0120 1260 AudioEndpointBuilder - ok

16:38:28.0141 1260 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll

16:38:28.0144 1260 AudioSrv - ok

16:38:28.0301 1260 [ F6A528DE535396C2FB1A4E3C6F00CEC4 ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe

16:38:28.0390 1260 AVGIDSAgent - ok

16:38:28.0437 1260 [ 1B2E9FCDC26DC7C81D4131430E2DC936 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys

16:38:28.0438 1260 AVGIDSDriver - ok

16:38:28.0463 1260 [ 0F293406F64B48D5D2F0D3A1117F3A83 ] AVGIDSFilter C:\Windows\system32\DRIVERS\avgidsfiltera.sys

16:38:28.0463 1260 AVGIDSFilter - ok

16:38:28.0492 1260 [ CFFC3A4A638F462E0561CB368B9A7A3A ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys

16:38:28.0493 1260 AVGIDSHA - ok

16:38:28.0516 1260 [ 221FEBAB02D6C97C95558348CC354A85 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys

16:38:28.0518 1260 Avgldx64 - ok

16:38:28.0557 1260 [ A6AEC362AAE5E2DDA7445E7690CB0F33 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys

16:38:28.0557 1260 Avgmfx64 - ok

16:38:28.0588 1260 [ 645C7F0A0E39758A0024A9B1748273C0 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys

16:38:28.0589 1260 Avgrkx64 - ok

16:38:28.0611 1260 [ F8C3C7ED612A41B05C66358FC9786BFD ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys

16:38:28.0613 1260 Avgtdia - ok

16:38:28.0645 1260 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe

16:38:28.0647 1260 avgwd - ok

16:38:28.0693 1260 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll

16:38:28.0695 1260 AxInstSV - ok

16:38:28.0728 1260 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys

16:38:28.0743 1260 b06bdrv - ok

16:38:28.0775 1260 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys

16:38:28.0790 1260 b57nd60a - ok

16:38:28.0853 1260 [ 0D1EA7509F394D8B705B239EE71F5118 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE

16:38:28.0853 1260 BBSvc - ok

16:38:28.0899 1260 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll

16:38:28.0899 1260 BDESVC - ok

16:38:28.0931 1260 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys

16:38:28.0931 1260 Beep - ok

16:38:28.0993 1260 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll

16:38:29.0009 1260 BFE - ok

16:38:29.0071 1260 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll

16:38:29.0102 1260 BITS - ok

16:38:29.0133 1260 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys

16:38:29.0133 1260 blbdrive - ok

16:38:29.0165 1260 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

16:38:29.0165 1260 bowser - ok

16:38:29.0180 1260 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys

16:38:29.0180 1260 BrFiltLo - ok

16:38:29.0211 1260 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys

16:38:29.0211 1260 BrFiltUp - ok

16:38:29.0235 1260 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys

16:38:29.0237 1260 BridgeMP - ok

16:38:29.0266 1260 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll

16:38:29.0268 1260 Browser - ok

16:38:29.0290 1260 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys

16:38:29.0299 1260 Brserid - ok

16:38:29.0319 1260 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

16:38:29.0320 1260 BrSerWdm - ok

16:38:29.0336 1260 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

16:38:29.0337 1260 BrUsbMdm - ok

16:38:29.0340 1260 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

16:38:29.0341 1260 BrUsbSer - ok

16:38:29.0364 1260 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys

16:38:29.0365 1260 BTHMODEM - ok

16:38:29.0383 1260 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll

16:38:29.0384 1260 bthserv - ok

16:38:29.0400 1260 catchme - ok

16:38:29.0418 1260 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

16:38:29.0419 1260 cdfs - ok

16:38:29.0465 1260 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys

16:38:29.0466 1260 cdrom - ok

16:38:29.0516 1260 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll

16:38:29.0518 1260 CertPropSvc - ok

16:38:29.0561 1260 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys

16:38:29.0562 1260 circlass - ok

16:38:29.0608 1260 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys

16:38:29.0611 1260 CLFS - ok

16:38:29.0677 1260 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

16:38:29.0679 1260 clr_optimization_v2.0.50727_32 - ok

16:38:29.0705 1260 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

16:38:29.0719 1260 clr_optimization_v2.0.50727_64 - ok

16:38:29.0792 1260 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

16:38:29.0922 1260 clr_optimization_v4.0.30319_32 - ok

16:38:29.0943 1260 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

16:38:29.0993 1260 clr_optimization_v4.0.30319_64 - ok

16:38:30.0012 1260 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys

16:38:30.0012 1260 CmBatt - ok

16:38:30.0027 1260 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys

16:38:30.0028 1260 cmdide - ok

16:38:30.0066 1260 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys

16:38:30.0083 1260 CNG - ok

16:38:30.0102 1260 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys

16:38:30.0102 1260 Compbatt - ok

16:38:30.0149 1260 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys

16:38:30.0150 1260 CompositeBus - ok

16:38:30.0153 1260 COMSysApp - ok

16:38:30.0185 1260 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys

16:38:30.0185 1260 crcdisk - ok

16:38:30.0239 1260 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll

16:38:30.0241 1260 CryptSvc - ok

16:38:30.0274 1260 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys

16:38:30.0277 1260 CSC - ok

16:38:30.0306 1260 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll

16:38:30.0310 1260 CscService - ok

16:38:30.0348 1260 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll

16:38:30.0363 1260 DcomLaunch - ok

16:38:30.0410 1260 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll

16:38:30.0426 1260 defragsvc - ok

16:38:30.0441 1260 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

16:38:30.0457 1260 DfsC - ok

16:38:30.0504 1260 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll

16:38:30.0504 1260 Dhcp - ok

16:38:30.0519 1260 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys

16:38:30.0519 1260 discache - ok

16:38:30.0535 1260 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys

16:38:30.0550 1260 Disk - ok

16:38:30.0566 1260 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll

16:38:30.0566 1260 Dnscache - ok

16:38:30.0613 1260 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll

16:38:30.0613 1260 dot3svc - ok

16:38:30.0675 1260 [ B42ED0320C6E41102FDE0005154849BB ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys

16:38:30.0675 1260 Dot4 - ok

16:38:30.0722 1260 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print C:\Windows\system32\drivers\Dot4Prt.sys

16:38:30.0722 1260 Dot4Print - ok

16:38:30.0752 1260 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys

16:38:30.0753 1260 dot4usb - ok

16:38:30.0787 1260 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll

16:38:30.0788 1260 DPS - ok

16:38:30.0831 1260 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

16:38:30.0831 1260 drmkaud - ok

16:38:30.0873 1260 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

16:38:30.0879 1260 DXGKrnl - ok

16:38:30.0914 1260 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll

16:38:30.0916 1260 EapHost - ok

16:38:31.0003 1260 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys

16:38:31.0071 1260 ebdrv - ok

16:38:31.0102 1260 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe

16:38:31.0103 1260 EFS - ok

16:38:31.0167 1260 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe

16:38:31.0218 1260 ehRecvr - ok

16:38:31.0246 1260 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe

16:38:31.0248 1260 ehSched - ok

16:38:31.0281 1260 [ A05FC7ECA0966EBB70E4D17B855A853B ] ElbyCDIO C:\Windows\system32\Drivers\ElbyCDIO.sys

16:38:31.0282 1260 ElbyCDIO - ok

16:38:31.0324 1260 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys

16:38:31.0341 1260 elxstor - ok

16:38:31.0375 1260 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys

16:38:31.0376 1260 ErrDev - ok

16:38:31.0434 1260 esgiguard - ok

16:38:31.0459 1260 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll

16:38:31.0462 1260 EventSystem - ok

16:38:31.0482 1260 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys

16:38:31.0491 1260 exfat - ok

16:38:31.0701 1260 [ F1F68A0260C0CEB01F926BEAFA4CB2E7 ] ExpressAccountsService C:\Program Files (x86)\NCH Software\ExpressAccounts\expressaccounts.exe

16:38:31.0787 1260 ExpressAccountsService - ok

16:38:31.0865 1260 [ CB72F1FC9DDACDCE57AE5E7648D411A9 ] ExpressInvoiceService C:\Program Files (x86)\NCH Software\ExpressInvoice\expressinvoice.exe

16:38:31.0911 1260 ExpressInvoiceService - ok

16:38:31.0927 1260 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys

16:38:31.0927 1260 fastfat - ok

16:38:31.0989 1260 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe

16:38:32.0005 1260 Fax - ok

16:38:32.0036 1260 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys

16:38:32.0036 1260 fdc - ok

16:38:32.0067 1260 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll

16:38:32.0067 1260 fdPHost - ok

16:38:32.0083 1260 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll

16:38:32.0083 1260 FDResPub - ok

16:38:32.0099 1260 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

16:38:32.0099 1260 FileInfo - ok

16:38:32.0114 1260 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

16:38:32.0114 1260 Filetrace - ok

16:38:32.0130 1260 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys

16:38:32.0130 1260 flpydisk - ok

16:38:32.0177 1260 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

16:38:32.0177 1260 FltMgr - ok

16:38:32.0223 1260 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll

16:38:32.0260 1260 FontCache - ok

16:38:32.0316 1260 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

16:38:32.0317 1260 FontCache3.0.0.0 - ok

16:38:32.0333 1260 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

16:38:32.0335 1260 FsDepends - ok

16:38:32.0380 1260 [ C2E475625F2C6F7DCDE4E920523A0573 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys

16:38:32.0380 1260 fssfltr - ok

16:38:32.0514 1260 [ 4E2E6FEDFE4A3445DBD0C623A242362D ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe

16:38:32.0548 1260 fsssvc - ok

16:38:32.0605 1260 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

16:38:32.0605 1260 Fs_Rec - ok

16:38:32.0635 1260 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

16:38:32.0636 1260 fvevol - ok

16:38:32.0674 1260 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys

16:38:32.0675 1260 gagp30kx - ok

16:38:32.0716 1260 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll

16:38:32.0722 1260 gpsvc - ok

16:38:32.0829 1260 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

16:38:32.0838 1260 gupdate - ok

16:38:32.0862 1260 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

16:38:32.0863 1260 gupdatem - ok

16:38:32.0912 1260 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

16:38:32.0921 1260 gusvc - ok

16:38:32.0946 1260 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

16:38:32.0947 1260 hcw85cir - ok

16:38:32.0990 1260 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

16:38:32.0993 1260 HdAudAddService - ok

16:38:33.0021 1260 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys

16:38:33.0022 1260 HDAudBus - ok

16:38:33.0043 1260 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys

16:38:33.0043 1260 HidBatt - ok

16:38:33.0048 1260 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys

16:38:33.0050 1260 HidBth - ok

16:38:33.0062 1260 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys

16:38:33.0063 1260 HidIr - ok

16:38:33.0095 1260 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll

16:38:33.0096 1260 hidserv - ok

16:38:33.0139 1260 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

16:38:33.0140 1260 HidUsb - ok

16:38:33.0173 1260 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll

16:38:33.0176 1260 hkmsvc - ok

16:38:33.0212 1260 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll

16:38:33.0220 1260 HomeGroupListener - ok

16:38:33.0249 1260 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

16:38:33.0258 1260 HomeGroupProvider - ok

16:38:33.0334 1260 [ 0A3C6AA4A9FC38C20BA4EAC2C3351C05 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll

16:38:33.0365 1260 hpqcxs08 - ok

16:38:33.0380 1260 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys

16:38:33.0380 1260 HpSAMD - ok

16:38:33.0427 1260 [ F37882F128EFACEFE353E0BAE2766909 ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL

16:38:33.0458 1260 HPSLPSVC - ok

16:38:33.0505 1260 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys

16:38:33.0552 1260 HTTP - ok

16:38:33.0583 1260 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

16:38:33.0583 1260 hwpolicy - ok

16:38:33.0630 1260 [ 4B7423FCC37664954460AC3E71752B62 ] hxctlflt C:\Windows\system32\Drivers\hxctlflt.sys

16:38:33.0630 1260 hxctlflt - ok

16:38:33.0708 1260 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys

16:38:33.0708 1260 i8042prt - ok

16:38:33.0739 1260 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys

16:38:33.0764 1260 iaStorV - ok

16:38:33.0809 1260 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

16:38:33.0835 1260 idsvc - ok

16:38:33.0859 1260 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys

16:38:33.0860 1260 iirsp - ok

16:38:33.0904 1260 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll

16:38:33.0929 1260 IKEEXT - ok

16:38:33.0952 1260 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys

16:38:33.0953 1260 intelide - ok

16:38:33.0987 1260 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

16:38:33.0988 1260 intelppm - ok

16:38:34.0020 1260 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll

16:38:34.0022 1260 IPBusEnum - ok

16:38:34.0055 1260 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

16:38:34.0057 1260 IpFilterDriver - ok

16:38:34.0077 1260 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys

16:38:34.0079 1260 IPMIDRV - ok

16:38:34.0100 1260 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys

16:38:34.0102 1260 IPNAT - ok

16:38:34.0129 1260 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys

16:38:34.0130 1260 IRENUM - ok

16:38:34.0150 1260 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys

16:38:34.0151 1260 isapnp - ok

16:38:34.0178 1260 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys

16:38:34.0187 1260 iScsiPrt - ok

16:38:34.0202 1260 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

16:38:34.0202 1260 kbdclass - ok

16:38:34.0227 1260 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys

16:38:34.0227 1260 kbdhid - ok

16:38:34.0241 1260 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe

16:38:34.0242 1260 KeyIso - ok

16:38:34.0272 1260 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

16:38:34.0273 1260 KSecDD - ok

16:38:34.0303 1260 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

16:38:34.0312 1260 KSecPkg - ok

16:38:34.0330 1260 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

16:38:34.0331 1260 ksthunk - ok

16:38:34.0372 1260 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll

16:38:34.0389 1260 KtmRm - ok

16:38:34.0426 1260 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll

16:38:34.0428 1260 LanmanServer - ok

16:38:34.0455 1260 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

16:38:34.0458 1260 LanmanWorkstation - ok

16:38:34.0488 1260 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

16:38:34.0489 1260 lltdio - ok

16:38:34.0533 1260 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll

16:38:34.0550 1260 lltdsvc - ok

16:38:34.0568 1260 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll

16:38:34.0569 1260 lmhosts - ok

16:38:34.0601 1260 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys

16:38:34.0603 1260 LSI_FC - ok

16:38:34.0632 1260 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys

16:38:34.0634 1260 LSI_SAS - ok

16:38:34.0653 1260 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys

16:38:34.0655 1260 LSI_SAS2 - ok

16:38:34.0677 1260 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys

16:38:34.0679 1260 LSI_SCSI - ok

16:38:34.0696 1260 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys

16:38:34.0697 1260 luafv - ok

16:38:34.0724 1260 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

16:38:34.0726 1260 Mcx2Svc - ok

16:38:34.0742 1260 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys

16:38:34.0742 1260 megasas - ok

16:38:34.0757 1260 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys

16:38:34.0773 1260 MegaSR - ok

16:38:34.0789 1260 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll

16:38:34.0789 1260 MMCSS - ok

16:38:34.0804 1260 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys

16:38:34.0804 1260 Modem - ok

16:38:34.0820 1260 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys

16:38:34.0835 1260 monitor - ok

16:38:34.0867 1260 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

16:38:34.0867 1260 mouclass - ok

16:38:34.0882 1260 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

16:38:34.0882 1260 mouhid - ok

16:38:34.0913 1260 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

16:38:34.0913 1260 mountmgr - ok

16:38:34.0945 1260 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys

16:38:34.0960 1260 mpio - ok

16:38:34.0976 1260 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

16:38:34.0976 1260 mpsdrv - ok

16:38:35.0007 1260 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

16:38:35.0023 1260 MRxDAV - ok

16:38:35.0054 1260 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

16:38:35.0054 1260 mrxsmb - ok

16:38:35.0069 1260 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

16:38:35.0069 1260 mrxsmb10 - ok

16:38:35.0085 1260 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

16:38:35.0085 1260 mrxsmb20 - ok

16:38:35.0116 1260 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys

16:38:35.0116 1260 msahci - ok

16:38:35.0132 1260 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys

16:38:35.0147 1260 msdsm - ok

16:38:35.0163 1260 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe

16:38:35.0179 1260 MSDTC - ok

16:38:35.0210 1260 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys

16:38:35.0210 1260 Msfs - ok

16:38:35.0225 1260 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

16:38:35.0225 1260 mshidkmdf - ok

16:38:35.0241 1260 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

16:38:35.0241 1260 msisadrv - ok

16:38:35.0291 1260 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

16:38:35.0300 1260 MSiSCSI - ok

16:38:35.0303 1260 msiserver - ok

16:38:35.0339 1260 [ 192476C10371DC83243D67432B2CDCBF ] MSI_MSIBIOS_010507 C:\PROGRA~1\MSI\MSIWDev\msibios64_100507.sys

16:38:35.0340 1260 MSI_MSIBIOS_010507 - ok

16:38:35.0358 1260 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

16:38:35.0358 1260 MSKSSRV - ok

16:38:35.0385 1260 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

16:38:35.0385 1260 MSPCLOCK - ok

16:38:35.0402 1260 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

16:38:35.0403 1260 MSPQM - ok

16:38:35.0433 1260 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

16:38:35.0450 1260 MsRPC - ok

16:38:35.0483 1260 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys

16:38:35.0483 1260 mssmbios - ok

16:38:35.0493 1260 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

16:38:35.0494 1260 MSTEE - ok

16:38:35.0497 1260 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys

16:38:35.0498 1260 MTConfig - ok

16:38:35.0512 1260 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys

16:38:35.0513 1260 Mup - ok

16:38:35.0550 1260 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll

16:38:35.0584 1260 napagent - ok

16:38:35.0621 1260 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

16:38:35.0638 1260 NativeWifiP - ok

16:38:35.0701 1260 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys

16:38:35.0726 1260 NDIS - ok

16:38:35.0746 1260 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

16:38:35.0746 1260 NdisCap - ok

16:38:35.0778 1260 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

16:38:35.0778 1260 NdisTapi - ok

16:38:35.0811 1260 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

16:38:35.0812 1260 Ndisuio - ok

16:38:35.0850 1260 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

16:38:35.0851 1260 NdisWan - ok

16:38:35.0876 1260 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

16:38:35.0877 1260 NDProxy - ok

16:38:35.0919 1260 [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll

16:38:35.0920 1260 Net Driver HPZ12 - ok

16:38:35.0962 1260 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

16:38:35.0963 1260 NetBIOS - ok

16:38:35.0997 1260 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

16:38:35.0999 1260 NetBT - ok

16:38:36.0015 1260 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe

16:38:36.0016 1260 Netlogon - ok

16:38:36.0060 1260 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll

16:38:36.0077 1260 Netman - ok

16:38:36.0115 1260 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

16:38:36.0162 1260 NetMsmqActivator - ok

16:38:36.0167 1260 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

16:38:36.0168 1260 NetPipeActivator - ok

16:38:36.0188 1260 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll

16:38:36.0205 1260 netprofm - ok

16:38:36.0224 1260 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

16:38:36.0225 1260 NetTcpActivator - ok

16:38:36.0229 1260 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

16:38:36.0230 1260 NetTcpPortSharing - ok

16:38:36.0249 1260 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys

16:38:36.0250 1260 nfrd960 - ok

16:38:36.0295 1260 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll

16:38:36.0298 1260 NlaSvc - ok

16:38:36.0314 1260 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys

16:38:36.0315 1260 Npfs - ok

16:38:36.0331 1260 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll

16:38:36.0332 1260 nsi - ok

16:38:36.0336 1260 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

16:38:36.0336 1260 nsiproxy - ok

16:38:36.0398 1260 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

16:38:36.0445 1260 Ntfs - ok

16:38:36.0461 1260 NTIOLib_1_0_4 - ok

16:38:36.0476 1260 [ 490B1F404C4F31F4538B36736C990136 ] NTIOLib_1_0_8 C:\PROGRA~1\MSI\MSIWDev\NTIOLib_X64.sys

16:38:36.0476 1260 NTIOLib_1_0_8 - ok

16:38:36.0492 1260 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys

16:38:36.0492 1260 Null - ok

16:38:36.0539 1260 [ 1F07B814C0BB5AABA703ABFF1F31F2E8 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys

16:38:36.0539 1260 NVHDA - ok

16:38:36.0828 1260 [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys

16:38:37.0073 1260 nvlddmkm - ok

16:38:37.0096 1260 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys

16:38:37.0105 1260 nvraid - ok

16:38:37.0136 1260 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys

16:38:37.0144 1260 nvstor - ok

16:38:37.0232 1260 [ 84E035225474E48CD3A6A3CE52332095 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

16:38:37.0258 1260 nvUpdatusService - ok

16:38:37.0293 1260 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

16:38:37.0295 1260 nv_agp - ok

16:38:37.0372 1260 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

16:38:37.0389 1260 odserv - ok

16:38:37.0426 1260 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

16:38:37.0428 1260 ohci1394 - ok

16:38:37.0468 1260 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

16:38:37.0477 1260 ose - ok

16:38:37.0513 1260 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

16:38:37.0538 1260 p2pimsvc - ok

16:38:37.0562 1260 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll

16:38:37.0579 1260 p2psvc - ok

16:38:37.0617 1260 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys

16:38:37.0618 1260 Parport - ok

16:38:37.0649 1260 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys

16:38:37.0651 1260 partmgr - ok

16:38:37.0670 1260 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll

16:38:37.0672 1260 PcaSvc - ok

16:38:37.0691 1260 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys

16:38:37.0700 1260 pci - ok

16:38:37.0713 1260 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys

16:38:37.0714 1260 pciide - ok

16:38:37.0737 1260 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys

16:38:37.0745 1260 pcmcia - ok

16:38:37.0761 1260 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys

16:38:37.0761 1260 pcw - ok

16:38:37.0792 1260 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys

16:38:37.0792 1260 PEAUTH - ok

16:38:37.0854 1260 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll

16:38:37.0885 1260 PeerDistSvc - ok

16:38:37.0948 1260 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe

16:38:37.0948 1260 PerfHost - ok

16:38:38.0010 1260 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll

16:38:38.0041 1260 pla - ok

16:38:38.0104 1260 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

16:38:38.0104 1260 PlugPlay - ok

16:38:38.0166 1260 [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll

16:38:38.0166 1260 Pml Driver HPZ12 - ok

16:38:38.0182 1260 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

16:38:38.0182 1260 PNRPAutoReg - ok

16:38:38.0197 1260 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

16:38:38.0197 1260 PNRPsvc - ok

16:38:38.0229 1260 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

16:38:38.0244 1260 PolicyAgent - ok

16:38:38.0296 1260 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll

16:38:38.0298 1260 Power - ok

16:38:38.0341 1260 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

16:38:38.0342 1260 PptpMiniport - ok

16:38:38.0370 1260 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys

16:38:38.0371 1260 Processor - ok

16:38:38.0409 1260 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll

16:38:38.0417 1260 ProfSvc - ok

16:38:38.0430 1260 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe

16:38:38.0431 1260 ProtectedStorage - ok

16:38:38.0459 1260 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys

16:38:38.0460 1260 Psched - ok

16:38:38.0516 1260 [ 543A4EF0923BF70D126625B034EF25AF ] PSI_SVC_2 c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

16:38:38.0518 1260 PSI_SVC_2 - ok

16:38:38.0562 1260 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys

16:38:38.0596 1260 ql2300 - ok

16:38:38.0612 1260 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys

16:38:38.0614 1260 ql40xx - ok

16:38:38.0653 1260 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll

16:38:38.0662 1260 QWAVE - ok

16:38:38.0680 1260 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

16:38:38.0681 1260 QWAVEdrv - ok

16:38:38.0696 1260 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

16:38:38.0696 1260 RasAcd - ok

16:38:38.0730 1260 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

16:38:38.0731 1260 RasAgileVpn - ok

16:38:38.0752 1260 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll

16:38:38.0754 1260 RasAuto - ok

16:38:38.0789 1260 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

16:38:38.0790 1260 Rasl2tp - ok

16:38:38.0810 1260 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll

16:38:38.0827 1260 RasMan - ok

16:38:38.0839 1260 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

16:38:38.0840 1260 RasPppoe - ok

16:38:38.0855 1260 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

16:38:38.0856 1260 RasSstp - ok

16:38:38.0886 1260 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

16:38:38.0888 1260 rdbss - ok

16:38:38.0903 1260 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys

16:38:38.0904 1260 rdpbus - ok

16:38:38.0915 1260 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

16:38:38.0916 1260 RDPCDD - ok

16:38:38.0944 1260 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys

16:38:38.0952 1260 RDPDR - ok

16:38:38.0984 1260 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

16:38:38.0985 1260 RDPENCDD - ok

16:38:38.0998 1260 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

16:38:38.0998 1260 RDPREFMP - ok

16:38:39.0030 1260 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

16:38:39.0038 1260 RDPWD - ok

16:38:39.0084 1260 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

16:38:39.0093 1260 rdyboost - ok

16:38:39.0133 1260 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll

16:38:39.0135 1260 RemoteAccess - ok

16:38:39.0156 1260 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll

16:38:39.0164 1260 RemoteRegistry - ok

16:38:39.0210 1260 [ 7B04C9843921AB1F695FB395422C5360 ] RimUsb C:\Windows\system32\Drivers\RimUsb_AMD64.sys

16:38:39.0211 1260 RimUsb - ok

16:38:39.0237 1260 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

16:38:39.0238 1260 RpcEptMapper - ok

16:38:39.0270 1260 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe

16:38:39.0271 1260 RpcLocator - ok

16:38:39.0304 1260 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll

16:38:39.0307 1260 RpcSs - ok

16:38:39.0335 1260 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

16:38:39.0336 1260 rspndr - ok

16:38:39.0386 1260 [ 39A719875F572241C585A629EE62EB14 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys

16:38:39.0386 1260 RTL8167 - ok

16:38:39.0417 1260 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys

16:38:39.0417 1260 s3cap - ok

16:38:39.0432 1260 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe

16:38:39.0432 1260 SamSs - ok

16:38:39.0526 1260 [ 328100AF2EFD951EAB657384EC361B6F ] SamsungAllShareV2.0 C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe

16:38:39.0557 1260 SamsungAllShareV2.0 - ok

16:38:39.0573 1260 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

16:38:39.0573 1260 sbp2port - ok

16:38:39.0698 1260 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

16:38:39.0713 1260 SBSDWSCService - ok

16:38:39.0763 1260 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll

16:38:39.0771 1260 SCardSvr - ok

16:38:39.0799 1260 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

16:38:39.0800 1260 scfilter - ok

16:38:39.0851 1260 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll

16:38:39.0878 1260 Schedule - ok

16:38:39.0908 1260 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll

16:38:39.0909 1260 SCPolicySvc - ok

16:38:39.0932 1260 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll

16:38:39.0941 1260 SDRSVC - ok

16:38:40.0009 1260 [ 78779EE07231C658B483B1F38B5088DF ] SeaPort C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

16:38:40.0011 1260 SeaPort - ok

16:38:40.0047 1260 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys

16:38:40.0048 1260 secdrv - ok

16:38:40.0075 1260 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll

16:38:40.0077 1260 seclogon - ok

16:38:40.0090 1260 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll

16:38:40.0092 1260 SENS - ok

16:38:40.0112 1260 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll

16:38:40.0114 1260 SensrSvc - ok

16:38:40.0139 1260 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys

16:38:40.0140 1260 Serenum - ok

16:38:40.0160 1260 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys

16:38:40.0161 1260 Serial - ok

16:38:40.0191 1260 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys

16:38:40.0192 1260 sermouse - ok

16:38:40.0224 1260 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll

16:38:40.0227 1260 SessionEnv - ok

16:38:40.0251 1260 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

16:38:40.0252 1260 sffdisk - ok

16:38:40.0266 1260 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

16:38:40.0266 1260 sffp_mmc - ok

16:38:40.0275 1260 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

16:38:40.0276 1260 sffp_sd - ok

16:38:40.0285 1260 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys

16:38:40.0286 1260 sfloppy - ok

16:38:40.0337 1260 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll

16:38:40.0354 1260 SharedAccess - ok

16:38:40.0387 1260 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll

16:38:40.0390 1260 ShellHWDetection - ok

16:38:40.0426 1260 [ 1980FE1F5A32067DAD1D8776B63C2669 ] SimpleSlideShowServer C:\Program Files (x86)\Samsung\AllShare\AllShareSlideShowService.exe

16:38:40.0437 1260 SimpleSlideShowServer - ok

16:38:40.0453 1260 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys

16:38:40.0454 1260 SiSRaid2 - ok

16:38:40.0471 1260 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys

16:38:40.0472 1260 SiSRaid4 - ok

16:38:40.0539 1260 [ DDAA5F4A6B958FC313EBD02DD925752F ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe

16:38:40.0540 1260 SkypeUpdate - ok

16:38:40.0571 1260 [ DD0443BC6CC78A19FD399817F8C51401 ] SmartDefragDriver C:\Windows\system32\Drivers\SmartDefragDriver.sys

16:38:40.0572 1260 SmartDefragDriver - ok

16:38:40.0593 1260 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys

16:38:40.0595 1260 Smb - ok

16:38:40.0637 1260 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe

16:38:40.0639 1260 SNMPTRAP - ok

16:38:40.0744 1260 [ BA2E864CDC01731A4F144019FB3BF598 ] SNP2UVC C:\Windows\system32\DRIVERS\snp2uvc.sys

16:38:40.0809 1260 SNP2UVC - ok

16:38:40.0841 1260 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys

16:38:40.0841 1260 spldr - ok

16:38:40.0872 1260 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe

16:38:40.0872 1260 Spooler - ok

16:38:40.0981 1260 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe

16:38:41.0059 1260 sppsvc - ok

16:38:41.0075 1260 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll

16:38:41.0075 1260 sppuinotify - ok

16:38:41.0106 1260 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys

16:38:41.0121 1260 srv - ok

16:38:41.0137 1260 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

16:38:41.0137 1260 srv2 - ok

16:38:41.0153 1260 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

16:38:41.0153 1260 srvnet - ok

16:38:41.0184 1260 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

16:38:41.0199 1260 SSDPSRV - ok

16:38:41.0215 1260 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll

16:38:41.0215 1260 SstpSvc - ok

16:38:41.0285 1260 [ F0359F7CE712D69ACEF0886BDB4792ED ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

16:38:41.0287 1260 Stereo Service - ok

16:38:41.0307 1260 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys

16:38:41.0308 1260 stexstor - ok

16:38:41.0364 1260 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll

16:38:41.0369 1260 stisvc - ok

16:38:41.0391 1260 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys

16:38:41.0392 1260 storflt - ok

16:38:41.0426 1260 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll

16:38:41.0428 1260 StorSvc - ok

16:38:41.0445 1260 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys

16:38:41.0446 1260 storvsc - ok

16:38:41.0491 1260 [ 85BF0B7CE3D9B6D1611E05872E1C3E56 ] SWDUMon C:\Windows\system32\DRIVERS\SWDUMon.sys

16:38:41.0492 1260 SWDUMon - ok

16:38:41.0520 1260 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys

16:38:41.0520 1260 swenum - ok

16:38:41.0614 1260 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

16:38:41.0631 1260 SwitchBoard - ok

16:38:41.0667 1260 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll

16:38:41.0685 1260 swprv - ok

16:38:41.0747 1260 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll

16:38:41.0790 1260 SysMain - ok

16:38:41.0820 1260 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll

16:38:41.0822 1260 TabletInputService - ok

16:38:41.0840 1260 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll

16:38:41.0857 1260 TapiSrv - ok

16:38:41.0867 1260 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll

16:38:41.0869 1260 TBS - ok

16:38:41.0936 1260 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys

16:38:41.0979 1260 Tcpip - ok

16:38:42.0037 1260 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

16:38:42.0046 1260 TCPIP6 - ok

16:38:42.0072 1260 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

16:38:42.0073 1260 tcpipreg - ok

16:38:42.0103 1260 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

16:38:42.0104 1260 TDPIPE - ok

16:38:42.0134 1260 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

16:38:42.0135 1260 TDTCP - ok

16:38:42.0173 1260 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

16:38:42.0174 1260 tdx - ok

16:38:42.0183 1260 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys

16:38:42.0184 1260 TermDD - ok

16:38:42.0225 1260 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll

16:38:42.0242 1260 TermService - ok

16:38:42.0270 1260 [ 9201BE2BAB8A9FF8E20D8439AE3BB04D ] Themes C:\Windows\system32\themeservice.dll

16:38:42.0272 1260 Themes - ok

16:38:42.0302 1260 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll

16:38:42.0304 1260 THREADORDER - ok

16:38:42.0324 1260 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll

16:38:42.0326 1260 TrkWks - ok

16:38:42.0370 1260 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

16:38:42.0386 1260 TrustedInstaller - ok

16:38:42.0417 1260 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

16:38:42.0417 1260 tssecsrv - ok

16:38:42.0448 1260 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys

16:38:42.0448 1260 TsUsbFlt - ok

16:38:42.0573 1260 [ DD296C78B0D2C3F5E42DC0D2972CD992 ] TuneUp.UtilitiesSvc C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe

16:38:42.0635 1260 TuneUp.UtilitiesSvc - ok

16:38:42.0667 1260 [ 7BC3381C0713F613B31ACDE38B71CB53 ] TuneUpUtilitiesDrv C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys

16:38:42.0667 1260 TuneUpUtilitiesDrv - ok

16:38:42.0713 1260 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

16:38:42.0713 1260 tunnel - ok

16:38:42.0729 1260 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys

16:38:42.0729 1260 uagp35 - ok

16:38:42.0745 1260 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

16:38:42.0745 1260 udfs - ok

16:38:42.0794 1260 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe

16:38:42.0796 1260 UI0Detect - ok

16:38:42.0838 1260 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

16:38:42.0840 1260 uliagpkx - ok

16:38:42.0880 1260 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys

16:38:42.0881 1260 umbus - ok

16:38:42.0924 1260 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys

16:38:42.0924 1260 UmPass - ok

16:38:42.0959 1260 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll

16:38:42.0967 1260 UmRdpService - ok

16:38:42.0991 1260 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll

16:38:43.0008 1260 upnphost - ok

16:38:43.0053 1260 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys

16:38:43.0054 1260 usbaudio - ok

16:38:43.0071 1260 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

16:38:43.0072 1260 usbccgp - ok

16:38:43.0107 1260 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys

16:38:43.0108 1260 usbcir - ok

16:38:43.0127 1260 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys

16:38:43.0128 1260 usbehci - ok

16:38:43.0156 1260 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

16:38:43.0158 1260 usbhub - ok

16:38:43.0175 1260 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys

16:38:43.0176 1260 usbohci - ok

16:38:43.0210 1260 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

16:38:43.0211 1260 usbprint - ok

16:38:43.0257 1260 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys

16:38:43.0259 1260 usbscan - ok

16:38:43.0271 1260 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

16:38:43.0272 1260 USBSTOR - ok

16:38:43.0292 1260 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys

16:38:43.0292 1260 usbuhci - ok

16:38:43.0310 1260 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll

16:38:43.0311 1260 UxSms - ok

16:38:43.0326 1260 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe

16:38:43.0327 1260 VaultSvc - ok

16:38:43.0345 1260 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys

16:38:43.0346 1260 vdrvroot - ok

16:38:43.0388 1260 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe

16:38:43.0405 1260 vds - ok

16:38:43.0435 1260 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

16:38:43.0436 1260 vga - ok

16:38:43.0453 1260 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys

16:38:43.0454 1260 VgaSave - ok

16:38:43.0477 1260 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys

16:38:43.0486 1260 vhdmp - ok

16:38:43.0497 1260 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys

16:38:43.0497 1260 viaide - ok

16:38:43.0529 1260 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys

16:38:43.0537 1260 vmbus - ok

16:38:43.0554 1260 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys

16:38:43.0555 1260 VMBusHID - ok

16:38:43.0577 1260 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys

16:38:43.0579 1260 volmgr - ok

16:38:43.0616 1260 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

16:38:43.0618 1260 volmgrx - ok

16:38:43.0642 1260 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys

16:38:43.0651 1260 volsnap - ok

16:38:43.0677 1260 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys

16:38:43.0685 1260 vsmraid - ok

16:38:43.0748 1260 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe

16:38:43.0791 1260 VSS - ok

16:38:43.0811 1260 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys

16:38:43.0812 1260 vwifibus - ok

16:38:43.0867 1260 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll

16:38:43.0884 1260 W32Time - ok

16:38:43.0901 1260 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys

16:38:43.0902 1260 WacomPen - ok

16:38:43.0938 1260 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

16:38:43.0939 1260 WANARP - ok

16:38:43.0958 1260 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

16:38:43.0959 1260 Wanarpv6 - ok

16:38:44.0014 1260 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

16:38:44.0060 1260 WatAdminSvc - ok

16:38:44.0107 1260 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe

16:38:44.0154 1260 wbengine - ok

16:38:44.0170 1260 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

16:38:44.0170 1260 WbioSrvc - ok

16:38:44.0201 1260 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll

16:38:44.0216 1260 wcncsvc - ok

16:38:44.0232 1260 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

16:38:44.0248 1260 WcsPlugInService - ok

16:38:44.0263 1260 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys

16:38:44.0263 1260 Wd - ok

16:38:44.0294 1260 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

16:38:44.0312 1260 Wdf01000 - ok

16:38:44.0329 1260 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll

16:38:44.0332 1260 WdiServiceHost - ok

16:38:44.0335 1260 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll

16:38:44.0337 1260 WdiSystemHost - ok

16:38:44.0368 1260 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll

16:38:44.0377 1260 WebClient - ok

16:38:44.0394 1260 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll

16:38:44.0403 1260 Wecsvc - ok

16:38:44.0420 1260 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll

16:38:44.0422 1260 wercplsupport - ok

16:38:44.0453 1260 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll

16:38:44.0455 1260 WerSvc - ok

16:38:44.0467 1260 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

16:38:44.0468 1260 WfpLwf - ok

16:38:44.0504 1260 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys

16:38:44.0505 1260 WIMMount - ok

16:38:44.0542 1260 WinDefend - ok

16:38:44.0548 1260 WinHttpAutoProxySvc - ok

16:38:44.0606 1260 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

16:38:44.0626 1260 Winmgmt - ok

16:38:44.0683 1260 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll

16:38:44.0744 1260 WinRM - ok

16:38:44.0805 1260 [ FE88B288356E7B47B74B13372ADD906D ] WinUSB C:\Windows\system32\DRIVERS\WinUSB.sys

16:38:44.0806 1260 WinUSB - ok

16:38:44.0851 1260 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll

16:38:44.0877 1260 Wlansvc - ok

16:38:45.0019 1260 [ 357CABBF155AFD1D3926E62539D2A3A7 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

16:38:45.0067 1260 wlidsvc - ok

16:38:45.0112 1260 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys

16:38:45.0112 1260 WmiAcpi - ok

16:38:45.0132 1260 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

16:38:45.0140 1260 wmiApSrv - ok

16:38:45.0168 1260 WMPNetworkSvc - ok

16:38:45.0229 1260 [ 83B6CA03C846FCD47F9883D77D1EB27B ] WMZuneComm C:\Program Files\Zune\WMZuneComm.exe

16:38:45.0246 1260 WMZuneComm - ok

16:38:45.0263 1260 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll

16:38:45.0265 1260 WPCSvc - ok

16:38:45.0294 1260 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

16:38:45.0297 1260 WPDBusEnum - ok

16:38:45.0323 1260 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

16:38:45.0324 1260 ws2ifsl - ok

16:38:45.0339 1260 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll

16:38:45.0339 1260 wscsvc - ok

16:38:45.0339 1260 WSearch - ok

16:38:45.0448 1260 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll

16:38:45.0510 1260 wuauserv - ok

16:38:45.0573 1260 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

16:38:45.0573 1260 WudfPf - ok

16:38:45.0666 1260 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

16:38:45.0682 1260 WUDFRd - ok

16:38:45.0713 1260 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

16:38:45.0713 1260 wudfsvc - ok

16:38:45.0744 1260 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll

16:38:45.0760 1260 WwanSvc - ok

16:38:45.0841 1260 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

16:38:45.0845 1260 YahooAUService - ok

16:38:46.0039 1260 [ 67B787C34FB2888D01B130AE007042D8 ] ZuneNetworkSvc C:\Program Files\Zune\ZuneNss.exe

16:38:46.0202 1260 ZuneNetworkSvc - ok

16:38:46.0263 1260 [ 4D89FC1C20CF655739EFAC5DA81A67BC ] ZuneWlanCfgSvc C:\Program Files\Zune\ZuneWlanCfgSvc.exe

16:38:46.0280 1260 ZuneWlanCfgSvc - ok

16:38:46.0300 1260 ================ Scan global ===============================

16:38:46.0324 1260 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll

16:38:46.0356 1260 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll

16:38:46.0372 1260 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll

16:38:46.0405 1260 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll

16:38:46.0440 1260 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe

16:38:46.0443 1260 [Global] - ok

16:38:46.0444 1260 ================ Scan MBR ==================================

16:38:46.0458 1260 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0

16:38:46.0620 1260 \Device\Harddisk0\DR0 - ok

16:38:46.0620 1260 ================ Scan VBR ==================================

16:38:46.0623 1260 [ 9A30A0E0D503FBF1A74D7FF42AEE271A ] \Device\Harddisk0\DR0\Partition1

16:38:46.0624 1260 \Device\Harddisk0\DR0\Partition1 - ok

16:38:46.0624 1260 ============================================================

16:38:46.0624 1260 Scan finished

16:38:46.0624 1260 ============================================================

16:38:46.0632 0852 Detected object count: 0

16:38:46.0632 0852 Actual detected object count: 0

16:43:01.0254 1796 Deinitialize success

Thanks Gringo

Link to post
Share on other sites

  • Staff

Hello

Your reports are looking very good I would like you to do some reading here as I think this is what you should try if we don't find anything - http://www.sevenforums.com/crashes-debugging/215960-bsod-0x00000050.html

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

 ClearJavaCache:: 

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe

CFScriptB-4.gif

This will let ComboFix run again.

Restart if you have to.

Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  1. report from Combofix
  2. let me know of any problems you may have had
  3. How is the computer doing now after running the script?

Gringo

Link to post
Share on other sites

Here is the script Gringo

ComboFix 12-10-18.03 - Mikey 18/10/2012 18:55:20.3.4 - x64 NETWORK

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4095.3338 [GMT 1:00]

Running from: c:\users\Mikey\Downloads\ComboFix.exe

Command switches used :: c:\users\Mikey\Desktop\CFScript.txt

AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((( Files Created from 2012-09-18 to 2012-10-18 )))))))))))))))))))))))))))))))

.

.

2012-10-18 18:00 . 2012-10-18 18:00 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp

2012-10-18 18:00 . 2012-10-18 18:00 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-10-18 18:00 . 2012-10-18 18:00 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-10-18 09:31 . 2012-05-08 17:34 32600 ----a-w- c:\windows\system32\SmartDefragBootTime.exe

2012-10-18 09:31 . 2010-11-26 17:02 17720 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys

2012-10-18 09:20 . 2012-08-23 10:31 35192 ----a-w- c:\windows\system32\TURegOpt.exe

2012-10-18 09:19 . 2012-08-23 10:31 26488 ----a-w- c:\windows\system32\authuitu.dll

2012-10-18 09:19 . 2012-08-23 10:31 21880 ----a-w- c:\windows\SysWow64\authuitu.dll

2012-10-18 09:19 . 2012-10-18 09:19 -------- d-----w- c:\users\Mikey\AppData\Roaming\AVG

2012-10-18 09:18 . 2012-10-18 09:20 -------- d-----w- c:\programdata\AVG

2012-10-18 09:18 . 2012-10-18 09:18 -------- d-sh--w- c:\programdata\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}

2012-10-17 11:15 . 2012-10-17 16:59 -------- d-----w- c:\programdata\RFA_Backups

2012-10-17 11:14 . 2012-10-17 22:56 -------- d-----w- c:\programdata\Registry First Aid

2012-10-17 11:14 . 2012-10-17 22:56 -------- d-----w- c:\program files\RFA 8

2012-10-16 14:53 . 2012-10-17 09:39 -------- d-----w- c:\users\Mikey\AppData\Local\KingJackpot

2012-10-16 11:41 . 2012-10-16 11:41 -------- d-----w- c:\users\Mikey\AppData\Roaming\PDAppFlex

2012-10-12 09:29 . 2012-10-17 02:21 -------- d-----w- c:\users\Mikey\AppData\Local\Helicon

2012-10-12 09:28 . 2012-10-17 02:21 -------- d-----w- c:\program files (x86)\Common Files\Nikon

2012-10-12 09:27 . 2012-10-17 02:21 -------- d-----w- c:\program files (x86)\Helicon Software

2012-10-10 11:16 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll

2012-10-10 11:16 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll

2012-10-10 11:16 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll

2012-10-10 11:16 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll

2012-10-10 11:16 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll

2012-10-10 10:10 . 2012-10-10 10:10 -------- d-----w- C:\Samsung

2012-10-10 10:10 . 2012-10-10 10:10 -------- d-----w- C:\Download

2012-10-10 10:07 . 2012-10-10 10:07 -------- d-----w- C:\AllShare

2012-10-09 10:52 . 2012-10-09 11:03 -------- d-----w- c:\users\Mikey\.yawcam

2012-10-09 10:51 . 2012-10-09 11:03 -------- d-----w- c:\program files (x86)\Yawcam

2012-10-08 12:51 . 2012-10-17 02:21 -------- d-----w- c:\program files (x86)\MyFree Codec

2012-10-08 12:50 . 2012-10-17 10:27 -------- d-----w- C:\Temp

2012-10-06 11:35 . 2012-10-17 02:21 -------- d-----w- c:\program files (x86)\Common Files\Java

2012-10-06 11:35 . 2012-10-06 11:34 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2012-10-06 11:35 . 2012-10-06 11:34 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-10-06 11:34 . 2012-10-06 11:34 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2012-10-06 11:34 . 2012-10-17 02:21 -------- d-----w- c:\program files (x86)\Java

2012-10-06 11:18 . 2012-10-17 02:21 -------- d-----w- c:\users\Mikey\AppData\Local\Samsung

2012-10-06 11:18 . 2012-10-10 10:08 -------- d-----w- c:\users\Mikey\AppData\Roaming\Samsung

2012-10-06 11:02 . 2012-09-26 19:57 4659712 ----a-w- c:\windows\SysWow64\Redemption.dll

2012-10-06 11:01 . 2012-10-17 02:21 -------- d-----w- c:\program files (x86)\MarkAny

2012-10-06 11:01 . 2012-09-26 19:57 821824 ----a-w- c:\windows\SysWow64\dgderapi.dll

2012-10-06 11:01 . 2012-10-17 02:21 -------- d-----w- c:\program files (x86)\Samsung

2012-10-06 11:01 . 2012-10-06 11:16 -------- d-----w- c:\programdata\Samsung

2012-10-06 10:54 . 2012-10-17 02:21 -------- d-----w- c:\users\Mikey\AppData\Local\Downloaded Installations

2012-10-06 10:20 . 2012-10-18 15:28 -------- d-----r- c:\users\Mikey\Dropbox

2012-10-06 10:17 . 2012-10-18 15:28 -------- d-----w- c:\users\Mikey\AppData\Roaming\Dropbox

2012-10-02 12:15 . 2012-10-02 12:15 430952 ----a-w- c:\windows\SysWow64\nvStreaming.exe

2012-09-26 15:42 . 2012-09-26 15:43 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy

2012-09-26 15:39 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe

2012-09-25 18:43 . 2012-10-17 11:03 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2012-09-25 18:43 . 2012-09-26 06:58 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2

2012-09-24 16:14 . 2012-09-24 16:14 -------- d-----w- c:\program files\Enigma Software Group

2012-09-24 16:14 . 2012-09-24 17:39 -------- d-----w- c:\windows\8C5C34C7BC6B48318B2C6535FE63E502.TMP

2012-09-24 16:14 . 2012-09-24 16:14 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard

2012-09-21 14:48 . 2012-09-21 14:48 -------- d-----w- c:\program files\CCleaner

2012-09-21 14:44 . 2012-09-21 14:44 -------- d-----w- c:\program files (x86)\CCleaner Business Edition

2012-09-21 09:23 . 2012-09-21 09:23 -------- d-----w- c:\users\Mikey\AppData\Roaming\Subversion

2012-09-21 09:22 . 2012-09-21 09:22 -------- d-----w- c:\users\Mikey\AppData\Roaming\fltk.org

2012-09-21 09:22 . 2012-09-21 09:22 -------- d-----w- c:\programdata\fltk.org

2012-09-21 09:22 . 2012-09-21 09:25 -------- d-----w- c:\users\Mikey\AppData\Roaming\flightgear.org

2012-09-21 09:22 . 2012-09-21 09:22 -------- d-----w- c:\programdata\flightgear.org

2012-09-21 09:22 . 2012-09-21 09:22 466456 ----a-w- c:\windows\system32\wrap_oal.dll

2012-09-21 09:22 . 2012-09-21 09:22 122904 ----a-w- c:\windows\system32\OpenAL32.dll

2012-09-21 09:22 . 2012-09-21 09:22 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll

2012-09-21 09:22 . 2012-09-21 09:22 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll

2012-09-21 09:22 . 2012-09-21 09:22 -------- d-----w- c:\program files (x86)\OpenAL

2012-09-21 09:16 . 2012-09-21 09:16 -------- d-----w- c:\program files\FlightGear

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-10-18 15:27 . 2012-08-17 10:53 15712 ----a-w- c:\windows\system32\drivers\SWDUMon.sys

2012-10-11 02:03 . 2011-10-15 15:22 65309168 ----a-w- c:\windows\system32\MRT.exe

2012-10-08 22:06 . 2012-05-27 10:04 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-10-08 22:06 . 2011-10-15 02:45 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-10-02 19:51 . 2012-07-09 20:16 3536817 ----a-w- c:\windows\system32\nvcoproc.bin

2012-10-02 19:51 . 2012-07-09 20:16 3293544 ----a-w- c:\windows\system32\nvsvc64.dll

2012-10-02 19:51 . 2012-07-09 20:16 6200680 ----a-w- c:\windows\system32\nvcpl.dll

2012-10-02 19:50 . 2012-07-09 20:16 891240 ----a-w- c:\windows\system32\nvvsvc.exe

2012-10-02 19:50 . 2012-07-09 20:16 63336 ----a-w- c:\windows\system32\nvshext.dll

2012-10-02 19:50 . 2012-07-09 20:16 118120 ----a-w- c:\windows\system32\nvmctray.dll

2012-09-07 16:04 . 2012-05-02 06:15 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-08-24 14:43 . 2012-08-24 14:43 384352 ----a-w- c:\windows\system32\drivers\avgtdia.sys

2012-08-23 18:10 . 2009-07-13 23:55 332288 ----a-w- c:\windows\system32\uxtheme.dll

2012-08-23 18:10 . 2011-10-16 18:20 2851840 ----a-w- c:\windows\system32\themeui.dll

2012-08-23 18:10 . 2009-07-13 23:54 44544 ----a-w- c:\windows\system32\themeservice.dll

2012-08-22 18:12 . 2012-09-12 00:42 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-08-22 18:12 . 2012-09-12 00:42 950128 ----a-w- c:\windows\system32\drivers\ndis.sys

2012-08-22 18:12 . 2012-09-12 00:42 376688 ----a-w- c:\windows\system32\drivers\netio.sys

2012-08-22 18:12 . 2012-09-12 00:42 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

2012-08-20 17:38 . 2012-10-10 11:17 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2012-08-02 17:58 . 2012-09-12 00:42 574464 ----a-w- c:\windows\system32\d3d10level9.dll

2012-08-02 16:57 . 2012-09-12 00:42 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll

2012-07-28 02:09 . 2012-07-28 02:09 57792 ----a-w- c:\windows\SysWow64\sirenacm.dll

2012-07-28 01:54 . 2012-07-28 01:54 321472 ----a-w- c:\windows\WLXPGSS.SCR

2012-07-28 01:15 . 2012-08-23 16:58 57280 ----a-w- c:\windows\system32\drivers\fssfltr.sys

2012-07-26 18:08 . 2012-07-26 18:08 862664 ----a-w- c:\windows\SysWow64\msvcr110.dll

2012-07-26 18:08 . 2012-07-26 18:08 534480 ----a-w- c:\windows\SysWow64\msvcp110.dll

2012-07-26 18:08 . 2012-07-26 18:08 251864 ----a-w- c:\windows\SysWow64\vccorlib110.dll

2012-07-26 18:08 . 2012-07-26 18:08 153536 ----a-w- c:\windows\SysWow64\atl110.dll

2012-07-26 18:08 . 2012-07-26 18:08 115656 ----a-w- c:\windows\SysWow64\vcomp110.dll

2012-07-26 14:22 . 2012-07-26 14:22 828872 ----a-w- c:\windows\system32\msvcr110.dll

2012-07-26 14:22 . 2012-07-26 14:22 661448 ----a-w- c:\windows\system32\msvcp110.dll

2012-07-26 14:22 . 2012-07-26 14:22 354264 ----a-w- c:\windows\system32\vccorlib110.dll

2012-07-26 14:22 . 2012-07-26 14:22 177096 ----a-w- c:\windows\system32\atl110.dll

2012-07-26 14:22 . 2012-07-26 14:22 124360 ----a-w- c:\windows\system32\vcomp110.dll

2012-07-26 02:21 . 2012-07-26 02:21 291680 ----a-w- c:\windows\system32\drivers\avgldx64.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]

@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"

[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]

2012-08-23 16:52 220608 ----a-w- c:\users\Mikey\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]

@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"

[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]

2012-08-23 16:52 220608 ----a-w- c:\users\Mikey\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]

@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"

[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]

2012-08-23 16:52 220608 ----a-w- c:\users\Mikey\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 94208 ----a-w- c:\users\Mikey\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 94208 ----a-w- c:\users\Mikey\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 94208 ----a-w- c:\users\Mikey\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]

"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2009-07-14 44544]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-01-18 39408]

"PC Remote Server"="c:\program files (x86)\PC Remote\PC Remote\PCRemote.exe" [2012-02-01 1501696]

"Advanced SystemCare 5"="c:\program files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-05-28 288128]

"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2012-09-28 965560]

"KiesAirMessage"="c:\program files (x86)\Samsung\Kies\KiesAirMessage.exe" [2012-09-26 580096]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984]

"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]

"XtrCtrlExEmotion"="c:\program files (x86)\Hercules\Dualpix Emotion\XtrCtrlEx.exe" [2009-10-19 3407656]

"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-09-28 309688]

"AllShareAgent"="c:\program files (x86)\Samsung\AllShare\AllShareAgent.exe" [2012-03-01 285072]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"DeleteEngineAfterUpdate"="reg DELETE HKCU\Software\AppDataLow\Software\ConduitEngine" [X]

.

c:\users\Mikey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Mikey\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-8-27 26924984]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"

.

R1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-07-26 291680]

R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]

R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]

R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-05-26 913792]

R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-03-15 361984]

R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-01-03 55936]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-08-13 5167736]

R2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-18 136176]

R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2000-01-01 1258856]

R2 SamsungAllShareV2.0;Samsung AllShare PC;c:\program files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [2012-03-02 25504]

R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]

R2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2012-08-23 2148216]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-08 250808]

R3 ALSysIO;ALSysIO;c:\users\Mikey\AppData\Local\Temp\ALSysIO64.sys [x]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]

R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]

R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]

R3 ExpressAccountsService;Express Accounts;c:\program files (x86)\NCH Software\ExpressAccounts\expressaccounts.exe [2012-07-19 3201540]

R3 ExpressInvoiceService;Express Invoice;c:\program files (x86)\NCH Software\ExpressInvoice\expressinvoice.exe [2012-07-19 2141700]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-18 136176]

R3 hxctlflt;hxctlflt;c:\windows\system32\Drivers\hxctlflt.sys [2009-02-08 111104]

R3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\progra~1\MSI\MSIWDev\msibios64_100507.sys [2010-05-10 33592]

R3 NTIOLib_1_0_4;NTIOLib_1_0_4; [x]

R3 NTIOLib_1_0_8;NTIOLib_1_0_8;c:\progra~1\MSI\MSIWDev\NTIOLib_X64.sys [2011-01-27 11888]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2000-01-01 189288]

R3 SimpleSlideShowServer;SimpleSlideShowServer;c:\program files (x86)\Samsung\AllShare\AllShareSlideShowService.exe [2012-03-02 27584]

R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [2012-10-18 15712]

R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [2012-07-04 11880]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-16 1255736]

R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]

S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]

S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]

S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2010-11-26 17720]

S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-08-24 384352]

S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2000-01-01 676968]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 98619264

*NewlyCreated* - ASWMBR

*Deregistered* - 98619264

*Deregistered* - aswMBR

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08

.

Contents of the 'Scheduled Tasks' folder

.

2012-10-18 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-27 22:06]

.

2012-10-18 c:\windows\Tasks\DriverUpdate Startup.job

- c:\program files (x86)\DriverUpdate\DriverUpdate.exe [2012-08-10 08:08]

.

2012-10-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-18 08:27]

.

2012-10-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-18 08:27]

.

2012-10-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3603500710-2092313750-1169243093-1001Core.job

- c:\users\Mikey\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-20 16:49]

.

2012-10-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3603500710-2092313750-1169243093-1001UA.job

- c:\users\Mikey\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-20 16:49]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]

@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"

[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]

2012-08-23 16:52 244672 ----a-w- c:\users\Mikey\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]

@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"

[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]

2012-08-23 16:52 244672 ----a-w- c:\users\Mikey\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]

@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"

[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]

2012-08-23 16:52 244672 ----a-w- c:\users\Mikey\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 97792 ----a-w- c:\users\Mikey\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 97792 ----a-w- c:\users\Mikey\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 97792 ----a-w- c:\users\Mikey\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 97792 ----a-w- c:\users\Mikey\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]

"XtrCtrlExEmotion"="c:\program files (x86)\Hercules\Dualpix Emotion\XtrCtrlEx.exe" [2009-10-19 3407656]

"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]

"rfagent"="c:\program files\RFA 8\rfagent64.exe" [2012-10-08 3267736]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]

"{F791A188-699D-4FD4-955A-EB59E89B1907}"= "\Program Files\Theme Resource Changer\ThemeResourceChanger.dll" [2010-10-07 103936]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uLocal Page = c:\program files (x86)\Corel\Corel PaintShop Pro X4\Languages\EN\Help\wwhelp\wwhimpl\common\html\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uSearchAssistant = hxxp://www.google.com

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000

Trusted Zone: com\www.msi

Trusted Zone: com.tw\asia.msi

Trusted Zone: com.tw\global.msi

TCP: DhcpNameServer = 194.168.4.100 194.168.8.100

DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} - hxxp://archives.gametap.com/static/cab_headless/GameTapWebPlayer.cab

.

- - - - ORPHANS REMOVED - - - -

.

WebBrowser-{55D7C7BC-12A7-4F9B-81C0-600D9A182395} - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{30F9B915-B755-4826-820B-08FBA6BD249D}"=hex:51,66,7a,6c,4c,1d,38,12,7b,ba,ea,

34,67,f9,48,0d,fd,1d,4b,bb,a3,e3,60,89

"{0347C33E-8762-4905-BF09-768834316C61}"=hex:51,66,7a,6c,4c,1d,38,12,50,c0,54,

07,50,c9,6b,0c,c0,1f,35,c8,31,6f,28,75

"{1631550F-191D-4826-B069-D9439253D926}"=hex:51,66,7a,6c,4c,1d,38,12,61,56,22,

12,2f,57,48,0d,cf,7f,9a,03,97,0d,9d,32

"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,

1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7

"{2EECD738-5844-4A99-B4B6-146BF802613B}"=hex:51,66,7a,6c,4c,1d,38,12,56,d4,ff,

2a,76,16,f7,0f,cb,a0,57,2b,fd,5c,25,2f

"{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}"=hex:51,66,7a,6c,4c,1d,38,12,81,2d,20,

35,ad,85,e1,00,d0,fd,90,4e,9f,38,f2,ae

"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,

38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4

"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,

94,30,02,d1,0f,f1,da,12,24,73,56,27,d2

"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,

aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83

"{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,38,12,91,fc,ec,

fb,7c,81,45,0a,c2,d4,4d,32,e4,48,ec,42

"{555D4D79-4BD2-4094-A395-CFC534424A05}"=hex:51,66,7a,6c,4c,1d,38,12,17,4e,4e,

51,e0,05,fa,05,dc,83,8c,85,31,1c,0e,11

"{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}"=hex:51,66,7a,6c,4c,1d,38,12,35,fc,e1,

93,3e,68,a1,09,fc,5c,6e,9a,4b,77,a7,8a

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:09,c9,f7,fe,b5,73,cd,01

.

[HKEY_USERS\S-1-5-21-3603500710-2092313750-1169243093-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (S-1-5-21-3603500710-2092313750-1169243093-1001)

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-3603500710-2092313750-1169243093-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (S-1-5-21-3603500710-2092313750-1169243093-1001)

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]

"value"="?\0a\06\0f\11\"\1f?"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Nico Mak Computing\WinZip]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-10-18 19:02:29

ComboFix-quarantined-files.txt 2012-10-18 18:02

ComboFix2.txt 2012-10-18 14:02

ComboFix3.txt 2012-10-18 13:38

.

Pre-Run: 111,414,951,936 bytes free

Post-Run: 111,344,697,344 bytes free

.

- - End Of File - - 8E36A4C8F6F4F18982C9D9761B335C3E

I started to get BSOD's after a new card was put in, something like " IRQL NOT EQUAL ". This was 6-7 months ago. I only got them when the computer was doing something taxing so I stopped doing anything too taxing on the pc. It's only after this Malware has turned up that I'm getting them again.

Link to post
Share on other sites

  • 3 weeks later...

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.