Jump to content

infected by startsear.info. Please help!


Recommended Posts

Hello,

I've been infected by startsear.info for a few weeks now. Malwarebytes scan finds it sometimes and the homepage is reverted back; however, after a computer restart, startsear.info is the homepage again. It keeps returning in IE. Google chrome seems to be fine. Running netstat makes me worried since it shows are large number of connections to the outside.

Thank you very much! Your assistance is greatly appreciated.

Sunny

Attach.txt

DDS.txt

netstat.txt

Link to post
Share on other sites

  • Staff

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us


  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.

    [*]Please do not attach logs or use code boxes, just copy and paste the text.

    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.

    [*]Please read every post completely before doing anything.

    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.

    [*]Please provide feedback about your experience as we go.

    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from
here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download
AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
    • Quit all programs that you may have started.
    • Please disconnect any USB or external drives from the computer before you run this scan!
    • For Vista or Windows 7, right-click and select "Run as Administrator to start"
    • For Windows XP, double-click to start.
    • Wait until Prescan has finished ...
    • Then Click on "Scan" button
    • Wait until the Status box shows "Scan Finished"
    • click on "delete"
    • Wait until the Status box shows "Deleting Finished"
    • Click on "Report" and copy/paste the content of the Notepad into your next reply.
    • The log should be found in RKreport[1].txt on your Desktop
    • Exit/Close RogueKiller+

Gringo

Link to post
Share on other sites

Results of screen317's Security Check version 0.99.54

Windows 7 Service Pack 1 x64 (UAC is disabled!)

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

Microsoft Security Essentials

(On Access scanning disabled!)

Error obtaining update status for antivirus!

`````````Anti-malware/Other Utilities Check:`````````

Ad-Aware

Out of date HijackThis installed!

SpywareBlaster 4.6

Spybot - Search & Destroy

Malwarebytes Anti-Malware version 1.65.1.1000

HijackThis 2.0.2

Java 3D 1.3.1 (OpenGL) Runtime

Java 6 Update 37

Java version out of Date!

Adobe Flash Player 11.4.402.287

Adobe Reader X 10.1.1 Adobe Reader out of Date!

Google Chrome 21.0.1180.83

Google Chrome 21.0.1180.89

Google Chrome 22.0.1229.79

Google Chrome 22.0.1229.92

Google Chrome 22.0.1229.94

Google Chrome 23.0.1271.64

Google Chrome plugins...

````````Process Check: objlist.exe by Laurent````````

Microsoft Security Essentials MSMpEng.exe

Microsoft Security Essentials msseces.exe

Ad-Aware AAWService.exe is disabled!

Ad-Aware AAWTray.exe is disabled!

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 0%

````````````````````End of Log``````````````````````

Link to post
Share on other sites

# AdwCleaner v2.008 - Logfile created 11/18/2012 at 13:04:34

# Updated 17/11/2012 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : Sunny - UL20FT

# Boot Mode : Normal

# Running from : C:\Users\Sunny\Downloads\adwcleaner (1).exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Replaced : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://startsear.info --> hxxp://www.google.com

-\\ Google Chrome v23.0.1271.64

File : C:\Users\Sunny\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\Pooh\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [7344 octets] - [11/11/2012 14:01:23]

AdwCleaner[R2].txt - [7404 octets] - [11/11/2012 14:02:04]

AdwCleaner[s2].txt - [7673 octets] - [11/11/2012 14:02:36]

AdwCleaner[s3].txt - [1386 octets] - [18/11/2012 13:04:34]

########## EOF - C:\AdwCleaner[s3].txt - [1446 octets] ##########

Link to post
Share on other sites

RogueKiller V8.3.0 [Nov 18 2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website: http://tigzy.geekstogo.com/roguekiller.php

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Sunny [Admin rights]

Mode : Remove -- Date : 11/18/2012 13:09:54

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤

[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)

[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: M4-CT256M4SSD2 +++++

--- User ---

[MBR] e7c22b1c855cc2899ffb274315e7959e

[bSP] bd6d9d0f8771f1111364206a33070549 : Windows 7/8 MBR Code

Partition table:

0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 8 | Size: 20002 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 40966144 | Size: 224192 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[2]_D_11182012_02d1309.txt >>

RKreport[1]_S_11182012_02d1309.txt ; RKreport[2]_D_11182012_02d1309.txt

Link to post
Share on other sites

RogueKiller V8.3.0 [Nov 18 2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website: http://tigzy.geekstogo.com/roguekiller.php

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Sunny [Admin rights]

Mode : Scan -- Date : 11/18/2012 13:09:38

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 6 ¤¤¤

[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: M4-CT256M4SSD2 +++++

--- User ---

[MBR] e7c22b1c855cc2899ffb274315e7959e

[bSP] bd6d9d0f8771f1111364206a33070549 : Windows 7/8 MBR Code

Partition table:

0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 8 | Size: 20002 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 40966144 | Size: 224192 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_11182012_02d1309.txt >>

RKreport[1]_S_11182012_02d1309.txt

Link to post
Share on other sites

  • Staff

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.

Link 1
Link 2
Link 3

1. Close any open browsers or any other programs that are open.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

Link to post
Share on other sites

ComboFix 12-11-16.02 - Sunny 18/11/2012 16:13:57.3.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.3885.2268 [GMT -8:00]

Running from: c:\users\Sunny\Desktop\malware logs\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}

SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\msvcr71.dll

.

---- Previous Run -------

.

c:\esupport\eDriver\Software\ASUS\MultiFrame\XP32_Vista32_Vista64_Win7_32_Win7_64_1.0.0021\Desktop_.ini

c:\programdata\FullRemove.exe

c:\users\Sunny\ResourceReader.dll

c:\windows\SysWow64\Packet.dll

c:\windows\SysWow64\pthreadVC.dll

c:\windows\SysWow64\wpcap.dll

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_NPF

-------\Service_npf

.

.

((((((((((((((((((((((((( Files Created from 2012-10-19 to 2012-11-19 )))))))))))))))))))))))))))))))

.

.

2012-11-19 00:51 . 2012-11-19 00:51 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp

2012-11-19 00:51 . 2012-11-19 00:51 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-11-18 10:14 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{01F3B262-4A85-44BA-AD3B-6DB519D1A6AD}\mpengine.dll

2012-11-18 09:44 . 2012-11-18 09:45 181064 ----a-w- c:\windows\PSEXESVC.EXE

2012-11-18 09:42 . 2012-11-18 09:42 -------- d-----w- C:\RegBackup

2012-11-18 09:40 . 2012-11-18 09:44 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs

2012-11-18 09:40 . 2012-11-18 09:40 -------- d-----w- c:\program files (x86)\Tweaking.com

2012-11-18 05:41 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-11-16 03:04 . 2012-11-16 03:04 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi

2012-11-16 02:54 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

2012-11-16 02:54 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys

2012-11-16 02:54 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui

2012-11-16 02:54 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll

2012-11-16 02:45 . 2012-10-08 12:19 17811968 ----a-w- c:\windows\system32\mshtml.dll

2012-11-16 02:45 . 2012-10-08 11:42 10925568 ----a-w- c:\windows\system32\ieframe.dll

2012-11-16 02:42 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys

2012-11-16 02:42 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys

2012-11-16 02:42 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll

2012-11-16 02:42 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll

2012-11-16 02:42 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe

2012-11-16 02:42 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll

2012-11-16 02:42 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll

2012-11-11 22:05 . 2012-11-12 23:56 -------- d-----w- c:\users\Pooh

2012-11-11 20:02 . 2010-01-11 02:40 118784 ----a-w- c:\windows\SysWow64\MSSTDFMT.DLL

2012-11-11 20:02 . 2012-11-11 20:05 -------- d-----w- c:\program files (x86)\SpywareBlaster

2012-11-11 19:59 . 2012-11-11 19:59 -------- d-----w- c:\users\Sunny\AppData\Roaming\SUPERAntiSpyware.com

2012-11-11 19:59 . 2012-11-11 19:59 -------- d-----w- c:\program files\SUPERAntiSpyware

2012-11-11 19:59 . 2012-11-11 19:59 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2012-11-11 19:57 . 2012-11-11 19:57 -------- d-----w- c:\programdata\PC Tools

2012-11-11 19:57 . 2012-11-11 19:57 -------- d-----w- c:\users\Sunny\AppData\Roaming\TestApp

2012-11-11 04:21 . 2012-11-11 04:21 -------- d-----w- c:\programdata\Sophos

2012-11-11 04:21 . 2012-11-11 04:21 73728 ----a-r- c:\users\Sunny\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe

2012-11-11 04:21 . 2012-11-11 04:21 73728 ----a-r- c:\users\Sunny\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe

2012-11-11 04:21 . 2012-11-11 04:21 73728 ----a-r- c:\users\Sunny\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe

2012-11-11 04:21 . 2012-11-11 04:21 -------- d-----w- c:\program files (x86)\Sophos

2012-11-11 04:08 . 2012-11-11 04:08 -------- d-----w- c:\program files (x86)\ESET

2012-11-06 05:42 . 2012-11-06 05:42 -------- d-----w- c:\program files (x86)\Common Files\Java

2012-11-06 05:41 . 2012-11-06 05:41 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll

2012-10-24 06:14 . 2012-10-24 06:14 -------- d-----w- c:\users\Sunny\AppData\Roaming\LavasoftStatistics

2012-10-24 05:39 . 2012-10-24 05:39 -------- d-----w- c:\users\Sunny\AppData\Local\Downloaded Installations

2012-10-24 05:38 . 2012-10-24 05:38 -------- d-----w- c:\users\Sunny\AppData\Local\adawarebp

2012-10-24 05:38 . 2012-11-18 21:18 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection

2012-10-24 05:38 . 2012-10-24 05:38 -------- d-----w- c:\program files (x86)\Toolbar Cleaner

2012-10-24 05:38 . 2012-10-24 05:38 -------- d-----w- c:\program files (x86)\adawaretb

2012-10-24 04:19 . 2012-10-24 05:33 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2012-10-24 04:19 . 2012-10-24 04:23 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy

2012-10-22 02:37 . 2012-10-22 02:37 -------- d-----w- c:\users\Sunny\AppData\Roaming\thriXXX

2012-10-22 02:37 . 2012-10-22 02:37 -------- d-----w- c:\program files (x86)\thriXXX

2012-10-20 19:57 . 2012-10-04 03:44 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6AA6ADF4-6FC0-40A8-BA17-F9D90389391B}\gapaengine.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-11-19 00:10 . 2012-06-14 16:56 45056 ----a-w- c:\windows\system32\acovcnt.exe

2012-11-16 02:42 . 2011-08-26 03:21 66395536 ----a-w- c:\windows\system32\MRT.exe

2012-11-11 09:04 . 2011-12-27 00:59 88008 ----a-w- c:\windows\system32\LMIRfsClientNP.dll

2012-11-11 09:04 . 2011-12-27 00:59 35240 ----a-w- c:\windows\system32\LMIport.dll

2012-11-11 09:04 . 2011-12-27 00:59 83880 ----a-w- c:\windows\system32\LMIinit.dll

2012-11-06 05:41 . 2011-09-07 07:34 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-10-18 04:35 . 2012-04-06 02:30 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-10-18 04:35 . 2011-09-09 01:34 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-10-04 03:44 . 2012-02-11 11:17 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2012-09-30 02:54 . 2012-09-03 19:06 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-14 19:19 . 2012-10-10 03:58 2048 ----a-w- c:\windows\system32\tzres.dll

2012-09-14 18:28 . 2012-10-10 03:58 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2012-08-31 18:19 . 2012-10-10 03:59 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys

2012-08-31 05:03 . 2012-08-31 05:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys

2012-08-31 05:03 . 2011-04-27 22:25 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys

2012-08-30 18:03 . 2012-10-10 03:59 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-08-30 17:12 . 2012-10-10 03:59 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-08-30 17:12 . 2012-10-10 03:59 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-08-24 18:05 . 2012-10-10 03:59 220160 ----a-w- c:\windows\system32\wintrust.dll

2012-08-24 16:57 . 2012-10-10 03:59 172544 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-08-22 18:12 . 2012-09-13 02:32 950128 ----a-w- c:\windows\system32\drivers\ndis.sys

2012-08-22 18:12 . 2012-09-13 02:32 376688 ----a-w- c:\windows\system32\drivers\netio.sys

2012-08-22 18:12 . 2012-09-13 02:32 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

2012-08-21 21:01 . 2012-09-25 23:59 245760 ----a-w- c:\windows\system32\OxpsConverter.exe

2012-08-21 20:01 . 2012-09-22 03:28 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2012-08-21 20:01 . 2011-08-28 20:17 125872 ----a-w- c:\windows\system32\GEARAspi64.dll

2012-08-21 20:01 . 2011-08-28 20:17 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]

2012-09-20 20:06 87448 ----a-w- c:\program files (x86)\adawaretb\adawareDx.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files (x86)\adawaretb\adawareDx.dll" [2012-09-20 87448]

.

[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ShowBatteryBar"="c:\program files\BatteryBar\ShowBatteryBar.exe" [2009-05-28 89600]

"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2012-01-21 719672]

"Workrave"="c:\program files (x86)\Workrave\lib\workrave.exe" [2011-03-25 3871246]

"WLSync"="c:\program files (x86)\Windows Live\Mesh\WLSync.exe" [2012-03-09 1449824]

"98E36C341B5CB5AFB17092EB2920E6EA02805BD9._service_run"="c:\users\Sunny\AppData\Local\Google\Chrome\Application\chrome.exe" [2012-10-31 1242136]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

"Akamai NetSession Interface"="c:\users\Sunny\AppData\Local\Akamai\netsession_win.exe" [bU]

"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [bU]

"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-01 5629312]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"NPSStartup"="" [bU]

"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files (x86)\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]

"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]

"EaseUs Watch"="c:\program files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe" [2011-10-22 70792]

"EaseUs Tray"="c:\program files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe" [2011-10-22 743560]

"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-02-04 7350912]

"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-01-05 170624]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]

"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-03-27 40376]

"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-03-26 640440]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]

"vmware-tray"="c:\program files (x86)\VMware\VMware Workstation\vmware-tray.exe" [2009-10-22 129584]

"Garmin Lifetime Updater"="c:\program files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe" [2012-01-06 1446760]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]

"Display"="c:\program files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe" [2012-01-24 284024]

"XviD Codec"="c:\program files (x86)\XviD\codec.exe" [2012-08-08 606720]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]

"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2012-08-08 540056]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]

"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-11-16 2254768]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

APC UPS Status.lnk - c:\program files (x86)\APC\PowerChute Personal Edition\Display.exe [2012-1-24 271736]

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-8-2 1080608]

HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-23 270336]

SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe [2010-8-17 156952]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux2"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 KMService;KMService;c:\windows\system32\srvany.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]

R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2009-12-28 44032]

R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864]

R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-07-29 16776]

R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-07-29 9096]

R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-03-19 1431888]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]

R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]

R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-06-14 16448]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-26 1255736]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]

R4 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2009-12-07 379520]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2011-10-22 44680]

S0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [2011-10-22 50312]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-09-17 834544]

S1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2011-10-22 19592]

S1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [2011-10-22 189576]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]

S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2012-03-15 224048]

S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2012-03-15 130864]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]

S2 APC Data Service;APC Data Service;c:\program files (x86)\APC\PowerChute Personal Edition\dataserv.exe [2012-01-24 21880]

S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]

S2 EaseUS Agent;EaseUS Agent;c:\program files (x86)\EaseUS\Todo Backup\bin\Agent.exe [2011-10-22 60552]

S2 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe [2011-12-12 8704]

S2 Guard Agent;Guard Agent;c:\program files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe [2011-10-22 23176]

S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-11-16 2461104]

S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-11-11 375728]

S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2011-09-16 15928]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]

S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2009-10-22 80944]

S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2009-10-22 563760]

S3 ALSysIO;ALSysIO;c:\users\Sunny\AppData\Local\Temp\ALSysIO64.sys [x]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-03-04 75816]

S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]

S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2012-03-15 147248]

S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2012-03-15 166192]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2012-11-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-213426137-1922756365-3311226018-1001Core.job

- c:\users\Sunny\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-02 08:35]

.

2012-11-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-213426137-1922756365-3311226018-1001UA.job

- c:\users\Sunny\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-02 08:35]

.

2012-11-18 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 65ff1bd1-9d9e-4648-88b5-3067be9d6b12.job

- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]

.

2012-11-18 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task e64f2b5f-7d69-4ef3-816d-f223cd72dd81.job

- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2011-09-16 57928]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]

"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-01-18 324608]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-22 167704]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-22 392472]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-22 416024]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=c:\windows\System32\acaptuser64.dll

.

------- Supplementary Scan -------

.

uStart Page = hxxp://startsear.info

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://startsear.info

mLocal Page = c:\windows\SYSTEM32\blank.htm

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Append to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert link target to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105

LSP: c:\program files (x86)\VMware\VMware Workstation\vsocklib.dll

Trusted Zone: mini9

Trusted Zone: pearsoned.com\myitlab

TCP: DhcpNameServer = 192.168.1.254

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

Toolbar-Locked - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

AddRemove-Asus_ULSeries_ScreenSaver - c:\windows\system32\Asus_ULSeries_ScreenSaver.scr

AddRemove-uCertify M70-640 - c:\program files (x86)\uCertify\uninstall.exe

AddRemove-uCertify M70-640 - c:\program files (x86)\uCertify\uninstall.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-11-18 17:10:02

ComboFix-quarantined-files.txt 2012-11-19 01:09

.

Pre-Run: 50,661,801,984 bytes free

Post-Run: 50,129,670,144 bytes free

.

- - End Of File - - 2BA683A5ADC54B5FBE6315CEEF82C132

Link to post
Share on other sites

Combofix took a while to complete. I had to run it twice. First time the computer went to sleep. I started combofix again after disabling sleep on the computer.

Restarted the computer and opened up IE. Startsear.info is still the homepage. Computer is running about the same as before completing the scans..

Link to post
Share on other sites

  • Staff

Greetings,

first I would like you to go here and click on the fixit button - http://support.microsoft.com/kb/923737

Then I want you to do the following

  • Start Internet Explorer.
  • click on "safety"
  • click on "Delete Browsing History"
  • make sure all boxes are checked
  • click on "Delete"
  • click on "Tools",
  • click "Internet Options".
  • On the "Advanced" tab, click "Reset"
  • put a check mark next to "Delete Personal Settings"
  • click "Reset" to confirm
  • when complete click the "Close" button
  • restart IE

Gringo

Link to post
Share on other sites

  • Staff

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.

  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo

Link to post
Share on other sites

00:11:13.0003 8140 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35

00:11:13.0452 8140 ============================================================

00:11:13.0452 8140 Current date / time: 2012/11/19 00:11:13.0452

00:11:13.0452 8140 SystemInfo:

00:11:13.0452 8140

00:11:13.0452 8140 OS Version: 6.1.7601 ServicePack: 1.0

00:11:13.0452 8140 Product type: Workstation

00:11:13.0452 8140 ComputerName: UL20FT

00:11:13.0453 8140 UserName: Sunny

00:11:13.0453 8140 Windows directory: C:\Windows

00:11:13.0453 8140 System windows directory: C:\Windows

00:11:13.0453 8140 Running under WOW64

00:11:13.0453 8140 Processor architecture: Intel x64

00:11:13.0453 8140 Number of processors: 4

00:11:13.0453 8140 Page size: 0x1000

00:11:13.0453 8140 Boot type: Normal boot

00:11:13.0453 8140 ============================================================

00:11:14.0348 8140 Drive \Device\Harddisk0\DR0 - Size: 0x3B9E656000 (238.47 Gb), SectorSize: 0x200, Cylinders: 0x799A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

00:11:14.0496 8140 ============================================================

00:11:14.0497 8140 \Device\Harddisk0\DR0:

00:11:14.0497 8140 MBR partitions:

00:11:14.0497 8140 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2711800, BlocksNum 0x1B5E0400

00:11:14.0497 8140 ============================================================

00:11:14.0499 8140 C: <-> \Device\Harddisk0\DR0\Partition1

00:11:14.0499 8140 ============================================================

00:11:14.0499 8140 Initialize success

00:11:14.0500 8140 ============================================================

00:11:54.0864 4280 ============================================================

00:11:54.0864 4280 Scan started

00:11:54.0864 4280 Mode: Manual;

00:11:54.0864 4280 ============================================================

00:11:54.0930 4280 ================ Scan system memory ========================

00:11:54.0930 4280 System memory - ok

00:11:54.0931 4280 ================ Scan services =============================

00:11:54.0939 4280 [ 581D88B25C4D4121824FED2CA38E562F ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

00:11:54.0942 4280 !SASCORE - ok

00:11:55.0002 4280 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys

00:11:55.0006 4280 1394ohci - ok

00:11:55.0016 4280 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys

00:11:55.0022 4280 ACPI - ok

00:11:55.0029 4280 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys

00:11:55.0031 4280 AcpiPmi - ok

00:11:55.0040 4280 [ 11A52CF7B265631DEEB24C6149309EFF ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

00:11:55.0042 4280 AdobeARMservice - ok

00:11:55.0055 4280 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys

00:11:55.0063 4280 adp94xx - ok

00:11:55.0072 4280 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys

00:11:55.0078 4280 adpahci - ok

00:11:55.0085 4280 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys

00:11:55.0089 4280 adpu320 - ok

00:11:55.0097 4280 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

00:11:55.0098 4280 AeLookupSvc - ok

00:11:55.0108 4280 [ 2D00D3DADC1D3326BA788EB071F2726E ] AFBAgent C:\Windows\system32\FBAgent.exe

00:11:55.0116 4280 AFBAgent - ok

00:11:55.0128 4280 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys

00:11:55.0134 4280 AFD - ok

00:11:55.0141 4280 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys

00:11:55.0144 4280 agp440 - ok

00:11:55.0149 4280 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe

00:11:55.0151 4280 ALG - ok

00:11:55.0157 4280 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys

00:11:55.0158 4280 aliide - ok

00:11:55.0172 4280 ALSysIO - ok

00:11:55.0177 4280 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys

00:11:55.0179 4280 amdide - ok

00:11:55.0184 4280 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys

00:11:55.0187 4280 AmdK8 - ok

00:11:55.0193 4280 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys

00:11:55.0195 4280 AmdPPM - ok

00:11:55.0201 4280 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys

00:11:55.0205 4280 amdsata - ok

00:11:55.0213 4280 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys

00:11:55.0216 4280 amdsbs - ok

00:11:55.0222 4280 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys

00:11:55.0224 4280 amdxata - ok

00:11:55.0229 4280 [ 9C7F164B49CADC658D1B3C575782F346 ] AmUStor C:\Windows\system32\drivers\AmUStor.SYS

00:11:55.0231 4280 AmUStor - ok

00:11:55.0238 4280 [ 107AB19CC1D40B9D04537F6EEAAC34C9 ] APC Data Service C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe

00:11:55.0253 4280 APC Data Service - ok

00:11:55.0266 4280 [ C7F8C8080B055B3DE9A8141DFD8E308A ] APC UPS Service C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe

00:11:55.0569 4280 APC UPS Service - ok

00:11:55.0576 4280 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys

00:11:55.0578 4280 AppID - ok

00:11:55.0585 4280 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll

00:11:55.0587 4280 AppIDSvc - ok

00:11:55.0593 4280 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll

00:11:55.0595 4280 Appinfo - ok

00:11:55.0602 4280 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

00:11:55.0605 4280 Apple Mobile Device - ok

00:11:55.0615 4280 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys

00:11:55.0618 4280 arc - ok

00:11:55.0624 4280 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys

00:11:55.0627 4280 arcsas - ok

00:11:55.0633 4280 [ 18E5C2F937F9DEB8C282DF66A3761925 ] ASLDRService C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe

00:11:55.0635 4280 ASLDRService - ok

00:11:55.0640 4280 [ 4C016FD76ED5C05E84CA8CAB77993961 ] ASMMAP64 C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys

00:11:55.0641 4280 ASMMAP64 - ok

00:11:55.0647 4280 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

00:11:55.0649 4280 AsyncMac - ok

00:11:55.0654 4280 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys

00:11:55.0656 4280 atapi - ok

00:11:55.0680 4280 [ F8633CDD09647A64EE8DB550630427FF ] athr C:\Windows\system32\DRIVERS\athrx.sys

00:11:55.0698 4280 athr - ok

00:11:55.0705 4280 [ 7910158929571214A959D5A6D16DD9C0 ] ATKGFNEXSrv C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

00:11:55.0707 4280 ATKGFNEXSrv - ok

00:11:55.0721 4280 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

00:11:55.0730 4280 AudioEndpointBuilder - ok

00:11:55.0742 4280 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll

00:11:55.0748 4280 AudioSrv - ok

00:11:55.0755 4280 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll

00:11:55.0758 4280 AxInstSV - ok

00:11:55.0769 4280 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys

00:11:55.0776 4280 b06bdrv - ok

00:11:55.0786 4280 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys

00:11:55.0790 4280 b57nd60a - ok

00:11:55.0799 4280 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll

00:11:55.0802 4280 BDESVC - ok

00:11:55.0806 4280 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys

00:11:55.0808 4280 Beep - ok

00:11:55.0824 4280 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll

00:11:55.0833 4280 BFE - ok

00:11:55.0850 4280 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll

00:11:55.0875 4280 BITS - ok

00:11:55.0881 4280 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys

00:11:55.0883 4280 blbdrive - ok

00:11:55.0893 4280 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

00:11:55.0900 4280 Bonjour Service - ok

00:11:55.0907 4280 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

00:11:55.0909 4280 bowser - ok

00:11:55.0917 4280 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys

00:11:55.0918 4280 BrFiltLo - ok

00:11:55.0924 4280 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys

00:11:55.0925 4280 BrFiltUp - ok

00:11:55.0932 4280 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys

00:11:55.0934 4280 BridgeMP - ok

00:11:55.0941 4280 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll

00:11:55.0943 4280 Browser - ok

00:11:55.0952 4280 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys

00:11:55.0956 4280 Brserid - ok

00:11:55.0962 4280 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

00:11:55.0964 4280 BrSerWdm - ok

00:11:55.0969 4280 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

00:11:55.0970 4280 BrUsbMdm - ok

00:11:55.0976 4280 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

00:11:55.0977 4280 BrUsbSer - ok

00:11:55.0983 4280 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys

00:11:55.0985 4280 BTHMODEM - ok

00:11:55.0993 4280 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll

00:11:55.0996 4280 bthserv - ok

00:11:56.0012 4280 [ 1E08DC82525282E34AD66FFBA0782565 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

00:11:56.0022 4280 btwdins - ok

00:11:56.0026 4280 catchme - ok

00:11:56.0033 4280 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

00:11:56.0036 4280 cdfs - ok

00:11:56.0043 4280 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

00:11:56.0046 4280 cdrom - ok

00:11:56.0052 4280 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll

00:11:56.0055 4280 CertPropSvc - ok

00:11:56.0060 4280 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys

00:11:56.0062 4280 circlass - ok

00:11:56.0071 4280 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys

00:11:56.0076 4280 CLFS - ok

00:11:56.0084 4280 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

00:11:56.0088 4280 clr_optimization_v2.0.50727_32 - ok

00:11:56.0095 4280 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

00:11:56.0099 4280 clr_optimization_v2.0.50727_64 - ok

00:11:56.0107 4280 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

00:11:56.0113 4280 clr_optimization_v4.0.30319_32 - ok

00:11:56.0121 4280 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

00:11:56.0125 4280 clr_optimization_v4.0.30319_64 - ok

00:11:56.0131 4280 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys

00:11:56.0132 4280 CmBatt - ok

00:11:56.0137 4280 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys

00:11:56.0139 4280 cmdide - ok

00:11:56.0150 4280 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys

00:11:56.0156 4280 CNG - ok

00:11:56.0161 4280 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys

00:11:56.0163 4280 Compbatt - ok

00:11:56.0169 4280 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys

00:11:56.0170 4280 CompositeBus - ok

00:11:56.0175 4280 COMSysApp - ok

00:11:56.0182 4280 [ 3CA734CE373E5675FBC15CA2C45228E5 ] cpudrv64 C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys

00:11:56.0196 4280 cpudrv64 - ok

00:11:56.0203 4280 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys

00:11:56.0205 4280 crcdisk - ok

00:11:56.0215 4280 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll

00:11:56.0218 4280 CryptSvc - ok

00:11:56.0231 4280 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll

00:11:56.0239 4280 DcomLaunch - ok

00:11:56.0248 4280 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll

00:11:56.0252 4280 defragsvc - ok

00:11:56.0258 4280 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

00:11:56.0261 4280 DfsC - ok

00:11:56.0270 4280 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll

00:11:56.0274 4280 Dhcp - ok

00:11:56.0281 4280 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys

00:11:56.0282 4280 discache - ok

00:11:56.0289 4280 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys

00:11:56.0291 4280 Disk - ok

00:11:56.0298 4280 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll

00:11:56.0302 4280 Dnscache - ok

00:11:56.0312 4280 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll

00:11:56.0316 4280 dot3svc - ok

00:11:56.0323 4280 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll

00:11:56.0326 4280 DPS - ok

00:11:56.0331 4280 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

00:11:56.0333 4280 drmkaud - ok

00:11:56.0350 4280 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

00:11:56.0367 4280 DXGKrnl - ok

00:11:56.0376 4280 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll

00:11:56.0379 4280 EapHost - ok

00:11:56.0390 4280 [ 70B997B168AE99C900B3F6B00FB231D3 ] EaseUS Agent C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe

00:11:56.0456 4280 EaseUS Agent - ok

00:11:56.0501 4280 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys

00:11:56.0539 4280 ebdrv - ok

00:11:56.0546 4280 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe

00:11:56.0549 4280 EFS - ok

00:11:56.0564 4280 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe

00:11:56.0573 4280 ehRecvr - ok

00:11:56.0581 4280 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe

00:11:56.0584 4280 ehSched - ok

00:11:56.0598 4280 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys

00:11:56.0605 4280 elxstor - ok

00:11:56.0611 4280 [ 9EAFB3B3B60B8AD958985152A9309ACA ] epmntdrv C:\Windows\system32\epmntdrv.sys

00:11:56.0628 4280 epmntdrv - ok

00:11:56.0632 4280 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys

00:11:56.0634 4280 ErrDev - ok

00:11:56.0641 4280 [ AFB8764E629E81E6F4BDD9252B67AEF3 ] EUBAKUP C:\Windows\system32\drivers\eubakup.sys

00:11:56.0656 4280 EUBAKUP - ok

00:11:56.0662 4280 [ 4DC80FC28D27053497ABC7B1C423CAA7 ] EUBKMON C:\Windows\system32\drivers\EUBKMON.sys

00:11:56.0679 4280 EUBKMON - ok

00:11:56.0683 4280 [ 962150F74FF131A330B9C9DD502526AC ] EUDSKACS C:\Windows\system32\drivers\eudskacs.sys

00:11:56.0697 4280 EUDSKACS - ok

00:11:56.0705 4280 [ 1B55D6F38343904F0D26A5B0744B6BD8 ] EUFDDISK C:\Windows\system32\drivers\EuFdDisk.sys

00:11:56.0732 4280 EUFDDISK - ok

00:11:56.0738 4280 [ FB949ED2C93C878A189039F3D7730942 ] EuGdiDrv C:\Windows\system32\EuGdiDrv.sys

00:11:56.0752 4280 EuGdiDrv - ok

00:11:56.0765 4280 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll

00:11:56.0772 4280 EventSystem - ok

00:11:56.0779 4280 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys

00:11:56.0782 4280 exfat - ok

00:11:56.0791 4280 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys

00:11:56.0795 4280 fastfat - ok

00:11:56.0808 4280 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe

00:11:56.0819 4280 Fax - ok

00:11:56.0825 4280 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys

00:11:56.0827 4280 fdc - ok

00:11:56.0832 4280 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll

00:11:56.0834 4280 fdPHost - ok

00:11:56.0839 4280 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll

00:11:56.0841 4280 FDResPub - ok

00:11:56.0847 4280 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

00:11:56.0849 4280 FileInfo - ok

00:11:56.0855 4280 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

00:11:56.0856 4280 Filetrace - ok

00:11:56.0869 4280 [ F76D04F7413B07DAA029F6520B64B4E8 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

00:11:56.0988 4280 FLEXnet Licensing Service - ok

00:11:57.0012 4280 [ 5CEE6CD43AE5844C49300EA0B1E557EE ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe

00:11:57.0146 4280 FLEXnet Licensing Service 64 - ok

00:11:57.0152 4280 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys

00:11:57.0154 4280 flpydisk - ok

00:11:57.0163 4280 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

00:11:57.0167 4280 FltMgr - ok

00:11:57.0187 4280 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll

00:11:57.0201 4280 FontCache - ok

00:11:57.0207 4280 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

00:11:57.0208 4280 FontCache3.0.0.0 - ok

00:11:57.0213 4280 [ 93B5CD0AC126BE95F65B28AF3D9542DC ] FreemakeVideoCapture C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe

00:11:57.0230 4280 FreemakeVideoCapture - ok

00:11:57.0235 4280 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

00:11:57.0237 4280 FsDepends - ok

00:11:57.0243 4280 [ 07DA62C960DDCCC2D35836AEAB4FC578 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys

00:11:57.0245 4280 fssfltr - ok

00:11:57.0269 4280 [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe

00:11:57.0288 4280 fsssvc - ok

00:11:57.0294 4280 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

00:11:57.0296 4280 Fs_Rec - ok

00:11:57.0304 4280 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

00:11:57.0307 4280 fvevol - ok

00:11:57.0314 4280 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys

00:11:57.0316 4280 gagp30kx - ok

00:11:57.0321 4280 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

00:11:57.0323 4280 GEARAspiWDM - ok

00:11:57.0337 4280 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll

00:11:57.0347 4280 gpsvc - ok

00:11:57.0351 4280 [ A09BD5E75C4BDACA295F9F1D9C5DFE38 ] Guard Agent C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe

00:11:57.0380 4280 Guard Agent - ok

00:11:57.0388 4280 [ CC839E8D766CC31A7710C9F38CF3E375 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

00:11:57.0392 4280 gusvc - ok

00:11:57.0398 4280 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys

00:11:57.0400 4280 hamachi - ok

00:11:57.0438 4280 [ 848BB54F18819EC6D7B255B38697E239 ] Hamachi2Svc C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe

00:11:57.0688 4280 Hamachi2Svc - ok

00:11:57.0695 4280 [ 8CDAD7B707DDD77D45588F74D59C9AFF ] hcmon C:\Windows\system32\drivers\hcmon.sys

00:11:57.0696 4280 hcmon - ok

00:11:57.0702 4280 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

00:11:57.0704 4280 hcw85cir - ok

00:11:57.0714 4280 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

00:11:57.0720 4280 HdAudAddService - ok

00:11:57.0727 4280 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys

00:11:57.0730 4280 HDAudBus - ok

00:11:57.0736 4280 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys

00:11:57.0739 4280 HECIx64 - ok

00:11:57.0745 4280 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys

00:11:57.0747 4280 HidBatt - ok

00:11:57.0754 4280 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys

00:11:57.0756 4280 HidBth - ok

00:11:57.0762 4280 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys

00:11:57.0765 4280 HidIr - ok

00:11:57.0770 4280 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll

00:11:57.0773 4280 hidserv - ok

00:11:57.0778 4280 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

00:11:57.0780 4280 HidUsb - ok

00:11:57.0787 4280 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll

00:11:57.0791 4280 hkmsvc - ok

00:11:57.0800 4280 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll

00:11:57.0805 4280 HomeGroupListener - ok

00:11:57.0812 4280 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

00:11:57.0817 4280 HomeGroupProvider - ok

00:11:57.0830 4280 [ 08457D8F8149757C70CEA59C71EC5D27 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll

00:11:58.0005 4280 hpqcxs08 - ok

00:11:58.0012 4280 [ 75CC8C5146A3FB76221A7606628778D5 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll

00:11:58.0152 4280 hpqddsvc - ok

00:11:58.0158 4280 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys

00:11:58.0161 4280 HpSAMD - ok

00:11:58.0182 4280 [ F37882F128EFACEFE353E0BAE2766909 ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL

00:11:58.0262 4280 HPSLPSVC - ok

00:11:58.0276 4280 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys

00:11:58.0286 4280 HTTP - ok

00:11:58.0293 4280 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

00:11:58.0295 4280 hwpolicy - ok

00:11:58.0302 4280 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys

00:11:58.0305 4280 i8042prt - ok

00:11:58.0318 4280 [ 42E00996DFC13C46366689C0EA8ABC5E ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys

00:11:58.0323 4280 iaStor - ok

00:11:58.0333 4280 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys

00:11:58.0339 4280 iaStorV - ok

00:11:58.0355 4280 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

00:11:58.0366 4280 idsvc - ok

00:11:58.0529 4280 [ 0089B53F1BEFD34B7D8CA4AB021335FA ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys

00:11:58.0668 4280 igfx - ok

00:11:58.0678 4280 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys

00:11:58.0680 4280 iirsp - ok

00:11:58.0695 4280 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll

00:11:58.0707 4280 IKEEXT - ok

00:11:58.0714 4280 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys

00:11:58.0717 4280 Impcd - ok

00:11:58.0754 4280 [ 257CE93C4C83A869F67C8121A34D57EC ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys

00:11:58.0781 4280 IntcAzAudAddService - ok

00:11:58.0792 4280 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys

00:11:58.0797 4280 IntcDAud - ok

00:11:58.0802 4280 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys

00:11:58.0803 4280 intelide - ok

00:11:58.0809 4280 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

00:11:58.0811 4280 intelppm - ok

00:11:58.0818 4280 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll

00:11:58.0821 4280 IPBusEnum - ok

00:11:58.0827 4280 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

00:11:58.0829 4280 IpFilterDriver - ok

00:11:58.0841 4280 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

00:11:58.0849 4280 iphlpsvc - ok

00:11:58.0856 4280 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys

00:11:58.0858 4280 IPMIDRV - ok

00:11:58.0864 4280 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys

00:11:58.0867 4280 IPNAT - ok

00:11:58.0885 4280 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

00:11:58.0897 4280 iPod Service - ok

00:11:58.0905 4280 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys

00:11:58.0909 4280 IRENUM - ok

00:11:58.0918 4280 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys

00:11:58.0922 4280 isapnp - ok

00:11:58.0932 4280 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys

00:11:58.0937 4280 iScsiPrt - ok

00:11:58.0942 4280 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

00:11:58.0944 4280 kbdclass - ok

00:11:58.0949 4280 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys

00:11:58.0951 4280 kbdhid - ok

00:11:58.0957 4280 [ E63EF8C3271D014F14E2469CE75FECB4 ] kbfiltr C:\Windows\system32\DRIVERS\kbfiltr.sys

00:11:58.0958 4280 kbfiltr - ok

00:11:58.0963 4280 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe

00:11:58.0965 4280 KeyIso - ok

00:11:58.0969 4280 KMService - ok

00:11:58.0977 4280 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

00:11:58.0979 4280 KSecDD - ok

00:11:58.0987 4280 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

00:11:58.0990 4280 KSecPkg - ok

00:11:58.0995 4280 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

00:11:58.0996 4280 ksthunk - ok

00:11:59.0005 4280 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll

00:11:59.0011 4280 KtmRm - ok

00:11:59.0017 4280 [ 48686C29856F46443952A831424F8D6F ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys

00:11:59.0019 4280 L1C - ok

00:11:59.0028 4280 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll

00:11:59.0033 4280 LanmanServer - ok

00:11:59.0040 4280 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

00:11:59.0044 4280 LanmanWorkstation - ok

00:11:59.0053 4280 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

00:11:59.0055 4280 lltdio - ok

00:11:59.0064 4280 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll

00:11:59.0069 4280 lltdsvc - ok

00:11:59.0075 4280 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll

00:11:59.0077 4280 lmhosts - ok

00:11:59.0087 4280 [ 7109163D8027076D2680CFC4E80E2A28 ] LMIGuardianSvc C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe

00:11:59.0146 4280 LMIGuardianSvc - ok

00:11:59.0151 4280 [ 0317335B15FF3BDA8E10197E3434CFC0 ] LMIInfo C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys

00:11:59.0153 4280 LMIInfo - ok

00:11:59.0158 4280 [ 413ECDCFAD9A82804D3674C8D7EEC24E ] lmimirr C:\Windows\system32\DRIVERS\lmimirr.sys

00:11:59.0159 4280 lmimirr - ok

00:11:59.0164 4280 LMIRfsClientNP - ok

00:11:59.0172 4280 [ C57D3FAA50E6F395759FFB7C709BD944 ] LMIRfsDriver C:\Windows\system32\drivers\LMIRfsDriver.sys

00:11:59.0173 4280 LMIRfsDriver - ok

00:11:59.0181 4280 [ A1C148801B4AF64847AEB9F3AD9594EF ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

00:11:59.0270 4280 LMS - ok

00:11:59.0281 4280 [ D3760BC17E1755091B7120CF32DBF56B ] LogMeIn C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe

00:11:59.0286 4280 LogMeIn - ok

00:11:59.0296 4280 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys

00:11:59.0301 4280 LSI_FC - ok

00:11:59.0308 4280 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys

00:11:59.0310 4280 LSI_SAS - ok

00:11:59.0316 4280 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys

00:11:59.0318 4280 LSI_SAS2 - ok

00:11:59.0325 4280 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys

00:11:59.0328 4280 LSI_SCSI - ok

00:11:59.0334 4280 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys

00:11:59.0336 4280 luafv - ok

00:11:59.0342 4280 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

00:11:59.0345 4280 Mcx2Svc - ok

00:11:59.0350 4280 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys

00:11:59.0352 4280 megasas - ok

00:11:59.0361 4280 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys

00:11:59.0365 4280 MegaSR - ok

00:11:59.0374 4280 Microsoft SharePoint Workspace Audit Service - ok

00:11:59.0380 4280 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll

00:11:59.0383 4280 MMCSS - ok

00:11:59.0388 4280 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys

00:11:59.0390 4280 Modem - ok

00:11:59.0395 4280 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys

00:11:59.0396 4280 monitor - ok

00:11:59.0403 4280 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

00:11:59.0405 4280 mouclass - ok

00:11:59.0410 4280 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

00:11:59.0412 4280 mouhid - ok

00:11:59.0418 4280 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

00:11:59.0420 4280 mountmgr - ok

00:11:59.0429 4280 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys

00:11:59.0432 4280 MpFilter - ok

00:11:59.0439 4280 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys

00:11:59.0442 4280 mpio - ok

00:11:59.0448 4280 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

00:11:59.0450 4280 mpsdrv - ok

00:11:59.0465 4280 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll

00:11:59.0477 4280 MpsSvc - ok

00:11:59.0486 4280 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

00:11:59.0490 4280 MRxDAV - ok

00:11:59.0499 4280 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

00:11:59.0503 4280 mrxsmb - ok

00:11:59.0514 4280 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

00:11:59.0519 4280 mrxsmb10 - ok

00:11:59.0528 4280 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

00:11:59.0532 4280 mrxsmb20 - ok

00:11:59.0540 4280 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys

00:11:59.0542 4280 msahci - ok

00:11:59.0549 4280 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys

00:11:59.0552 4280 msdsm - ok

00:11:59.0560 4280 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe

00:11:59.0565 4280 MSDTC - ok

00:11:59.0582 4280 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys

00:11:59.0588 4280 Msfs - ok

00:11:59.0597 4280 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

00:11:59.0598 4280 mshidkmdf - ok

00:11:59.0606 4280 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

00:11:59.0608 4280 msisadrv - ok

00:11:59.0618 4280 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

00:11:59.0623 4280 MSiSCSI - ok

00:11:59.0629 4280 msiserver - ok

00:11:59.0637 4280 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

00:11:59.0639 4280 MSKSSRV - ok

00:11:59.0645 4280 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe

00:11:59.0647 4280 MsMpSvc - ok

00:11:59.0653 4280 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

00:11:59.0655 4280 MSPCLOCK - ok

00:11:59.0661 4280 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

00:11:59.0663 4280 MSPQM - ok

00:11:59.0674 4280 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

00:11:59.0679 4280 MsRPC - ok

00:11:59.0687 4280 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys

00:11:59.0689 4280 mssmbios - ok

00:11:59.0694 4280 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

00:11:59.0696 4280 MSTEE - ok

00:11:59.0700 4280 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys

00:11:59.0701 4280 MTConfig - ok

00:11:59.0707 4280 [ 032D35C996F21D19A205A7C8F0B76F3C ] MTsensor C:\Windows\system32\DRIVERS\ATK64AMD.sys

00:11:59.0708 4280 MTsensor - ok

00:11:59.0714 4280 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys

00:11:59.0716 4280 Mup - ok

00:11:59.0726 4280 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll

00:11:59.0734 4280 napagent - ok

00:11:59.0743 4280 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

00:11:59.0748 4280 NativeWifiP - ok

00:11:59.0764 4280 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys

00:11:59.0775 4280 NDIS - ok

00:11:59.0781 4280 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

00:11:59.0783 4280 NdisCap - ok

00:11:59.0788 4280 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

00:11:59.0790 4280 NdisTapi - ok

00:11:59.0795 4280 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

00:11:59.0797 4280 Ndisuio - ok

00:11:59.0805 4280 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

00:11:59.0808 4280 NdisWan - ok

00:11:59.0813 4280 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

00:11:59.0815 4280 NDProxy - ok

00:11:59.0823 4280 [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll

00:11:59.0826 4280 Net Driver HPZ12 - ok

00:11:59.0831 4280 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

00:11:59.0833 4280 NetBIOS - ok

00:11:59.0841 4280 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

00:11:59.0845 4280 NetBT - ok

00:11:59.0851 4280 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe

00:11:59.0853 4280 Netlogon - ok

00:11:59.0862 4280 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll

00:11:59.0868 4280 Netman - ok

00:11:59.0879 4280 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll

00:11:59.0886 4280 netprofm - ok

00:11:59.0892 4280 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

00:11:59.0895 4280 NetTcpPortSharing - ok

00:11:59.0901 4280 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys

00:11:59.0903 4280 nfrd960 - ok

00:11:59.0911 4280 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys

00:11:59.0913 4280 NisDrv - ok

00:11:59.0925 4280 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe

00:11:59.0930 4280 NisSrv - ok

00:11:59.0939 4280 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll

00:11:59.0944 4280 NlaSvc - ok

00:11:59.0950 4280 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys

00:11:59.0951 4280 Npfs - ok

00:11:59.0957 4280 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll

00:11:59.0960 4280 nsi - ok

00:11:59.0965 4280 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

00:11:59.0967 4280 nsiproxy - ok

00:11:59.0995 4280 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

00:12:00.0014 4280 Ntfs - ok

00:12:00.0019 4280 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys

00:12:00.0021 4280 Null - ok

00:12:00.0028 4280 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys

00:12:00.0031 4280 nvraid - ok

00:12:00.0039 4280 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys

00:12:00.0042 4280 nvstor - ok

00:12:00.0049 4280 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

00:12:00.0052 4280 nv_agp - ok

00:12:00.0058 4280 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

00:12:00.0061 4280 ohci1394 - ok

00:12:00.0068 4280 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

00:12:00.0072 4280 ose - ok

00:12:00.0140 4280 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

00:12:00.0199 4280 osppsvc - ok

00:12:00.0213 4280 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

00:12:00.0219 4280 p2pimsvc - ok

00:12:00.0230 4280 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll

00:12:00.0238 4280 p2psvc - ok

00:12:00.0244 4280 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys

00:12:00.0247 4280 Parport - ok

00:12:00.0254 4280 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys

00:12:00.0256 4280 partmgr - ok

00:12:00.0264 4280 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll

00:12:00.0268 4280 PcaSvc - ok

00:12:00.0275 4280 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys

00:12:00.0279 4280 pci - ok

00:12:00.0284 4280 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys

00:12:00.0286 4280 pciide - ok

00:12:00.0294 4280 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys

00:12:00.0298 4280 pcmcia - ok

00:12:00.0305 4280 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys

00:12:00.0307 4280 pcw - ok

00:12:00.0320 4280 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys

00:12:00.0328 4280 PEAUTH - ok

00:12:00.0360 4280 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe

00:12:00.0362 4280 PerfHost - ok

00:12:00.0393 4280 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll

00:12:00.0410 4280 pla - ok

00:12:00.0421 4280 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

00:12:00.0428 4280 PlugPlay - ok

00:12:00.0435 4280 [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll

00:12:00.0438 4280 Pml Driver HPZ12 - ok

00:12:00.0444 4280 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

00:12:00.0448 4280 PNRPAutoReg - ok

00:12:00.0458 4280 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

00:12:00.0462 4280 PNRPsvc - ok

00:12:00.0468 4280 [ 4F0878FD62D5F7444C5F1C4C66D9D293 ] Point64 C:\Windows\system32\DRIVERS\point64.sys

00:12:00.0470 4280 Point64 - ok

00:12:00.0482 4280 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

00:12:00.0489 4280 PolicyAgent - ok

00:12:00.0499 4280 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll

00:12:00.0503 4280 Power - ok

00:12:00.0509 4280 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

00:12:00.0512 4280 PptpMiniport - ok

00:12:00.0517 4280 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys

00:12:00.0520 4280 Processor - ok

00:12:00.0527 4280 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll

00:12:00.0532 4280 ProfSvc - ok

00:12:00.0538 4280 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe

00:12:00.0540 4280 ProtectedStorage - ok

00:12:00.0548 4280 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys

00:12:00.0551 4280 Psched - ok

00:12:00.0576 4280 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys

00:12:00.0595 4280 ql2300 - ok

00:12:00.0603 4280 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys

00:12:00.0606 4280 ql40xx - ok

00:12:00.0616 4280 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll

00:12:00.0622 4280 QWAVE - ok

00:12:00.0627 4280 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

00:12:00.0629 4280 QWAVEdrv - ok

00:12:00.0634 4280 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

00:12:00.0636 4280 RasAcd - ok

00:12:00.0642 4280 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

00:12:00.0644 4280 RasAgileVpn - ok

00:12:00.0650 4280 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll

00:12:00.0654 4280 RasAuto - ok

00:12:00.0660 4280 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

00:12:00.0663 4280 Rasl2tp - ok

00:12:00.0671 4280 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll

00:12:00.0678 4280 RasMan - ok

00:12:00.0684 4280 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

00:12:00.0686 4280 RasPppoe - ok

00:12:00.0692 4280 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

00:12:00.0694 4280 RasSstp - ok

00:12:00.0703 4280 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

00:12:00.0707 4280 rdbss - ok

00:12:00.0712 4280 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys

00:12:00.0714 4280 rdpbus - ok

00:12:00.0719 4280 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

00:12:00.0720 4280 RDPCDD - ok

00:12:00.0728 4280 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

00:12:00.0729 4280 RDPENCDD - ok

00:12:00.0737 4280 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

00:12:00.0738 4280 RDPREFMP - ok

00:12:00.0745 4280 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

00:12:00.0749 4280 RDPWD - ok

00:12:00.0758 4280 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

00:12:00.0761 4280 rdyboost - ok

00:12:00.0768 4280 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll

00:12:00.0771 4280 RemoteAccess - ok

00:12:00.0778 4280 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll

00:12:00.0782 4280 RemoteRegistry - ok

00:12:00.0789 4280 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

00:12:00.0792 4280 RpcEptMapper - ok

00:12:00.0797 4280 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe

00:12:00.0799 4280 RpcLocator - ok

00:12:00.0810 4280 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll

00:12:00.0816 4280 RpcSs - ok

00:12:00.0823 4280 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

00:12:00.0825 4280 rspndr - ok

00:12:00.0830 4280 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe

00:12:00.0832 4280 SamSs - ok

00:12:00.0837 4280 [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS

00:12:00.0838 4280 SASDIFSV - ok

00:12:00.0842 4280 [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS

00:12:00.0843 4280 SASKUTIL - ok

00:12:00.0850 4280 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

00:12:00.0853 4280 sbp2port - ok

00:12:00.0859 4280 SBRE - ok

00:12:00.0870 4280 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll

00:12:00.0876 4280 SCardSvr - ok

00:12:00.0881 4280 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

00:12:00.0883 4280 scfilter - ok

00:12:00.0900 4280 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll

00:12:00.0914 4280 Schedule - ok

00:12:00.0926 4280 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll

00:12:00.0928 4280 SCPolicySvc - ok

00:12:00.0937 4280 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll

00:12:00.0942 4280 SDRSVC - ok

00:12:00.0948 4280 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys

00:12:00.0949 4280 secdrv - ok

00:12:00.0955 4280 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll

00:12:00.0958 4280 seclogon - ok

00:12:00.0963 4280 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll

00:12:00.0966 4280 SENS - ok

00:12:00.0972 4280 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll

00:12:00.0975 4280 SensrSvc - ok

00:12:00.0980 4280 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys

00:12:00.0982 4280 Serenum - ok

00:12:00.0988 4280 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys

00:12:00.0990 4280 Serial - ok

00:12:00.0995 4280 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys

00:12:00.0996 4280 sermouse - ok

00:12:01.0010 4280 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll

00:12:01.0014 4280 SessionEnv - ok

00:12:01.0019 4280 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

00:12:01.0021 4280 sffdisk - ok

00:12:01.0026 4280 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

00:12:01.0027 4280 sffp_mmc - ok

00:12:01.0032 4280 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

00:12:01.0033 4280 sffp_sd - ok

00:12:01.0039 4280 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys

00:12:01.0040 4280 sfloppy - ok

00:12:01.0050 4280 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll

00:12:01.0056 4280 SharedAccess - ok

00:12:01.0065 4280 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll

00:12:01.0072 4280 ShellHWDetection - ok

00:12:01.0077 4280 [ 1BC348CF6BAA90EC8E533EF6E6A69933 ] SiSGbeLH C:\Windows\system32\DRIVERS\SiSG664.sys

00:12:01.0079 4280 SiSGbeLH - ok

00:12:01.0084 4280 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys

00:12:01.0087 4280 SiSRaid2 - ok

00:12:01.0092 4280 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys

00:12:01.0095 4280 SiSRaid4 - ok

00:12:01.0101 4280 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe

00:12:01.0105 4280 SkypeUpdate - ok

00:12:01.0112 4280 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys

00:12:01.0114 4280 Smb - ok

00:12:01.0125 4280 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe

00:12:01.0128 4280 SNMPTRAP - ok

00:12:01.0154 4280 [ A415C67B40DFB903ACCC1D40FBEE3269 ] SNP2UVC C:\Windows\system32\DRIVERS\snp2uvc.sys

00:12:01.0175 4280 SNP2UVC - ok

00:12:01.0181 4280 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys

00:12:01.0182 4280 spldr - ok

00:12:01.0194 4280 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe

00:12:01.0202 4280 Spooler - ok

00:12:01.0250 4280 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe

00:12:01.0293 4280 sppsvc - ok

00:12:01.0301 4280 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll

00:12:01.0305 4280 sppuinotify - ok

00:12:01.0323 4280 [ 602884696850C86434530790B110E8EB ] sptd C:\Windows\system32\Drivers\sptd.sys

00:12:01.0323 4280 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850C86434530790B110E8EB

00:12:01.0325 4280 sptd ( LockedFile.Multi.Generic ) - warning

00:12:01.0325 4280 sptd - detected LockedFile.Multi.Generic (1)

00:12:01.0337 4280 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys

00:12:01.0344 4280 srv - ok

00:12:01.0354 4280 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

00:12:01.0360 4280 srv2 - ok

00:12:01.0367 4280 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

00:12:01.0371 4280 srvnet - ok

00:12:01.0379 4280 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

00:12:01.0383 4280 SSDPSRV - ok

00:12:01.0390 4280 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll

00:12:01.0393 4280 SstpSvc - ok

00:12:01.0403 4280 [ E5C796B621F6FBA8616511063D7F0FFE ] StarWindServiceAE C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

00:12:01.0409 4280 StarWindServiceAE - ok

00:12:01.0415 4280 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys

00:12:01.0417 4280 stexstor - ok

00:12:01.0423 4280 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys

00:12:01.0424 4280 StillCam - ok

00:12:01.0436 4280 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll

00:12:01.0445 4280 stisvc - ok

00:12:01.0450 4280 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys

00:12:01.0451 4280 swenum - ok

00:12:01.0463 4280 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll

00:12:01.0471 4280 swprv - ok

00:12:01.0480 4280 [ 01A658167619075BAAD31C96074C0B38 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys

00:12:01.0484 4280 SynTP - ok

00:12:01.0512 4280 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll

00:12:01.0534 4280 SysMain - ok

00:12:01.0541 4280 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll

00:12:01.0545 4280 TabletInputService - ok

00:12:01.0554 4280 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll

00:12:01.0560 4280 TapiSrv - ok

00:12:01.0567 4280 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll

00:12:01.0571 4280 TBS - ok

00:12:01.0603 4280 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys

00:12:01.0631 4280 Tcpip - ok

00:12:01.0662 4280 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

00:12:01.0676 4280 TCPIP6 - ok

00:12:01.0685 4280 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

00:12:01.0688 4280 tcpipreg - ok

00:12:01.0695 4280 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

00:12:01.0697 4280 TDPIPE - ok

00:12:01.0702 4280 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

00:12:01.0704 4280 TDTCP - ok

00:12:01.0710 4280 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

00:12:01.0712 4280 tdx - ok

00:12:01.0718 4280 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys

00:12:01.0720 4280 TermDD - ok

00:12:01.0734 4280 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll

00:12:01.0744 4280 TermService - ok

00:12:01.0749 4280 [ 48D9D00C2E0E72C3D4F52772C80355F6 ] TFsExDisk C:\Windows\System32\Drivers\TFsExDisk.sys

00:12:01.0765 4280 TFsExDisk - ok

00:12:01.0771 4280 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll

00:12:01.0775 4280 Themes - ok

00:12:01.0781 4280 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll

00:12:01.0783 4280 THREADORDER - ok

00:12:01.0795 4280 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll

00:12:01.0799 4280 TrkWks - ok

00:12:01.0806 4280 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

00:12:01.0810 4280 TrustedInstaller - ok

00:12:01.0818 4280 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

00:12:01.0820 4280 tssecsrv - ok

00:12:01.0826 4280 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys

00:12:01.0828 4280 TsUsbFlt - ok

00:12:01.0834 4280 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

00:12:01.0836 4280 tunnel - ok

00:12:01.0842 4280 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys

00:12:01.0844 4280 uagp35 - ok

00:12:01.0853 4280 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

00:12:01.0858 4280 udfs - ok

00:12:01.0868 4280 [ 3F2D08B07CF67CB37E669A93E59A508C ] ufad-ws60 C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe

00:12:01.0873 4280 ufad-ws60 - ok

00:12:01.0884 4280 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe

00:12:01.0888 4280 UI0Detect - ok

00:12:01.0894 4280 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

00:12:01.0896 4280 uliagpkx - ok

00:12:01.0901 4280 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys

00:12:01.0904 4280 umbus - ok

00:12:01.0909 4280 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys

00:12:01.0910 4280 UmPass - ok

00:12:01.0943 4280 [ 41118D920B2B268C0ADC36421248CDCF ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

00:12:01.0970 4280 UNS - ok

00:12:01.0981 4280 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll

00:12:01.0988 4280 upnphost - ok

00:12:01.0994 4280 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys

00:12:01.0996 4280 USBAAPL64 - ok

00:12:02.0003 4280 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys

00:12:02.0006 4280 usbaudio - ok

00:12:02.0012 4280 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

00:12:02.0015 4280 usbccgp - ok

00:12:02.0022 4280 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys

00:12:02.0025 4280 usbcir - ok

00:12:02.0030 4280 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys

00:12:02.0032 4280 usbehci - ok

00:12:02.0042 4280 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

00:12:02.0047 4280 usbhub - ok

00:12:02.0053 4280 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys

00:12:02.0055 4280 usbohci - ok

00:12:02.0061 4280 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

00:12:02.0063 4280 usbprint - ok

00:12:02.0071 4280 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

00:12:02.0074 4280 USBSTOR - ok

00:12:02.0079 4280 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys

00:12:02.0081 4280 usbuhci - ok

00:12:02.0089 4280 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys

00:12:02.0092 4280 usbvideo - ok

00:12:02.0098 4280 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll

00:12:02.0101 4280 UxSms - ok

00:12:02.0106 4280 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe

00:12:02.0108 4280 VaultSvc - ok

00:12:02.0116 4280 [ 81952471021F6A6F56DDA6ED6B5DD638 ] VBoxDrv C:\Windows\system32\DRIVERS\VBoxDrv.sys

00:12:02.0120 4280 VBoxDrv - ok

00:12:02.0128 4280 [ C9F86AEB504355541EC9820E3155E253 ] VBoxNetAdp C:\Windows\system32\DRIVERS\VBoxNetAdp.sys

00:12:02.0130 4280 VBoxNetAdp - ok

00:12:02.0138 4280 [ 64715CE639D05D753BCD86F5ABF4D82A ] VBoxNetFlt C:\Windows\system32\DRIVERS\VBoxNetFlt.sys

00:12:02.0141 4280 VBoxNetFlt - ok

00:12:02.0147 4280 [ EDEB78B6A969107A66A5AF145AC0A43F ] VBoxUSBMon C:\Windows\system32\DRIVERS\VBoxUSBMon.sys

00:12:02.0150 4280 VBoxUSBMon - ok

00:12:02.0156 4280 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys

00:12:02.0157 4280 vdrvroot - ok

00:12:02.0169 4280 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe

00:12:02.0177 4280 vds - ok

00:12:02.0183 4280 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

00:12:02.0184 4280 vga - ok

00:12:02.0190 4280 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys

00:12:02.0192 4280 VgaSave - ok

00:12:02.0200 4280 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys

00:12:02.0204 4280 vhdmp - ok

00:12:02.0209 4280 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys

00:12:02.0210 4280 viaide - ok

00:12:02.0216 4280 [ 85A0E62AC295B2958070EBF60CED22BC ] VMAuthdService C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe

00:12:02.0218 4280 VMAuthdService - ok

00:12:02.0225 4280 [ CDAA992C18F3F3612444C818A478CF57 ] vmci C:\Windows\system32\drivers\vmci.sys

00:12:02.0227 4280 vmci - ok

00:12:02.0233 4280 [ EA9C266CD4B4BB7C7D818C1C27461959 ] vmkbd C:\Windows\system32\drivers\VMkbd.sys

00:12:02.0235 4280 vmkbd - ok

00:12:02.0241 4280 [ 9D54F1339E78C95BF3D9939EBCB66378 ] VMnetAdapter C:\Windows\system32\DRIVERS\vmnetadapter.sys

00:12:02.0242 4280 VMnetAdapter - ok

00:12:02.0249 4280 [ FB54EF3AA613D2832FD3812E7CB2FC75 ] VMnetBridge C:\Windows\system32\DRIVERS\vmnetbridge.sys

00:12:02.0251 4280 VMnetBridge - ok

00:12:02.0256 4280 VMnetDHCP - ok

00:12:02.0263 4280 [ 479948EB42E189C076B45EBAF2D12BBC ] VMnetuserif C:\Windows\system32\drivers\vmnetuserif.sys

00:12:02.0264 4280 VMnetuserif - ok

00:12:02.0277 4280 [ 346AF8B2BE7E2E349B0FCA70C55CAC03 ] VMUSBArbService C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe

00:12:02.0284 4280 VMUSBArbService - ok

00:12:02.0292 4280 VMware NAT Service - ok

00:12:02.0299 4280 [ 05645D6651CA7A02298AAE475BBCAD6E ] vmx86 C:\Windows\system32\drivers\vmx86.sys

00:12:02.0301 4280 vmx86 - ok

00:12:02.0307 4280 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys

00:12:02.0309 4280 volmgr - ok

00:12:02.0319 4280 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

00:12:02.0325 4280 volmgrx - ok

00:12:02.0335 4280 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys

00:12:02.0339 4280 volsnap - ok

00:12:02.0347 4280 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys

00:12:02.0350 4280 vsmraid - ok

00:12:02.0375 4280 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe

00:12:02.0395 4280 VSS - ok

00:12:02.0402 4280 [ 69F57E89E6EBC5012D210527AF005A70 ] vstor2-ws60 C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys

00:12:02.0404 4280 vstor2-ws60 - ok

00:12:02.0409 4280 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys

00:12:02.0411 4280 vwifibus - ok

00:12:02.0418 4280 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys

00:12:02.0420 4280 vwififlt - ok

00:12:02.0426 4280 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys

00:12:02.0427 4280 vwifimp - ok

00:12:02.0437 4280 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll

00:12:02.0444 4280 W32Time - ok

00:12:02.0453 4280 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys

00:12:02.0455 4280 WacomPen - ok

00:12:02.0461 4280 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

00:12:02.0464 4280 WANARP - ok

00:12:02.0469 4280 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

00:12:02.0471 4280 Wanarpv6 - ok

00:12:02.0491 4280 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

00:12:02.0506 4280 WatAdminSvc - ok

00:12:02.0530 4280 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe

00:12:02.0553 4280 wbengine - ok

00:12:02.0562 4280 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

00:12:02.0567 4280 WbioSrvc - ok

00:12:02.0577 4280 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll

00:12:02.0584 4280 wcncsvc - ok

00:12:02.0590 4280 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

00:12:02.0594 4280 WcsPlugInService - ok

00:12:02.0599 4280 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys

00:12:02.0600 4280 Wd - ok

00:12:02.0606 4280 [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys

00:12:02.0608 4280 WDC_SAM - ok

00:12:02.0623 4280 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

00:12:02.0633 4280 Wdf01000 - ok

00:12:02.0642 4280 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll

00:12:02.0647 4280 WdiServiceHost - ok

00:12:02.0655 4280 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll

00:12:02.0658 4280 WdiSystemHost - ok

00:12:02.0669 4280 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll

00:12:02.0676 4280 WebClient - ok

00:12:02.0685 4280 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll

00:12:02.0691 4280 Wecsvc - ok

00:12:02.0697 4280 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll

00:12:02.0701 4280 wercplsupport - ok

00:12:02.0707 4280 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll

00:12:02.0711 4280 WerSvc - ok

00:12:02.0716 4280 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

00:12:02.0718 4280 WfpLwf - ok

00:12:02.0725 4280 [ 52DED146E4797E6CCF94799E8E22BB2A ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys

00:12:02.0729 4280 WimFltr - ok

00:12:02.0734 4280 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys

00:12:02.0736 4280 WIMMount - ok

00:12:02.0740 4280 WinDefend - ok

00:12:02.0748 4280 WinHttpAutoProxySvc - ok

00:12:02.0761 4280 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

00:12:02.0765 4280 Winmgmt - ok

00:12:02.0795 4280 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll

00:12:02.0821 4280 WinRM - ok

00:12:02.0832 4280 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys

00:12:02.0834 4280 WinUsb - ok

00:12:02.0851 4280 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll

00:12:02.0864 4280 Wlansvc - ok

00:12:02.0872 4280 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

00:12:02.0874 4280 wlcrasvc - ok

00:12:02.0910 4280 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

00:12:02.0938 4280 wlidsvc - ok

00:12:02.0944 4280 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys

00:12:02.0946 4280 WmiAcpi - ok

00:12:02.0958 4280 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

00:12:02.0961 4280 wmiApSrv - ok

00:12:02.0966 4280 WMPNetworkSvc - ok

00:12:02.0975 4280 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll

00:12:02.0980 4280 WPCSvc - ok

00:12:02.0986 4280 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

00:12:02.0991 4280 WPDBusEnum - ok

00:12:02.0996 4280 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

00:12:02.0998 4280 ws2ifsl - ok

00:12:03.0005 4280 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll

00:12:03.0009 4280 wscsvc - ok

00:12:03.0014 4280 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys

00:12:03.0016 4280 WSDPrintDevice - ok

00:12:03.0022 4280 WSearch - ok

00:12:03.0063 4280 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll

00:12:03.0095 4280 wuauserv - ok

00:12:03.0103 4280 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

00:12:03.0105 4280 WudfPf - ok

00:12:03.0115 4280 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

00:12:03.0119 4280 WUDFRd - ok

00:12:03.0127 4280 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

00:12:03.0131 4280 wudfsvc - ok

00:12:03.0139 4280 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll

00:12:03.0147 4280 WwanSvc - ok

00:12:03.0171 4280 ================ Scan global ===============================

00:12:03.0175 4280 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll

00:12:03.0182 4280 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll

00:12:03.0192 4280 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll

00:12:03.0199 4280 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll

00:12:03.0210 4280 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe

00:12:03.0216 4280 [Global] - ok

00:12:03.0216 4280 ================ Scan MBR ==================================

00:12:03.0220 4280 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0

00:12:03.0354 4280 \Device\Harddisk0\DR0 - ok

00:12:03.0355 4280 ================ Scan VBR ==================================

00:12:03.0358 4280 [ 7A360C572BD4314ED620C02D137F0334 ] \Device\Harddisk0\DR0\Partition1

00:12:03.0361 4280 \Device\Harddisk0\DR0\Partition1 - ok

00:12:03.0361 4280 ============================================================

00:12:03.0361 4280 Scan finished

00:12:03.0361 4280 ============================================================

00:12:03.0375 4960 Detected object count: 1

00:12:03.0375 4960 Actual detected object count: 1

00:12:20.0583 4960 sptd ( LockedFile.Multi.Generic ) - skipped by user

00:12:20.0583 4960 sptd ( LockedFile.Multi.Generic ) - User select action: Skip

Link to post
Share on other sites

  • Staff

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

 ClearJavaCache:: 

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe

CFScriptB-4.gif

This will let ComboFix run again.

Restart if you have to.

Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  1. report from Combofix
  2. let me know of any problems you may have had
  3. How is the computer doing now after running the script?

Gringo

Link to post
Share on other sites

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software

Run date: 2012-11-19 00:13:46

-----------------------------

00:13:46.166 OS Version: Windows x64 6.1.7601 Service Pack 1

00:13:46.166 Number of processors: 4 586 0x2505

00:13:46.167 ComputerName: UL20FT UserName: Sunny

00:13:46.514 Initialize success

00:16:01.608 AVAST engine defs: 12111801

00:16:11.524 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0

00:16:11.527 Disk 0 Vendor: M4-CT256 000F Size: 244198MB BusType: 3

00:16:11.531 Disk 0 MBR read successfully

00:16:11.535 Disk 0 MBR scan

00:16:11.542 Disk 0 Windows 7 default MBR code

00:16:11.546 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 20002 MB offset 8

00:16:11.556 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 224192 MB offset 40966144

00:16:11.642 Disk 0 scanning C:\Windows\system32\drivers

00:16:22.138 Service scanning

00:16:49.247 Modules scanning

00:16:49.258 Disk 0 trace - called modules:

00:16:49.265 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys sphy.sys hal.dll

00:16:49.272 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003e32060]

00:16:49.606 3 CLASSPNP.SYS[fffff88001fa043f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0xfffffa8003b83050]

00:16:50.024 AVAST engine scan C:\Windows

00:16:55.036 AVAST engine scan C:\Windows\system32

00:21:04.014 AVAST engine scan C:\Windows\system32\drivers

00:21:20.936 AVAST engine scan C:\Users\Sunny

00:30:12.993 File: C:\Users\Sunny\Archive\Archive Documents\2003-2006 Documents\My Received Files\Trojan.Remover.v5.0.6.incl.Keygen.WinAll-LAXiTY\lxttr506\lxtkey.exe **INFECTED** Win32:Trojan-gen

01:03:48.487 AVAST engine scan C:\ProgramData

01:05:24.280 Scan finished successfully

17:38:54.431 Disk 0 MBR has been saved successfully to "C:\Users\Sunny\Desktop\malware logs\MBR.dat"

17:38:54.579 The log file has been saved successfully to "C:\Users\Sunny\Desktop\malware logs\aswMBR.txt"

Link to post
Share on other sites

ComboFix 12-11-19.03 - Sunny 19/11/2012 17:46:31.4.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.3885.1229 [GMT -8:00]

Running from: c:\users\Sunny\Desktop\malware logs\ComboFix.exe

Command switches used :: c:\users\Sunny\Desktop\malware logs\CFScript.txt

AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}

SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2012-10-20 to 2012-11-20 )))))))))))))))))))))))))))))))

.

.

2012-11-20 01:54 . 2012-11-20 01:54 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp

2012-11-20 01:54 . 2012-11-20 01:54 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-11-20 01:41 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6EDE2960-1939-406F-A90D-8769232E68A1}\mpengine.dll

2012-11-19 05:35 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-11-18 09:44 . 2012-11-18 09:45 181064 ----a-w- c:\windows\PSEXESVC.EXE

2012-11-18 09:42 . 2012-11-18 09:42 -------- d-----w- C:\RegBackup

2012-11-18 09:40 . 2012-11-18 09:44 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs

2012-11-18 09:40 . 2012-11-18 09:40 -------- d-----w- c:\program files (x86)\Tweaking.com

2012-11-16 03:04 . 2012-11-16 03:04 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi

2012-11-16 02:54 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

2012-11-16 02:54 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys

2012-11-16 02:54 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui

2012-11-16 02:54 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll

2012-11-16 02:45 . 2012-10-08 12:19 17811968 ----a-w- c:\windows\system32\mshtml.dll

2012-11-16 02:45 . 2012-10-08 11:42 10925568 ----a-w- c:\windows\system32\ieframe.dll

2012-11-16 02:42 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys

2012-11-16 02:42 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys

2012-11-16 02:42 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll

2012-11-16 02:42 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll

2012-11-16 02:42 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe

2012-11-16 02:42 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll

2012-11-16 02:42 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll

2012-11-11 22:05 . 2012-11-12 23:56 -------- d-----w- c:\users\Pooh

2012-11-11 20:02 . 2010-01-11 02:40 118784 ----a-w- c:\windows\SysWow64\MSSTDFMT.DLL

2012-11-11 20:02 . 2012-11-11 20:05 -------- d-----w- c:\program files (x86)\SpywareBlaster

2012-11-11 19:59 . 2012-11-11 19:59 -------- d-----w- c:\users\Sunny\AppData\Roaming\SUPERAntiSpyware.com

2012-11-11 19:59 . 2012-11-11 19:59 -------- d-----w- c:\program files\SUPERAntiSpyware

2012-11-11 19:59 . 2012-11-11 19:59 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2012-11-11 19:57 . 2012-11-11 19:57 -------- d-----w- c:\programdata\PC Tools

2012-11-11 19:57 . 2012-11-11 19:57 -------- d-----w- c:\users\Sunny\AppData\Roaming\TestApp

2012-11-11 04:21 . 2012-11-11 04:21 -------- d-----w- c:\programdata\Sophos

2012-11-11 04:21 . 2012-11-11 04:21 73728 ----a-r- c:\users\Sunny\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe

2012-11-11 04:21 . 2012-11-11 04:21 73728 ----a-r- c:\users\Sunny\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe

2012-11-11 04:21 . 2012-11-11 04:21 73728 ----a-r- c:\users\Sunny\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe

2012-11-11 04:21 . 2012-11-11 04:21 -------- d-----w- c:\program files (x86)\Sophos

2012-11-11 04:08 . 2012-11-11 04:08 -------- d-----w- c:\program files (x86)\ESET

2012-11-06 05:42 . 2012-11-06 05:42 -------- d-----w- c:\program files (x86)\Common Files\Java

2012-11-06 05:41 . 2012-11-06 05:41 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll

2012-10-24 06:14 . 2012-10-24 06:14 -------- d-----w- c:\users\Sunny\AppData\Roaming\LavasoftStatistics

2012-10-24 05:39 . 2012-10-24 05:39 -------- d-----w- c:\users\Sunny\AppData\Local\Downloaded Installations

2012-10-24 05:38 . 2012-10-24 05:38 -------- d-----w- c:\users\Sunny\AppData\Local\adawarebp

2012-10-24 05:38 . 2012-11-19 03:18 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection

2012-10-24 05:38 . 2012-10-24 05:38 -------- d-----w- c:\program files (x86)\Toolbar Cleaner

2012-10-24 05:38 . 2012-10-24 05:38 -------- d-----w- c:\program files (x86)\adawaretb

2012-10-24 04:19 . 2012-10-24 05:33 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2012-10-24 04:19 . 2012-10-24 04:23 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy

2012-10-22 02:37 . 2012-10-22 02:37 -------- d-----w- c:\users\Sunny\AppData\Roaming\thriXXX

2012-10-22 02:37 . 2012-10-22 02:37 -------- d-----w- c:\program files (x86)\thriXXX

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-11-19 03:18 . 2012-06-14 16:56 45056 ----a-w- c:\windows\system32\acovcnt.exe

2012-11-16 02:42 . 2011-08-26 03:21 66395536 ----a-w- c:\windows\system32\MRT.exe

2012-11-11 09:04 . 2011-12-27 00:59 88008 ----a-w- c:\windows\system32\LMIRfsClientNP.dll

2012-11-11 09:04 . 2011-12-27 00:59 35240 ----a-w- c:\windows\system32\LMIport.dll

2012-11-11 09:04 . 2011-12-27 00:59 83880 ----a-w- c:\windows\system32\LMIinit.dll

2012-11-06 05:41 . 2011-09-07 07:34 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-10-18 04:35 . 2012-04-06 02:30 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-10-18 04:35 . 2011-09-09 01:34 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-10-04 03:44 . 2012-10-20 19:57 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6AA6ADF4-6FC0-40A8-BA17-F9D90389391B}\gapaengine.dll

2012-10-04 03:44 . 2012-02-11 11:17 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2012-09-30 02:54 . 2012-09-03 19:06 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-14 19:19 . 2012-10-10 03:58 2048 ----a-w- c:\windows\system32\tzres.dll

2012-09-14 18:28 . 2012-10-10 03:58 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2012-08-31 18:19 . 2012-10-10 03:59 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys

2012-08-31 05:03 . 2012-08-31 05:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys

2012-08-31 05:03 . 2011-04-27 22:25 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys

2012-08-30 18:03 . 2012-10-10 03:59 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-08-30 17:12 . 2012-10-10 03:59 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-08-30 17:12 . 2012-10-10 03:59 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-08-24 18:05 . 2012-10-10 03:59 220160 ----a-w- c:\windows\system32\wintrust.dll

2012-08-24 16:57 . 2012-10-10 03:59 172544 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-08-22 18:12 . 2012-09-13 02:32 950128 ----a-w- c:\windows\system32\drivers\ndis.sys

2012-08-22 18:12 . 2012-09-13 02:32 376688 ----a-w- c:\windows\system32\drivers\netio.sys

2012-08-22 18:12 . 2012-09-13 02:32 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files (x86)\adawaretb\adawareDx.dll" [2012-09-20 87448]

.

[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ShowBatteryBar"="c:\program files\BatteryBar\ShowBatteryBar.exe" [2009-05-28 89600]

"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2012-01-21 719672]

"Workrave"="c:\program files (x86)\Workrave\lib\workrave.exe" [2011-03-25 3871246]

"WLSync"="c:\program files (x86)\Windows Live\Mesh\WLSync.exe" [2012-03-09 1449824]

"98E36C341B5CB5AFB17092EB2920E6EA02805BD9._service_run"="c:\users\Sunny\AppData\Local\Google\Chrome\Application\chrome.exe" [2012-10-31 1242136]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

"Akamai NetSession Interface"="c:\users\Sunny\AppData\Local\Akamai\netsession_win.exe" [bU]

"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [bU]

"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-01 5629312]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"NPSStartup"="" [bU]

"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files (x86)\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]

"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]

"EaseUs Watch"="c:\program files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe" [2011-10-22 70792]

"EaseUs Tray"="c:\program files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe" [2011-10-22 743560]

"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-02-04 7350912]

"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-01-05 170624]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]

"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-03-27 40376]

"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-03-26 640440]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]

"vmware-tray"="c:\program files (x86)\VMware\VMware Workstation\vmware-tray.exe" [2009-10-22 129584]

"Garmin Lifetime Updater"="c:\program files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe" [2012-01-06 1446760]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]

"Display"="c:\program files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe" [2012-01-24 284024]

"XviD Codec"="c:\program files (x86)\XviD\codec.exe" [2012-08-08 606720]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]

"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2012-08-08 540056]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]

"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-11-16 2254768]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

APC UPS Status.lnk - c:\program files (x86)\APC\PowerChute Personal Edition\Display.exe [2012-1-24 271736]

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-8-2 1080608]

HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-23 270336]

SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe [2010-8-17 156952]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux2"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 KMService;KMService;c:\windows\system32\srvany.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]

R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2009-12-28 44032]

R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864]

R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-07-29 16776]

R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-07-29 9096]

R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-03-19 1431888]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]

R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]

R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-06-14 16448]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-26 1255736]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]

R4 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2009-12-07 379520]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2011-10-22 44680]

S0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [2011-10-22 50312]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-09-17 834544]

S1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2011-10-22 19592]

S1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [2011-10-22 189576]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]

S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2012-03-15 224048]

S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2012-03-15 130864]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]

S2 APC Data Service;APC Data Service;c:\program files (x86)\APC\PowerChute Personal Edition\dataserv.exe [2012-01-24 21880]

S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]

S2 EaseUS Agent;EaseUS Agent;c:\program files (x86)\EaseUS\Todo Backup\bin\Agent.exe [2011-10-22 60552]

S2 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe [2011-12-12 8704]

S2 Guard Agent;Guard Agent;c:\program files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe [2011-10-22 23176]

S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-11-16 2461104]

S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-11-11 375728]

S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2011-09-16 15928]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]

S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2009-10-22 80944]

S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2009-10-22 563760]

S3 ALSysIO;ALSysIO;c:\users\Sunny\AppData\Local\Temp\ALSysIO64.sys [x]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-03-04 75816]

S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]

S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2012-03-15 147248]

S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2012-03-15 166192]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 75277145

*NewlyCreated* - ALSYSIO

*NewlyCreated* - ASWMBR

*Deregistered* - 75277145

*Deregistered* - aswMBR

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2012-11-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-213426137-1922756365-3311226018-1001Core.job

- c:\users\Sunny\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-02 08:35]

.

2012-11-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-213426137-1922756365-3311226018-1001UA.job

- c:\users\Sunny\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-02 08:35]

.

2012-11-20 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 65ff1bd1-9d9e-4648-88b5-3067be9d6b12.job

- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]

.

2012-11-19 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task e64f2b5f-7d69-4ef3-816d-f223cd72dd81.job

- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2011-09-16 57928]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]

"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-01-18 324608]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-22 167704]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-22 392472]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-22 416024]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=c:\windows\System32\acaptuser64.dll

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://startsear.info

mStart Page = hxxp://startsear.info

mLocal Page = c:\windows\SYSTEM32\blank.htm

LSP: c:\program files (x86)\VMware\VMware Workstation\vsocklib.dll

Trusted Zone: mini9

Trusted Zone: pearsoned.com\myitlab

TCP: DhcpNameServer = 192.168.1.254

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

AddRemove-Asus_ULSeries_ScreenSaver - c:\windows\system32\Asus_ULSeries_ScreenSaver.scr

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-11-19 17:58:34

ComboFix-quarantined-files.txt 2012-11-20 01:58

ComboFix2.txt 2012-11-19 01:10

.

Pre-Run: 48,935,399,424 bytes free

Post-Run: 48,947,474,432 bytes free

.

- - End Of File - - 8310FA87B96F033BD91F40378AA9B853

Link to post
Share on other sites

  • Staff

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

 ClearJavaCache:: 

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe

CFScriptB-4.gif

This will let ComboFix run again.

Restart if you have to.

Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  1. report from Combofix
  2. let me know of any problems you may have had
  3. How is the computer doing now after running the script?

Gringo

Link to post
Share on other sites

I ran combofix again as instructed with the CFScript.txt option.

ComboFix 12-11-19.03 - Sunny 19/11/2012 18:18:09.5.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.3885.1849 [GMT -8:00]

Running from: c:\users\Sunny\Desktop\malware logs\ComboFix.exe

Command switches used :: c:\users\Sunny\Desktop\malware logs\CFScript.txt

AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}

SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2012-10-20 to 2012-11-20 )))))))))))))))))))))))))))))))

.

.

2012-11-20 02:26 . 2012-11-20 02:26 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-11-20 02:26 . 2012-11-20 02:26 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp

2012-11-20 02:00 . 2012-11-20 02:00 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi

2012-11-20 01:41 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6EDE2960-1939-406F-A90D-8769232E68A1}\mpengine.dll

2012-11-19 05:35 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-11-18 09:44 . 2012-11-18 09:45 181064 ----a-w- c:\windows\PSEXESVC.EXE

2012-11-18 09:42 . 2012-11-18 09:42 -------- d-----w- C:\RegBackup

2012-11-18 09:40 . 2012-11-18 09:44 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs

2012-11-18 09:40 . 2012-11-18 09:40 -------- d-----w- c:\program files (x86)\Tweaking.com

2012-11-16 02:54 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

2012-11-16 02:54 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys

2012-11-16 02:54 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui

2012-11-16 02:54 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll

2012-11-16 02:45 . 2012-10-08 12:19 17811968 ----a-w- c:\windows\system32\mshtml.dll

2012-11-16 02:45 . 2012-10-08 11:42 10925568 ----a-w- c:\windows\system32\ieframe.dll

2012-11-16 02:42 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys

2012-11-16 02:42 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys

2012-11-16 02:42 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll

2012-11-16 02:42 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll

2012-11-16 02:42 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe

2012-11-16 02:42 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll

2012-11-16 02:42 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll

2012-11-11 22:05 . 2012-11-12 23:56 -------- d-----w- c:\users\Pooh

2012-11-11 20:02 . 2010-01-11 02:40 118784 ----a-w- c:\windows\SysWow64\MSSTDFMT.DLL

2012-11-11 20:02 . 2012-11-11 20:05 -------- d-----w- c:\program files (x86)\SpywareBlaster

2012-11-11 19:59 . 2012-11-11 19:59 -------- d-----w- c:\users\Sunny\AppData\Roaming\SUPERAntiSpyware.com

2012-11-11 19:59 . 2012-11-11 19:59 -------- d-----w- c:\program files\SUPERAntiSpyware

2012-11-11 19:59 . 2012-11-11 19:59 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2012-11-11 19:57 . 2012-11-11 19:57 -------- d-----w- c:\programdata\PC Tools

2012-11-11 19:57 . 2012-11-11 19:57 -------- d-----w- c:\users\Sunny\AppData\Roaming\TestApp

2012-11-11 04:21 . 2012-11-11 04:21 -------- d-----w- c:\programdata\Sophos

2012-11-11 04:21 . 2012-11-11 04:21 73728 ----a-r- c:\users\Sunny\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe

2012-11-11 04:21 . 2012-11-11 04:21 73728 ----a-r- c:\users\Sunny\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe

2012-11-11 04:21 . 2012-11-11 04:21 73728 ----a-r- c:\users\Sunny\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe

2012-11-11 04:21 . 2012-11-11 04:21 -------- d-----w- c:\program files (x86)\Sophos

2012-11-11 04:08 . 2012-11-11 04:08 -------- d-----w- c:\program files (x86)\ESET

2012-11-06 05:42 . 2012-11-06 05:42 -------- d-----w- c:\program files (x86)\Common Files\Java

2012-11-06 05:41 . 2012-11-06 05:41 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll

2012-10-24 06:14 . 2012-10-24 06:14 -------- d-----w- c:\users\Sunny\AppData\Roaming\LavasoftStatistics

2012-10-24 05:39 . 2012-10-24 05:39 -------- d-----w- c:\users\Sunny\AppData\Local\Downloaded Installations

2012-10-24 05:38 . 2012-10-24 05:38 -------- d-----w- c:\users\Sunny\AppData\Local\adawarebp

2012-10-24 05:38 . 2012-11-20 02:01 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection

2012-10-24 05:38 . 2012-10-24 05:38 -------- d-----w- c:\program files (x86)\Toolbar Cleaner

2012-10-24 05:38 . 2012-10-24 05:38 -------- d-----w- c:\program files (x86)\adawaretb

2012-10-24 04:19 . 2012-10-24 05:33 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2012-10-24 04:19 . 2012-10-24 04:23 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy

2012-10-22 02:37 . 2012-10-22 02:37 -------- d-----w- c:\users\Sunny\AppData\Roaming\thriXXX

2012-10-22 02:37 . 2012-10-22 02:37 -------- d-----w- c:\program files (x86)\thriXXX

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-11-20 02:01 . 2012-06-14 16:56 45056 ----a-w- c:\windows\system32\acovcnt.exe

2012-11-16 02:42 . 2011-08-26 03:21 66395536 ----a-w- c:\windows\system32\MRT.exe

2012-11-11 09:04 . 2011-12-27 00:59 88008 ----a-w- c:\windows\system32\LMIRfsClientNP.dll

2012-11-11 09:04 . 2011-12-27 00:59 35240 ----a-w- c:\windows\system32\LMIport.dll

2012-11-11 09:04 . 2011-12-27 00:59 83880 ----a-w- c:\windows\system32\LMIinit.dll

2012-11-06 05:41 . 2011-09-07 07:34 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-10-18 04:35 . 2012-04-06 02:30 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-10-18 04:35 . 2011-09-09 01:34 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-10-04 03:44 . 2012-10-20 19:57 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6AA6ADF4-6FC0-40A8-BA17-F9D90389391B}\gapaengine.dll

2012-10-04 03:44 . 2012-02-11 11:17 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2012-09-30 02:54 . 2012-09-03 19:06 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-14 19:19 . 2012-10-10 03:58 2048 ----a-w- c:\windows\system32\tzres.dll

2012-09-14 18:28 . 2012-10-10 03:58 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2012-08-31 18:19 . 2012-10-10 03:59 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys

2012-08-31 05:03 . 2012-08-31 05:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys

2012-08-31 05:03 . 2011-04-27 22:25 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys

2012-08-30 18:03 . 2012-10-10 03:59 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-08-30 17:12 . 2012-10-10 03:59 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-08-30 17:12 . 2012-10-10 03:59 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-08-24 18:05 . 2012-10-10 03:59 220160 ----a-w- c:\windows\system32\wintrust.dll

2012-08-24 16:57 . 2012-10-10 03:59 172544 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-08-22 18:12 . 2012-09-13 02:32 950128 ----a-w- c:\windows\system32\drivers\ndis.sys

2012-08-22 18:12 . 2012-09-13 02:32 376688 ----a-w- c:\windows\system32\drivers\netio.sys

2012-08-22 18:12 . 2012-09-13 02:32 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files (x86)\adawaretb\adawareDx.dll" [2012-09-20 87448]

.

[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ShowBatteryBar"="c:\program files\BatteryBar\ShowBatteryBar.exe" [2009-05-28 89600]

"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2012-01-21 719672]

"Workrave"="c:\program files (x86)\Workrave\lib\workrave.exe" [2011-03-25 3871246]

"WLSync"="c:\program files (x86)\Windows Live\Mesh\WLSync.exe" [2012-03-09 1449824]

"98E36C341B5CB5AFB17092EB2920E6EA02805BD9._service_run"="c:\users\Sunny\AppData\Local\Google\Chrome\Application\chrome.exe" [2012-10-31 1242136]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

"Akamai NetSession Interface"="c:\users\Sunny\AppData\Local\Akamai\netsession_win.exe" [bU]

"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [bU]

"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-01 5629312]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"NPSStartup"="" [bU]

"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files (x86)\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]

"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]

"EaseUs Watch"="c:\program files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe" [2011-10-22 70792]

"EaseUs Tray"="c:\program files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe" [2011-10-22 743560]

"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-02-04 7350912]

"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-01-05 170624]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]

"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-03-27 40376]

"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-03-26 640440]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]

"vmware-tray"="c:\program files (x86)\VMware\VMware Workstation\vmware-tray.exe" [2009-10-22 129584]

"Garmin Lifetime Updater"="c:\program files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe" [2012-01-06 1446760]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]

"Display"="c:\program files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe" [2012-01-24 284024]

"XviD Codec"="c:\program files (x86)\XviD\codec.exe" [2012-08-08 606720]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]

"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2012-08-08 540056]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]

"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-11-20 2254768]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

APC UPS Status.lnk - c:\program files (x86)\APC\PowerChute Personal Edition\Display.exe [2012-1-24 271736]

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-8-2 1080608]

HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-23 270336]

SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe [2010-8-17 156952]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux2"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 KMService;KMService;c:\windows\system32\srvany.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]

R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2009-12-28 44032]

R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864]

R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-07-29 16776]

R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-07-29 9096]

R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-03-19 1431888]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]

R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]

R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-06-14 16448]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-26 1255736]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]

R4 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2009-12-07 379520]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2011-10-22 44680]

S0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [2011-10-22 50312]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-09-17 834544]

S1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2011-10-22 19592]

S1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [2011-10-22 189576]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]

S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2012-03-15 224048]

S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2012-03-15 130864]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]

S2 APC Data Service;APC Data Service;c:\program files (x86)\APC\PowerChute Personal Edition\dataserv.exe [2012-01-24 21880]

S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]

S2 EaseUS Agent;EaseUS Agent;c:\program files (x86)\EaseUS\Todo Backup\bin\Agent.exe [2011-10-22 60552]

S2 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe [2011-12-12 8704]

S2 Guard Agent;Guard Agent;c:\program files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe [2011-10-22 23176]

S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-11-20 2462128]

S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-11-11 375728]

S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2011-09-16 15928]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]

S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2009-10-22 80944]

S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2009-10-22 563760]

S3 ALSysIO;ALSysIO;c:\users\Sunny\AppData\Local\Temp\ALSysIO64.sys [x]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-03-04 75816]

S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]

S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2012-03-15 147248]

S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2012-03-15 166192]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2012-11-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-213426137-1922756365-3311226018-1001Core.job

- c:\users\Sunny\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-02 08:35]

.

2012-11-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-213426137-1922756365-3311226018-1001UA.job

- c:\users\Sunny\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-02 08:35]

.

2012-11-20 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 65ff1bd1-9d9e-4648-88b5-3067be9d6b12.job

- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]

.

2012-11-19 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task e64f2b5f-7d69-4ef3-816d-f223cd72dd81.job

- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2011-09-16 57928]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]

"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-01-18 324608]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-22 167704]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-22 392472]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-22 416024]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=c:\windows\System32\acaptuser64.dll

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://startsear.info

mStart Page = hxxp://startsear.info

mLocal Page = c:\windows\SYSTEM32\blank.htm

LSP: c:\program files (x86)\VMware\VMware Workstation\vsocklib.dll

Trusted Zone: mini9

Trusted Zone: pearsoned.com\myitlab

TCP: DhcpNameServer = 192.168.1.254

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

AddRemove-Asus_ULSeries_ScreenSaver - c:\windows\system32\Asus_ULSeries_ScreenSaver.scr

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-11-19 18:30:34

ComboFix-quarantined-files.txt 2012-11-20 02:30

ComboFix2.txt 2012-11-20 01:58

ComboFix3.txt 2012-11-19 01:10

.

Pre-Run: 48,955,105,280 bytes free

Post-Run: 48,885,878,784 bytes free

.

- - End Of File - - A5929A6619D9B4374E09F191885C320E

Link to post
Share on other sites

  • Staff

Greetings,

first I would like you to go here and click on the fixit button - http://support.microsoft.com/kb/923737

Then I want you to do the following

  • Start Internet Explorer.
  • click on "safety"
  • click on "Delete Browsing History"
  • make sure all boxes are checked
  • click on "Delete"
  • click on "Tools",
  • click "Internet Options".
  • On the "Advanced" tab, click "Reset"
  • put a check mark next to "Delete Personal Settings"
  • click "Reset" to confirm
  • when complete click the "Close" button
  • restart IE

Gringo

Link to post
Share on other sites

  • Staff

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.

  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later

    [*]Please post the contents of OTL.txt in your next reply.

Gringo

Link to post
Share on other sites

OTL logfile created on: 11/19/2012 8:44:36 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sunny\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.79 Gb Total Physical Memory | 1.78 Gb Available Physical Memory | 46.99% Memory free

7.59 Gb Paging File | 4.95 Gb Available in Paging File | 65.25% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 218.94 Gb Total Space | 46.01 Gb Free Space | 21.02% Space Free | Partition Type: NTFS

Computer Name: UL20FT | User Name: Sunny | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)

PRC - C:\Users\Sunny\Downloads\OTL.exe (OldTimer Tools)

PRC - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)

PRC - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.)

PRC - C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe (Schneider Electric)

PRC - C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe (Schneider Electric)

PRC - C:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exe (Schneider Electric)

PRC - C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe (Garmin)

PRC - C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe (Microsoft)

PRC - C:\Program Files (x86)\Auslogics\Auslogics Disk Defrag\DiskDefrag.exe (Auslogics)

PRC - C:\Program Files (x86)\EASEUS\Todo Backup\bin\GuardAgent.exe (CHENGDU YIWO Tech Development Co., Ltd)

PRC - C:\Program Files (x86)\EASEUS\Todo Backup\bin\TrayNotify.exe (CHENGDU YIWO Tech Development Co., Ltd)

PRC - C:\Program Files (x86)\EASEUS\Todo Backup\bin\Agent.exe (CHENGDU YIWO Tech Development Co., Ltd)

PRC - C:\Program Files (x86)\EASEUS\Todo Backup\bin\EuWatch.exe (CHENGDU YIWO Tech Development Co., Ltd)

PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

PRC - C:\Program Files (x86)\Workrave\lib\Workrave.exe (The Workrave development team)

PRC - C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe (asus)

PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUS)

PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)

PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)

PRC - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()

PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS)

PRC - C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)

PRC - C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc.)

PRC - C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)

PRC - C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)

PRC - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.)

PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)

PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)

PRC - C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe (ASUS)

PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)

PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe (ASUS)

PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS)

PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe (ASUS)

PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (ASUS)

PRC - C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe ()

PRC - C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe (Google Inc.)

========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\2ac9ed65e7a7ccfcc1d4f4967540d993\System.Xml.Linq.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\23de8d00755205c37aa6795b0ce8a42d\System.Xaml.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\66694f9192bd0dddc2eaf90fbcbcd555\System.Management.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7c4de95aa433eb8d81a81caf805947a8\PresentationFramework.Aero.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1ec80905a71750be50dfc7981ad5ae28\PresentationFramework.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53d6d827964619285771ed72332d3659\PresentationCore.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\c22857dbcce7e0320350436e80ec8ab1\PresentationFramework.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\78a485faba9584cfb1a5052a4cbe71e8\PresentationCore.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\df5142941549ff71737438c85e565ab3\WindowsBase.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\53121a27f94f7335e585384377fc538a\PresentationFramework.Aero.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\ccf3f783590b1747a3593b889bede2fb\System.Windows.Forms.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\a7cdf1caedee630b8440fb8e8657aca1\System.Core.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\06db722a2ddebd960d907c2de6f1cfa7\System.Xml.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\ed7768172bbf30462bc554dee3911540\System.Drawing.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Security\471e9622a174c71be1b987575a92a1f6\System.Security.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\0bc033fa805a31e31dc462cfae365478\System.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\685f73e04393b5342bd1cebe701496ad\mscorlib.ni.dll ()

MOD - C:\Users\Sunny\AppData\Local\Google\Chrome\Application\23.0.1271.64\ppgooglenaclpluginchrome.dll ()

MOD - C:\Users\Sunny\AppData\Local\Google\Chrome\Application\23.0.1271.64\pdf.dll ()

MOD - C:\Users\Sunny\AppData\Local\Google\Chrome\Application\23.0.1271.64\libglesv2.dll ()

MOD - C:\Users\Sunny\AppData\Local\Google\Chrome\Application\23.0.1271.64\libegl.dll ()

MOD - C:\Users\Sunny\AppData\Local\Google\Chrome\Application\23.0.1271.64\avutil-51.dll ()

MOD - C:\Users\Sunny\AppData\Local\Google\Chrome\Application\23.0.1271.64\avformat-54.dll ()

MOD - C:\Users\Sunny\AppData\Local\Google\Chrome\Application\23.0.1271.64\avcodec-54.dll ()

MOD - C:\Program Files (x86)\Auslogics\Auslogics Disk Defrag\madExcept_.bpl ()

MOD - C:\Program Files (x86)\Auslogics\Auslogics Disk Defrag\madBasic_.bpl ()

MOD - C:\Program Files (x86)\Auslogics\Auslogics Disk Defrag\madDisAsm_.bpl ()

MOD - C:\Program Files (x86)\Auslogics\Auslogics Disk Defrag\ausshellext.dll ()

MOD - C:\Program Files (x86)\EASEUS\Todo Backup\bin\CodeLog.dll ()

MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()

MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()

MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()

MOD - C:\Program Files (x86)\Workrave\lib\gnet-2.0.dll ()

MOD - C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()

MOD - C:\Program Files (x86)\ASUS\ControlDeck\Volume.dll ()

MOD - C:\Program Files (x86)\ASUS\ControlDeck\Resolution.dll ()

MOD - C:\Program Files (x86)\ASUS\ControlDeck\HelpFunc.dll ()

MOD - C:\Program Files (x86)\ASUS\ControlDeck\Brightness.dll ()

MOD - C:\Program Files (x86)\Workrave\lib\harpoon.dll ()

MOD - C:\Program Files (x86)\Workrave\lib\libcairo-2.dll ()

MOD - C:\Program Files (x86)\Workrave\lib\gtk-2.0\2.10.0\engines\libwimp.dll ()

MOD - C:\Program Files (x86)\Workrave\lib\libpng14-14.dll ()

MOD - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()

MOD - C:\Program Files (x86)\Workrave\lib\libfontconfig-1.dll ()

MOD - C:\Program Files (x86)\Workrave\lib\freetype6.dll ()

MOD - C:\Program Files (x86)\Workrave\lib\libgio-2.0-0.dll ()

MOD - C:\Program Files (x86)\Workrave\lib\libpangocairo-1.0-0.dll ()

MOD - C:\Program Files (x86)\Workrave\lib\libexpat-1.dll ()

MOD - C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe ()

MOD - C:\Program Files (x86)\Workrave\lib\zlib1.dll ()

========== Services (SafeList) ==========

SRV:64bit: - (NisSrv) -- C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)

SRV:64bit: - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)

SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)

SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Flexera Software, Inc.)

SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)

SRV:64bit: - (AFBAgent) -- C:\Windows\SysNative\FBAgent.exe (ASUSTeK Computer Inc.)

SRV:64bit: - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)

SRV - (LMIGuardianSvc) -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe (LogMeIn, Inc.)

SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)

SRV - (KMService) -- C:\Windows\SysWOW64\srvany.exe ()

SRV - (APC Data Service) -- C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe (Schneider Electric)

SRV - (APC UPS Service) -- C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe (Schneider Electric)

SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)

SRV - (FreemakeVideoCapture) -- C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe (Microsoft)

SRV - (Guard Agent) -- C:\Program Files (x86)\EASEUS\Todo Backup\bin\GuardAgent.exe (CHENGDU YIWO Tech Development Co., Ltd)

SRV - (EaseUS Agent) -- C:\Program Files (x86)\EASEUS\Todo Backup\bin\Agent.exe (CHENGDU YIWO Tech Development Co., Ltd)

SRV - (LogMeIn) -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe (LogMeIn, Inc.)

SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (StarWindServiceAE) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind Software)

SRV - (ATKGFNEXSrv) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS)

SRV - (VMware NAT Service) -- C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)

SRV - (VMAuthdService) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc.)

SRV - (VMnetDHCP) -- C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)

SRV - (VMUSBArbService) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.)

SRV - (ufad-ws60) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe (VMware, Inc.)

SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)

SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)

SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV:64bit: - (LMIRfsClientNP) -- C:\Windows\SysNative\LMIRfsClientNP.dll (LogMeIn, Inc.)

DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)

DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)

DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)

DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys (Oracle Corporation)

DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)

DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)

DRV:64bit: - (EUFDDISK) -- C:\Windows\SysNative\drivers\EuFdDisk.sys (CHENGDU YIWO Tech Development Co., Ltd)

DRV:64bit: - (EUBKMON) -- C:\Windows\SysNative\drivers\EUBKMON.sys ()

DRV:64bit: - (EUDSKACS) -- C:\Windows\SysNative\drivers\eudskacs.sys (CHENGDU YIWO Tech Development Co., Ltd)

DRV:64bit: - (EUBAKUP) -- C:\Windows\SysNative\drivers\eubakup.sys (CHENGDU YIWO Tech Development Co., Ltd)

DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)

DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.)

DRV:64bit: - (LMIRfsDriver) -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)

DRV:64bit: - (lmimirr) -- C:\Windows\SysNative\drivers\lmimirr.sys (LogMeIn, Inc.)

DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)

DRV:64bit: - (epmntdrv) -- C:\Windows\SysNative\epmntdrv.sys ()

DRV:64bit: - (EuGdiDrv) -- C:\Windows\SysNative\EuGdiDrv.sys ()

DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel® Corporation)

DRV:64bit: - (TFsExDisk) -- C:\Windows\SysNative\drivers\TFsExDisk.sys (Teruten Inc)

DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)

DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)

DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)

DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)

DRV:64bit: - (AmUStor) -- C:\Windows\SysNative\drivers\AmUStor.sys (Alcor Micro, Corp.)

DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)

DRV:64bit: - (vmci) -- C:\Windows\SysNative\drivers\vmci.sys (VMware, Inc.)

DRV:64bit: - (vmkbd) -- C:\Windows\SysNative\drivers\VMkbd.sys (VMware, Inc.)

DRV:64bit: - (vmx86) -- C:\Windows\SysNative\drivers\vmx86.sys (VMware, Inc.)

DRV:64bit: - (VMnetuserif) -- C:\Windows\SysNative\drivers\vmnetuserif.sys (VMware, Inc.)

DRV:64bit: - (hcmon) -- C:\Windows\SysNative\drivers\hcmon.sys (VMware, Inc.)

DRV:64bit: - (VMnetBridge) -- C:\Windows\SysNative\drivers\vmnetbridge.sys (VMware, Inc.)

DRV:64bit: - (VMnetAdapter) -- C:\Windows\SysNative\drivers\vmnetadapter.sys (VMware, Inc.)

DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)

DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( )

DRV:64bit: - (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys ()

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)

DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)

DRV:64bit: - (SiSGbeLH) -- C:\Windows\SysNative\drivers\SiSG664.sys (Silicon Integrated Systems Corp.)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ATK64AMD.sys (ASUS)

DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)

DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)

DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies)

DRV - (LMIInfo) -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys (LogMeIn, Inc.)

DRV - (epmntdrv) -- C:\Windows\SysWOW64\epmntdrv.sys ()

DRV - (EuGdiDrv) -- C:\Windows\SysWOW64\EuGdiDrv.sys ()

DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc)

DRV - (cpudrv64) -- C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys ()

DRV - (vstor2-ws60) -- C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys (VMware, Inc.)

DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

DRV - (ASMMAP64) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys (ASUS)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://startsear.info

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-213426137-1922756365-3311226018-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com

IE - HKU\S-1-5-21-213426137-1922756365-3311226018-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve

IE - HKU\S-1-5-21-213426137-1922756365-3311226018-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://startsear.info

IE - HKU\S-1-5-21-213426137-1922756365-3311226018-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-213426137-1922756365-3311226018-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.google.com/cse?cx=partner-pub-0236192664760821%3A4680426847&ie=UTF-8&q={searchTerms}&sa=Search&siteurl=startsear.info%2F'>http://www.google.com/cse?cx=partner-pub-0236192664760821%3A4680426847&ie=UTF-8&q={searchTerms}&sa=Search&siteurl=startsear.info%2F

IE - HKU\S-1-5-21-213426137-1922756365-3311226018-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)

FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Sunny\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Sunny\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Sunny\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Sunny\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/11/14 01:21:38 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\searchpredict@speedbit.com: C:\Program Files (x86)\SearchPredict\PRFireFox

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}: C:\Program Files (x86)\SpeedBit Video Downloader\SPFireFox

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/11/14 01:21:38 | 000,000,000 | ---D | M]

========== Chrome ==========

CHR - homepage: http://www.google.com/

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},

CHR - homepage: http://www.google.com/

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Sunny\AppData\Local\Google\Chrome\Application\23.0.1271.64\PepperFlash\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\Sunny\AppData\Local\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Sunny\AppData\Local\Google\Chrome\Application\23.0.1271.64\pdf.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Sunny\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Sunny\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll

CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll

CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll

CHR - plugin: Java Platform SE 6 U37 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll

CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll

CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Google Update (Enabled) = C:\Users\Sunny\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll

CHR - plugin: Java Deployment Toolkit 6.0.370.6 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll

CHR - Extension: Angry Birds = C:\Users\Sunny\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\

CHR - Extension: YouTube = C:\Users\Sunny\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Adblock Plus = C:\Users\Sunny\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3.1_0\

CHR - Extension: Google Search = C:\Users\Sunny\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: Google Calendar = C:\Users\Sunny\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0\

CHR - Extension: TinEye Reverse Image Search = C:\Users\Sunny\AppData\Local\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl\1.1.2_0\

CHR - Extension: Checker Plus for Google Calendar\u2122 = C:\Users\Sunny\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkhggnncdpfibdhinjiegagmopldibha\11.4.2_0\

CHR - Extension: Silent Torrent DL = C:\Users\Sunny\AppData\Local\Google\Chrome\User Data\Default\Extensions\kelimlpfljkfdchnmeilfhnafogmcdke\1.0.2_0\

CHR - Extension: Silent Torrent DL = C:\Users\Sunny\AppData\Local\Google\Chrome\User Data\Default\Extensions\kelimlpfljkfdchnmeilfhnafogmcdke\1.0.2_0\.bak

CHR - Extension: StayFocusd = C:\Users\Sunny\AppData\Local\Google\Chrome\User Data\Default\Extensions\laankejkbhbdhmipfmgcngdelahlfoji\1.3.7_0\

CHR - Extension: Send from Gmail (by Google) = C:\Users\Sunny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc\1.13_0\

CHR - Extension: Gmail = C:\Users\Sunny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/11/18 16:51:07 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (Ad-Aware Security Add-on) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKU\S-1-5-21-213426137-1922756365-3311226018-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [intelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)

O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe (Google Inc.)

O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)

O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)

O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)

O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)

O4 - HKLM..\Run: [Display] C:\Program Files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe (Schneider Electric)

O4 - HKLM..\Run: [EaseUs Tray] C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe (CHENGDU YIWO Tech Development Co., Ltd)

O4 - HKLM..\Run: [EaseUs Watch] C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe (CHENGDU YIWO Tech Development Co., Ltd)

O4 - HKLM..\Run: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe (Garmin)

O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)

O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)

O4 - HKLM..\Run: [NPSStartup] File not found

O4 - HKLM..\Run: [updateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [updateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [vmware-tray] C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)

O4 - HKLM..\Run: [XviD Codec] C:\Program Files (x86)\XviD\codec.exe ()

O4 - HKU\S-1-5-21-213426137-1922756365-3311226018-1001..\Run: [Akamai NetSession Interface] "C:\Users\Sunny\AppData\Local\Akamai\netsession_win.exe" File not found

O4 - HKU\S-1-5-21-213426137-1922756365-3311226018-1001..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found

O4 - HKU\S-1-5-21-213426137-1922756365-3311226018-1001..\Run: [showBatteryBar] C:\Program Files\BatteryBar\ShowBatteryBar.exe ()

O4 - HKU\S-1-5-21-213426137-1922756365-3311226018-1001..\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

O4 - HKU\S-1-5-21-213426137-1922756365-3311226018-1001..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)

O4 - HKU\S-1-5-21-213426137-1922756365-3311226018-1001..\Run: [Workrave] C:\Program Files (x86)\Workrave\lib\Workrave.exe (The Workrave development team)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-213426137-1922756365-3311226018-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-213426137-1922756365-3311226018-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-213426137-1922756365-3311226018-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll (VMware, Inc.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll (VMware, Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)

O13 - gopher Prefix: missing

O15 - HKU\S-1-5-21-213426137-1922756365-3311226018-1001\..Trusted Domains: mini9 ([]http in Trusted sites)

O15 - HKU\S-1-5-21-213426137-1922756365-3311226018-1001\..Trusted Domains: pearsoned.com ([myitlab] http in Trusted sites)

O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab (asusTek_sysctrl Class)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)

O16 - DPF: {B3E32D88-8E7F-468F-B0E2-3A300FD4A82C} http://myitlab.pearsoned.com/Pegasus/Modules/SIMIntegration/Resources/ax/stub.cab (Enlite 2.x Simulation Engine Installer)

O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)

O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab (SysInfo Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{484D8135-BFCA-4EE9-90D5-5271DA354B52}: DhcpNameServer = 192.168.1.254

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20:64bit: - AppInit_DLLs: (C:\Windows\System32\acaptuser64.dll) - C:\Windows\SysNative\acaptuser64.dll (Adobe Systems, Inc.)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2012/03/19 12:14:27 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/19 19:16:03 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2012/11/19 18:00:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi

[2012/11/19 18:00:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi

[2012/11/19 00:29:45 | 000,000,000 | ---D | C] -- C:\Users\Sunny\AppData\Local\{FC2540B2-F1B3-430D-A55E-76830947BA50}

[2012/11/18 13:08:45 | 000,000,000 | ---D | C] -- C:\Users\Sunny\Desktop\RK_Quarantine

[2012/11/18 12:29:13 | 000,000,000 | ---D | C] -- C:\Users\Sunny\AppData\Local\{26E35A37-723D-47B3-9B6D-796072B8D608}

[2012/11/18 01:44:42 | 000,181,064 | ---- | C] (Sysinternals) -- C:\Windows\PSEXESVC.EXE

[2012/11/18 01:42:09 | 000,000,000 | ---D | C] -- C:\RegBackup

[2012/11/18 01:40:37 | 000,000,000 | ---D | C] -- C:\Tweaking.com_Windows_Repair_Logs

[2012/11/18 01:40:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com

[2012/11/18 01:40:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tweaking.com

[2012/11/17 22:25:41 | 000,000,000 | ---D | C] -- C:\Users\Sunny\Desktop\malware logs

[2012/11/17 21:37:23 | 000,000,000 | ---D | C] -- C:\Users\Sunny\AppData\Local\{E7249295-F76C-4A28-9947-7DF9DFB43B39}

[2012/11/15 18:54:39 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys

[2012/11/15 18:54:39 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll

[2012/11/15 18:46:15 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll

[2012/11/15 18:46:15 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2012/11/15 18:46:12 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2012/11/15 18:46:12 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2012/11/15 18:46:11 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll

[2012/11/15 18:46:11 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll

[2012/11/15 18:46:11 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe

[2012/11/15 18:46:11 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe

[2012/11/15 18:46:09 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl

[2012/11/15 18:46:09 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl

[2012/11/15 18:46:08 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll

[2012/11/15 18:46:08 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll

[2012/11/15 18:46:04 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2012/11/15 18:46:04 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll

[2012/11/15 18:46:03 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[2012/11/15 18:42:13 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll

[2012/11/15 18:42:12 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll

[2012/11/15 18:42:12 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe

[2012/11/15 18:42:12 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll

[2012/11/14 23:41:45 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll

[2012/11/14 23:41:45 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll

[2012/11/14 23:41:45 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll

[2012/11/14 23:41:41 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll

[2012/11/14 23:41:41 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll

[2012/11/14 23:41:40 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll

[2012/11/14 23:41:40 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll

[2012/11/14 23:41:39 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll

[2012/11/14 23:41:39 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll

[2012/11/14 23:41:27 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll

[2012/11/14 23:41:27 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll

[2012/11/11 13:45:11 | 000,000,000 | ---D | C] -- C:\Users\Sunny\AppData\Local\{2570D19C-8F71-4EB2-A484-1AAC870E058F}

[2012/11/11 12:10:08 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2012/11/11 12:10:08 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2012/11/11 12:10:08 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2012/11/11 12:07:10 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012/11/11 12:06:35 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2012/11/11 12:02:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster

[2012/11/11 12:02:51 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSSTDFMT.DLL

[2012/11/11 12:02:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpywareBlaster

[2012/11/11 11:59:39 | 000,000,000 | ---D | C] -- C:\Users\Sunny\AppData\Roaming\SUPERAntiSpyware.com

[2012/11/11 11:59:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware

[2012/11/11 11:59:17 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com

[2012/11/11 11:59:17 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware

[2012/11/11 11:57:23 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools

[2012/11/11 11:57:20 | 000,000,000 | ---D | C] -- C:\Users\Sunny\AppData\Roaming\TestApp

[2012/11/10 20:21:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos

[2012/11/10 20:21:34 | 000,000,000 | ---D | C] -- C:\Users\Sunny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos

[2012/11/10 20:21:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos

[2012/11/10 20:08:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2012/11/06 19:53:21 | 000,000,000 | ---D | C] -- C:\Users\Sunny\AppData\Local\{F15B3215-95E3-4242-BFEB-26F7F5C222AB}

[2012/11/05 21:42:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java

[2012/11/05 21:41:55 | 000,477,168 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\npdeployJava1.dll

[2012/11/05 21:41:55 | 000,157,680 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe

[2012/11/05 21:41:55 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe

[2012/11/05 21:41:55 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe

[2012/11/02 05:04:42 | 000,000,000 | ---D | C] -- C:\Users\Sunny\AppData\Roaming\Mozilla

[2012/10/26 16:29:30 | 000,000,000 | ---D | C] -- C:\Users\Sunny\AppData\Local\{49197686-8542-4CC3-B9C1-AE2FE38B4829}

[2012/10/24 22:38:38 | 000,000,000 | ---D | C] -- C:\Users\Sunny\AppData\Local\{ED6777A4-B136-4D49-AEE8-DD311ECB3ECE}

[2012/10/23 22:14:47 | 000,000,000 | ---D | C] -- C:\Users\Sunny\AppData\Roaming\LavasoftStatistics

[2012/10/23 21:39:01 | 000,000,000 | ---D | C] -- C:\Users\Sunny\AppData\Local\Downloaded Installations

[2012/10/23 21:38:34 | 000,000,000 | ---D | C] -- C:\Users\Sunny\AppData\Local\adawarebp

[2012/10/23 21:38:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection

[2012/10/23 21:38:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toolbar Cleaner

[2012/10/23 21:38:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\adawaretb

[2012/10/23 20:20:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy

[2012/10/23 20:19:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy

[2012/10/23 20:19:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy

[2012/10/22 03:50:07 | 000,000,000 | ---D | C] -- C:\Users\Sunny\AppData\Local\{FEF0B34E-D92F-4B6D-A56F-42F82079C106}

[2012/10/21 18:37:23 | 000,000,000 | ---D | C] -- C:\Users\Sunny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\thriXXX

[2012/10/21 18:37:05 | 000,000,000 | ---D | C] -- C:\Users\Sunny\AppData\Roaming\thriXXX

[2012/10/21 18:37:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\thriXXX

[2012/07/19 16:04:20 | 000,019,832 | ---- | C] (Schneider Electric) -- C:\Users\Sunny\zh_res.dll

[2011/12/15 23:54:03 | 013,923,704 | ---- | C] (Schneider Electric) -- C:\Users\Sunny\PCPE Setup.exe

[2011/12/15 23:54:03 | 001,079,808 | ---- | C] (Microsoft Corporation) -- C:\Users\Sunny\mfc80u.dll

[2011/12/15 23:54:03 | 000,626,688 | ---- | C] (Microsoft Corporation) -- C:\Users\Sunny\msvcr80.dll

[2011/12/15 23:54:03 | 000,021,368 | ---- | C] (Schneider Electric) -- C:\Users\Sunny\en_res.dll

[2011/12/15 23:54:02 | 000,021,880 | ---- | C] (Schneider Electric) -- C:\Users\Sunny\grm_res.dll

[2011/12/15 23:54:02 | 000,021,880 | ---- | C] (Schneider Electric) -- C:\Users\Sunny\fr_res.dll

[2011/12/15 23:54:02 | 000,021,368 | ---- | C] (Schneider Electric) -- C:\Users\Sunny\pt_res.dll

[2011/12/15 23:54:02 | 000,021,368 | ---- | C] (Schneider Electric) -- C:\Users\Sunny\it_res.dll

[2011/12/15 23:54:02 | 000,021,368 | ---- | C] (Schneider Electric) -- C:\Users\Sunny\es_res.dll

[2011/12/15 23:54:02 | 000,020,856 | ---- | C] (Schneider Electric) -- C:\Users\Sunny\ru_res.dll

[2011/12/15 23:54:02 | 000,020,344 | ---- | C] (Schneider Electric) -- C:\Users\Sunny\jp_res.dll

========== Files - Modified Within 30 Days ==========

[2012/11/19 20:06:28 | 000,734,660 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/11/19 20:06:28 | 000,634,462 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/11/19 20:06:28 | 000,113,080 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/11/19 20:06:22 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/11/19 20:06:22 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/11/19 19:59:28 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe

[2012/11/19 19:59:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/11/19 19:59:07 | 3055,587,328 | -HS- | M] () -- C:\hiberfil.sys

[2012/11/19 19:58:34 | 000,000,020 | ---- | M] () -- C:\Users\Sunny\defogger_reenable

[2012/11/19 19:58:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-213426137-1922756365-3311226018-1001UA.job

[2012/11/19 18:00:59 | 000,000,928 | ---- | M] () -- C:\Users\Public\Desktop\LogMeIn Hamachi.lnk

[2012/11/19 17:30:22 | 000,000,510 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 65ff1bd1-9d9e-4648-88b5-3067be9d6b12.job

[2012/11/19 02:00:00 | 000,000,510 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task e64f2b5f-7d69-4ef3-816d-f223cd72dd81.job

[2012/11/18 22:58:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-213426137-1922756365-3311226018-1001Core.job

[2012/11/18 20:57:14 | 000,000,188 | ---- | M] () -- C:\Users\Sunny\.packettracer

[2012/11/18 16:51:07 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2012/11/18 01:45:02 | 000,181,064 | ---- | M] (Sysinternals) -- C:\Windows\PSEXESVC.EXE

[2012/11/18 01:42:55 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-UL20FT-Microsoft-Windows-7-Home-Premium-(64-bit).dat

[2012/11/18 01:40:32 | 000,002,289 | ---- | M] () -- C:\Users\Public\Desktop\Tweaking.com - Windows Repair (All in One).lnk

[2012/11/15 19:04:02 | 002,448,016 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012/11/11 12:03:30 | 000,000,915 | ---- | M] () -- C:\Users\Sunny\Desktop\Install Combofix.lnk

[2012/11/11 12:02:54 | 000,001,081 | ---- | M] () -- C:\Users\Sunny\Desktop\SpywareBlaster.lnk

[2012/11/11 11:59:22 | 000,001,810 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk

[2012/11/11 02:07:01 | 000,002,120 | ---- | M] () -- C:\scu.dat

[2012/11/11 01:04:46 | 000,088,008 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIRfsClientNP.dll

[2012/11/11 01:04:46 | 000,083,880 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIinit.dll

[2012/11/11 01:04:46 | 000,035,240 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIport.dll

[2012/11/10 20:21:34 | 000,003,205 | ---- | M] () -- C:\Users\Sunny\Desktop\Sophos Virus Removal Tool.lnk

[2012/11/09 17:30:29 | 000,002,485 | ---- | M] () -- C:\Users\Sunny\Desktop\Google Chrome.lnk

[2012/11/05 21:41:44 | 000,157,680 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe

[2012/11/05 21:41:44 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe

[2012/11/05 21:41:43 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe

[2012/11/05 21:41:42 | 000,477,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\npdeployJava1.dll

[2012/11/05 21:41:42 | 000,473,072 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll

[2012/10/23 21:37:54 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/10/23 20:20:24 | 000,001,284 | ---- | M] () -- C:\Users\Sunny\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk

[2012/10/23 20:20:24 | 000,001,260 | ---- | M] () -- C:\Users\Sunny\Desktop\Spybot - Search & Destroy.lnk

========== Files Created - No Company Name ==========

[2012/11/19 19:58:34 | 000,000,020 | ---- | C] () -- C:\Users\Sunny\defogger_reenable

[2012/11/18 01:42:55 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-UL20FT-Microsoft-Windows-7-Home-Premium-(64-bit).dat

[2012/11/18 01:40:32 | 000,002,289 | ---- | C] () -- C:\Users\Public\Desktop\Tweaking.com - Windows Repair (All in One).lnk

[2012/11/15 18:54:42 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf

[2012/11/15 18:42:12 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf

[2012/11/11 12:10:08 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2012/11/11 12:10:08 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2012/11/11 12:10:08 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2012/11/11 12:10:08 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2012/11/11 12:10:08 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2012/11/11 12:03:30 | 000,000,915 | ---- | C] () -- C:\Users\Sunny\Desktop\Install Combofix.lnk

[2012/11/11 12:02:54 | 000,001,081 | ---- | C] () -- C:\Users\Sunny\Desktop\SpywareBlaster.lnk

[2012/11/11 11:59:46 | 000,000,510 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task e64f2b5f-7d69-4ef3-816d-f223cd72dd81.job

[2012/11/11 11:59:46 | 000,000,510 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 65ff1bd1-9d9e-4648-88b5-3067be9d6b12.job

[2012/11/11 11:59:22 | 000,001,810 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk

[2012/11/10 20:51:39 | 000,002,120 | ---- | C] () -- C:\scu.dat

[2012/11/10 20:21:34 | 000,003,205 | ---- | C] () -- C:\Users\Sunny\Desktop\Sophos Virus Removal Tool.lnk

[2012/10/23 20:20:24 | 000,001,284 | ---- | C] () -- C:\Users\Sunny\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk

[2012/10/23 20:20:24 | 000,001,260 | ---- | C] () -- C:\Users\Sunny\Desktop\Spybot - Search & Destroy.lnk

[2012/09/03 06:16:22 | 007,563,528 | ---- | C] () -- C:\Users\Sunny\AppData\Local\census.cache

[2012/09/03 06:08:54 | 000,152,849 | ---- | C] () -- C:\Users\Sunny\AppData\Local\ars.cache

[2012/09/02 00:37:00 | 000,000,036 | ---- | C] () -- C:\Users\Sunny\AppData\Local\housecall.guid.cache

[2012/05/06 21:57:18 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe

[2012/04/25 12:34:09 | 000,000,113 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

[2012/03/29 22:08:37 | 000,003,584 | ---- | C] () -- C:\Users\Sunny\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012/03/10 15:10:04 | 000,000,188 | ---- | C] () -- C:\Users\Sunny\.packettracer

[2012/02/26 23:47:45 | 000,212,992 | ---- | C] () -- C:\Windows\SysWow64\WMIMPLEX.dll

[2012/02/26 23:47:45 | 000,031,744 | ---- | C] () -- C:\Windows\SysWow64\maplec.dll

[2012/02/26 23:47:45 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\maplecompat.dll

[2011/12/28 14:28:57 | 000,000,274 | ---- | C] () -- C:\Windows\TheMatrix.ini

[2011/12/25 02:32:52 | 000,000,218 | ---- | C] () -- C:\Users\Sunny\.recently-used.xbel

[2011/12/24 02:41:34 | 000,109,216 | ---- | C] () -- C:\Windows\SysWow64\EasyHook64.dll

[2011/12/24 02:41:34 | 000,084,480 | ---- | C] () -- C:\Windows\SysWow64\EasyHook32.dll

[2011/12/16 15:20:42 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini

[2011/12/15 23:54:04 | 013,338,112 | ---- | C] () -- C:\Users\Sunny\PCPE_3.0.1.msi

[2011/12/08 18:01:58 | 000,019,840 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll

[2011/12/08 18:01:57 | 002,469,760 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe

[2011/12/08 18:01:57 | 000,086,408 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe

[2011/12/08 18:01:57 | 000,014,216 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys

[2011/12/08 18:01:57 | 000,008,456 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys

[2011/11/14 01:16:16 | 000,218,253 | ---- | C] () -- C:\Windows\hpwins14.dat

[2011/11/14 01:16:16 | 000,000,411 | ---- | C] () -- C:\Windows\hpwmdl14.dat

[2011/11/10 03:10:18 | 000,000,000 | ---- | C] () -- C:\Users\Sunny\.recently-used.xbel.4EED4V

[2011/11/09 23:46:49 | 000,000,000 | ---- | C] () -- C:\Users\Sunny\.recently-used.xbel.KX0N4V

[2011/10/21 17:03:04 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll

[2011/10/18 05:00:21 | 000,000,029 | ---- | C] () -- C:\Windows\devbin.ini

[2011/10/13 23:18:16 | 000,000,411 | ---- | C] () -- C:\Windows\hpwmdl14.dat.temp

[2011/08/27 02:41:25 | 000,743,446 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2011/04/10 10:49:10 | 000,867,020 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin

[2011/04/10 10:49:10 | 000,128,204 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin

[2011/04/10 10:49:10 | 000,105,608 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin

========== ZeroAccess Check ==========

[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 21:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 20:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 03:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:4CF61E54

@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:553CA6CA

< End of report >

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.